Asset - Scripts Savegame Custom System + Strong Encryption

MusNik

Member
Download: https://marketplace.yoyogames.com/assets/2441/savegame-custom-plus-encrypt

Savegame Custom System + Strong Encryption - gives you possibility to create custom save file which containes only variables you specified and uses strong encryption for protecting file from hack (Multiple-key XOR + Base64 + Hash check).

Demo: Download

Savefile: Example

Features:
  • Creates custom save file.
  • Savefile contains only information you specified.
  • Strong encryption and tracking changes of file.
  • Optimized, clean and commented code.
  • Perfect work on all most platforms - Windows, Mac, Linux, Android, iOS and other.
  • Cross-platform save file (doesn't use ds_map_secure).
  • Technical support for all who purchased.
You need intermediate knowledge of GML to use.

Please write a review if you like the asset and tell me your suggestions for improvement.
If you found an error in my code or my English, please contact me ;)
 
U

umetnik

Guest
I'm sorry, but your claim of "strong encryption" is a bit strange. First of all I would like to say I haven't seen the code, but I have a few objections based on your description.

Base64 doesn't help with encryption at all. It only encodes things and it is easy to decode. Hash check also doesn't add a lot to the security (unless you are actually using HMAC). Using fixed keys for XOR is also not a cryptographically sound idea. So I don't see have a combination of those could help.

I made a quick check of the attached demo and one can easily deduce in which parts of the file the values are stored. Then one would just need to play a bit more to see where you save your hash and which one you are using and after that it would be quite easy to fake the values. Unfortunately, you are randomly changing values of all variables so I didn't bother to hack it all the way. But with a Demo where just one value would change (e.g. increase value by 1 on each save), I'm pretty sure it wouldn't be that hard to break and might actually prove to be a fun exercise.

I must admit that without the hash, it would be trivial to hack, so its use makes it a bit harder to break, but definitely not enough to call it "strong encryption". Just a bit better than ds_map_secure (as was discovered here).
 

MusNik

Member
I'm sorry, but your claim of "strong encryption" is a bit strange. First of all I would like to say I haven't seen the code, but I have a few objections based on your description.

Base64 doesn't help with encryption at all. It only encodes things and it is easy to decode. Hash check also doesn't add a lot to the security (unless you are actually using HMAC). Using fixed keys for XOR is also not a cryptographically sound idea. So I don't see have a combination of those could help.

I made a quick check of the attached demo and one can easily deduce in which parts of the file the values are stored. Then one would just need to play a bit more to see where you save your hash and which one you are using and after that it would be quite easy to fake the values. Unfortunately, you are randomly changing values of all variables so I didn't bother to hack it all the way. But with a Demo where just one value would change (e.g. increase value by 1 on each save), I'm pretty sure it wouldn't be that hard to break and might actually prove to be a fun exercise.

I must admit that without the hash, it would be trivial to hack, so its use makes it a bit harder to break, but definitely not enough to call it "strong encryption". Just a bit better than ds_map_secure (as was discovered here).
Thank you for your investigation!

Base64 is not encryption at all in this case. I used this for standartisation of data that must be saved. As I mentioned in the asset description, ds_map_secure doesn't work properly on different platforms - it isn't cross-platform.

If you would hack my encryption I may think to make it safer.
 
Last edited:

andev

Member
I'm sorry, but your claim of "strong encryption" is a bit strange.
I also have not read the sourcecode, but if your password(s) are stored anywhere in the code in plaintext, all it would take is for someone to decompile the game and look for it.
 

MusNik

Member
@andev Yeah, except...
You know what else you can get when you decompile / disassemble the program? Anything: https://yal.cc/on-gamemaker-studio-game-decompilation/
You know what else type of encryption can be hacked? Any type.

There was no purpose to create a perfect encryption system for The Pentagon security. I wish to make an asset for people who want to encrypt their save files. Fast and efficient.
Hacking of save files is on the player conscience, he ruins his fun himself. We just don't allow him to do it easily. If he wants to break it, he will. Like in any other game.

Anyway, challenge is still on, try to break it without looking in the source code, Demo exe is available free.
 
Last edited:
Top