Jump to content

Tracking & Protection of your games


SolarJS
 Share

Recommended Posts

EDIT:

6 reasons to NOT use JSCRAMBLER (after massive testing):

http://www.html5gamedevs.com/topic/5807-best-way-to-hide-javascript-code/?p=65903

 

And a shocking JScrambler performance test:

 

http://jsperf.com/jscrambler/5

________________________________________________________________________

 

 

I am just curious, how do you guys track where and how often your games are played? 

 

Also, which kind of protection, if any, do you use to protect / obfuscate your code? I wonder if there's a useful solution whithout harming performance too much...

Link to comment
Share on other sites

Why do you want to hide the code? Who's going to steal it?

One of the best ways to learn is looking at what other people have done.

Don't you want to share your knowledge? Do you think you are so good

that people will take everything from you and then overtake you?

What are you scared of? I'd be delighted if someone looked at my code.

(and surprised).

 

Here's a previous post link that might help you decide how to track your game progress...

 

http://www.html5gamedevs.com/topic/7130-how-many-times-has-my-game-been-played/

 

If you want some further help I will even send you the code. :D

Link to comment
Share on other sites

Because I put a lot of effort in it and build my own engine which can run even fast 2,5D arcade games on mobile at 60fps using simple canvas rendering. As far as I see it, it's a one of a kind thing out there. And I want to protect this advantage.

 

Sorry, I must have written it wrong. I meant track your games using tracking modules. Some kind of alternative to Flurry for HTML5. I want to track mainly on servers I do not control.

 

EDIT: Since I answered only your unedited post, here is the follow up:

Your link does not provide an answer I was looking for (see explanation above).

Link to comment
Share on other sites

Now I've trawled around looking for answers because I'm curious - how to hide code client side.

 

Upshot of my studies is that you can't. You can obfuscate or disable right click, or for security

place an index.html file in each folder and use.. 

<meta http-equiv="refresh" content="0; url=http://escapefan.com/">

That will take anyone trying to look at any of my folders to escape fan.com, where I spend too much time.

Good for security, but it doesn't solve the problem. From what I've been reading it seems you can make it

more difficult.

 

But anyone who is daft enough to look at code knows how to find it.

 

Now when you 'view source' you get a link to the code.....

<script src="http://code.createjs.com/createjs-2013.12.12.min.js"></script>

Correct me if I'm wrong but this is where the browser displays the script you are running

and you just click on it to see it.

 

So.

 

Could there be a way to stop the browser showing that script link using a server side script?

 

YES!    But I don't know what it is. PHP?

            <?phpfunction spamcheck($field){if (eregi("to:",$field) || eregi("cc:",$field)){	return TRUE;}else{	return FALSE;}}if (isset($_REQUEST['email'])){$mailcheck = spamcheck($_REQUEST['email']);if ($mailcheck==TRUE){echo "Invalid input.";}else{	$name = $_REQUEST['name'];	$email = $_REQUEST['email'];	$subject = $_REQUEST['subject'];	$message = $_REQUEST['message'];	mail("an-email@address", "Subject: $subject", 	$message, "From: $email"); 		echo "Thanks. We'll be in touch soon.";}}else{echo "<center style='margin-top: 800px;'><form method='post' action='contact.php'>		<table>	<tr><td>Name:</td><td><input type='text' name='name'></td></tr><tr><td>Email:</td><td><input type='text' name='email'></td></tr><tr><td>Subject:</td><td><input type='text' name='subject'></td></tr><tr><td>Message:</td></tr><tr><td colspan='2'><textarea name='message' rows='15' cols='40'></textarea></td></tr><tr><td><input type='submit' /></td></tr></table></form></center>";}?>

That works beautifully right click and no code where the form is. So it's using PHP to create the html and take it away.

Still not an answer but might help with the question. 

Link to comment
Share on other sites

Thanks for your help. I know it's not possible to prevent people to look at the script (for example you can simply bypass all javascript protections to hide your scritp by simply installing a proxy).

 

I mainly want to obfuscate and to make it unreadable in order to make the code extremely hard to understand. This is just to keep 99% away. Those who could have written it anyway can't be blocked. It's all a matter of time and knowledge you have to invest to understand it. And this barrier I want to rise :)

 

I first thought jscrambler would to the job, but it has a noticeable impact on performance, unfortunately...

Link to comment
Share on other sites

The only other thing I can think of, is to tweak your naming conventions and use your code

comments as a diversion.

//The space ships are created here//so don't write the code here for the space ships - make it in another file//link code snippets small and widevar momo = new dog(); //so momo isn't momo and dog isn't dog the user will see a cat maybedog.x = 0;dog.y = 0;

It would be a lot of work, I know I'd find it difficult to work out.

If I were to do it I would make an encryption on paper ...  Dog (name) will = cat (name)

1 will = 7, hat will = shoe. Then I'd make long helpful looking comments.

Such as; //Remember the dog function 'MUST' be placed in the 'head' section

of your html file...

and of course that would be wrong.

 

Then you could leave your code as clear as day to yourself, but not make sense

initially, to those that read code. No performance lag. Just a thought. =>

 

Call your images folder 'PHPincludes'. etc

Link to comment
Share on other sites

Also - I haven't tried this - YET.

 

Put a whole lot of dead misnamed links in your html file.

<?php $ head = [null];$ head = ['refresh.content.src'];?><!--So make it up, and lots of it--><script src="gameFile/gallery.js"></script><script src="goofys-revenge/functions.js"></script><script src="Central-file/IMAGES.js"></script>

Hang on I'll just try it.......

yep - the dead links seem to work perfect...

Should slow 'em down heaps, the more unique names the better.

It won't matter if your html file is 5mtrs long, computer/browser will

grab the right link and give the 'right clicker' on the wrong link

a 'no such file on this server' message.

 

Should slow down the 'cruisers' - like me. 

Link to comment
Share on other sites

I'm also wondering this. How much time should you invest in trying to protect your code? At the end of the day, if someone really wants to get it, there will be a way. Also keep in mind that anyone who takes the time to steal your game was never going to by a license from you anyway. Those two types of people don't mix. It doesn't take away from the frustration of having your work stolen though.

 

As mentioned in the thread, I only know of https://jscrambler.com and it's not a cheap option for casual devs.

 

I'll keep on the look out and post here if I find anything.

Link to comment
Share on other sites

First of all, if you really want to protect your code, do so server side. It really isn't very difficult, and it's the only safe way.

Having said that, regarding client-side techniques to make it harder for people to look at your code... I'd like to share a trick that we've been using for some time. It's just this script for prompt.js that I made specifically for WADE users, but could obviously be done for any other framework as well.

This is something you'd use in conjunction with other techniques, such as minifying your code and using eval rather than script tags to make it harder to debug (little used technique that actually helps a lot).

So the idea is that you can minify your code, and this will make it less readable. However, all the calls to the underlying framework are still very readable. Our script will scan your code, find all the calls to WADE functions, and replace their names with numbers. This actually has a positive impact on performance.

For example:

wade.loadScene() may be replaced with wade[2]()
wade.fadeOutLayer() may be replaced with wade[7]()

and so on. The things is, the numbers are different for each project, so there is no easy way to link numbers to function names. Of course there is a bit of obfuscated code that internally links numbers to names, but to the best of my knowledge it's never been de-obfuscated yet. And even when it is de-obfuscated, it will take me 10 minutes to change the obfuscation technique in the script. Also, the obfuscation script is open source and users are encouraged to tinker with it and personalize the obfuscation method.

I think the bottom line is: use your own custom obfuscation technique, and get it to a point where it takes you much less effort to change it, than it would take an attacker to figure it out.

Link to comment
Share on other sites

@harryWatson

Thanks for your effort. Maybe it's a component to add too.

 

@FyreTale

This is not to protect from potentioal customers, but mainly from these ripping sites etc.

 

@Gio

I think I will follow this road too.

 

@RavalMatic

I saw a strong performance hit, especially on Android stockbrowsers.

 

View also here to 6 reasons against it:

http://www.html5gamedevs.com/topic/5807-best-way-to-hide-javascript-code/?p=65903

 

And a performance real life test:

http://jsperf.com/jscrambler/5

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...