How to Protect Your Source Code and Game Assets?

Regarding C#, decompilers such as “dnSpy” and “ILSpy” let users see your application’s source code.
I’m not sure if they also extract game assets such as images, music, and sfx, but I assume they do so as well.

What is the standard (or most popular) way for MonoGame/C# developers to protect their source code and game assets?
EDIT: Preferably free options so more developers can use them.

I know there’s no such thing as 100% code and asset protection because even titles from big-name publishers get their assets ripped, but I want to at least do what the majority of developers are doing, especially with regards to protecting source code.

I have also read that code obfuscators (that try to combat code decompilers) have a tendency to affect game performance. I assume this is because they make code go from one place to another several times as part of their obfuscation algorithm, but that’s just a guess.

Not the most cheerful topic, I know, but I think it’s something that the MonoGame community should set a standard for if one isn’t already in place to help protect each developers’ hard work.

As this will become a dead thread, just want to say…

Don’t waste your time unless you owe it to a third party to protect their assets.

You could end up wasting time and money doing a pointless thing… You made this clear yourself.

There is a plus side to people doing mods or parodies, I call it Free Marketing.

Note that if they use it in a negative/image ruining way [IANAL: I Am Not A Lawyer] You could sue, but honestly, use your time to make the game good and spend the time growing an audience.

So most MonoGame developers simply don’t bother with this subject at all?
That’s okay, I suppose, but I still think this is something most developers should be thinking about.

The question was actually so we can have something of a precautionary measure for the future, so if a developer later decides to publish their game and sell it online for example, they have a set of steps they can follow to at least mitigate the most common attempts at trying to steal their source code and assets.

I feel that having a standard procedure to protect your IP from most attacks is still better than having no protection at all, and if a developer isn’t concerned about that sort of thing, then they always have the freedom to ignore them.

I asked this for those developers who do care about keeping their IP as private as possible.
They may be a minority, but I still think that having standards for this sort of thing is a good idea overall.
Preferably free options so more developers can use them (they can always move on to paid options once they get big enough).

Thanks for sharing your thoughts, though!

I can’t really read your wording; you contradict yourself constantly…

And misinterpret other people’s messages.

My apologies if I misinterpreted your message.
Reading it back, it was just your two cents.
Apparently the words “just want to say” didn’t register so well for me the first few times I read it.

Also, what contradictions have I said? I’m afraid I don’t understand, but I would be more than happy to correct them if you can point them out to me.

Use X to do this, but it is useless.

You need to use a Obfuscation Tool such as Dotfuscator or many others out there.

There are free versions out there as well. Most you can control the level of obfuscation so it should have minimal impact on performance depending on what you use of it.

Basically what it does, is it takes your assemblies and executables and decompiles them, then changes all the method names, variable names etc… into something that isn’t easily readable. Some of the more advanced options (that could affect game performance) is it actually re-writes some of the code (adding new methods, removing methods, encryption, etc…

Ah, I believe you’re referring to the “use X obfuscator to protect your source code, but none of them really give you 100% protection” statement.

Indeed, I would even go so far as to say that even paid options don’t offer 100% protection.
Nothing in the IT world can be 100% secure anyway as it’s more of a balancing of trade-offs, but that one’s a bit off-topic.

Going back, I wouldn’t call obfuscators and other source code protectors “useless” per se, because even free options will deter a majority of people who want to pry into a developer’s work without permission.

A lot of attackers surprisingly don’t know what they’re doing and will actually give up when their decompilers don’t return with human-readable results.
The ones who do know what they’re doing are a minority, and we’re not really concerned about them because they probably have so much know-how that they could do whatever they want.

The way I see it, the main value of having at least something in place to protect your source code and assets is that it will be a huge barrier of entry for a lot of would-be attackers.
Even if they don’t offer 100% protection, it’s still a lot better than the “anyone who can download a free decompiler online can take anything they want from my assemblies” approach.

Oh, and just to be clear, I’m not trying to force anyone to protect their projects because that’s completely their call, nor am I suggesting that not protecting your code and assets is unprofessional.

I’m merely asking the community what the standard approach for protecting one’s code and assets is (if there is one), as it’s an important thing for me and I assume some other developers as well.

I decided to ask this question here because there are a lot of experienced developers here and I thought they might have some nuggets of wisdom to share.

Hope that clarifies where I’m coming from.

I used to work for a company called Freeloader.

They bought the publishing rites for games that were about a year old and gave them away for free making their money from advertising.

My job was to buy a copy of the game.
Install it
Remove the copy protection
Remove the DVD \ CD check so it could be digital only
Break the game into 10 or more downloadable modules, each of which must run and be playable
Get the download size for each module down to less than 10 G
Insert advertising into the game
Insert freeloader code into the game

Removing copy protection took between five minutes and five days.

Interestingly the people who bought in a commercial copy protection system produced games that were easier to hack

My tools were a copy of win32dasm, a tool that recorded file IO, and a hex editor

I developed my own tools to make the job easier as I went along, but they were just on the asset side of things… Making sure assets (textures,meshes, audio) were available when they were needed.

The hardest game I ever worked on was “Hidden And Dangerous.”

The coder on this game took copy protection very seriously and used a neat trick to make it very difficult to hack.

In the game initialisation he gradually built up the asset loading path on the stack. So you call a function that sets up the sound system and it leaves the drive letter in the stack. Then you call a routine to set up the renderer and it adds part of the asset path to the stack, and so on until the full asset path is available on the stack… All of these actions were nicely hidden, it didn’t have a string “c:\” anywhere in the game.

That was the one that took me 5 days to hack. The only one.

The ones that used encrypted executables were trivial. The basic problem is that the CPU cannot run encrypted code, so it must be decoded before execution and that process is easy to detect and you just grab the decrypted code and save it to disk then write your own loader

In short if you are trying to protect you code , then either invest more time and effort in that task than writing your game, or don’t use standard languages, or forget about it.

Besides , what do you think is so valuable about your code ?

There are only so many ways of doing things on computers and most are well defined and the subject of tutorials , scientific papers , open source projects, …

Instead of worrying about code security, worry about a great design, a great user interface, a great user experience.

Make your product so damn good that everyone will buy it within a week or it’s release and there is no market for the pirates. By the time they have hacked it , everyone has bought it and you are on the way to a tax haven with bags of lovely cash

I wrote an obfuscator for our accounting software it’s not that hard really, but as anyone are saying creating great games avoid piracy. but it cool if you have one on your toolbelt for critical applications.

image786×495 35 KB

^_^Y

The only way to protect your code and your assets is running the game through a cloud and let the players play via streaming.

EDIT: I messed up and edited instead of replying, but this is more or less what I was saying…

We do support Stadia now…

my thoughts exactly

lol

If somebody really wants at your code/assets they will find a way. Building bigger and better locks results in bigger and better lock picks. There are hackers that thrive for the thrill of breaking something.

For assets you have a bit of an option, though it is not 100% secure. You can edit the source code for the Content Pipeline and implement some sort of AES encryption when reading/writing content. I do something similar for my save game files. The problem is if they read your source code they have access to the IV/Key and can break your encryption. In the end it wouldn’t be worth the effort. Focus your attention on writing cool games.

Normally, my response has always been: Forget about it.

I’ve taken a few programs where I didn’t have the source code, played around with them to figure out how they worked, and written the same program in a different language to look, feel, and behave the way the existing program worked. That was line of business applications, though, not games. Games would be different…or at least some games would be different.

The assets in a game could well be of value, as they are unique creations, which might be good, and which LOB apps don’t have. After all, nobody bothers with ripping off a textbox, and no matter how fancy a grid you create…nobody really cares. But with a game, if the graphics are really cool, then they have a certain value. Also if the gameplay is really cool, then THAT has some value, as well, but in that case are you really worried about somebody stealing the code or just pirating the whole thing?

Games are certainly different, though. Whole different calculation. Good thing I’m such a lousy artist that nobody would want to steal anything I drew

If it makes you happy Ill steal all your stuff! Yours will definitely be better then the things I can make

Well we don’t like to admit it but execution can always be copied/pirated/stolen this is truth for all artists. (Yes all creators are artists… even if your art teacher dont agree that code is art)

but its not all bad…

If you’re creating something that, at least, brings you joy! then no one! Much as they try, can take that away from you. Your creation will always be yours… unless you stole it you thief… then burn in hell

Texture assets can’t be protected as far as I know in an easy way, there are programs that allow you to extract images from the graphic card itself so modders do that all the time. So you could make it very hard to get completely but at the same time you can spend the same time to make your game better. But nothing is 100% secure, nothing, the only question is how long can you delay it.