Protecting source code?

General discussion about LÖVE, Lua, game development, puns, and unicorns.
Post Reply
steVeRoll
Party member
Posts: 109
Joined: Sun Feb 14, 2016 1:13 pm

Protecting source code?

Post by steVeRoll » Tue Oct 30, 2018 11:18 am

With the method that is written in "Game Distribution" (for windows), It simply mashes up the löve executable with your source code. You can still open the executable with WinRar and extract the source code from there.
This is worrying for me because I am making a multiplayer game, and someone can make a modified client by changing the source code and running it. Is there any way to make it unreadable, or at least obfuscate it somehow? Thanks in advance.

grump
Party member
Posts: 603
Joined: Sat Jul 22, 2017 7:43 pm

Re: Protecting source code?

Post by grump » Tue Oct 30, 2018 11:36 am

LuaJIT has an option to compile Lua code to byte code. That's the easiest way to make your code unreadable. Several decompilers exist though. LuaJIT can also compile to object files that you can link with a C/C++ program.

Be aware that security by obscurity is not a sound concept and does not stop a skilled person from hacking your game. Making your client conceptually secure is the only way to prevent cheats. Obfuscation alone does not work for that, because being able to read the code is not the only attack vector. Data can be manipulated in other ways.
Last edited by grump on Tue Oct 30, 2018 11:43 am, edited 1 time in total.

User avatar
zorg
Party member
Posts: 2804
Joined: Thu Dec 13, 2012 2:55 pm
Location: Absurdistan, Hungary
Contact:

Re: Protecting source code?

Post by zorg » Tue Oct 30, 2018 11:42 am

Please let us not have this discussion again.

Yes, creating a yourgame.exe is nothing more than appending a zip (with or without .love as the extension) to the love (or lovec) executable.
Yes, you can open it with peazip, winrar, totalcommander, basically anything that's not a parsnip (or a potato).
Multiplayer games usually have two flavours, either completely peer-to-peer, or centralized using a server.
You can never guarantee security on p2p multiplayer games, due to the fact that clients simply connect to each other.
If you do use a server, then you need to verify the data received before you send that to all the other clients.

But, to answer your question in points:
- Yes, you can obfuscate your individual lua files by compiling them into binary chunks; you can even strip out debug information.
- The above has a small downside, in that strings will still be plainly visible; and a gigantic one in that it will not be portable anymore. (it will be tied to the used LuaJIT version; it may work for some platforms löve supports, but not all; the biggest divide is between desktop and mobile platforms in terms of the LuaJIT version used.)
- Since you didn't specify your reason to be that you're afraid someone would steal your code, i will refrain from stating the obvious about that one.
- It is still pointless work, due to what i said above. p2p can never be safe from tampering, and centralized should verify everything relevant anyway.

As to what grump was implying, cheatengine is the best example, being able to manipulate data in RAM; can't really obfuscate memory. :P
Me and my stuff :3True Neutral Aspirant. Why, yes, i do indeed enjoy sarcastically correcting others when they make the most blatant of spelling mistakes. No bullying or trolling the innocent tho.

grump
Party member
Posts: 603
Joined: Sat Jul 22, 2017 7:43 pm

Re: Protecting source code?

Post by grump » Tue Oct 30, 2018 11:48 am

zorg wrote:
Tue Oct 30, 2018 11:42 am
- The above has a small downside, in that strings will still be plainly visible; and a gigantic one in that it will not be portable anymore. (it will be tied to the used LuaJIT version; it may work for some platforms löve supports, but not all; the biggest divide is between desktop and mobile platforms in terms of the LuaJIT version used.)
Technically true, but hardly relevant for fused games.


User avatar
zorg
Party member
Posts: 2804
Joined: Thu Dec 13, 2012 2:55 pm
Location: Absurdistan, Hungary
Contact:

Re: Protecting source code?

Post by zorg » Tue Oct 30, 2018 12:25 pm

Found some more!

(with searching for "obfuscation" in the search bar on-site at the top-right corner)
https://love2d.org/forums/viewtopic.php?f=5&t=84994 - Makefile for code obfuscation and creating .love file
https://love2d.org/forums/viewtopic.php?f=4&t=80271 - about distributing on windows...
https://love2d.org/forums/viewtopic.php?f=3&t=78404 - Questions about the engine
https://love2d.org/forums/viewtopic.php?f=4&t=77237 - Loading encrypted variables in a saved file
https://love2d.org/forums/viewtopic.php?f=4&t=8118 - Pre-compiling files
https://love2d.org/forums/viewtopic.php?f=4&t=2351 - LOVE and bytecode
https://love2d.org/forums/viewtopic.php?f=4&t=1915 - Question about distribution.
https://love2d.org/forums/viewtopic.php?f=3&t=537 - Game specific licenses and issues

https://love2d.org/forums/viewtopic.php?f=3&t=79352 - A community problem in source code protection

Edit: even more... probably.
https://love2d.org/forums/viewtopic.php?f=4&t=85630 - it is a mystery :halloween:

Edit: and it keeps on going and it keeps on going... :3
https://love2d.org/forums/viewtopic.php?f=3&t=86959 - reverse engineering related
https://love2d.org/forums/viewtopic.php?f=4&t=87149 - yes, source openable on android too
https://love2d.org/forums/viewtopic.php?f=3&t=87272 - some interesting topics, incl. how steam handles these kinds of stuff
https://love2d.org/forums/viewtopic.php?f=4&t=88150 - encrypting executables

Finally an implementation that is most definitely useful! :nyu:
https://love2d.org/forums/viewtopic.php?f=5&t=88179

And of course, wiki pages:

https://love2d.org/wiki/Source_Obfuscation
https://love2d.org/wiki/LuaC
Me and my stuff :3True Neutral Aspirant. Why, yes, i do indeed enjoy sarcastically correcting others when they make the most blatant of spelling mistakes. No bullying or trolling the innocent tho.

Post Reply

Who is online

Users browsing this forum: No registered users and 33 guests