🎉 Celebrating 25 Years of GameDev.net! 🎉
Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!
preventing lua hacking
Author
I''m working on a game project, and I am considering using Lua to script it. But theres a problem. When I eventually release a competed game, I do not want just anyone easily reverse engineering my AI etc. Is there any way to prevent this, such as encrypting scripts etc??
Thanks alot!
-dtekfoo
Lua allows you to compiler your scripts. If that is what you mean.
But to adding your own compression to your program and place all your scripts within it.
If someone wants to get into your scripts they will. That is life. So the more layers of security you put behind your application the easier it is to sway the rookie crackers. But those that are determined will, regardless of how extreme you want to go.
[edited by - Borfaux on May 25, 2003 2:31:52 PM]
But to adding your own compression to your program and place all your scripts within it.
If someone wants to get into your scripts they will. That is life. So the more layers of security you put behind your application the easier it is to sway the rookie crackers. But those that are determined will, regardless of how extreme you want to go.
[edited by - Borfaux on May 25, 2003 2:31:52 PM]
Author
Do you know how one might go about making a decoder for the lua scripts? Would you have to modify lua, or add something to the main engine?
Thx! -dtekfoo
Thx! -dtekfoo
You can also perform some simple encryption on the Lua script in addition to compiling it and compressing it, if you want.
I assume you mean disassembling a compiled Lua script. It would probably be just like disassembling something like Java or even a normal program, which creates a program that is a real pain to read. But I''m not sure how readable the result of disassembling Lua would be, it could possibly be easier to read and understand than normal assembly code. The only way to know is by learning how assembled Lua code works...
I assume you mean disassembling a compiled Lua script. It would probably be just like disassembling something like Java or even a normal program, which creates a program that is a real pain to read. But I''m not sure how readable the result of disassembling Lua would be, it could possibly be easier to read and understand than normal assembly code. The only way to know is by learning how assembled Lua code works...
I'm planning to use lua down the road. My anti-hack idea was to simply compare the client scripts with the server scripts (in on-line play) to see if they are the same. If they differ the client will auto-matically download the "proper" script. So hacked files will be replaced as they should be.
Script files are so small it would take no time at all the transfer the memory. So why not eh?
As for single player hacking... who cares? They're not hurting anyone. Let them fuck with the engine as much as they want. They might come up with some fun stuff.
[edited by - MindCode on May 26, 2003 1:20:05 PM]
Script files are so small it would take no time at all the transfer the memory. So why not eh?
As for single player hacking... who cares? They're not hurting anyone. Let them fuck with the engine as much as they want. They might come up with some fun stuff.
[edited by - MindCode on May 26, 2003 1:20:05 PM]
@Mindcode:
How are you going to know if the client itself hasn''t been hacked?
I could hack the scripts and the client program. Then when your servers has me about the scripts my hacked version tells it about the old scripts (which I keep lying around for this purpose).
Or I tell it about the hacked scripts, it send the new replacements - I say thank you and dump them in the recycling bin.
Off topic I know
I''d guess Lua was a lot more easily disassembled than most properly compiled languages.
If you are intent on protecting your scripts the best idea would be to encrypt them and then take the lua virtual machine (I assume it''s open source, if not change to Python
) and implement a JIT decrypter on top of it.
If do some decrypt at the beginning of the program (or level) then hacker will just rip the thing out of memory.
That said, of course, if they can find your decrypting code you are doomed anyway.
Have a think about it - if you come up with a bullet proof suggestion then you are sitting on gold
How are you going to know if the client itself hasn''t been hacked?
I could hack the scripts and the client program. Then when your servers has me about the scripts my hacked version tells it about the old scripts (which I keep lying around for this purpose).
Or I tell it about the hacked scripts, it send the new replacements - I say thank you and dump them in the recycling bin.
Off topic I know
I''d guess Lua was a lot more easily disassembled than most properly compiled languages.
If you are intent on protecting your scripts the best idea would be to encrypt them and then take the lua virtual machine (I assume it''s open source, if not change to Python
) and implement a JIT decrypter on top of it. If do some decrypt at the beginning of the program (or level) then hacker will just rip the thing out of memory.
That said, of course, if they can find your decrypting code you are doomed anyway.
Have a think about it - if you come up with a bullet proof suggestion then you are sitting on gold
You couldn''t do that while in game play.
Lets say you browse around, find a game and login to it. The server that it''s under checks the scripts that it going to load. You can''t give it different files than you intend to use, and you can''t switch the files afterword because they will already have been loaded. Even if you copy-paste the modified files after they''re replaced it won''t do you any good because the engine is already using the real ones.
The only way to really hack anything is to fuck with the binaries themselves. If anyone attempts that, then I say "good luck".
Lets say you browse around, find a game and login to it. The server that it''s under checks the scripts that it going to load. You can''t give it different files than you intend to use, and you can''t switch the files afterword because they will already have been loaded. Even if you copy-paste the modified files after they''re replaced it won''t do you any good because the engine is already using the real ones.
The only way to really hack anything is to fuck with the binaries themselves. If anyone attempts that, then I say "good luck".
In multiplayer the scripts shouldn''t be executed on the client at all if they''re AI related - you just can''t trust the client. In single player I agree with Mindcode, who cares? If someone wants to modify the AI more power to them. Maybe they''ll write better AI than you did.
Author
Heh, true dat. it may not be worth the trouble to encrypt it. As for keeping it server side, I''m trying to keep from spending too much money on server banks. For this reason, I think i''ll just make it client-client, and have the host act as a "server". This way, the only server I need is to connect peeps to their games.
This once again brings up the problem of scripts, since the host will be running all AIs. But as you guys have said so well, who cares? Heck, I could even write a mod so that people could program + compile AI scripts and pit them against each other. Thx 4 the wisdom guys.
This once again brings up the problem of scripts, since the host will be running all AIs. But as you guys have said so well, who cares? Heck, I could even write a mod so that people could program + compile AI scripts and pit them against each other. Thx 4 the wisdom guys.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
