Securing C2 game against pirating...

i'm 1-2 weeks away from finishing my soon-to-be commercial game, and before trying to distribute/sell it online i wanted to know:

1- are there any issues you have run into with particular online web sites or companies that cannot be trusted because they compromise the safety of your game, intellectual property, or try to cheat you with payments?

2- what precautions should i take now to ensure my online game is not hacked/pirated? there is no such thing as 100% hack/pirate proof, i understand that...but there are lots of things we can do to ensure our titles are not easy targets? any experiences, suggestions?

3- is there a special way i should ensure game play online to prevent the C2 code from being "read"/exposed, copied?

any other suggestions, recommendations, or advice you'd like to share?

thanks a million for sharing your past experiences.

Unfortunately anyone who can load the game can access the files. One thing you can do to minimize piracy (you can't stop it, and in trying to you will only make things worse for everyone) is test for whether it is being played on the right server. You can use the Browser.Domain or Browser.URL to do this. However, what you test it to is going to be plaintext in the files, so someone can crack it if they try. You could however, store it encrypted or in a way that C2's export will obfuscate it.

thanks a million Sumyjkl, what have you heard of the APK format being download?

i dont know much about advanced CAPX stuff, this is my first commercial/real game with C2 that i will be publishing, do you know what some folks have said? they discourage against posting your game on sites where the apk is exposed, or that the game is not removed from the local drive, after it is played.

not sure what all that means, and tried to research it with no luck...do you know if those things expose your game to piracy, and if so how to know which sites to distribute the game through and which sites to ignore? or what precautions to use for "removing" the game after it's played?

I know APKs are sometimes taken off Google Play etc. and hosted on other sites, is that what you are referring to? If so I can't imagine any way of guarding against that, apart from (maybe) testing for Google Play services (which would make the game online-only).

I think I know what you mean there in your second paragraph; when you play a game online you download the HTML5/Java/Flash etc. code needed to run it. Usually it's not hard to just find the files you have downloaded in this process (unless they're sneaky and only load into RAM somehow).

The reason it's not advisable is that people can download your game and reupload it somewhere else, earning ad revenue from your game and possibly hurting your reputation. However, there's not much you can do to stop this apart from testing whether the game is being hosted on the right server.

The site the game is hosted on has no power to force it to be deleted after it's played. Besides, someone wanting to get your game would just make a copy of it while the game was running.

As for what sites... There aren't any really. Google Play is good for a platform as people won't be likely to download it elsewhere, and apart from that your HTML5 can be downloaded and reuploaded easily regardless of what you do (unless you try to test for the right host).

I once made a DRM system which locked out all but certain host domains by checking against the obfuscated list of allowed domains. There are ways to do this, they just take some tinkering.

Sumyjkl, thanks a lot for all of your feedback...one last question and i promise i'll stop bothering you...

Do you recommend removing all comments from the code prior to "compiling" a version to upload on a server? although the C2 comments are vital for a large project, are they published in the final version (if so, that might make pirating easier). what are your thoughts, suggestions?

C2 does not export comments with the project, they're useless at runtime.

Also make sure you enable "minify script" when exporting, to make sure the Javascript is mangled to be unreadable.

coolness, thanks a million Ashley

The only way to prevent pirating, is to have all of your game logic on a server application. That way the client is just a dead pile of images without the logic to run it.

Gumshoe2029, thank you for your comment.

while your statement may be true, i dont think it is possible with C2 to create such a game.

in my original post, i indicated that it is not possible to prevent pirating 100% of the time, i only wanted to ensure i was taking the necessary precautions to ensure it was minimized and i was not making a newbie mistake of putting it all out on the internet to easily pirate, nor was i posting on questionable web sites.

1- Ashley recommended using "minify script", and also confirmed that developer comments within the game, which are very critical during development, are never in the final build (making reverse engineering a bit more complicated and time consuming)

2- Sumyjkl suggested to test for the right host

If you know of a practical way splitting the game into server-side and client-side components, please share it. I agree with your observation, but do not think it's feasible (at least not given my limited knowledge of C2).

Thank you everyone for sharing your knowledge and experiences on this tread, i hope my game will be successful and as secure as possible, given reasonable precautions and best-practices.

i dont think it is possible with C2 to create such a game.

It is. I have my development client running right now, and it works. Unless our server is down, then it just displays the background image and nothing else. Because our game client is worthless without the server application behind it, because all of the game logic is on the server. The client simply displays information and submits change requests.

I have to laugh some at all the people who think they can secure their HTML games without a server.

This post asks more or less the same question: and I have the same answer there.

Minifying helps, but it will not guarantee that your game will not be pirated.

then i want to do what you are doing also, but how?

how can you export your game via C2 so that there is a server-side (with all the data, logic, code) and a dumb client-side (with the art and audio)? how were you able to do this? also, is it scaleable? in another words, if your game is hosted on amazon and 10,000 people want to pay and purchase it, does it require any manual involvement on your part for selling/distributing the authentic client to the verified buyer or can they click and download the client on their device without any additional involvement by you.

as you have pointed out, this is important but unfortunately very difficult (at least it appears to be so, to me). thanks for your continued help on this.

IT'S HOPELESS.

EVEN IF

you manage to keep all your files 100% safe and secure, if it's a hit you're guaranteed to have some random scum of the earth clone your game using other means, maybe programming it themselves or buying existing assets.

That's why some "new" games you see everyday are like:

-A Candy Version of Bejeweled

-A Cookie Version of Bejeweled

-An Egg Version of Bejeweled

-A Poo Version of Bejeweled (Hell, for all we know Bejeweled Itself might be a clone of some other existing game.)

-A Plane version of Flappy Bird

-A Non-Pixel Art version of Flappy Bird

-A Dragon version of Flappy Bird

-A Rooster/Hen/Quail/Peacock/Flamingo/Hummingbird/Ostrich version of Flappy Bird

-A Flying Winged Segmented Turd version of Flappy Bird

Your only hope is to create a game, launch it, get lucky, make another one...

EDIT: CONFIRMED Bejeweled wasn't the original Match-3.

Source: https://en.wikipedia.org/wiki/Shariki

Considers the mechanics of a poo inspired Bejeweled.

Considers the mechanics of a poo inspired Bejeweled.

Match Poop of different consistencies.

Coiled up Dog Turds, White Bird splatter pellets, Bat Guano stuck on walls, Rat sh.....

Fun for the whole family.

Poojeweled?

Bepooled?

3 corns in a row gets an automatic flush.

Gigatron you got an fx for that?