Encryption in Construct 2

  • After some emailing back and forth regarding the actual legal stance related to GraphicsRiver's license and unencrypted assets in released (Windows) desktop games, I asked for a definitive legal answer rather than "should be fine", and I have been moved up to level 3 support - to their legal department! Seems the situation is not as clear cut as it seems to be.

    The plot thickens... I'll keep you informed - might take a couple of days.

    I took the liberty of asking as well:

    Me:

    [quote:htnwrire]From your license here:

    https://graphicriver.net/licenses/terms/extended

    Specifically section 11:

    "You must not permit an end user of the End Product to extract the Item and use it separately from the End Product."

    If I put a licensed asset in my game, is that OK as long as my terms and conditions state that the end user is not permitted to extract the item?

    I'm concerned that the asset in my game is easy to extract and wouldn't want to be held liable.

    Their reply:

    [quote:htnwrire]I know you had to wait a while for us to get back to you, so thanks a lot for your patience. We have a crazy backlog but are working hard to tackle it <img src="{SMILIES_PATH}/icon_e_smile.gif" alt=":)" title="Smile">

    > If I put a licensed asset in my game, is that OK as long as my terms and conditions state that the end user is not permitted to extract the item?

    Yes, this should be totally fine.

    I'm here to help if you need any further assistance.

    Good luck with your game <img src="{SMILIES_PATH}/icon_e_smile.gif" alt=":)" title="Smile">

    Legal risk is a legitimate concern, but I'm yet to see any actual evidence that encrypting your game assets as people describe is a required step under licensed assets. Are there any more examples you have?

  • I'd vouch for implementing a simple encryption, but with a warning for the users that it's main purpose is to prevent customers from just unzipping the files and was implemented for possible legal issues with bought assets.

    I know it won't stop a bit more technical person to steal the assets, but I do think that if extra steps are necessary to get the assets instead of just unzipping a file, at least 75% of the people who would have stolen those assets won't do it. I think it's similar when a store leaves it's door for the night closed or locked.

  • I'd vouch for implementing a simple encryption, but with a warning for the users that it's main purpose is to prevent customers from just unzipping the files and was implemented for possible legal issues with bought assets.

    I know it won't stop a bit more technical person to steal the assets, but I do think that if extra steps are necessary to get the assets instead of just unzipping a file, at least 75% of the people who would have stolen those assets won't do it. I think it's similar when a store leaves it's door for the night closed or locked.

    I agree with what glerikud said.

    XOR encryption surely won't stop the big guys but it would be much better to have XOR in place,

    instead of leaving the majority of our game assets open for grabs in my opinion.

  • So I was thinking about this some more, and I guess something we could do with hopefully minimal performance impact is something simple like XOR encrypt the project name over the content of all asset files. If it's reversed at the point of loading hopefully there won't be too much delay (although this remains to be seen), and it stops you "just opening" any asset files.

    I'm personally 100% fine with this. This is exactly what I'm asking for, as I doubt that C2 games will get too many skilled hacker around. Plus as you already said, RAM extracting is also a thing, so too heavy encryption is useless anyway.

    But as I said, I'd rather have a small encryption than no encryption at all.

  • Tom,

    Yes, their legal department got back to me as well.

    [quote:1gsrzoeq]Legal has replied with an answer. The 'You must not permit' restriction in clause 11 is meant to stop a buyer from positively allowing - ie authorising (whether expressly or impliedly) an end user to extract the Item from the End Product.

    [quote:1gsrzoeq] "In answer to your question, you would not be in breach of clause 11 of the Extended License for this item if you released the game to the public with the GraphicRiver item sitting in an unencrypted file, however it would be best practice to include a terms and conditions text file with this game, using the wording you suggested.

    If it is trivial to do so, we would encourage you to encrypt the game's data files for your peace of mind."

  • Thanks for posting their response as well to confirm, so it looks absolutely fine and there aren't any obstructive legal issues with not encrypting your files as far as I can see.

    Are there any more examples, or is everyone currently satisfied that there are no identifiable legal issues to not encrypting your files at the moment?

  • Tom, well if we could at least get that XOR encryption, that'd be nice. As Ashley said, it'll mainly work as a placebo, and as it will work (a little bit), it should solve most problems: People complaining about having no encryption, and assets stealing actually dropping as it's not as easy to get the assets as it needs a little bit of knowledge, which most people that steal assets don't have.

  • It's good to know that there isn't any legal issues with the current method. However, I agree with skymen . An encryption would be useful, even if it's that simple as XOR.

  • Thanks for posting their response as well to confirm, so it looks absolutely fine and there aren't any obstructive legal issues with not encrypting your files as far as I can see.

    Are there any more examples, or is everyone currently satisfied that there are no identifiable legal issues to not encrypting your files at the moment?

    I don't think, based on this one case, that no other legal situations will arise where NOT encrypting will cause potential problems.

    While I have no knowledge of other instances, I think an option to encrypt assets would be a good thing to have in any case.

    At the very least I can say I have worked with artists before who would not like to see their work "out in the open", so to speak. To allay their and clients' fears (which are often emotion based) encryption would be good to have - aside from potential legalities.

  • Guys (hope someone is still watching this thread), I was wanting to get your opinion/experiences with asset theft in Construct (any version). I'm working on an article for my Tenebris Play Steemit blog about the prevalence of theft divided by engine and have tons for other engines but not much at all for Construct. Any input would be really helpful and I'm happy to link to your games/work at the end of the article.

    It's a tiny but still growing blog and if you want to take a look at the stuff I've done then decide you don't want to be included in the piece then I will totally understand. I'm an asshat, but not that much of one (I hope)

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Hello, Pantsu Champion

    Pretty much everything has been said in this thread.

    Construct 2 doesn't really encrypt files on export so you can extract them when they're being cached (in the case of a web game) or from the files in case of a desktop export.

    The protection is fairly basic, and code is much more protected than assets.

    Some games have suffered from this as we said. I'm thinking of The Next Penelope by Aurélien Regard (that you can find on steam) that had its assets stolen and reused in a commercial project.

    However, as Ashley said at some point, encrypting the assets doesn't prevent anyone from actually stealing them like in any other software as you can just grab them from the RAM or from the temporary files that are created.

    This thread is a year old and since then my own opinion changed on the subject. At the time I thought that we really needed encryption, but right now I don't think that a powerful encryption is really that mandatory. Primarily because 3rd party software can offer the same kind of service for free (or not) and that in the case of stolen assets which can happen anyway the copytight protection services are there to help, like in the case of The Next Penelope where the game was removed in under a few hours.

    When it comes to actual experiences, nobody ever stole any of my assets. Right now the only guy I'm sure had this happen to him is Aurélien Regard, but I recommend you try contacting developers from big Construct 2 games and ask them directly as this thread is pretty much dead and your chances of getting an answer here are pretty slim.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)