Protect .rpa and .rpyc from unpackers and decompilers
Forum rules
This is the right place for Ren'Py help. Please ask one question per thread, use a descriptive subject like 'NotFound error in option.rpy' , and include all the relevant information - especially any relevant code and traceback messages. Use the code tag to format scripts.
This is the right place for Ren'Py help. Please ask one question per thread, use a descriptive subject like 'NotFound error in option.rpy' , and include all the relevant information - especially any relevant code and traceback messages. Use the code tag to format scripts.
Protect .rpa and .rpyc from unpackers and decompilers
Hello, friends.
Anybody knows, how to protect .rpa and .rpyc files from unpackers and decompilers?
Target: protect Renpy game sources and resources (music, images) from been unpack and stolen.
Is there any instruments and ways to make this today?
Has the Renpy project the aim to provide such abilities to game developers?
Thanks.
Anybody knows, how to protect .rpa and .rpyc files from unpackers and decompilers?
Target: protect Renpy game sources and resources (music, images) from been unpack and stolen.
Is there any instruments and ways to make this today?
Has the Renpy project the aim to provide such abilities to game developers?
Thanks.
- PyTom
- Ren'Py Creator
- Posts: 16096
- Joined: Mon Feb 02, 2004 10:58 am
- Completed: Moonlight Walks
- Projects: Ren'Py
- IRC Nick: renpytom
- Github: renpytom
- itch: renpytom
- Location: Kings Park, NY
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
Unfortunately, this is impossible. For a game to run, it has to be able to read all of the resources involved in the game - all the information has to be present on the system to allow for unpacking to take place. So at best, all a game can do is obfuscate things a little, but as you can see from http://tlwiki.org/index.php?title=Tools , that doesn't work well.
Ren'Py is an open source project, we can't obfuscate as well as closed source ones can. Since closed source projects don't really handle obfuscation either, I'd prefer to just leave everything open.
Ren'Py is an open source project, we can't obfuscate as well as closed source ones can. Since closed source projects don't really handle obfuscation either, I'd prefer to just leave everything open.
Supporting creators since 2004
(When was the last time you backed up your game?)
"Do good work." - Virgil Ivan "Gus" Grissom(When was the last time you backed up your game?)
Software > Drama • https://www.patreon.com/renpytom
Re: Protect .rpa and .rpyc from unpackers and decompilers
PyTom, big thanks for your answer.PyTom wrote:Unfortunately, this is impossible. For a game to run, it has to be able to read all of the resources involved in the game - all the information has to be present on the system to allow for unpacking to take place. So at best, all a game can do is obfuscate things a little, but as you can see from http://tlwiki.org/index.php?title=Tools , that doesn't work well.
Ren'Py is an open source project, we can't obfuscate as well as closed source ones can. Since closed source projects don't really handle obfuscation either, I'd prefer to just leave everything open.
Sounds not good for commercial professional developers.
Renpy is pretty good project, and I think it can be open source and provide making non-open source games at the same time - this is would be big attract to many developers to develop Ren'py games.
- PyTom
- Ren'Py Creator
- Posts: 16096
- Joined: Mon Feb 02, 2004 10:58 am
- Completed: Moonlight Walks
- Projects: Ren'Py
- IRC Nick: renpytom
- Github: renpytom
- itch: renpytom
- Location: Kings Park, NY
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
Honestly, Ren'Py is used by a number of commercial developers - I don't think the situation is very different form other open-source and commercial game engines. The technical situation is all the same, so the only engines without unpackers are those lacking games important enough.
Supporting creators since 2004
(When was the last time you backed up your game?)
"Do good work." - Virgil Ivan "Gus" Grissom(When was the last time you backed up your game?)
Software > Drama • https://www.patreon.com/renpytom
- firecat
- Miko-Class Veteran
- Posts: 540
- Joined: Sat Oct 25, 2014 6:20 pm
- Completed: The Unknowns Saga series
- Projects: The Unknown Saga series
- Tumblr: bigattck
- Deviantart: bigattck
- Skype: bigattck firecat
- Soundcloud: bigattck-firecat
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
people do try to hack into the game, many do it for translating to their language, find any broken code, and try to steal (as already been known). people have been doing this from stream app all the way into console games, there is no absolute protection for them, only sensitive data like credit cards are well protected.ARGAMX wrote: PyTom, big thanks for your answer.
Sounds not good for commercial professional developers.
Renpy is pretty good project, and I think it can be open source and provide making non-open source games at the same time - this is would be big attract to many developers to develop Ren'py games.
Re: Protect .rpa and .rpyc from unpackers and decompilers
If you want to obfuscate, randomizing the names of your resource files/variables might be a good idea.
Of course, if you do obfuscate, it will be hard for people to fix your game if it gets broken by a new renpy/OS/library update. So I advise you shouldn't obfuscate for the better.
Of course, if you do obfuscate, it will be hard for people to fix your game if it gets broken by a new renpy/OS/library update. So I advise you shouldn't obfuscate for the better.
Re: Protect .rpa and .rpyc from unpackers and decompilers
There is one half-good way for protecting game sources (but it won't protect strings, like text told by characters)ARGAMX wrote: Target: protect Renpy game sources and resources (music, images) from been unpack and stolen.
1. Write all your VN logic as python module
2. Import that and use in your VN (documentation)
3. Use Cython or Nuitka to compile that python module to C code
4. For each platform/operating system you release, compile that C into .so/.dll and package it with your game
That way it won't be easy(but still possible) to steal your scripts (eg. minigames/logic),
because for that someone will have to know assembly and python's C api calls.
P.S. sorry for necro
Re: Protect .rpa and .rpyc from unpackers and decompilers
Could you provide an example?
Re: Protect .rpa and .rpyc from unpackers and decompilers
Can you clarify what you mean with 'stolen'?ARGAMX wrote:Target: protect Renpy game sources and resources (music, images) from been unpack and stolen.
Even if I would find a way to extract music or images, they are still copyrighted ('protected'). When I would use the 'stolen' resources for an own game and would upload it somewhere, there's a high possibility that I would run into *very* serious problems.
Let's say, I would create a game with 'stolen' resources and would upload it to Google's Play Store: The owner of the files would simply have to file an complaint online and Google would ban me from publishing software for the rest of my life. Without any court session and without any explanation from Google. And if the owner would sue me for copyright infringement, then I would be really in deep sh..
U.S. Copyright OfficeTwo main FBI divisions investigate intellectual property crimes:
Cyber Division
-investigates intellectual property crimes involving all digital and electronic works (including Internet, CDs, DVDs, etc) http://www.fbi.gov/ipr
Financial Institution Fraud Unit
-all other intellectual property crimes
There are three ways a complaint made be filed:
Complainants may contact their local FBI field office, and the complaint will be properly referred.
A complaint may be filed online at the Internet Crime Complaint Center http://www.ic3.gov and, again, it will be properly routed.
Suspected criminal activity of any nature may be reported online at https://tips.fbi.gov and will be routed accordingly.
I don't want to get an email, letter or even visit from the FBI because of a stolen image or song, do you?
BTW: There are tons of games around with cracked DRM (Digital Rights Management) and this games were made by big industry players (total revenues for the game industry in the U.S. hit $23.5 billion in 2015). I think it's a waste of time to try to protect your resources that way. Better start small by putting a proper copyright notice into your game.
- Ocelot
- Lemma-Class Veteran
- Posts: 2405
- Joined: Tue Aug 23, 2016 10:35 am
- Github: MiiNiPaa
- Discord: MiiNiPaa#4384
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
This is the place where I usually post a world map. I would like to see FBI visiting some Chinese mobile games shop, but it is highly unlikely to happen. International IP violations are relly hard to resolve. And it will cost you. Indie developers are especially vulnerable here. Also, unlike media assets, proving that code was stolen is really hard, if it was modified even a little.Karl_C wrote:I don't want to get an email, letter or even visit from the FBI because of a stolen image or song, do you?
I agree that it is impossible to protect your code and assets from determined hacker. However, each additional obstacle will deter some people, who otherwise would try to access them. Basic stuff, like obfuscating script, archiving assets and compiling code would make messing with your game not worth their time for many.
< < insert Rick Cook quote here > >
- Darim
- Regular
- Posts: 67
- Joined: Sun Jun 21, 2015 4:17 pm
- Organization: Setsuna Ken
- Github: SetsunaKen
- Location: Germany
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
Free your code. Trying to put a copyright on code is like getting a copyright on the alphabet and math.
You can't protect it from reverse engineering anyway.
Also people who want to learn how to make games in Ren'Py can benefit from it.
Same goes for audio and images. There is always a risk that someone will steel it. The only thing you can do is to send a takedown notice to Steam, Google...
You can't protect it from reverse engineering anyway.
Also people who want to learn how to make games in Ren'Py can benefit from it.
Same goes for audio and images. There is always a risk that someone will steel it. The only thing you can do is to send a takedown notice to Steam, Google...
No one outside USA cares about the FBI or copyright notices.Karl_C wrote:I don't want to get an email, letter or even visit from the FBI because of a stolen image or song, do you?
Last edited by Darim on Sun Oct 30, 2016 11:57 am, edited 1 time in total.
Re: Protect .rpa and .rpyc from unpackers and decompilers
You're right.Ocelot wrote:This is the place where I usually post a world map. I would like to see FBI visiting some Chinese mobile games shop, but it is highly unlikely to happen. International IP violations are relly hard to resolve. And it will cost you. Indie developers are especially vulnerable here. Also, unlike media assets, proving that code was stolen is really hard, if it was modified even a little.
They won't spend much time or money in reading your compiled code or obfuscated script. They will simply crack your game. And that's not all: They will even copy the original packaging and it's original hologram sticker.Ocelot wrote:However, each additional obstacle will deter some people, who otherwise would try to access them. Basic stuff, like obfuscating script, archiving assets and compiling code would make messing with your game not worth their time for many.
If you ever come to Asia, I can show you places where you can buy illegal copies of the latest games even before the official launch, compiled, obfuscated and DRM'd by an army of programmers.
So how does compiling and obfuscating will help indie developers?
-
- Regular
- Posts: 34
- Joined: Sun Aug 16, 2015 12:11 pm
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
May be its possible to create some additional code-key wich will be needs to decode .rpa file and place it in uncoded .rpu file, so game take it and encode files, but unrpatools and etc. without this additional code will not alowed to uncode them.
If it posible it looks viable
If it posible it looks viable
- NialGrenville
- Regular
- Posts: 184
- Joined: Tue Aug 30, 2016 6:30 pm
- Projects: PaS: The Awakening; The Heart Woods; The Witch and the Fairy
- Organization: Gabe Works, Inc.
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
*Thinks protecting against hackers will work
I am afraid to say; it will always be a battle sorely lost.
*Remembering other events in the past week*
You can however DRM creatively. If you're good enough. If it is possible with python.
That is probably the best way to get back at thieves and crooks. Just look at these: Good Game DRMs
I am afraid to say; it will always be a battle sorely lost.
*Remembering other events in the past week*
You can however DRM creatively. If you're good enough. If it is possible with python.
That is probably the best way to get back at thieves and crooks. Just look at these: Good Game DRMs
*Me*, *You, ***Calamazoo: *Singularity-A.I.*: *Proceed to processing
PaS: The Awakening, current status: 42%
The HeartWoods, current status: 0%
The Wonderful Mell! My PFI creator Honest Critique
PaS: The Awakening, current status: 42%
The HeartWoods, current status: 0%
The Wonderful Mell! My PFI creator Honest Critique
- dvemail
- Regular
- Posts: 35
- Joined: Sat May 28, 2016 1:50 pm
- Projects: Working on Patronus
- IRC Nick: dvemail
- Deviantart: ObdurateDemand
- Github: dvemail
- Contact:
Re: Protect .rpa and .rpyc from unpackers and decompilers
Although this is a very old thread, I'll add my $0.02 to it. All of the doomsaying 'you can't stop hackers' misses the point entirely. Even if all that your protection measures do is discourage the casual hack attempt, you've made giant strides commercially. Most users of most games do not haunt the pirate sites and exchange tips on how to get away with criminal behavior. Most kids who would happily use a pirated game won't do so if it's a little complicated and difficult to do. This is precisely why the game companies continue to pursue copy protection and DRM. Just because it might seem easy to *you* doesn't mean that it's actually easy.
Dropbox is a viable commercial entity with an interest in preventing the decompiling of their product. As a result, they have taken the effort to make their client more secure, even though it's in Python. What did they do? Here's an investigation: https://www.usenix.org/system/files/con ... kholia.pdf
The conclusion of the security researchers was that DropBox's measures were more than enough to deter any casual attack.
The value for me in all this is protecting (to whatever extent I can) the value to my company of the code being written. What we want to protect against is what happened to Princess Trainer and Witch Trainer. Those games were (pardon the pun) seminal in that particular area, and as a result were decompiled and copied and modified. While Akabur had / has no particular interest in monetizing those games, he would have been screwed if he had wanted to do so. In fact, one 'company' I'll refer to by the initials SC ripped his game completely and used it as a launch point for their own product.
Any argument that 'it's futile' misses the point that reducing theft of the code is what I'm interested in. You can't eliminate piracy. It's like ants... do you want a few ants in your house, or are you okay with tens of thousands?
Dropbox is a viable commercial entity with an interest in preventing the decompiling of their product. As a result, they have taken the effort to make their client more secure, even though it's in Python. What did they do? Here's an investigation: https://www.usenix.org/system/files/con ... kholia.pdf
The conclusion of the security researchers was that DropBox's measures were more than enough to deter any casual attack.
The value for me in all this is protecting (to whatever extent I can) the value to my company of the code being written. What we want to protect against is what happened to Princess Trainer and Witch Trainer. Those games were (pardon the pun) seminal in that particular area, and as a result were decompiled and copied and modified. While Akabur had / has no particular interest in monetizing those games, he would have been screwed if he had wanted to do so. In fact, one 'company' I'll refer to by the initials SC ripped his game completely and used it as a launch point for their own product.
Any argument that 'it's futile' misses the point that reducing theft of the code is what I'm interested in. You can't eliminate piracy. It's like ants... do you want a few ants in your house, or are you okay with tens of thousands?
Who is online
Users browsing this forum: snotwurm