• Redkey@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    8 months ago

    Unfortunately we all know what happens when you tell hackers that something’s going to be very hard to break into.

    I understand that they were excited about the idea and wanted to share it with gamers, but if they actually wanted to give the system the best chance of success, they should’ve kept their mouth shut.

  • RonSijm@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    Basso is at least confident that data miners can’t brute force their way to discovering his encrypted secrets. He’s using industry-standard AES encryption. ”It’s pretty secure, unless we get quantum computers or there’s some giant vulnerability,” he said.

    It’s a fun idea, I guess, but I don’t know how happy anti-virus kinda services are with having loads of very encrypted and obscured blocks of data.

    It’s a bit of a “trust me bro” situation where he claims he’s just hiding secret levels and stuff - and isn’t also secretly side-loading malware or something like that

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Anti viruses won’t care as it won’t be injecting executable code. But the whole idea won’t work. To decrypt AES you need some sort of a secret key or certificate. So the game will have to have it bundled. Thus anyone with enough skill will be able to extract such key or certificate and decode resources themselves. Encryption will not provide any protection.

      • NocturnalMorning@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Stuff like this isn’t there to stop people with lots of resources. It’s to stop people who are lazy, will see encryption and go, eh, I guess I’m not doing that after all.

        It’s the baseline, make it annoying enough that most people won’t even bother wasting their time.

        • Aux@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          I bet you that the whole thing will be decrypted and sent to torrents during the first hour of the game’s release just to teach its developer a lesson.

      • 2ncs@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        To decrypt AES you need some sort of a secret key or certificate. So the game will have to have it bundled.

        If the Dev were to take, for example the x,y position of the player and convert that to a key, then there would not be any bundled key. This could allow specific conditions to be met without specifying the key or solution. Truthfully though, I don’t know much about AES to know if that’s possible.

        • uis@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          You still need

          1. Trigger not at exact coordinates, but in some proximity.
          2. Test condition in near-realtime
      • RonSijm@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        8 months ago

        Anti viruses won’t care as it won’t be injecting executable code.

        How do you know parts of the encrypted stuff isn’t executable code? Like is he has secret levels with secret functionalities then part of whats encrypted might get executed, or interpreted and executed or something like that.

        If he’s going out of his way to hide and encrypt secrets, I wouldn’t be surprised if parts of his gameloop are obfuscated as well. And if Anti viruses detect high levels of obfuscation, that just raises flags as probabilistic malware

        • Aux@lemmy.world
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          8 months ago

          Modern CPUs and operating systems have distinction between data and code in memory. Usually only privileged processes have the right to make data executable. If you load some random stuff into memory and tell your CPU to execute it as a code, you’ll get nuked by OS.

          • uis@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            Usually only privileged processes have the right to make data executable.

            Not true. Only kernel can mark memory page as executable, but any process can request to kernel to do so. This is why JIT compilers work.