Jump to content

Securing HTML games is it possible?


clark
 Share

Recommended Posts

My boss asked me today about my thoughts on attempting to secure games. 

In the past we had an encryption tool built into the build process of our Flash Games. It was a great tool and made it pretty impossible to just steal the SWF. 

Maybe a (easy to crack) domain check, or obfuscating the JS.... They seem like pretty meagre approaches but the best I have heard of. 

Basically, if someone is going to steal your game, should you just accept it and move on or is it worth spending time looking for solutions?

Thanks!
 

Link to comment
Share on other sites

You can't. All you can do is to minify your code.

No matter how you try to encrypt your code, you always have to provide a method to decrypt it so that the browser understands what to do.

 

If someone steals your code, then you can file a DCMA Takedown Notice, file a lawsuit, contact the one who stole your code, etc.

Another thing you can do is to work with websockets and keep some of the code serverside. That makes it harder for the average pirate,

Link to comment
Share on other sites

It's interesting all this. I'm not really bothered about locking down the actual code as it's the intellectual property that's important, plus 'view source' is basically how I learned front end development to begin with!

 

One thing that's difficult to lock down with HTML5 games is folks gaming the system by faking ther scores etc... via the console. Bit annoying if you want to run a leaderboard. That's something I'd like to find a secure solution for.

Link to comment
Share on other sites

The only thing you can do to have secure your code in you game is to put part of the code on the server side. NodeJS can help a great deal. But of course you'll need to have constant internet connection

 

But if the game is simple enough minify code will be enough since creation of the similar game will cost cheaper then reverse engineering it. 

Link to comment
Share on other sites

Here you may want to look at this: https://jscrambler.com/

 

This might be worth knowing about Javascript obfuscators.

 

See more: http://blog.kotowicz.net/2010/04/beating-javascript-obfuscators-with.html

 

Although Google is using Javascript obfuscators for examples Google Maps and they even say one of the nice side effects of GWT is code obfuscation.

 

Google have comment the topic on their FAQ for Google Web toolkit: http://code.google.com/webtoolkit/doc/1.6/FAQ_DebuggingAndCompiling.html

 

 

By default, GWT obfuscates the JavaScript it produces. This is partly done to protect the intellectual property of the application you develop, but also because obfuscation reduces the size of the generated JavaScript files, making them faster to download and parse.

Link to comment
Share on other sites

It's interesting all this. I'm not really bothered about locking down the actual code as it's the intellectual property that's important, plus 'view source' is basically how I learned front end development to begin with!

One thing that's difficult to lock down with HTML5 games is folks gaming the system by faking ther scores etc... via the console. Bit annoying if you want to run a leaderboard. That's something I'd like to find a secure solution for.

I think the same. If it's on the web, I accept that someone could copy it, but I can't figure out which is the best way to prevent fake requests, since this could affect the other players.

Link to comment
Share on other sites

I found this playtomic self-hosted backend server and got it set up locally without too much hassle: http://playtomic.org/

 

When I created it and ran a few API calls I noticed it has tables labelled as 'Ban' lists. I haven't dug through the code much but hopefully it means it has some sort of detection for spammy submissions. You can also be explicit about the Allow-Access-Origin header so the request has to come from your game URL. I know people can still use the console but seeing as you can store game variables on the server it could certainly help.

 

I guess obfuscation and something like playtomic is the way to go.

Link to comment
Share on other sites

  • 4 weeks later...

I heard that Game Maker obfuscates html5 exports for that very reason.

Can anyone speak to the strengths and weaknesses of varying obfuscation solutions as they compare to each other? Also is the Gamemaker obfuscation optional? I'm picking up an HTML5 Studio license and I'd like to make some changes to the code it spits out before releasing it into the wild.

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...