- Home /
Encrypting save files logic question
I'd like to encrypt save game files, but haven't yet worked out a good way to go about it. If I generate a key for my crypto, where would I store this so that it is relatively safe?
I realize there's no full proof method.
Current thoughts:
a) Just hardcode a key into the program - perhaps obfuscate it in the code
b) Dual layer: Use an MD5 hash hard coded, generate a key from Rijndael crypto on first game run for instance, hash that key store it in say the registry on a Windows OS..Perhaps generate a fake key file to throw off would be hacks.
c) Force all saves over the net (haha.. joking)
d) Multi layer hashing.. using several algs. Tho I think any decompiling of my code would make this extra effort worthless.
This is probably not of the utmost importance for this game.. Though, I was considering allowing players to cheat by purchasing cheat equipment.. Most gamers, self included, hate cheating, but if ure an adult say and limited on time but still want the satisfaction of winning and willing to pay for it, thought I might include it as an option..
Anyway, this is more for learning than anything, maybe you can help a few others at the same time. Thanks.
No one? sad face... I understand after .Net 3.5+ code is more obfuscated when decompiled, and so perhaps, some simple obfuscation of a hard coded crypto scheme may be sufficient or even perhaps, overkill. But I'd really like to know how others are going about it.
Well, I figured out a reasonable workable way, though I'm still toying with other ideas. For example, you can base part of the encryption password based on device information available for the particular system running the game. Certain things like graphics cards, etc. from SystemInfo.. Though I hesitate to implement this, because all savefiles will be corrupted if you change hardware. I tried tying it to the harddisk it's saved on, but apparently checking harddrive devices of .NET is not implemented in unity? On closed systems like ipad or iphone it may work however. This is just an added headache for an attacker though. Enough of one however, that will force a significant amount of work on their end if they want to make the full crack available to everyone.. if they crack it for themselves, it's much less of a pain for me than if they crack the entire game for everyone.
I would go with choice A, with the addition of an obfuscated assembly. Wikipedia lists the popular obfuscation methods for .NET here along with a few obfuscators.