How to secure your game assets



3,513 visits, 5,120 views


This tutorial hasn't been translated.



This tutorial is licensed under CC BY 4.0. Please refer to the license text if you wish to reuse, share or remix the content contained within this tutorial.

There are many known techniques and methods of protecting game assets from being stolen or riped but none of them are perfect, and some of them are quite complex (CRC32) or at least troublesome(hiding files in outside folder). What I want to share with you is a method I pretty much found on my own and it hasn't failed me since.

Using the new Scirra website opening as a nice opportunity, I will now share my method with others to add some positive fresh karma to this new place :)

The Method

This method doesnt ask you for programing skill or even a plugin. The only thing you need is your brain and txt file in which you will keep track of "what is where and what".

The whole method is based on Construct Classic's ability to load and read files regardless of its extensions as long as you state "how" it should be loaded.

For example, the biggest security concern are of course sound files, either be it music or SFX, which as we know are not encrypted into main exe file.

So in AppPath we all have folders like "music" or "SFX". And in there we propably have "intro.mp3" or "main_theme.ogg". Now you dont have to be a rocket scientist to just go there, take whatever you want and use it for your own. But why are you making it so obvious for eventual thiefs?

The best known protection against thiefs are not enhanced solid doors but doors hidden in a wall. In other words - the best protection is the one which challenges not the thief lockpicks - but his brain.

In days of internet there's not a thing that can't be hacked or cracked. And if one manage to do so - it spreads over the internet like a sickness.

Tell me, would you thought to look for music files in folder called "sgdfsgh" with bunch of files inside with "bmp" extension? I know I wouldnt. And if I would have troubles opening that files I would look for a alternative program able to open them. I wouldnt had a slightest clue that the graphic files I have discovered are actualy... music.

Construct Classic has this nice feature that if in event sheet you tell him to "play sound" or "load ini" he doesnt care if the target file has "bmp", "exe" or "lolwtfbbq" extension. He just follows orders. If you tell him that this rather small "intro.avi" file is the array you want him to load - he will ignore the existence of the extension and just load it... as it would be array. Or ini file, or any other file type you order him.

So the INI file in which you store the game saves can be named and loaded as e.g fridge.rar, mp3 files suddenly being bat files etc.

Points to remember

There are just 4 main points you have to remember here:

1. Use misleading names of files or names that doesnt give a clue e.g saves stored in "intro" or "sfgsgdsh"

2. The same but for folders, e.g graphic files in "music" or "3674767" folder

3. The same but for file extensions mp3 -> rar, bat or custom "bbq"

4. If you are trying to trick the thiefs you have to follow some basic logic. e.g so in folder spoofed "music" name files to look like music, "track01" etc.

The best is to mix all that above. Because, seriously... Would you be looking for a save files to hack in "SoundEffects" folder with files "ending.mp3" "intro.ogg"? Or music in "scripts" folder with bunch of txt?

And the less obvious you will make it the lesser are the chances that somebody else will find the solution. IF he'll find it. Because there are hundereds of known file extensions and no sane mind will go through all this trouble to check the files from every angle. Its just not worth it. And the only way of solving this is "trials and errors" method. And obviously also "catching" by screendumping or sound recording. But thats about it.

Cheaters and thiefs are mostly lazy. Their laziness is what make them look for someones else's work instead of creating something by themself, and for going for the short cut instead of the main road. You just exploit and take advantage of their nature.

There just one rule of thumb. Keep track of your files. Write somewhere what is really where and really what. And thats its!

Simplicity never fails. Or at least can be quickly repaired ;)

EDIT: If you wanna go hardcore you can of course always additionaly CRC32 all your files. Now thats a hidden door behind a wall + solid lock :)


  • Order by
Want to leave a comment? Login or Register an account!