Asset - Scripts TMC Secure INI

[icuurd12b42]

TMC Secure INI

Outputs: All

Type: Scripts

Included: Scripts, Test Room

Demo: None

Marketplace: https://marketplace..../tmc-secure-ini


Description:

Save your ini values securely on the client os

All the function of Studio's INI feature are included. The ini file is securely saved on the user's device

Supports All Outputs

Screenshots:

 

[Tornado]

@icuurd12b42

Hi!

I have your "TMC Christmas 2015 pack", but I only want to use "TMC Secure INI".

I added "TMC Christmas 2015 pack" to my project (via "my library" -> "add to project").
Then I got a window where I can choose which resources I want to import. I only chose your script/tmc_secure_ini/ folder and that way it was added to my project's scripts/ folder.
So far so good.

But when I wanted to commit changes to svn I saw that everything that "TMC Christmas 2015 pack" contains is in extensions folder!
Can you tell me why is that there? I don't want to commit all of that that into my SVN repository.

What I then did is I removed everything from extension folder:
TMC Christmas 2015 pack
TMC Christmas 2015 pack.extension.gmx
yymanifest.xml

and removed this

<NewExtensions>
<extension index="0">extensions\TMC Christmas 2015 pack</extension>
</NewExtensions>

from

MyProject.project.gmx

Then I started my game and tmc_sini script still worked.

Is this the way to go? Can I do it like that? Am I missing something important?

Sorry bothering you, but I haven't found more info on this topic. I don't know a thing about extensions. I read the docu and thought the extensions are more like binary executables like DLL and so on.

Maybe "TMC Secure INI" is so to say a native GML extension, but then again, why scripts are then two times in my project: once in extensions folder and second time in my project's in scripts folder?

Thank you very much!

 

[Bingdom]

Maybe Secure INI is so to say a native GML extension, but then again, why scripts are then two times in my project: once in extensions folder AND second time in my project in scripts folder?

Once you have imported all the resources, you can delete the extension.

 

[icuurd12b42]

yes, as bingdom said, you can delete the extension (from the resource tree). The scripts should stay. It's pretty annoying but that's how they decided to have it work...

 

[Tornado]

@icuurd12b42

Hi!

1)
We are using your TMC Secure INI. Very nice and stable extension.
We plan to release our game soon.
Can you please tell me which type of encryption did you use? I mean is it a self-made or you used some standard encryption algorithms/libraries?
If self-made, how safe is it in comparison to those worlds known standard algorithms?

2)
Our game will be communicating with our server to transfer the score etc...
As GMS doesnt offer https (couldnt find any information), we are forced to transmit the data via http, but then how to encrypt the traffic? I first thought I could use your scripts to encrypt, but then realized that the server would need to have the same algorithm if it wants to decrypt it. This would be maybe possible if you use some standard algorithms. Any hints on this?

Thx for your time!

 

[FrostyCat]

As GMS doesnt offer https (couldnt fine any information), we are forced to transmit the data via http, but then we have to encrypt the traffic.

The default HTTP functions in GMS 1.4 and 2.x support HTTPS, you just need to start your URLs with https://.

 

[icuurd12b42]

Let me be straight up with you.
1)
First the asset was written at a time when GM Studio did not offer buffer as means of data manipulation. This limited the encoding to string based encoding that exclude the nul character... limiting the type of encoding to pure ascii manip. in this case I decided on vigenere encoding
you can see the step of encoding in tmc_sini_write/read_string and tmc_sini_close/open

the system is a ds_map that has vigenere encoded values. The map is saved using Yoyo's secure_save function which was revealed by yoyo to not be that secure. Long story short, someone who knows what to do can figure out the data of the file. so if this is for a multiplayer game where data integrity is essential, be advised that I personally do not trust its security for any other purpose than stopping regular users from manipulating the data. Though that could be true for most data encoding...

Once yoyo added buffers to the language some people wrote data encoding that use more powerful encryption methods. Unfortunately I can't find the discussion on the old forum.

So, again, if you are using this for a game were the data in the ini is considered critical, I would not bet my house on its security.

2)
You cannot use this to encode http data as the secure_save is user machine dependant... therefore you could not decode it on the receiving.

 

[Tornado]

Thank you very much for the straight up answer! Regarding encrypted communication with server, I learned that GMS DO support TLS via https! (FrostyCat's answer plus one in another thread)

Also thanks to FrostyCat!