Jump to content

How to encrypt code?


kaasis
 Share

Recommended Posts

Hello!

I recently started working on game which is based with socket.io to make multiplayer game. But the thing is that all client side code is available anyone to read it by just inspecting source. Is there ways to encrpypt that code as much as possible? I see same thing is doing Phaser when building their product into .js file, it's just ton of text which is unreadable by human eye, i wanna know how i can do that what Phaser does.

Link to comment
Share on other sites

6 hours ago, Jammy said:

@kaasis You can minify and uglify with tools like UglifyJS

https://github.com/mishoo/UglifyJS2

And you can obfuscate but it may impact performance more.

https://github.com/javascript-obfuscator/javascript-obfuscator

It's worth researching minification, uglification and obfuscation.

How about UglifyJS2 security? Like is it hard to decrypt it? Also, i did research this type of stuff previously but didn't find really good solution.

Link to comment
Share on other sites

Your code will always be accessible to the client, neither obsfucating nor uglifying prevents users from altering/tampering with your code. 

The uglifying in fact, only slows down the process of understanding your code.

Therefore instead of spending too much time on encrypting the code on client side, you should work on the backend code to ensure the data form client are accurate.

Link to comment
Share on other sites

@kaasis javascript and frontend are a special beast. If you need security on your frontend, that means you are not doing the correct thing.

Imagine you are the bank (backend) and the user is a customer of such bank (frontend), you allow them to fill-in forms, withdraw money and even cash in checks but they absolutely need to go through YOUR people.
Would you put a fully unconstrained ATM behind a locked door? No, you would double-check every action and transaction before, during and after they have been executed and keep track of any inconsistencies.

On the other hand, if you are talking about security in terms of "people not stealing your code", as it has been already said, you can minify, uglify and obfuscate to basically make any attacker spend more time trying to undo those actions than writing the whole thing altogether.

Link to comment
Share on other sites

5 hours ago, Nesh108 said:

@kaasis javascript and frontend are a special beast. If you need security on your frontend, that means you are not doing the correct thing.

Imagine you are the bank (backend) and the user is a customer of such bank (frontend), you allow them to fill-in forms, withdraw money and even cash in checks but they absolutely need to go through YOUR people.
Would you put a fully unconstrained ATM behind a locked door? No, you would double-check every action and transaction before, during and after they have been executed and keep track of any inconsistencies.

On the other hand, if you are talking about security in terms of "people not stealing your code", as it has been already said, you can minify, uglify and obfuscate to basically make any attacker spend more time trying to undo those actions than writing the whole thing altogether.

I mean, i understand it already. All the calculations need to be done on server (Which i already have, so far) But how about the game itself? That's why i want to hide code atleast a bit so it's not that  you can steal game code with copy/paste. I will gonna take deeper look at uglifying and obsfucating code. Thanks guys for the answers!

Link to comment
Share on other sites

@kaasis You won't be able to encrypt your Javascript code. You can only go as far as uglifying and minifying it. 

Javascript isn't a compiled language. It lives and executes on the page that loads it. That's just how it works. You will always be able to get any Javascript that is running on a web page by inspecting, there is no real way to hide it, which is why we  uglifying/minifying it. As mentioned in the above posts, this will slow down people trying to make sense of your game code, however if someone is dedicated enough, they might be able to make sense of it (however that would take a ton of time and dedication to do).

Jammy provides some links that will help.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...