Obfuscation of code and assets

hello everyone, I am just starting with Castle Game Engine and Pascal!
A new language I am willing to learn :sweat_smile:
I have one question before diving deeper with the engine (I have followed the documentation code to start with).
So the question is: when I built the sample code I could access all my datas (gfx, sounds, …), aren’t they obfuscated? Same question for the code, anyone can see the code?
I may have tons of other questions coming :upside_down_face:

EDIT: Windows 10 64bit

Thank you.

Hello there! (Moved your post to new topic :slight_smile: )

No the data is not obfuscated. And while I believe there are no ready solutions to do that “automatically on all the assets” you can do that manually though. E.g. you can use BlowFish encryption on all XML assets, and i believe you can archive some assets into password-protected zip files.

The code on the other hand gets “compiled” so the original source is not available unless you publish it youself, e.g. on GitHub or as a separate package. However, as all compiled code it can be still reverse-engineered, but it’s hard so unless you’re developing something extremely expensive you shouldn’t be worried about that.

1 Like

thank you for your answer :slightly_smiling_face:
do you know if there is something like this in the planning?

That shouldn’t stop me from exploring Castle Engine :thinking: :slightly_smiling_face:

Are you asking about obfuscation of assets?

We don’t plan immediately to provide something like this, rather we give you tools to do it on your side – you can register a custom URL protocol, to read data in any way you like (including e.g. decrypt them using BlowFish) and use this system for all of your data. See castle-engine/examples/network/custom_url_handler at master · castle-engine/castle-engine · GitHub . In principle, the simplest would be to provide data as an encrypted zip file.

We could provide an example extending castle-engine/examples/network/custom_url_handler at master · castle-engine/castle-engine · GitHub to use BlowFish, if needed :slight_smile:

Note that CGE isn’t here very different than other engines :slight_smile: Other engines (e.g. Unity) also don’t put any special effort to obfuscate your data. Many engines pack your game data into separate file – but that’s just packed using well-known (or well-reverse-engineered) format, so users who want to “dive” into game data are free to do so. In our case, “Package” operation on a project packs it into zip, both the compiled exe and the data.

1 Like

Thank you for your answer :slightly_smiling_face:
The framework I am currently using has obfuscation :upside_down_face: when I export my game I have: “Encrypt asset files” and “Encrypt code files”.
I used godot a long time ago which has a .pck file which seems to encrypt the data(?) and I barely used unity so cannot really tell(?).

Imho users having access to my assets is not so cool :grimacing:
The compiled code is harder to reverse so this is good.

I am going to have a look at your links but it will take some time to digest as I am new to Pascal.

Looking forward to using Castle Engine (I installed the plugins for VSCode because Lazarus was so different from what I am used to).


As for Godot:

Note that Godot PCK is just an archive format, you can unpack it with e.g. GitHub - hhyyrylainen/GodotPckTool: Standalone tool for extracting and creating Godot .pck files .

Though I see they played with encryption, though also various comments point out it’s not critical:

That said, I of course don’t want to reject this idea just based on the grounds that others don’t have it :slight_smile: I understand the desire to obfuscate your data.

So this approach would do the trick:

  1. at release time, automatically encrypt all data (all the files in data/) with BlowFish
  2. when running in release mode, install URL handler (like in castle-engine/examples/network/custom_url_handler at master · castle-engine/castle-engine · GitHub ), that effectively reads the file from disk, decrypts (using a decryption key stored in exe) in memory, and serves a decrypted file.

( Note that I mention BlowFish just because it is trivial to use. There are other encryption algorithms available of course, they would play the role nicely too. )

If this is critical feature for you but you’re not sure how to exactly implement 1 or 2, let me know – we can help :slight_smile: I can also imagine implementing it at some point at CGE level.

1 Like

thank you michalis, it is not urgent for now, I was just asking :stuck_out_tongue:
I am far from finishing a project using Castle Engine :sweat_smile: so maybe when I am ready to release this feature will be available :slightly_smiling_face:

Thank you for your help, really appreciated.

Looking forward to play with Castle Engine and Pascal.

EDIT: imho assets shouldn’t be exposed to regular players? (only those who really want can crack anything using tools available on the web)