cocos2d for iPhone

A fast, easy to use, free, and community supported 2D game engine

1. 

   Questor
   Member

   mhussa,

   I totally agree about trying to do a fix at the encrypt/decrypt side.

   It also occurred to me that perhaps not doing an in memory conversion may be more straight forward to implement. Instead, the encrypt/decrypt methods could alloc and return an autorelease object (perhaps NSData/NSMutableData class) that the user can copy from (or simply retain). I realize that this pushes all the class files into Obj-C coding (as opposed to C++) but since this is for the iphone anyway (at least in my case), I am not sure how much it matters.

   While I am sure that doing a memcpy of input length would work most of the time, it is those rare occurrences that trouble me. I have no idea what data could trigger the output bufferSize to be larger than the input. So while adjusting the encData before and after the calls is admittedly a bit unwieldy, it should be able to handle even those rare occurances without any issues.

   Again, returning an autorelease object might be the more elegant solution, since it seems that the client is most often times going to be copying the output data from the buffer to fill a target object/structure anyway. Just a thought. What do you think?

   Posted 2 years ago #
2. 

   smoka
   Member

   Good idea to have content encrypted. However it is matter of minutes to find an encryption key inside a binary.

   Posted 2 years ago #
3. 

   Questor
   Member

   smoka,

   Agreed. As was posted earlier in the thread, it is really more about stopping/slowing casual cracking and basic hacking programs like Juicer. The age-old adage always applies: "Whatever can be secured by a computer can be broken by a computer", it is just a matter of time (and effort).

   Posted 2 years ago #
4. 

   greyhoundgames
   Member

   Just curious, has anyone been detrimentally effected by people lifting your art? I imagine they cant make any real money off of it or you would find out. But maybe i'm over simplifying.

   Posted 2 years ago #
5. 

   mhussa
   Member

   @questor: Since you have the code you can use autorelease/obj-c whatever, I just found it easier to code up a small CLI and integrate it into cocos2d at the same time using c++. If I can I release memory as soon as I'm finished with it I will. In this case I'd rather not delegate to a collector which decides when to collect. If autorelease fits within your style of coding then by all means do so.

   @smoka: Can you describe a few steps to show how simple it is? that way I can put up a few simple barriers if it's too easy.

   @greyhound games: unfortunately there are quite a few opportunists out there, for example:

   http://forums.toucharcade.com/showthread.php?t=44746

   It may be that some developers use graphics from existing games as placeholder graphics and then lazily just release it hoping not to be found out. Why make it easy for them? they can copy somebody else's less protected assets.

   Posted 2 years ago #
6. 

   smoka
   Member

   @mhussa for test, i've found key from one of the apps discussed here (for testing purpose only, after successful decryption, i've deleted all the content). For this purpose i've used Ida pro. Once you look inside a disassembled code you may found obvious encryption library calls. in my case it was CCCrypt. One of the parameters of this function is key. if key is hardcoded inside code it will be stored in Data Segment. key size is known. what you need is to find any pointers to Data Segment before call to CCCrypt.
   It is really hard to say how to prevent someone from finding a key. you may use some function to generate a key for you in order not to store it in data segment. But it will not make security much stronger.

   If you need protection from programs like Juicer, i think any simple scramble method (like XOR) can work.

   Useful links: http://www.hex-rays.com/idapro/ and http://simplemachines.it/doc/arm_inst.pdf

   Posted 2 years ago #
7. 

   Questor
   Member

   I just tried running using the script (encrypt phase) when deploying to the device but I get the error:
   i686-apple-darwin9-g++-4.2.1: error trying to exec 'cc1objplus': execvp: No such file or directory

   When I deploy to the simulator I don't have any issues.

   Also worth noting, is that I have my script rebuilding the Encrypt program so that it automatically gets the latest key from the Crypt source files... I realize that it is complaining regarding issues doing a make, but I have no idea why it would work for the simulator deploy, but not the device. I am sure this is a newbie issue, but can someone tell me what I need to do to get this working?

   Any help would be appreciated,
   Q

   Posted 2 years ago #
8. 

   mhussa
   Member

   @Questor:"error trying to exec 'cc1objplus': execvp: No such file or directory"

   Looks like it can't find the cc1objplus executable (which you have probably added) in its paths, there's an option in the build phase dialog to log the environment variables to the console log when the script is run. Have a look through them to make sure the paths look correct. I used the $PROJECT_DIR variable because it was tied to the project not a specific build type.

   @smoka: Thanks for that, I knew it was easy with a statically allocated crypt key but I didn't know about those tools.

   A word of advice to anyone who wants to go further is maybe vary the crypt key implementation. The fact that this is open source makes it even easier to find.

   Posted 2 years ago #
9. 

   Questor
   Member

   mhussa,

   Thanks for the help. I got it figured out. Turns out that cc1objPlus is part of the g++ compiler that is called to build objective-C files (.mm). At one point I was looking to do some objective-C stuff in the CryptCore code and changed the extensions to .mm... I eventually scrapped that idea and left them as straight C but I accidentally left the extensions as .mm

   I also found this possible solution (but for Fedora) but I was not keen on messing with the g++ compiler install since it really just came down to a name change anyway.
   But it is worth posting in case anyone else runs into a similar problem: http://forums.fedoraforum.org/showthread.php?t=215233
   Strangely there was no issue in a deploy to the simulator, so I am not 100% sure if updating the g++ compiler would have really worked in my case.

   UPDATE:
   I was wrong it is not working (I had it already built by command line so the script skipped the make command). I really don't know why the compiler is complaining about trying to build these as obj-c files when they are all just straight C (and of course, why it works for one type of deploy and not the other. Argh!) I thought it would be a good idea to automatically re-make the command line encryptor each time to ensure the key was upto date, but this is becoming more problematic than the enhancement is worth.

   Posted 2 years ago #
10. 

    zeraien
    Member

    Questor's solution to return the numBytesDecrypted and then resize the mutable data object seems to do the trick for binary plist files... But it would be nice if it could be avoided... I tried to use the length instead of numBytesDecrypted in the cpp file, but that only worked with the XML plists, not binary ones.

    Posted 1 year ago #
11. 

    jmurff
    Member

    Hi;
    I found the following helpful on the larger issue of cracking and piracy.

    http://www.iphonedevsdk.com/forum/iphone-sdk-tutorials/29509-iphone-piracy-protection-code-tutorial.html
    http://www.iphonedevsdk.com/forum/iphone-sdk-tutorials/36330-iphone-piracy-protection-code-2-another-tutorial.html

    -jim

    Posted 1 year ago #
12. 

    robsauk
    Member

    I've just written an article about protecting high-value resources embedded in iPhone apps. You can check it out here: http://aptogo.co.uk/2010/07/protecting-resources/.

    Posted 1 year ago #
13. 

    jyoung
    Member

    mhussa and others, I just wanted to say thank you very much for this code and concept, it's working out perfectly.

    Riq, do you have plans to integrate this into the source?

    Posted 1 year ago #
14. 

    jordo
    Member

    sorry. I'm not sure how to get this to work with plist files, (text based ones)....

    ./cc_encrypt -e Test.plist Test.plist.enc
    ./cc_encrypt -d Test.plist.enc Test.plist.decrypt

    The file 'Test.plist.decrypt' is not equal to the original input file? I'm aware you guys were talking about this in the thread, but I'm just not sure what exactly i need to change in CryptUtils to get this to work. Any help?

    Posted 1 year ago #
15. 

    timTheMystic
    Member

    Here's an Obj-C class using CommonCrypto that I've used before in one of my games.
    Thanks to Greg Haywood's code that this is mostly based on.
    http://greghaygood.com/2009/01/17/symmetric-encryption-with-the-iphone-sdk-and-securityframework

    // SafetyFirst.h
    
    #import <CommonCrypto/CommonCryptor.h>
    #import <CommonCrypto/CommonDigest.h>
    
    #define kChosenCipherBlockSize	kCCBlockSizeAES128
    #define kChosenCipherKeySize	kCCKeySizeAES128
    
    @interface SafetyFirst : NSObject {
    
    }
    
    - (NSData*) GetMD5:(NSString*) str;
    - (NSData*) encrypt:(NSData*) theData key:(NSData*) aSymmetricKey padding:(CCOptions*) pkcs7;
    - (NSData*) decrypt:(NSData*) theData key:(NSData *)aSymmetricKey padding:(CCOptions*) pkcs7;
    - (NSData*) doCipher:(NSData*) theData key:(NSData*) aSymmetricKey
    					context:(CCOperation) encryptOrDecrypt padding:(CCOptions*) pkcs7;
    
    @end

    The implementation file

    // SafetyFirst.m
    
    #import "SafetyFirst.h"
    
    @implementation SafetyFirst
    
    - (id) init {
    		if ( (self = [super init]) ) {
    			// initialize
    		}
    		return self;
    }
    
    - (NSData*) GetMD5:(NSString*) str {
    		const char* cStr = [str UTF8String];
    		unsigned char result[ CC_MD5_DIGEST_LENGTH ];
    
    		CC_MD5( cStr, strlen( cStr ), result );
    		return [NSData dataWithBytes:result length:16];
    
    }
    
    - (NSData*) encrypt:(NSData*) theData key:(NSData*) aSymmetricKey padding:(CCOptions*) pkcs7 {
    			return [self doCipher:theData key:aSymmetricKey context:kCCEncrypt padding:pkcs7];
    } 
    
    - (NSData*) decrypt:(NSData*) theData key:(NSData*) aSymmetricKey padding:(CCOptions*) pkcs7 {
    			return [self doCipher:theData key:aSymmetricKey context:kCCDecrypt padding:pkcs7];
    }
    
    - (NSData*) doCipher:(NSData*) theData key:(NSData*) aSymmetricKey
    					context:(CCOperation) encryptOrDecrypt padding:(CCOptions*) pkcs7 {
    
    			CCCryptorStatus ccStatus = kCCSuccess;
    			// Symmetric crypto reference.
    			CCCryptorRef thisEncipher = 0;
    			// Cipher Text container.
    			NSData* cipherOrPlainText = nil;
    			// Pointer to output buffer.
    			uint8_t* bufferPtr = 0;
    			// Total size of the buffer.
    			size_t bufferPtrSize = 0;
    			// Remaining bytes to be performed on.
    			size_t remainingBytes = 0;
    			// Number of bytes moved to buffer.
    			size_t movedBytes = 0;
    			// Length of plainText buffer.
    			size_t theBufferSize = 0;
    			// Placeholder for total written.
    			size_t totalBytesWritten = 0;
    			// A friendly helper pointer.
    			uint8_t* ptr;
    
    			// Initialization vector; dummy in this case 0's.
    			uint8_t iv[ kChosenCipherBlockSize ];
    			memset((void*) iv, 0x0, (size_t) sizeof(iv));
    
    			// NSLog(@"doCipher: theData: %@", theData);
    			// NSLog(@"doCipher: key length: %d", [aSymmetricKey length]);
    
    			theBufferSize = [theData length];
    
    			// NSLog(@"pkcs7: %d", *pkcs7);
    			// We don't want to toss padding on if we don't need to
    			if ( encryptOrDecrypt == kCCEncrypt ) {
    				if ( *pkcs7 != kCCOptionECBMode ) {
    					if ( (theBufferSize % kChosenCipherBlockSize) == 0 ) {
    						*pkcs7 = 0x0000;
    					} else {
    						*pkcs7 = kCCOptionPKCS7Padding;
    					}
    				}
    			} else if( encryptOrDecrypt != kCCDecrypt ) {
    				// wrong type of command
    			} 
    
    			// Create and Initialize the crypto reference.
    			ccStatus = CCCryptorCreate( encryptOrDecrypt, kCCAlgorithmAES128, *pkcs7, (const void*)[aSymmetricKey bytes],
                                   kChosenCipherKeySize, (const void*) iv, &thisEncipher );
    
    			if ( ccStatus != kCCSuccess ) {
    				NSLog(@"Problem creating the context, ccStatus == %d.", ccStatus );
    			}
    
    			// Calculate byte block alignment for all calls through to and including final.
    			bufferPtrSize = CCCryptorGetOutputLength(thisEncipher, theBufferSize, true);
    			// Allocate buffer.
    			bufferPtr = (uint8_t*) malloc( bufferPtrSize * sizeof(uint8_t) );
    			// Zero out buffer.
    			memset((void*) bufferPtr, 0x0, bufferPtrSize);
    			// Initialize
    			ptr = bufferPtr;
    			// Set up initial size.
    			remainingBytes = bufferPtrSize;
    			// Actually perform the encryption or decryption.
    			ccStatus = CCCryptorUpdate( thisEncipher, (const void*) [theData bytes], theBufferSize, ptr, remainingBytes, &movedBytes );
    			// update bytes moved
    			ptr += movedBytes;
    			remainingBytes -= movedBytes;
    			totalBytesWritten += movedBytes;
    			// remaining to output buffer.
    			ccStatus = CCCryptorFinal(thisEncipher, ptr, remainingBytes, &movedBytes );
    
    			totalBytesWritten += movedBytes;
    
    			if ( thisEncipher ) {
    				(void) CCCryptorRelease(thisEncipher);
    				thisEncipher = 0;
    			}
    
    			if ( ccStatus == kCCSuccess ) {
    				cipherOrPlainText = [NSData dataWithBytes:(const void*) bufferPtr length:(NSUInteger) totalBytesWritten];
    			} else {
    				cipherOrPlainText = nil;
    			}
    
    			if ( bufferPtr) {
    				free( bufferPtr );
    			}
    
    			return cipherOrPlainText;
    }
    
    @end

    Usage example:

    const char* aKey = dRT76popWeelFincap33987qpMTZ9042012mayan!"
    CCOptions padding = kCCOptionPKCS7Padding;
    NSString* recoil = [NSString stringWithFormat:@"%s", aKey];
    
    // To ENCRYPT
    NSString* fileToEncryptPath = [[NSBundle mainBundle] pathForResource:bFile202 ofType:@"bin"];
    NSData* file_data2 = [NSData dataWithContentsOfFile:fileToEncryptPath];
    NSData* file_encryptedData = [sFirst encrypt:file_data2 key:[sFirst GetMD5:recoil] padding:&padding];
    // write out to mem
    if ( [file_encryptedData writeToFile:@"/bFile202.pgz" atomically:NO] == NO ) {
    	NSLog(@"file_encryptedData  - Failed to write data to file");
    }
    
    // To DECRYPT
    NSString* fileToDecryptPath = [[NSBundle mainBundle] pathForResource:@"bFile202" ofType:@"pgz"];
    NSData* file_data = [NSData dataWithContentsOfFile:fileToDecryptPath];
    NSData* file_decryptedData = [sFirst decrypt:file_data key:[sFirst GetMD5:recoil] padding:&padding];
    
    myTextureID = [self LoadTextureMapWithData:file_decryptedData width:512 height:512];

    Handy routine to convert raw texture data into a mapped texture in memory:

    - (GLuint) LoadTextureMapWithData:(NSData*) tData width:(int) width height:(int) height {
    			GLuint	textureID;
    			GLint	saveName;
    
    			// NSLog(@"decrypted data: %@", data);
    			NSUInteger lenT = [tData length];
    			uint8_t* byteData = (uint8_t*) malloc( lenT );
    			memcpy(byteData, (uint8_t*)[tData bytes], lenT);
    
    			glGenTextures(1, &textureID);
    			glGetIntegerv(GL_TEXTURE_BINDING_2D, &saveName);
    			glBindTexture(GL_TEXTURE_2D, textureID);
    			glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR);
    			glTexImage2D(GL_TEXTURE_2D, 0, GL_RGB, width, height, 0, GL_RGB, GL_UNSIGNED_SHORT_5_6_5, &byteData[4]);
    			glBindTexture(GL_TEXTURE_2D, saveName);
    
    			free( byteData );
    			return textureID;
    
    }

    Posted 1 year ago #
16. 

    Questor
    Member

    Just wanted to mention in this thread that you should make sure that you are not doing any sort of encryption to the Default.png file (or any of the "Default" splashscreen image files). I accidentally had mine encrypted and since it's initial appearance is (I think) generated by the App Loader, my decryption code was (of course) never being executed. This was causing the dreaded black screen/startup flicker.

    Posted 1 year ago #
17. 

    jordo
    Member

    Thanks for the help. Managed to get plist encryption done using your class with NSKeyedArchiver...

    NSString *finalPath = [path stringByAppendingPathComponent:@"Levels.plist.enc"];
    
    SafetyFirst* sFirst = [[SafetyFirst alloc] init];
    CCOptions padding = kCCOptionPKCS7Padding;
    NSData* encryptedData = [[NSMutableData alloc] initWithContentsOfFile:finalPath];
    
    NSData *dataNew = [sFirst decrypt:encryptedData key:[sFirst GetMD5:passPhrase] padding:&padding];
    [encryptedData release];
    
    NSKeyedUnarchiver *unarchiver = [[NSKeyedUnarchiver alloc] initForReadingWithData:dataNew];
    NSDictionary* newDict = (NSDictionary*)[[unarchiver decodeObjectForKey:@"Something"] retain];

    Posted 1 year ago #
18. 

    jcljk
    Member

    hi Everyone,

    does this work for audio as well?
    i see many apps encrypt their images and audios into 1 file. usually *.bin or *.assets.
    any idea on how to do this ?

    Posted 1 hour ago #

RSS feed for this topic

Reply

You must log in to post.