.es3 encryption and security

[JohnWick]

Hello,

I recently started to use encryption for .es3 files in my mobile game to prevent users from modifying it.
Also I've heard that some guys can try to do reverse engineering and get the source code, so keeping password as text in the code is a bad idea.
Is it more secure to store password in ES menu - Settings - Encryption Password field? (Is it additionally protected that way?)
Could you please advice some best practices to keep the game most secure from reverse engineering?

p.s. Apart from save games I'm thinking about resources encryption, does it make sense to encrypt resources?

Best regards,
John

[Joel]

Hi John,

Anything which means the password is stored with the app is susceptible to reverse engineering. However, most find that the effort required is enough to deter people.

The only way to prevent reverse engineering would be to store the data on a server (for example using ES3Cloud), so that no data is stored on the users device.

p.s. Apart from save games I'm thinking about resources encryption, does it make sense to encrypt resources?

I'm afraid it wouldn't be possible for me to say because this depends on your game and what you're trying to achieve.

All the best,
Joel

[JohnWick]

Hi Joel,
Thanks for your reply.
Could you please clarify if there is a difference from security perspective between storying password in es3 menu:

es3.png (62.09 KiB) Viewed 2315 times

or in code as literal:

Code: Select all

// Create a new ES3Settings to enable encryption.
var settings = new ES3Settings(ES3.EncryptionType.AES, "myPassword");
  
// Use the ES3Settings object to encrypt data.
ES3.Save("myTransform", this.transform, settings);
 
// Use the ES3Settings object to load and decrypt the data.
ES3.LoadInto("myTransform", this.transform, settings);

Best regards,
John

[Joel]

Hi there,

To clarify, both store the password in the app, so there is no different from a security perspective.

All the best,
Joel