Encrypted Archives

Started by G_G, March 14, 2011, 08:35:09 am

Previous topic - Next topic

Ryex

I know it is used to authenticate assemblies. I've no idea how it works or what it entails.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

It's very simple. We just calculate a hash (e.g. MD5, SHA-1, SHA-2, etc.) and store the value somewhere. That way the package can't be edited without breaking the game because we calculate the hash for validation whether it was changed.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

well, you clearly know more about the subject than any one else on the team :P. I say that you com up with a way to implement the system. and if you need any thing in the editor let me know and I'll add it.

as far as I understand it we are going to encrypt the files and then sign them with a hash computed from the files. the hash will either be stored in a key file or attached to the  encrypted scripts file so that the engine can verify that nothing has been modified before running the game.

it sounds simple enough in principle and I'm not seeing any easily exploitable flaws. I say we go for it.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

October 05, 2011, 03:26:42 pm #43 Last Edit: October 05, 2011, 03:39:04 pm by Blizzard
Yeah, it's fairly simple. I was thinking of encrypting the file first and then creating a hash which is the simply appended at the end of the file (all done in Python during project compilation). When we read the file in the engine, we read the whole file and separate the hash at the end. Then we create a hash value in C++ and check if we got the same one as the one that was written at the end of the file. Finally, if the hashes match, we decrypt the data and we have the original file.

http://en.wikipedia.org/wiki/SHA-1
http://en.wikipedia.org/wiki/SHA-2

While SHA-1 is relatively safe, it was cracked with a theoretical attack. WIth SHA-2 we also have the option of different lengths (SHA224, SHA256, SHA384 or SHA512). For the C++ version, we can just take the code from Crypto++ which is public domain.

EDIT: I didn't take time into account. Maybe SHA-1 would be better suited for our needs after all.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

Then lets make our own lives a bit easier and just use SHA-1 for hashing. xD
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

October 05, 2011, 07:37:05 pm #46 Last Edit: October 06, 2011, 02:23:40 am by Ryex
Quote from: Blizzard on October 05, 2011, 03:26:42 pm
Yeah, it's fairly simple. I was thinking of encrypting the file first and then creating a hash which is the simply appended at the end of the file (all done in Python during project compilation).

I'd just like to point out that Python byte code is easily reverse engineered. much more so than a C++ assembly. so we need to do an elaborate method of obscuring the encryption key there too.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

October 06, 2011, 02:20:15 am #47 Last Edit: October 06, 2011, 09:31:00 am by Blizzard
Yes, we still have to think of a good encryption.

EDIT: Lol, a collegue at work sent me this link completely unrelated: http://www.inner-smile.com/nocrack.phtml
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

October 13, 2011, 11:24:07 pm #48 Last Edit: October 13, 2011, 11:40:24 pm by Ryex
We can;t put the encryption in the editor period we have to keep it in the game exe where it can be protected.

all members in python are public. a clever hacker could create a editor plugin that would bare the name space. if they searched long enough they would eventually find the component used for encryption.

and this exists http://sourceforge.net/projects/unpyc/
it translates python byte code to readable python code. so encryption in python is out period.

we should just make it so that running the game.exe with a -e arguments causes it to take the game data and encrypt it. if we want to be able to control which files get encrypted we could write a configuration file with the editor which the exe loads when it is stared as an encryptor.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

I am against putting it in the game exe as well. Then hackers would just need the Game.exe to get everything. One of the first things you do when you have to use encryption is taht you don' tput both the encryption and decryption code in the same place. And giving access through -e would basically render the whole thing pointless. Anybody could change the data files whenever they want. If we want to make it safer in the editor, I suggest a small .dll written in C that Python can load and use to encrypt.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

that could work I guess. the c dll that is. I really don't have any clue how to  write a C dll for python though
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

You just write the C DLL and compile it (careful, NOT a C++ DLL!). You should be able to easily call the DLL functions through Python just like in Ruby.

Oh, also, here's the Python code for the getting of environment variables that I said I'd give you. You probably call C DLL functions the same way.

    def getEnvironmentVariable(self, name):
       n = ctypes.windll.kernel32.GetEnvironmentVariableW(name, None, 0)
       if n == 0:
           return None
       buf = ctypes.create_unicode_buffer(u'\0' * 10000)
       ctypes.windll.kernel32.GetEnvironmentVariableW(name, buf, n)
       return buf.value


Don't forget to import ctypes.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

G_G

Perhaps I could actually help on this part a bit. When I was doing that Xbox to RGSS thing I was creating my own C DLL. First you need to create a Win32 project in Visual Studio. When the Wizard comes up click Next, then choose DLL and click Finish. When creating methods for this you have to export the methods to C. So I assume you shouldn't need a whole lot of methods.

extern "C" _declspec (dllexport) BOOL Encrypt()
{
    // insert encryption code here
}


Then you'd be able to access that Encrypt function.

Blizzard

October 14, 2011, 09:11:57 am #53 Last Edit: October 14, 2011, 09:14:59 am by Blizzard
The function should take 2 arguments: (unsigned char* stream, int streamLength)
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Blizzard

December 19, 2011, 05:17:02 am #54 Last Edit: December 19, 2011, 05:20:49 am by Blizzard
Reviving this topic one last time.

Ryex told me that he can encrypt and obfuscate the final .exe and Python code for the editor which basically means we can implement the encryptor in Python without problem. I will take care of that as I will also implement the decryptor in the engine. This means that things are simplified a lot. These are the procedures.

Encryption (Python):
1. generate a "static" encryption key using several method calls (for obfuscation, just to be sure) where the actual private key will be preselected (done only once)
2. read file (from here on, this is done for every file)
3. encrypt read data
4. create SHA-1 hash from encrypted data and append it to the end of the encrypted data stream
5. add 128 to the first byte (HURR HURR HURR)
6. write it all in a final file with .ade (data), .aae (audio) or .age (graphic) extension.

Decryption (C++):
1. generate a "static" decryption key using several method calls (for obfuscation, just to be sure) where the actual public key will be preselected matching the private key in the encryptor (again done only once)
2. read encrypted .ade, .aae or .age file (again done for every fiel)
3. add 128 to the first byte (same step for encryption and decryption HURR HURR HURR LITTLE HACK)
4. read file data, separating data and SHA-1 hash
5. create SHA-1 hash from encrypted data and compare it to the previously stored SHA-1 hash (check if data was messed with)
6. decrypt the data using the public key
7. write a temporary file, load the data and delete the temporary file by first overwriting it (simply opening it again in 'wb' mode) and then deleting it properly

As for the scripts encryption...
Obviously the scripts will be encrypted with RSA and hashed with SHA-1 as well. But additionally to that we will create a special key file that is shipped with the game. In this key file we will store the hash values for all scripts + each file. Basically we will have a file that has the hashes for every file combined with the main scripts file. This will result in as many keys as there are files. When we load the game, we randomly select a couple of these keys (10 or 20) and calculate those few hashes again. This will prevent a big loading overhead. If everything is fine, nobody has tempered with the scripts file. If it is not fine, somebody was messing with it (or with the given files) and the application will simply close (no error message or anything!).

This is the final solution!

And the previous note is there so I don't have to go through the whole topic the next time to find it.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

the python obfuscation is mostly a by product of the python code being translated to C++ code with calls into the python run time to do everything. if someone can understand it after it has been compiled then they are a god of reverse engineering.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

Also, the file with the keys will be the misleading "libarc.dll". HURR HURR HURR. If somebody asks what it does or why it differs in size among games, we just tell them that this is a file used for some specific game optimizations. :3
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

you tricky tricky bastard you.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

December 30, 2011, 07:16:35 am #58 Last Edit: December 30, 2011, 07:23:02 am by Blizzard
We must be awesome, because we reinvented something Steam did before us without knowing that Steam did it. :3

Quote[13:10] <~Blizzard> oh, BTW
[13:10] <~Blizzard> we thought of a really cool way to protect ARC's game files
[13:10] <~Blizzard> you know, so nobody except the game can decrypt the stuff
[13:10] <~Blizzard> and so nobody can replace the scripts file with their own :3
[13:12] <Zeriab> =o?
[13:12] * Zeriab is interested
[13:12] <~Blizzard> I can't really say much, obviously :P
[13:12] <~Blizzard> but let me phrase it like this
[13:13] <Zeriab> Are you going the Steam way of allowing individual encryptions which you can give to each person?
[13:13] <~Blizzard> the game will know if a file has been modified
[13:13] <~Blizzard> no, that would be too much
[13:13] <Zeriab> Oh, nice :D
[13:13] <~Blizzard> we have a universal system
[13:13] <~Blizzard> that will "encrypt" a few things depending on the game data
[13:14] <~Blizzard> you could say that no game will have the same "encryption pattern"
[13:14] <~Blizzard> and this encryption pattern will protect the game data
[13:14] <Zeriab> awesome, so it is a bit like what steam does :3
[13:14] <~Blizzard> this will not only disallow editing externally
[13:14] <~Blizzard> it will also prevent people from inserting their own scripts file to extract the data
[13:14] <~Blizzard> really? xD
[13:15] <~Blizzard> I have no idea how they do it xD
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

just a question, is it possible that we could use my CycleByte method as the base for the encryption? it uses SHA-1 and it's cryptography secure as far as I can tell it would be a fairly simple to implement it.

the only thing is that it uses the same key for encryption and decryption and I've no clue how to make it otherwise.
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />