Protecting source code?

steVeRoll · Post by **steVeRoll** » Tue Oct 30, 2018 11:18 am

With the method that is written in "Game Distribution" (for windows), It simply mashes up the löve executable with your source code. You can still open the executable with WinRar and extract the source code from there.
This is worrying for me because I am making a multiplayer game, and someone can make a modified client by changing the source code and running it. Is there any way to make it unreadable, or at least obfuscate it somehow? Thanks in advance.

grump · Post by **grump** » Tue Oct 30, 2018 11:36 am

LuaJIT has an option to compile Lua code to byte code. That's the easiest way to make your code unreadable. Several decompilers exist though. LuaJIT can also compile to object files that you can link with a C/C++ program.

Be aware that security by obscurity is not a sound concept and does not stop a skilled person from hacking your game. Making your client conceptually secure is the only way to prevent cheats. Obfuscation alone does not work for that, because being able to read the code is not the only attack vector. Data can be manipulated in other ways.

zorg · Post by **zorg** » Tue Oct 30, 2018 11:42 am

Please let us not have this discussion again.

Yes, creating a yourgame.exe is nothing more than appending a zip (with or without .love as the extension) to the love (or lovec) executable.
Yes, you can open it with peazip, winrar, totalcommander, basically anything that's not a parsnip (or a potato).
Multiplayer games usually have two flavours, either completely peer-to-peer, or centralized using a server.
You can never guarantee security on p2p multiplayer games, due to the fact that clients simply connect to each other.
If you do use a server, then you need to verify the data received before you send that to all the other clients.

But, to answer your question in points:
- Yes, you can obfuscate your individual lua files by compiling them into binary chunks; you can even strip out debug information.
- The above has a small downside, in that strings will still be plainly visible; and a gigantic one in that it will not be portable anymore. (it will be tied to the used LuaJIT version; it may work for some platforms löve supports, but not all; the biggest divide is between desktop and mobile platforms in terms of the LuaJIT version used.)
- Since you didn't specify your reason to be that you're afraid someone would steal your code, i will refrain from stating the obvious about that one.
- It is still pointless work, due to what i said above. p2p can never be safe from tampering, and centralized should verify everything relevant anyway.

As to what grump was implying, cheatengine is the best example, being able to manipulate data in RAM; can't really obfuscate memory.

grump · Post by **grump** » Tue Oct 30, 2018 11:48 am

zorg wrote: ↑Tue Oct 30, 2018 11:42 am - The above has a small downside, in that strings will still be plainly visible; and a gigantic one in that it will not be portable anymore. (it will be tied to the used LuaJIT version; it may work for some platforms löve supports, but not all; the biggest divide is between desktop and mobile platforms in terms of the LuaJIT version used.)

Technically true, but hardly relevant for fused games.

pgimeno · Post by **pgimeno** » Tue Oct 30, 2018 12:02 pm

zorg · Post by **zorg** » Tue Oct 30, 2018 12:25 pm

Found some more!

(with searching for "obfuscation" in the search bar on-site at the top-right corner)
viewtopic.php?f=5&t=84994 - Makefile for code obfuscation and creating .love file
viewtopic.php?f=4&t=80271 - about distributing on windows...
viewtopic.php?f=3&t=78404 - Questions about the engine
viewtopic.php?f=4&t=77237 - Loading encrypted variables in a saved file
viewtopic.php?f=4&t=8118 - Pre-compiling files
viewtopic.php?f=4&t=2351 - LOVE and bytecode
viewtopic.php?f=4&t=1915 - Question about distribution.
viewtopic.php?f=3&t=537 - Game specific licenses and issues

viewtopic.php?f=3&t=79352 - A community problem in source code protection

Edit: even more... probably.
viewtopic.php?f=4&t=85630 - it is a mystery

Edit: and it keeps on going and it keeps on going...

viewtopic.php?f=3&t=86959 - reverse engineering related
viewtopic.php?f=4&t=87149 - yes, source openable on android too
viewtopic.php?f=3&t=87272 - some interesting topics, incl. how steam handles these kinds of stuff
viewtopic.php?f=4&t=88150 - encrypting executables
viewtopic.php?f=4&t=91758 - "online singleplayer" - serving assets from a server... in the end they'll still be in the user's memory though.
viewtopic.php?f=4&t=92486 - Only the end, did it turn into this topic.
viewtopic.php?f=4&t=93695 - Hi!

Finally an implementation that is most definitely useful!

viewtopic.php?f=5&t=88179

And of course, wiki pages:

https://love2d.org/wiki/Source_Obfuscation
https://love2d.org/wiki/LuaC

Protecting source code?

Protecting source code?

Re: Protecting source code?

Re: Protecting source code?

Re: Protecting source code?

Re: Protecting source code?

Re: Protecting source code?

Who is online