GMS 2.3+ How to decompile a buffer? (It's possible??)

FoxyOfJungle

Kazan Games
When it comes to security issues, there are certain things that we need to know how to avoid or know if it is possible. There is a function called buffer_save(), however, is it possible to "decompile" this buffer saved in a text file?, somewhere else without using GMS 2 (the buffer_read() function)?


Saved buffer using buffer_save() example:

xœe]
ƒ0„¯|.’ø—l/#j·š0‰âÝEÛ}›ÙùfÙ™Dm¥±1FO2Õ”‘½
*McúØû‘J•¶3Æáö¾waÏ(£üˆtX)×Ôá(9¢½{Kmt})Háý§î¸^{¥ÐÙ³ ÄÈ‚“}k÷7F£¼ÆRûUÓ8Iá6”‹œeB@^0–Pö8 ûž6âÈ
N!L0d¢ Y¾då^l

For example, GMS can encode a string in base64, and there are several sites that can read the converted code, is this possible with buffers? There are programs like Notepad++ that can for example read parts of a binary code, but I am not very experienced with these types of encryptions...

I would like to know this, because if a player knows how to do this, he can modify the file, although I can also include a verification hash at the end of the file, however, it never hurts to know...
 

FrostyCat

Member
There's no transformation going on, those are the exact bytes in the buffer being written.

Due to null bytes and issues involving various encoding standards, using text editors to read binary files is generally a bad idea. Use a hex editor instead.
 
If you have a hex editor, you can read and edit the buffer with no issue. There's zero encryption happening. Hashing your whole file isn't a great idea, since it's pretty easy to tell what algorithm is being used and they can just rehash the file with whatever edits they want.
 

EvanSki

King of Raccoons
If you have a hex editor, you can read and edit the buffer with no issue. There's zero encryption happening. Hashing your whole file isn't a great idea, since it's pretty easy to tell what algorithm is being used and they can just rehash the file with whatever edits they want.
That being said tho, having the buffer be converted to UTF-8
GML:
xœe]
ƒ0„¯|.’ø—l/#j·š0‰âÝEÛ}›ÙùfÙ™Dm¥±1FO2Õ”‘½
*McúØû‘J•¶3Æáö¾waÏ(£üˆtX)×Ôá(9¢½{Kmt})Háý§î¸^{¥ÐÙ³ ÄÈ‚“}k÷7F£¼ÆRûUÓ8Iá6”‹œeB@^0–Pö8 ûž6âÈ
N!L0d¢ Y¾då^l
Would make it unreadable, and unable to be converted back to HEX without help from the game turning the UTF=8 code back into the buffer code
 

FoxyOfJungle

Kazan Games
Well... I tried to modify and read this data through a hex editor and several other things, but I still can't get anything relevant from it, so I believe that for a common end user, it is already considered safe... 🤔
 
Well... I tried to modify and read this data through a hex editor and several other things, but I still can't get anything relevant from it, so I believe that for a common end user, it is already considered safe... 🤔
Anyone using a hex editor certainly wouldn't be your average user 😂

...but they're also the ones most likely to know how to crack your save file. It's really not worth trying too hard since if your game is popular enough to attract those kinds of people, your game's probably doing well enough for itself. Buffers should absolutely stop most savefile snoopers. Bonus points if you add plaintext with scary words like "MODIFYING THIS SAVE FILE MAY PERMANENTLY CORRUPT YOUR SAVES"
 

HalRiyami

Member
In my opinion, spending a lot of time encrypting your save file isn't worth it. Editing save files is old. People these days just use Cheat Engine to edit everything in real time and your game can't do anything about it. Unless you're working on an online game, cheat prevention is an exercise in futility since everything is stored locally.
My advice is to do the minimum to make the save file unrecognizable and that's it.
 
Top