Make unreadable save file

[Joubarbe]

Hi,

In the mini-game I'm currently developing, I generate a lot of random data when the user launches the application for the first time. I create lists, arrays, variables, etc. I would like to be able to retrieve these data and manipulate them to and from an external save file, and make it unreadable for the user. I'm a new user and I don't really know how to manage that in an efficient way. I could use the Packer and Cipher libraries, but I'm not sure if it's the best way to do that. Write a binary file ? Don't know either how to do that in PB (is there a writeBin kind of function ?).

I'm not going to have a "save file" button, but an active save system, where each action is stored at every moment and can never be "rollbacked". But I digress, it's another problem.

Thank you.

[Shield]

Simply said, it can't be done. Encryption can't work because it would require a password
that would also need to be stored on disk, rendering the encryption useless.

You can't prevent users from "cheating", it's their data, but you can make it a little more difficult.
In your case I'd go with a binary file and possibly scrambled data to make it less obvious.

Furthermore I'd include several checksums spread across the data. If the user modifies the save file,
he or she also needs to modify the checksums correctly which might not be that easy for "normal" users.

[heartbone]

Yes you can do that quite easily.
This program will demonstrate the concepts.
Instead of getting user input, and padding it to 16 characters,
simply build your 16 character KEY$ internal to your program and use it.
Something like KEY$=Chr$(39)+Chr$(101)+...

Code: Select all

    KEYPAD$="123456789ABCDEF"
    If OpenConsole()
       ConsoleTitle("GRIDIRON'S File Crypter")
       PrintN("Type in the filename to process.")
       FILE$= Input()
       If Len(FILE$) And FileSize(FILE$)>0
          If OpenFile(1,FILE$)
             PrintN("ENTER (up to) 16 CHARACTER KEY")
             KEY$= Input()
             LK= Len(KEY$)
             If LK>0
                If LK>16
                   KEY$= Mid(KEY$,1,16)
                Else
                   If LK<16
                      KEY$= Mid(KEY$+KEYPAD$,1,16)
                   EndIf   
                EndIf
                TOTSIZ= FileSize(FILE$)
                *DECRY= AllocateMemory(TOTSIZ)
                *ENCRY= AllocateMemory(TOTSIZ)           
    GETTYPE:           
                PrintN("Enter E for ENCRYPTION, D for DECRYPTION, OR Q TO QUIT")
                TYPE$= Input()
                If TYPE$="E" Or TYPE$="e"
                   ReadData(1,*DECRY,TOTSIZ)
                   CloseFile(1)
                   AESEncoder(*DECRY,*ENCRY,TOTSIZ,@KEY$,128,0,#PB_Cipher_ECB)
                   OpenFile(2,FILE$)
                   WriteData(2,*ENCRY,TOTSIZ)
                   CloseFile(2)
                   PrintN("FILE ENCRYPTED")
                   Delay(3000)
                Else
                   If TYPE$="D" Or TYPE$="d"
                      ReadData(1,*ENCRY,TOTSIZ)
                      CloseFile(1)
                      AESDecoder(*ENCRY,*DECRY,TOTSIZ,@KEY$,128,0,#PB_Cipher_ECB)
                      OpenFile(2,FILE$)
                      WriteData(2,*DECRY,TOTSIZ)
                      CloseFile(2)
                      PrintN("FILE DECRYPTED")
                      Delay(3000)
                   Else
                      If TYPE$<>"Q" Or TYPE$<>"q"
                         Goto GETTYPE
                      EndIf   
                   EndIf   
                EndIf           
             EndIf   
          EndIf     
       EndIf
       CloseConsole()
    EndIf

[Joubarbe]

Ok thank you heartbone I will try that.

@Shield : I'm a normal user in that case, and I have no idea how to do that Encryption looks like a good idea, because the password is stored in a DataSection, not on an external file. Anyway, the goal is not to make a 100% cheat-proof software, I know it can't be achieved, and I don't like the idea of forbid access to your own files. But modifying some of them can be harmful for the application and can lead to CTDs, so I prefer to hide some of the main elements.

[Shield]

Well, storing the key in a data section is pretty much the same as in an external file.

I stick with my original recommendation.
If changing the files might cause harm in any way, checksums could help out there a lot.
Basically, if your program detects that a checksum is wrong it won't even attempt to "execute"
whatever it finds.

If you simply want to scramble you might as well use a faster algorithm,
for example simple and straight forward ROT13 (or similar procedures) to quickly scremble the data.

[Joubarbe]

Well, if someone has the "skill" to retrieve the password in the DataSection, he knows for sure that modifying a program is not harmless. That's not the case however if a user sees in a .txt file "NumberOfElement = 5" and decides to change it to 10,000 (leading the app to a crash).

But ! The checksim is maybe easier to implement than I thought, so I'll do some tests. (you're talking about the CRC32FileFingerprint() function ?)

[Thorium]

Thats a perfect example for XOR encryption. Makes the data unreadable by humans, is the fastest encryption, very easy to implement and understand even for someone who knows nothing about encryption and security is no priority.
Just search the forum there should be some codes.

[luis]

I agree with Thorium, a simple XOR would be more than enough to avoid human tampering.
If you want to do something extra you can add a checksum at the end/start of the file to verify it has not been touched. Since you have to XOR both when reading and writing, calculating and verifying a checksum come at practically no cost.

[Joubarbe]

What are the differences between heartbone's solution (AES encoding) — which I think it's fine — and XOR encoding ?

[TI-994A]

...make it unreadable for the user.

...if a user sees in a .txt file "NumberOfElement = 5" and decides to change it...

Hello Joubarbe. If the only requirement is to obfuscate the data from the casual user, a simple string scrambler should suffice. There are many ways to do it, but here's one example:

Code: Select all

Enumeration
  #MainWindow
  #String
  #Scramble
  #Unscramble
EndEnumeration

Procedure.s Scramble(normalString.s)
  Protected scrambledString.s, zigZag = 1
  normalString = ReverseString(normalString)
  For L = 1 To Len(normalString)
    scrambledString + Chr(Asc(Mid(normalString, L, 1)) + zigZag)
    zigZag = -zigZag
  Next L
  ProcedureReturn scrambledString
EndProcedure

Procedure.s unScramble(scrambledString.s)
  Protected normalString.s, zigZag = -1
  For L = 1 To Len(scrambledString)
    normalString + Chr(Asc(Mid(scrambledString, L, 1)) + zigZag)
    zigZag = -zigZag
  Next L
  ProcedureReturn ReverseString(normalString)
EndProcedure

wFlags = #PB_Window_SystemMenu | #PB_Window_ScreenCentered
OpenWindow(#MainWindow, 0, 0, 500, 100, "Text Obfuscation", wFlags)
ButtonGadget(#Scramble, 20, 30, 90, 30, "SCRAMBLE")
ButtonGadget(#Unscramble, 390, 30, 90, 30, "UNSCRAMBLE")
StringGadget(#String, 120, 30, 260, 30, "enter a test string here...")

Repeat
  Select WaitWindowEvent()
    Case #PB_Event_CloseWindow
      appQuit = 1
    Case #PB_Event_Gadget
      Select EventGadget()
        Case #Scramble
          SetGadgetText(#String, Scramble(Trim(GetGadgetText(#String))))
        Case #Unscramble
          SetGadgetText(#String, unScramble(Trim(GetGadgetText(#String))))
        Case #String
          Select EventType()
            Case #PB_EventType_Focus
              If Not init 
                SetGadgetText(#String, "")
                init = 1
              EndIf
          EndSelect
      EndSelect
  EndSelect
Until appQuit = 1

Just a suggestion.

[Joubarbe]

I can't achieve to open a BriefLZ archive. Is there a way to open that in an existing application like WinRAR ? Because if there isn't any, well, that's enough to keep users away
In any case, I think I'm going to use an archive, encode it, maybe add some checksum tests, and voila!

(and thanks - again - TI-994A for the suggestion)

[Shield]

Thats a perfect example for XOR encryption.

Good idea, I agree!

@Joubarbe
I wasn't specifically talking about CRC32, but in general, yes.