Releasing a game with GMS2?

Neptune

Member
Hey guys, as the time draws near where I will be allowing public access to my game, I'm wondering if you all have any advice about release -- specifically regarding to GMS2.

For a windows PC release, is using the ds_map_secure_save function a good way to handle save files?
Are there any general concerns about what players can access / tamper once they've downloaded a GMS2 game?

Any experience or advice in general is appreciated and welcome :)
 

TsukaYuriko

☄️
Forum Staff
Moderator
I'll move this to the Publishing forum.

Since you mentioned the secure save functions and concerns regarding data accessible by players in the same paragraph, please note that the "secure" here does not imply security from access and tampering, but from transfer and usage on other devices. A practical application for this function would be to save data such as IAP status on mobile games, where transferring save files between devices should not grant access to purchased IAPs and thereby allow players to buy specific IAPs once and then share save files that have them activated with others.

These functions don't provide immunity to this - they render created files unable to be used on other devices without prior user modification of said files. You as the developer are responsible for keeping such things as secure as they can get - with local files, the ceiling here tends to be rather low.


If you're looking to prevent players from reading and - through knowing what to change, manipulating - game data, the common solution is to apply encryption to whatever external data you're reading and writing. This can be external graphics you don't want players to see, save files, story dialogue... or anything else you ship with your game, really. There probably are a few assets for this on the Marketplace, or you can make your own. A simple example of this, and probably a good practice to get more familiar with it, would be XOR encryption as a start.

Before you start with this, though, ask yourself: What do you want to protect, and more importantly, why? Does it need to be protected? Also, can it be protected (often not the case with graphics and audio) or is it just a waste of development time?
Depending on the kind of game you're releasing, you may need - or not need - different types of security. Saving progress of an online game locally, for example, is a no-go and just asking for players to tamper with files and ruin the balance of your game's server(s) (and your income with it if you're monetizing it through an in-game shop with micro- or macro-transactions of some sort). Save files of single-player games sometimes don't need protection - so what if they cheat themselves to max level in a minute? As long as they're having fun with it, where's the harm? This and many other things should be considered carefully before you invest any time into developing any kind of security mechanisms.
 
  • Like
Reactions: Yal

Neptune

Member
Hey, thankyou for the in-depth info on that!
Hmmm, so I do not have transactions/multiplayer/online data of any kind, and I don't foresee ever having any.

If I'm following correctly, "ds_map_secure_save" isnt really doing anything for me. I would like to prevent cheating though, or just tampering with any values in general.
This is what my save data looks like currently, the .data files are saved using ds_map_secure_save -- Opening the .data files in notepad yields some 28,000,000 characters.
upload_2020-1-11_19-52-38.png
So people could potentially navigate and change the .data files?

I am not too concerned if people corrupt their save file, but I am concerned with them successfully tampering lol


[EDIT]
Perhaps instead of ds_map_secure_save, i write the map to a string, and then just scramble the 💩💩💩💩 out of it, and save it as an ini file...
 
Last edited:

TsukaYuriko

☄️
Forum Staff
Moderator
I would like to prevent cheating though, or just tampering with any values in general.
This is what my save data looks like currently, the .data files are saved using ds_map_secure_save -- Opening the .data files in notepad yields some 28,000,000 characters.
View attachment 28305
So people could potentially navigate and change the .data files?
They sure can - as long as it's on their file system, they can tamper with it. Whether they do so successfully or not depends on whether they're even able to read it in the first place and understand (or accidentally figure out) what means what. Depending on one's technical experience, especially reverse-engineering encryption, this may be anywhere in between impossible to trivial for a single individual. If deterring 99% of the average player base is your intention and you don't care about more experienced people cheating, it's entirely sufficient for your needs.

26 MB for a save file is HUGE, though. Just what kind and amount of information are you storing in that?! :p


If you wrote your own saving and loading mechanism, you could manually handle encryption. For this, you'd first need to serialize (translating data structures or object states into a format that can be saved and loaded back into data structures later) your save data, which, depending on your project's progress and amount of data that needs to be saved, may already be a massive undertaking. After that, you could apply whatever kind of encryption you want to it, knowing fully how hard to break it will be.

Since the exact way data is encrypted by the default functions is not documented publicly (otherwise, just about anyone would be able to reverse it), I'm not allowed to tell you whether your proposed encryption mechanism of "scrambling the **** out of it" is any more or less secure than it - all I can say is that the more layers of security you apply, the harder it will be to break, the longer it will take to break, and the more you'll start wondering if all of this is really worth it and if a simple XOR pass, or even just the default, wouldn't be sufficient to deter the 99% and that if the rest will want to break it, they will break it.
 

Neptune

Member
Ok I see. Hmm, I'll just make a small scramble script.. change all the "2"s to "34622435%^&56&%FGHFHDSH" or something and call it a day xD
As for the size of my saves, i'm not sure, and i think thats at its smallest :eek: Its mostly just a ton of data structure grid & list strings!
 

Yal

🐧 *penguin noises*
GMC Elder
I'm a strong advocate of the XOR pass method (both the SoulsVania engine and the Monster Collector Engine uses this for savefiles), it makes savefiles human-unreadable and very hard to modify with just a text editor, which blocks off most would-be cheaters. And if someone's determined enough to figure out the encryption method for your game's savefiles, I'd say they've earned the rights to cheat :p
 

Xer0botXer0

Senpai
In regards to encryption single player information to prevent tampering, Ever used "Rosebud" on sims ?
Allowing for cheats literally cuts play time in half.

In an adventure game if you let players skip parts of the story, then they're missing out on important information which means they'll be confused and end up playing.
If you let players change their inventory they can slay all the enemies so what's the point of questing and adventuring to find cool gear.. they'll end up playing.

Sure they all end up playing, it's just that you don't want to add shortcuts that removes features of the game.

This has happened to me in many games, look sometimes it's just fun to see if you can cheat in a game, But take "This war of mine" I literally had to dig DEEEP to find a way to cheat, and it was rewarding, but I got over not being able to cheat for the most part and just enjoyed the game. If I spawned in resources I would've gotten bored of the game as well.
I had hours and hours in Stardew valley jamming it with a friend through lan, then my smart ass decided to glitch in cash. Days of gaming ended around there because I bypassed the whole point of our grinding routines.

So lesson, Don't give players a means to remove the road in which they must walk in order to receive the rewards.
Because the journey is often better than the destination.
 

Yal

🐧 *penguin noises*
GMC Elder
In regards to encryption single player information to prevent tampering, Ever used "Rosebud" on sims ?
Allowing for cheats literally cuts play time in half.

In an adventure game if you let players skip parts of the story, then they're missing out on important information which means they'll be confused and end up playing.
If you let players change their inventory they can slay all the enemies so what's the point of questing and adventuring to find cool gear.. they'll end up playing.

Sure they all end up playing, it's just that you don't want to add shortcuts that removes features of the game.

This has happened to me in many games, look sometimes it's just fun to see if you can cheat in a game, But take "This war of mine" I literally had to dig DEEEP to find a way to cheat, and it was rewarding, but I got over not being able to cheat for the most part and just enjoyed the game. If I spawned in resources I would've gotten bored of the game as well.
I had hours and hours in Stardew valley jamming it with a friend through lan, then my smart ass decided to glitch in cash. Days of gaming ended around there because I bypassed the whole point of our grinding routines.

So lesson, Don't give players a means to remove the road in which they must walk in order to receive the rewards.
Because the journey is often better than the destination.
A mechanically good game should be so fun to play, you play it even when you don't get rewarded for it. (That's why "Skinnerbox" design is so bad - literally the only reason you keep playing a skinnerbox game is because you want the rewards, not because the game itself is fun)
 

Neptune

Member
@Yal Do you have any resources for going about doing a XOR pass encryption in GML?
I've never encrypted anything -- i have an intuitive understanding of how it might work, but Id like to learn!
 

Yal

🐧 *penguin noises*
GMC Elder
@Yal Do you have any resources for going about doing a XOR pass encryption in GML?
Both my SoulsVania engine and my Monster Collector Engine has this for the savefiles (which allows you to see how it's done in practice). I haven't thought of releasing it as a standalone extension, but hey, see it this way: you get an RPG engine included with every purchase of the XOR pass encryption extension :p
 

Kezarus

Endless Game Maker
I, for one, pretty much don't care if anyone cheats in my single player games. I even have files that can mod the game behavior and they are human readable, and that's a bonus for my players and for me. So... ¯\_(ツ)_/¯
 

JeffJ

Member
I'll just add some additional perspective / food for thought.

I tend to go the opposite direction - making everything as open as possible. It opens options for people modding your game and messing around with the files in all sorts of ways that can actually be beneficial to the longevity of the game, and by extension, you. I actually went as far as making sure that just about every module in my upcoming game is externally defined and works together independently of each other. So, NPCs, items, spells, quests and dialogues are all external files that are easily human readable, and not defined in game. This means that;

Someone could add an entirely new file to define an NPC that never existed. They could then add a new dialogue file, which points to a new quest file, which rewards an item based on a new file as well. Now, you have an entirely new NPC, who gives you an entirely new quest through entirely new dialogue, rewarding you an entirely new item. Essentially, short of efficient handling of external graphics and a level editor, this enables people to pretty much make the entire base game (or entirely new content in the same style) with the game's own resources.
It also opens up for fans of your game making new languages available, by simply translating the existing files, and if your game is setup to dynamically detect new language folders, you can suddenly have fan-made localized version of your game that didn't exist before.

Lastly, a little anecdote;
After we released our first commercial game, there was a bug that unfortunately made it so that some people's savegames didn't register a certain change. I of course patched and fixed this, but until then, I could write up a manual quickfix, instructing people on how they could easily fix their own savegame by hand via a few short steps. I could then pin that in the Steam community or where ever relevant, and people would be able to easily fix it before the patch was even deployed. Now, I'm not advocating this as a get out of jail free card for sh*tty coding (such as what I did), but this wouldn't have been possible if I had opted for a closed save system, and a lot of people were actually happy with how quick and easy it was, and that they didn't have to wait for a patch if they wanted it now.

TLDR; As long as it's strictly single player (and there are no MTX or other such factors), the way I see it, there are far more benefits to going as open as possible, as opposed to the other way around.
 
Last edited:

YanBG

Member
So, NPCs, items, spells, quests and dialogues are all external files that are easily human readable, and not defined in game.
I'm doing something similar and would be interested to see how you formatted these files. Is each quest in it's own text file or they are all in a table?
 

JeffJ

Member
I'm doing something similar and would be interested to see how you formatted these files. Is each quest in it's own text file or they are all in a table?
Disclaimer: I'm not sure I'm the best example to follow in practice. The idea's good, but the actual implementation I went with has its flaws. I went with INI format, because it's what I knew - but for the next project, I'll probably go with JSON - a lot more organized, a lot easier to iterate through and plenty other advantages.

Now, with that out of the way; yes, every quest is in its own file, and then each file can (optionally) refer to other files. For example, one dialogue file can have a meta data reference to a quest file, so that when you get to a certain point in the conversation, the quest in the referenced file will be activated/completed/whatever. Quest files can then also refer to dialogue files and item files, and dialogue files in particular have lots of meta keywords that are interpreted at runtime to do stuff like give or remove items, activate/advance/complete quests, teleport the player, trigger cutscenes etc..

I wrote a couple of lengthy blog posts about it, all from idea to implementation, and the issues I ran into in the process. This one in particular might be of interest to you:
http://blog.megafuzz.com/post/dialogue-generator
 

Neptune

Member
Interesting feedback, thanks!

There may be a few things moddable in my project, but very few and specific things.
 

NeutronCat

Member
TLDR; As long as it's strictly single player (and there are no MTX or other such factors), the way I see it, there are far more benefits to going as open as possible, as opposed to the other way around.
If a single player game has some social-ish elements like achivement system and leaderboard (even the local ones), making game data too open for modification will make these system meaningless.
 
Top