RGSSAD/RGSS2A Decryption

[Me(tm)]

It's so funny that every time something like this is mentioned, the same discussion emerges, only the participants change. Where do I stand? Hard to tell.

To all those in favour
It seems that your group exists of two large groups of users and one minority. The first one are the people that don't seem to be able to release games, then there are the noobs who tell us they will only use it to learn and the minority group either doesn't care because their game is crap/completely original or because they think there is no way to fix this. If you don't release games, stop talking. If you're a noob and you are telling us you just want to learn from it, shut up we don't believe you anyway, and respect to the minority group.

You see, many are missing the point here. If learning and sharing all game resources was a good thing, why include encryption at all? Right, because you simply don't want people to do certain things.

Regarding to cheats, okay I don't care if you would open up my game and cheat, because I think you suck since you were not able to finish the game the way I designed it. I am sure it will bore you at some moment, but you'll see that for yourself.

Regarding to sprites, although people can still steal sprites by smart print screening (begging for no fog overlay or transparent sprites and/or picture overlays) doesn't mean that you should steal or that you should make the way to obtain the sprites easier. Most people will only take that particular sprite with print screening, while now they'll take it all. I just want those sprites to be my game only, unless I release them on the forums. Even though most people won't get away with it, does not mean that they won't try, costing me my time, energy and effort to set it straight. I want THEM to make effort stealing it, not simple executing a program and then copy and pasting.

Regarding to scripts, when it comes to scripts, I am always divided, since the learning factor from a script is much higher then from a sprite. However, certain systems I worked hard on for hours, I don't want to see in other games. It is my system,  not theirs. If I think it is time that the world may use it, I'll release it. In general, these days people suck. I am not talking about those great designers, but people that are usually called noobs. Make me this script, make me that system... They don't try and learn themselves, which would be another reason NOT to be able to decrypt games, since it demotivates to learn new things and create new skills.

Regarding to online games, all the orpg's I know are protected with some kind of anti hacking program. Why? Well, in an offline game, if you cheat, you'll just fuck it up for yourself. But now you will fuck up the whole community playing that game. It's sad and I know for a fact that there are people out there fucking up games because that's their adrenaline catalyst, they like it, they do it for fun. I don't want those people fucking up my ORPG, simply because it took me time to create it.

So, what do I do? Well, I think since I have an ORPG and I can script pretty well, it comes to the following: I have to complete what I was doing. Before, all the data was on the clients computer etc. etc. This has changed in NP3+. In my game, all the map and event data is on the server. The clients have copies of the map, but everything is validated on the server. If the client is on a position that is blocked, he's a cheater. If a client get's an item without any reason, he's a cheater. If a client is leveling up without killing monsters, he's a cheater. I have to set up this enormous anti cheat system, and even then I'm not finished. I need to port my scripts to a dll, and make sure only the calls are in the game. This way people can only steal the exact SAME copy of my scripts, thus making it very noticeable.
I could go on like this, but as you can see. In order to keep my players faithfully and trustworthy, I need to encrypt my game. People are bad by nature, if they get the chance...

At vgvgf and others, we should join up and work on this together. We need a system that can not be broken by any NORMAL user and is easy update-able. Also, we might even just go with a new rmxp, without RGSSdll :P

 

[Necro_100000]

Ehhhhh... User customization? I personal believe that tons of RMXP.org forum games are to short to errr really care to hack. If you made a game in a week and it got hacked... who cares...? Also It might allow the user customization! They can change music out and stuff? I mean personally I would love to play William Tell Overture to Garland in Final fantasy 1 but hell I have an MP3 Player and headphones to.

To be honest though I'm releasing a game that took 1 year to make and still getting worked on and its on 2k3 with no encryption so I think I'm just bitter and have grown to the fact that people will be able to hack my game. Good thing it so ancient that no one has 2k3 to hack it anymore! lol.

As for Online games however... I would totally have to agree and I would be pissed.... Then again lets face it. IT happens to EVERY GAME at SOME TIME. Hell I've good tons of free stuff from developers and I know ever single one of you nice people have some to! (Break out the IPods and don't lie to me people!) So I think it might be some sick sick play on karma. Hmmm I know I've had it coming.

-Matt

 

[Der Drake]

Or as stated previously in the thread for the purpose of better encryption? The guy included his source so people could look at it and learn to protect there games.

That's a farce. A while back we actually considered releasing something similar (and only barely decided against doing it). We also came up with some mock explanations like 'improving' the encryption. Honestly though, in order to reverse engineer something like this you must take a look at the machine code for the original decrypter. And if you do, you will invariably have noticed how pointless such an 'encryption' scheme really is (because you could do exactly the same with any other encryption).

The truth is, that if you are new to reverse engineering, it's a tremendous success to finally have a working decrypter and getting recognition for your hard work seems like a very appealing prospect. There really is no way of designing a 'more secure' encryption algorithm and I'd be grateful if no one attempted to do this.

My own reason here, is that I don't use windows and actually have to get a decrypted version of a game in order to play it. I don't cheat, steal resources, or whatever it is that is so much of a problem for you guys, but now enterbrain will most likely be forced to release an 'updated' encryption (for those interested: the rgssad format already includes a version number currently set at 1).

Rmxp encrypts all files in the RGSSAD file using XOR encryption and a key which by default is 0xDEADCAFE(Some joke from enterbrain here? Dead Cafe?) in hexadecimal value. This key is stored in the RGSS dll, and it can be modified with a simple hexedit when the dll is unpacked. So, the idea is to create a custom rgssad compressor allowing encryption with different keys, and modifing a RGSS dll with the new key used for encrypting the rgssad. But you will need to pack the RGSS dll with a PE packer for example, because if the RGSS dll is not packed it would be very easy to find the new key and with it decrypting the rgssad file.
Also, for a better protection you will need to encrypt the save files, and to clean the $RGSS_SCRIPTS variable, because it still can be accessed by seeing the Game.exe memory.

To decrypt, take the following steps:
if the executable packer used is popular:
  - just use one of the equally popular unpackers
else:
  - run game normally (or maybe in a vm if it's one of the more annoying PE packers), then dump the memory of the dll, since it's decrypted in memory

- if only the key was changed you can find it at an essentially fixed adress in memory and use your tried and tested decrypter with the new key
alternatively:
- all scripts will be in memory, in plaintext or as an abstract syntax tree (ruby is open source so you can take a look at the format of the latter) and it doesn't matter if you delete the $RGSS_SCRIPTS variable (the editor uses it, by the way, so in order for enterbrain to "fix" this, they'd have to patch the whole program, which is no small undertaking)

I could go on like this, but as you can see. In order to keep my players faithfully and trustworthy, I need to encrypt my game. People are bad by nature, if they get the chance...

I'm no expert in online games, but I once read an interesting article about the design of such games. Basically you should never trust the client. Ever. Ideally the client portion should only do rendering and send the user input to the server. The 'encryption' that comes with many online games is essentially a rootkit that breaks most accessibility tools in order to prevent you from forging the input. (which would allow you to write bots and so on)
I don't believe that most MMORPGs actually work this way (since it costs $$$ to do more calculations on the server), but I'd advice you against trusting the client anyway. Oh, and don't fuck with your paying customers by installing a rootkit on their pc.

 

[delaPipol]

Great news, vgvgf. That information will be useful for a nice, richer game support, playing or data import in free, open source software related or other closed source solutions (RPG Advanced Editor, EasyRPG). Marshal serialized format of the game data of XP/VX is a piece of cake (in comparison with RPG Maker 2000/3 data format). RGSSAD/2A was the last frontier. Now, everything is possible. Thank you for bring us the info.

Edit: I just reviewed the app and it's wxWidgets based! I can translate it into English/Spanish and recompile it for Windows (and for GNU/Linux, too, because wxWidgets is cross-platform, by removing commctrl.h and windows.h dependencies for ugly win32 resources, heheh) !
Just curious.

 

[AzorMachine]

Thank you, Vgvgf.
Thanks to leexuany too.

Well, thanks only leexuany for this, I just presented this here, and nothing more.

Nooooooo!!!!
what the hell is this!
I don't want people cracking open my game!

Don't worry about this too much, you will be able to protect your game(Not 100% protection, no method can do that), just let me finish a tutorial on how to protect a game against this.

Please read my PM ^^
I know a way of avoiding the RGSSAD Extractor ^^ :biggrin:

 

[Daxis]

I think that KGC software has a couple of scripts that are meant to protect against things like this.

 

[SolstICE]

why would you try to unencrypt peoples games they worked hard on and post how to do it for everyone here? thats a pretty asshole thing to do

 

[Zeriab]

Der Drake is completely right.
As long as the game got to decrypt the data to be able to use it you can use the game to decrypt the game.

From a practical perspective accept that people WILL be able to decrypt your game.

*hugs*
- Zeriab

 

[AzorMachine]

I think that KGC software has a couple of scripts that are meant to protect against things like this.

It consists on a program, that changes de adress of the scripts file, to a diferente file, with a randomic name.
I tested it with RGSSAD, and it was protected :thumb:

 

[Guest]

;D

 

[AzorMachine]

Well, so i will put a Game of mine here, protected, with this engine ^^

If someone there, decrypt it, i will jump from the Mt.Everest =X

Link : http://www.4shared.com/file/81579250/c5 ... t_it_.html

 

[Davey]

Truth is though is that there will always be a way to decrypt it, changing the file name even with a random name will not fully protect against this as there is nothing stopping people searching for specific information within a file no matter it's name or calling a file from it's run queue.

It may be decryptable, but not every noob that has access to a random pre-made decrypting application can decrypt it :smile:

 

[Diedrupo]

I really don't think this is something you have to worry about unless for some reason your game becomes really popular, and you happen to have used a lot of original resources (and that is not the case for 99.99% of you). Then you might get a little upset. People dealt with it in the RM2K/2K3 era with unencrypted projects, they can deal with it today.

 

[vgvgf]

@AzorMachine, well, how to say this? But, start jumping from Mt. Everest. I just decrypted the Game.rgssad with WX RGSSAD, whitout any complication. Also, if you are planning to change the scripts file name, don't include it in the Game.ini!

[Game]
Library=RGSS102J.dll
Scripts=Data/DMTWEIOQMPELITKXNBUQVKUFKQRDVCOIDBHDFHSLScripts.rxdata
Title=Decrypt it !
RTP1=Standard
RTP2=
RTP3=

@Der Drake, I agree with you in many points, but however some protection can be made still. 100% protection can't be done, but 95+%/99+% yes. Most people doesn't know how to use most methods you mentioned, so most people can be unable to extract something from a game with a simple protection system. But the things one can do for protecting RMXP/VX are really complicated... Maybe rewriting the entirely RGSS Player and Library and changing the encryption methods will stop this, but that's really complicated.

 

[legacyblade]

The only thing I don't like about this decryption is that my bad coding habits will be exposed!

^Amen. :c

lol, some of us already know your bad coding habits, by betatesting for you :P

But seriously people, if someone wants to rip your graphics, there's nothing you can do about it. There is no such thing as perfect and uncrackable code, and no amount of anti piracy techniques will change that. Let's face it, we're using RMXP for the soul reason that it's easier to use than coding our own software. This is a hobby, one which some of you might be making a small profit off of by selling RMXP games. The only plausible reason I can find to decrypt a project file is to learn how the producer did something. Those who use decryption programs on RM projects to steal graphics are nothing but n00bs who probably won't get past the first release of their demo before giving up. So don't stress out about this, just make your game, and don't put countless anti piracy measures in that make it heck to play your game. Most RM users aren't out to steal your sprites, but to play your game, so don't make it difficult for them just to prevent a few @$#holes from stealing your sprites.

Besides, you should spend more time MAKING your game, than trying to keep people from stealing what you've made.

 

[MukanshinBlack]

Besides, you should spend more time MAKING your game, than trying to keep people from stealing what you've made.

I think this decryption is worse for people making commercial games. Someone is going to crack it open and pass it out around the internet and you make significantly less money.

 

[JoshieBoy]

Besides, you should spend more time MAKING your game, than trying to keep people from stealing what you've made.

I think this decryption is worse for people making commercial games. Someone is going to crack it open and pass it out around the internet and you make significantly less money.

Agreed. This falling into someone who wants to deliberately crack open commercial games to get your resources would cause a problem, but there isn't much we can do about it now. If you prevent this decrypting program from cracking open peoples project, they will just create another one. You cannot defend yourself nor your project against a skilled hacker once it has been put on the internet.

 

[Zeriab]

A more interesting question to discuss is how tackle the problem. Not from a technological point of view. The project can be cracked and that's that.
I encourage a discussion on to tackle the situation with that as a fact.
For commercial projects. The act of decrypting or cracking the game in itself does not mean less money.
You would most likely be after as much money as possible.
Maybe having a mechanism where people who have a cracked version buys the game are forgiven is a nice idea. Maybe it won't make any difference or maybe it will make you earn less money. I don't know.
I do believe that if you treat the customer as the enemy the customer will behave as an enemy. Push gently in the direction of going legit. Lure with goodies. Marketing and PR.

What possibilities are there? What mechanisms can be used?
Dealing with commercial and non-commercial projects are surely different in many areas and they can have very different goals. That's also possible between commercial projects and non-commercial project as well.

I believe such a discussion can be much more rewarding.

*hugs*
- Zeriab

 

[Akamarutsu]

It's nice to get resources out of this, but damn I wish i could decrypt the rxproj file too. I wanna see how things in some people's games work.

 

[Ellie]

Then ask the ones who made the games? If they are unwilling to tell you then it's pretty sure they wouldn't want you decrypting it anyway.