GML Buffer Encryption / Decryption

Discussion in 'Programming' started by Rui Rosário, Jan 15, 2020.

  1. Rui Rosário

    Rui Rosário Member

    Joined:
    Oct 10, 2019
    Posts:
    45
    Hello GMC,

    Looking at the documentation for GM:S 2 I can find functions to calculate checksums of buffers or even compress them. But there doesn't seem to be any native support for buffer encryption and decryption. Looking at the Marketplace there seems to be a few extensions for encryption but they either don't support buffers directly or the ones that do don't implement standard encryption algorithms but some custom ones.

    I was wondering if there is some resource for a standard encryption algorithm cross-platform implementation that works directly with buffers available that I just missed, or if it is even intended to be incorporated natively into GM:S 2 at all.

    And I am aware that I could just change one of the extensions that I found or roll out my own port of a standard encryption algorithm, but I wanted to check what the status quo is before attempting either of those options.

    Thanks in advance,
    Rui Rosário
     
  2. BaBiA Game Studio

    BaBiA Game Studio Member

    Joined:
    Jun 20, 2016
    Posts:
    910
  3. Rui Rosário

    Rui Rosário Member

    Joined:
    Oct 10, 2019
    Posts:
    45
  4. FrostyCat

    FrostyCat Member

    Joined:
    Jun 26, 2016
    Posts:
    4,796
    Is RC4 standard enough for you?
    Code:
    ///@func rc4(@buffer, key, offset, length)
    ///@param buffer
    ///@param key
    ///@param offset
    ///@param length
    /**
    Encrypt the buffer in-place using RC4.
    */
    
    var i, j, s, temp, keyLength, pos;
    s = array_create(256);
    keyLength = string_byte_length(argument1);
    for (var i = 255; i >= 0; --i) {
        s[i] = i;
    }
    j = 0;
    for (var i = 0; i <= 255; ++i) {
        j = (j + s[i] + string_byte_at(argument1, i mod keyLength)) mod 256;
        temp = s[i];
        s[i] = s[j];
        s[j] = temp;
    }
    i = 0;
    j = 0;
    pos = 0;
    buffer_seek(argument0, buffer_seek_start, argument2);
    repeat (argument3) {
        i = (i+1) mod 256;
        j = (j+s[i]) mod 256;
        temp = s[i];
        s[i] = s[j];
        s[j] = temp;
        var currentByte = buffer_peek(argument0, pos++, buffer_u8);
        buffer_write(argument0, buffer_u8, s[(s[i]+s[j]) mod 256] ^ currentByte);
    }
    
     
  5. Rui Rosário

    Rui Rosário Member

    Joined:
    Oct 10, 2019
    Posts:
    45
    RC4 can be useful in some applications however it's usage is discouraged as several vulnerabilities have been discovered. This thread is a inquiry on the state of cryptography capabilities for GameMaker, a software whose audience is most likely not security experts (for example, I am not anywhere near a security expert myself). Hence I would prefer if there were resources for safer encryption algorithms available (ideally even in GameMaker itself) so that users don't secure their data with vulnerable algorithms unaware of the consequences. That aside thanks for the example implementation @FrostyCat, I'm sure someone will find it useful.

    And I would like to reiterate that I am aware that such algorithms exist in the Marketplace (for example, there are at least two AES implementations) but again they don't seem updated to the latest functionality of GameMaker since buffer support is missing. Also, reimplementing security-related algorithms is always a risk since basing it on the wrong implementation (or doing a naive one) can leave the software open for several known vulnerabilities - that's why a GameMaker supplied version would obviously be ideal as it could reuse a reputable security library that takes these things into account. And I know I could also do this myself by incorporating such libraries in an extension - but this thread is mostly to find the status quo of the GameMaker ecosystem, which so far seems like it is mostly relying on someone else's port of such algorithms and update them accordingly or implementing them yourself.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice