Asset - Scripts Savegame Custom System + Strong Encryption

Discussion in 'Marketplace' started by MusNik, Aug 19, 2016.

  1. MusNik

    MusNik Member

    Joined:
    Jun 21, 2016
    Posts:
    139

    Download: https://marketplace.yoyogames.com/assets/2441/savegame-custom-plus-encrypt

    Savegame Custom System + Strong Encryption - gives you possibility to create custom save file which containes only variables you specified and uses strong encryption for protecting file from hack (Multiple-key XOR + Base64 + Hash check).

    Demo: Download

    Savefile: Example

    Features:
    • Creates custom save file.
    • Savefile contains only information you specified.
    • Strong encryption and tracking changes of file.
    • Optimized, clean and commented code.
    • Perfect work on all most platforms - Windows, Mac, Linux, Android, iOS and other.
    • Cross-platform save file (doesn't use ds_map_secure).
    • Technical support for all who purchased.
    You need intermediate knowledge of GML to use.

    Please write a review if you like the asset and tell me your suggestions for improvement.
    If you found an error in my code or my English, please contact me ;)
     
  2. umetnik

    umetnik Member

    Joined:
    Jul 13, 2016
    Posts:
    12
    I'm sorry, but your claim of "strong encryption" is a bit strange. First of all I would like to say I haven't seen the code, but I have a few objections based on your description.

    Base64 doesn't help with encryption at all. It only encodes things and it is easy to decode. Hash check also doesn't add a lot to the security (unless you are actually using HMAC). Using fixed keys for XOR is also not a cryptographically sound idea. So I don't see have a combination of those could help.

    I made a quick check of the attached demo and one can easily deduce in which parts of the file the values are stored. Then one would just need to play a bit more to see where you save your hash and which one you are using and after that it would be quite easy to fake the values. Unfortunately, you are randomly changing values of all variables so I didn't bother to hack it all the way. But with a Demo where just one value would change (e.g. increase value by 1 on each save), I'm pretty sure it wouldn't be that hard to break and might actually prove to be a fun exercise.

    I must admit that without the hash, it would be trivial to hack, so its use makes it a bit harder to break, but definitely not enough to call it "strong encryption". Just a bit better than ds_map_secure (as was discovered here).
     
  3. MusNik

    MusNik Member

    Joined:
    Jun 21, 2016
    Posts:
    139
    Thank you for your investigation!

    Base64 is not encryption at all. I used this for standartisation of data that must be saved. As I mentioned in the asset description, ds_map_secure doesn't work properly on different platforms - it isn't cross-platform.

    If you hack my encryption I will improve the secure.
     
  4. zbox

    zbox Member GMC Elder

    Joined:
    Jun 21, 2016
    Posts:
    785
    :)
     
    Last edited: Mar 2, 2017
  5. Swyrl

    Swyrl Member

    Joined:
    Jun 28, 2017
    Posts:
    5
    so, uh, is there documentation for this or what?
     
  6. MusNik

    MusNik Member

    Joined:
    Jun 21, 2016
    Posts:
    139
    You need a documentation for two functions savegame_save and savegame_load? Okay, here it is:
    o_O
     
  7. andev

    andev Member

    Joined:
    Jul 2, 2017
    Posts:
    444
    I also have not read the sourcecode, but if your password(s) are stored anywhere in the code in plaintext, all it would take is for someone to decompile the game and look for it.
     
  8. MusNik

    MusNik Member

    Joined:
    Jun 21, 2016
    Posts:
    139
    @andev Except there is no way to decompile GMS games "so far".

    Of corse, if you don't mean disassembling. That's true. But...
    You know what else you can get when you disassemble or reverse-engineer the program? Anything.
    https://yal.cc/on-gamemaker-studio-game-decompilation/

    There was no purpose to create a perfect encryption system for The Pentagon security. I wish to make an asset for people who want to encrypt their save files fast and efficient.
    Hacking of save files is on the player conscience, he ruins his fun. We just don't allow him to do it easily. If he wants to break it, he will.

    Anyway, challenge is still on, try to break it without looking in the source code, Demo exe is available free.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice