next »

[copman]

I'm starting a posting series about this topic, maybe this is interesting:

http://vempiregame.com/allgemein/our-road-to-alpha-i-securing-our-property-or-how-to-make-a-html5js-game-save/

any feedback is very welcome,

 Best Regards, Wolfgang

[pelle]

The only thing that makes JavaScript different from other code, like native or flash, is that someone that wants to make it human-readable can skip the single (usually trivial) "run a decompiler" step.

Just because one free obfuscators hid bad stuff in its output does not mean you must avoid all of them. At least with free (open source)  obfuscators you can have a look at what they do if anything looks suspicious. With a non-free one you do not get to see the source code of you just have to hope they are not doing something fishy.

If you put anything in the client (javascript or native or whatever) that allows the player to cheat, someone will. It is the server and protocol that needs protection. If a player wants to update the score seen in their client, let them. If there is any risk at all from players being able to decompile your client you already opened up to cheaters because obfuscation is never perfect and if your game is worth cheating in someone will find a way. I worked on a project that delivered java code that was so optimized and obfuscated it could not even in theory be decompiled (it contained sequences of instructions that could not be represented as valid Java source-code statements). Gave it a few months and some Russian dude had figured everything out and was publishing his own modified versions of the app anyway. Not that it was a loss in any way of course, more fascinating (I think we tried to hire him).

[copman]

Yes thank you, but not interested in the same old discussion, sorry!
I hardly disagree, but that's not the point here...

There are ways to make hacking client-side code harder, not more not less, maybe
someone is interested in this...

Part2:

http://vempiregame.com/allgemein/experience-with-jscrambler-part-i/

[Cheezmeister]

Wait, is it make a game save, or make a game safe? Two very different things!

[Sik]

I worked on a project that delivered java code that was so optimized and obfuscated it could not even in theory be decompiled (it contained sequences of instructions that could not be represented as valid Java source-code statements). Gave it a few months and some Russian dude had figured everything out and was publishing his own modified versions of the app anyway.

He most likely didn't even attempt to decompile it and just worked straight off a disassembly (remember that Java bytecode is still an instruction set and can be disassembled, after all)

[Sythnet]

I started out developing in JavaScript / HTML about 2 years ago and in that time the one important thing I learnt was not to worry about spending time trying to stop someone from stealing your code, reasons behind this is

1. As someone mentioned, if someone really wants to steal your game they will find a way
2. Someone who is looking to steal your game, was never going to pay for it anyway
3. I like to look at it as an honour that someone is willing to go out of their way to try and steal the game

Should spend more time into making your game then trying to secure it

My view on this subject anyway