Data Obfuscation (or encryption?)

[Zach]

Hi all,

Something I want to nip in the bud early, is how to protect certain parts of my game data. I'm not looking for lectures on how nothing is uncrackable, people will always find a way, etc.
I just want to have a SIMPLE solution I can use, to keep the average, not-motivated-to-hack person, from modifying certain pieces of data to cheat.

I'm going to be storing most, if not all of my game data in Sqlite databases, so obviously I want to be able to prevent people from firing up any old SQlite DB viewer/editor and changing values to gain unfair advantage. I'm not sure I really want the hassle of having the DB file itself password protected, as I don't think PB's internal Sqlite does that, and I don't want to have to spend time learning how to use some complex looking include file/wrapper.

What about some simple encryption? I was thinking I can use something simple like that, and store the encrypted text in the database instead, then when the game is running, read the encrypted data back out from the DB, and decrypt it at that time.

Granted, I may have to encrypt both literal strings AND integers/floats or other types such as that.. I'm only looking to encrypt a small subset of game data, directly relating to things like Player statistics, money, combat or other special skill difficulty values. So I don't believe performance concerns would be very large.

or maybe I don't need encryption at all?

Could I just use some simple functions to reliably convert the data back and forth between different formats?
Or use simple character substitution?

I know very little about this kind of stuff, so the best case scenario I'm looking for is a very easy to use library, with half a dozen commands or less, that are easy to use, etc.
If anyone can help in this regard, it would be appreciated.

[Thorium]

You could use a simple XOR encryption. It obfuscates the data and is very fast.

[Zach]

http://www.purebasic.fr/english/viewtop ... 49#p282549

I found this, and it does look rather simple. But I don't really understand "what's going on".

Could anyone explain to me step by step, how it does what it does? And maybe give a more informative/"teaching" example.

Is there any difference to how you would treat Strings vs Integers/Floats, etc?


Ideally I'd like to be able to pass a variable, of whatever data type (String, Integer, Float, etc) through a procedure of some sort, which encrypts it and then inserts that encrypted data into an the database, and the same for decryption. Maybe even allowing me to do multiple encrypt/insert and decrypt/assign to variable, operations on one Proc call (i.e call it on a Structured Variable) Doing everything in one procedure, so I don't have to worry/think about it.

I am thinking to have a general "save/load the game" Procedure in mind, which saves the current state of the player, etc. So it would be run every once in a while, or at User invocation, and do a full save or restore of the game state. So having it all launch from one procedure would be ideal.

[Thorium]

What it does is:
It bitwise XOR's the bytes of the data you want to encrypt with the bytes of the key. Thats it.
If you dont know what bitwise XOR is, open the PureBasic help and take a look at "Variables, Types and Operators".

You can encrypt any kind of data, no matter if it's a text or a variable. However it's best to put the variables together in a structure and pass this structure to the encryption procedure. You can get the length of the structure by using SizeOf(StructureName).

[xorc1zt]

AES example

Code: Select all

Global tittlemessage.s
Global item1.s

Procedure DecodeStrings()
  codedstring.s = PeekS(?Gametitle)
  Length = Len(codedstring)
  *DecipheredString = AllocateMemory(Length+1)
  AESDecoder(@codedstring, *DecipheredString,Length, ?Key, 128, 0, #PB_Cipher_ECB)
  tittlemessage=PeekS(*DecipheredString)
  FreeMemory(*DecipheredString)
  
  codedstring.s = PeekS(?Item1)
  Length = Len(codedstring)
  *DecipheredString = AllocateMemory(Length+1)
  AESDecoder(@codedstring, *DecipheredString,Length, ?Key, 128, 0, #PB_Cipher_ECB)
  item1=PeekS(*DecipheredString)
  FreeMemory(*DecipheredString)
EndProcedure


DecodeStrings()
Debug tittlemessage
Debug item1

;+++++ DATA +++++ 
DataSection
;AES Key  
Key:
Data.b $06, $a9, $21, $40, $36, $b8, $a1, $5b, $51, $2e, $03, $d5, $34, $12, $00, $06

;Strings
Gametitle:
Data.b $1C, $A, $40, $98, $6, $16, $BF, $9D, $42, $3C, $A5, $52, $11, $1B, $A9, $D3, $E4, $FA, $6C, $65, $20, $0
Item1:
Data.b $23, $83, $11, $AF, $6C, $66, $BE, $34, $53, $4E, $DA, $33, $1D, $88, $EC, $4B, $20, $C9, $DC, $0
EndDataSection

[Zach]

Well I don't really understand much about it, but the XOR looks a lot simpler and easier to grasp (usage wise) so I think I may go with that.

[ColBoy]

SQLite actually supports encryption at the database level. I've used this in a Delphi application, but not PureBasic. You basically make a call to encrypt the database with a key. Then when you open the database, you provide the key. Unencryption happens seemlessly, with no changes to your code.

[USCode]

SQLite actually supports encryption at the database level. I've used this in a Delphi application, but not PureBasic. You basically make a call to encrypt the database with a key. Then when you open the database, you provide the key. Unencryption happens seemlessly, with no changes to your code.

Is this part of the standard SQLite library? I thought it was an extension that required an additional fee?
To use it I guess Fred would need to add a couple new commands as well to support the DB encryption? Too bad it couldn't be utilized with PRAGMA statements.

[ColBoy]

Is this part of the standard SQLite library? I thought it was an extension that required an additional fee?
To use it I guess Fred would need to add a couple new commands as well to support the DB encryption? Too bad it couldn't be utilized with PRAGMA statements.

You can get a free drop in replacement for SQLite3.dll with the encryption support here:
http://sqlite.phxsoftware.com/

I'm not sure how you do this directly on the DLL, as I was using a component that wrapped this up, but there is a password property
and then a properties element where I set encrypted=true

I hope this is of some help. I'm sure that the website will have further information, and a search on Google will probably help.

[Zach]

Fred mentioned in another thread that updating SQLite to a newer version requires them to make some "adaptations", to the source? (I'm assuming that's what he meant) so it works from within PB.

With that in mind, I posted a link to this open source project ( SQLCipher ) which does full database, 256-bit AES encryption.
It appears to use PRAGMA (so we can send it through DataBaseUpdate() like a normal SQL command??? )

I don't know which would be harder to implement, but I guess there are two options with the other one you linked to. Hopefully he will include one of them

I think they offer pre-compiled windows binaries, so I wonder if it could be swapped out....

Or at least used with an SQLite wrapper from the forums (where is the latest one? I think I had trouble finding it)