Question about distribution.

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
Before you make a thread asking for help, read this.
Dresden
Prole
Posts: 9
Joined: Sun Sep 26, 2010 9:36 pm

Question about distribution.

Post by Dresden »

To quote the LOVE wiki:
As you probably know by now, LÖVE is a framework for making 2D games in the Lua programming language. LÖVE is totally free, and can be used in anything from friendly open-source hobby projects, to evil, closed-source commercial ones.
I don't see how it would be possible to make an evil closed source game with love considering almost anybody can access an unzip program the .exe thing is pretty simple to get through. So would you need to somehow encrypt/compile your code then write a secondary program to uncrypt/decompile and run it with like c++ or something that is harder to decompile or what?
User avatar
Robin
The Omniscient
Posts: 6506
Joined: Fri Feb 20, 2009 4:29 pm
Location: The Netherlands
Contact:

Re: Question about distribution.

Post by Robin »

Well, if it's closed-source, it doesn't have to be hidden source. (We had this discussion before on this forum.)
Last edited by Robin on Sun Sep 26, 2010 9:54 pm, edited 1 time in total.
Help us help you: attach a .love.
User avatar
kikito
Inner party member
Posts: 3153
Joined: Sat Oct 03, 2009 5:22 pm
Location: Madrid, Spain
Contact:

Re: Question about distribution.

Post by kikito »

I'd argue that it really depends on your definition of closed source. "closeness" is not a technical thing here, but a legal one.

You could place a LICENSE.TXT file next to the .love file saying "If you unzip this file, you agree to send me all your money and your testicles", or something similar.

All in all, I think that last part might be a bit confusing and would be probably better off.
When I write def I mean function.
User avatar
CyaNox
Prole
Posts: 22
Joined: Thu Feb 11, 2010 6:11 pm

Re: Question about distribution.

Post by CyaNox »

Also no matter how much encryption, encoding or byte-coding you can do the evil guys that really want your functionality will get to it no matter what. As long as someones computer can interpret the program so can the human being handling it.
Dresden
Prole
Posts: 9
Joined: Sun Sep 26, 2010 9:36 pm

Re: Question about distribution.

Post by Dresden »

This will certainly make any kind of LOVE made server/client game a lot more difficult to protect from hackers.
User avatar
CyaNox
Prole
Posts: 22
Joined: Thu Feb 11, 2010 6:11 pm

Re: Question about distribution.

Post by CyaNox »

Dresden wrote:This will certainly make any kind of LOVE made server/client game a lot more difficult to protect from hackers.
Not really as your supposed to do anything important on the server and normally you are in control of the server so no cheating can happen.

And in this case your only worry is cheating. As for your security with regards to others making money with your source ... well this is simply disallowed by law just about everywhere. Better to infest time in a good lawyer then to spent time obfuscating your own code (which still has no use).

Besides cheats will happen anyway. If your game is entirely encrypted and non revertible to any useful code one can still just sit in between the human and the program to cheat (Think macros, bots, etc). There simply is no sure way to get rid of cheaters via the closed and/or encrypting of source code it does not even deter the cheaters in any way.

Any other form of hacking comes down to your protocol. Just about any protocol out there has at some point been exploited through a flaw in its design. Only thing one could and still can do is fix the bugs and do damage control. So just prepare for this and you should be fine as well.
Dresden
Prole
Posts: 9
Joined: Sun Sep 26, 2010 9:36 pm

Re: Question about distribution.

Post by Dresden »

Right. Just thought of that actually as I was leaving, have the client simply render what the server does. And receive mouse/keyboard input. Thanks for the clarification, I agree with open source ideas it's just that I didn't think it through entirely and so am on the whole quite pleased. Nice.
User avatar
Jasoco
Inner party member
Posts: 3727
Joined: Mon Jun 22, 2009 9:35 am
Location: Pennsylvania, USA
Contact:

Re: Question about distribution.

Post by Jasoco »

Something I was curious about is if I had a game that posted say a high score to a leaderboard. Normally a game would have a "key" it would use to tell the server that it was legit. But with Löve, anyone can open the .love file and find out the key no matter what it is. How would we keep someone from doing that and spamming the leaderboard or hacking it to give them a higher score, etc? I've seen indie leader boards and forums that were just full of spam because there was no safety in place to keep junk out.

I mean I would one day want to have a server of my own for my game that would host levels, a leaderboard, updates and other stuff. But if there's no way to protect the server from crap...

That's where I would think a locked source would come in handy. Even if it was just a single file that Löve could read and run that included the key that was encrypted and couldn't be read by anything else (Without work). As long as you can keep the lazy hackers out it's fine.
Dresden
Prole
Posts: 9
Joined: Sun Sep 26, 2010 9:36 pm

Re: Question about distribution.

Post by Dresden »

Jasoco wrote:Something I was curious about is if I had a game that posted say a high score to a leaderboard. Normally a game would have a "key" it would use to tell the server that it was legit. But with Löve, anyone can open the .love file and find out the key no matter what it is. How would we keep someone from doing that and spamming the leaderboard or hacking it to give them a higher score, etc? I've seen indie leader boards and forums that were just full of spam because there was no safety in place to keep junk out.

I mean I would one day want to have a server of my own for my game that would host levels, a leaderboard, updates and other stuff. But if there's no way to protect the server from crap...

That's where I would think a locked source would come in handy. Even if it was just a single file that Löve could read and run that included the key that was encrypted and couldn't be read by anything else (Without work). As long as you can keep the lazy hackers out it's fine.
Would hashing this key help in any way? Whirlpool for example (http://en.wikipedia.org/wiki/Whirlpool_ ... ography%29). Basically a string gets really mashed up and then you compare the mashed up string to another mashed up string to see if they match without actually encrypting/decrypting. Too tired to really think it through, somehow I think there would still be problems though.

Edit: What if you checked the size of the main.lua file to make sure no modifications had been made? Also, is Lua capable of executing remote code? As in you send the code as a file or something from the server and just have the client execute it?
User avatar
CyaNox
Prole
Posts: 22
Joined: Thu Feb 11, 2010 6:11 pm

Re: Question about distribution.

Post by CyaNox »

Lua can execute strings see also http://www.lua.org/pil/8.html so yes it can execute remote code.
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 8 guests