sandy234

site lock question

Recommended Posts

I think this has been asked before and the simple answer is that no there isn't.

 

If you wanted to you could write a very simple algorithm to encode and decode a URL, so that the string that gets hardcoded in your game is not so instantly recognisable.

 

then when you want to use it you run the string through the decoder function first. That way the recognisable url is never visible to a cursory glance at your code.

 

But at the end of the day you are still pissing into the wind since your whole code is available for close inspection, including the decoder algorithm.

 

So you'd just be wasting your time really.

Share this post


Link to post
Share on other sites

I would add that in portal Flash world coded sitelock is mostly required to comply with primary license condition. Viral Flash games are making money, because people grab them and spread to thousands of hosts. So it is important to prevent such accidental grab of "non-exclusive" game. 

 

As you know even in Flash it does not stop determined cracker - nothing would stop 7k74 and other Chineese portals, for examples. Besides, even in Flash you cannot stop hotlinking (thus many Armor sitelocks are "spreading" quite well). 

 

In HTML5 world this viral spread just don't happen. So I don't even put sitelock code into my games. If big customer takes it by mistake, I'd send them polite mail, they will comply and I might even have a business opportunity with them. Shady portal will crack it anyway.

Share this post


Link to post
Share on other sites

i Guess its better not to bother with it. but atleast in flash they have mochi which protects thier code very well. We dont have anything like that in html5 here

 

Mochi? No - it does not even obfuscate the code. It simply loads an SWF from their server (from another small, presumably not even obfuscated SWF), using simple encrypting algrorithm. http://hackabee.blogspot.ru/2010/11/what-is-in-mochicrypt-secret-encryption.html

 

it used to be trivial to decompile. Maybe things changed since 2010, but I highly doubt it. 

 

SecureSWF is better and would put off casual cracker. But determined portal will still be able to find a place with a sitelock instructons just fine (directly in bytecode debugger, without reconstructing full AS3 original code).

Share this post


Link to post
Share on other sites

The primary problem with trying to sitelock the game is that the attacker doesn't even need to understand most of your game. They only need to modify the bit particularly responsible for sitelock. And while in Flash fancy things can be done to obscure the game and make it harder to recompose after modifying, in HTML5 there aren't many ways to go with this.

Moreover, since GameMaker uses pretty strict code generation patterns, with enough knowledge it would be also possible to deobfuscate all built-in function names and resource order. Ultimately down to generating project files from obfuscated JS. It's primarily a matter of time and someone's interest, you could say.

Share this post


Link to post
Share on other sites

You can't hide everything.

A clear sitelock URL is easier to find than an external Analytics request.

You can code the game so it doesn't work if the analytics doesn't respond with a HTTP 200 OK. The ofuscating code would do it hard to remove.

 

Anyway, you only can try to do it difficult. If a skilled enough programmer want to crack your game, he'll do.

Share this post


Link to post
Share on other sites

I have been giving this some more thought, in addition to analytics, which may or may not be detected, you could check the characters of the url string. For example, if your host is http://myhost.com, you could check if character 9 is = y and character 13 is = t. You may also want to check if the url string starts http:// or just www. Just an idea.  :)

Share this post


Link to post
Share on other sites
How to get a domain name of the top level window?

 

When I try to get domain by use window.top.location.hostname, I got security error:

Uncaught SecurityError: Blocked a frame with origin "http://my_game.com" from accessing a frame with origin "http://top_level.com". Protocols, domains, and ports must match.

Share this post


Link to post
Share on other sites

 

How to get a domain name of the top level window?
 
When I try to get domain by use window.top.location.hostname, I got security error:
Uncaught SecurityError: Blocked a frame with origin "http://my_game.com" from accessing a frame with origin "http://top_level.com". Protocols, domains, and ports must match.

 

I suppose that you want to restrict loading your game through iFrame? Try this code:

function inIframe () {    try {        return window.self !== window.top;    } catch (e) {        return true;    }}

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.