0

For all those who are not familiar with ren'py: It's basically python with some modifications. Since the project is coded in python, which can easily be edited by anyone it is not a good idea to include a license validation in the python files.

An executable starts the game, so I thought about wrapping it with a license validation in an .exe (but I honestly don't know how I can take an executable, put some code around and have one executable including the actual one). Maybe there is another way, which is safer than the one I named, suggestions?

Mr Smirk
  • 1
  • 1
  • https://stackoverflow.com/questions/5458048/how-can-i-make-a-python-script-standalone-executable-to-run-without-any-dependen – Samwise Mar 21 '21 at 17:31
  • 1
    There's a reason that vendors spent a bunch of time trying to come up with hardware-enforced DRM schemes: When you make a key readable by a user's general-purpose computer (so it can decrypt stuff), and think you aren't also giving the key to the user (so _they_ can decrypt stuff), 99% of the time you're deluding yourself. The exceptions are cases where the key is stored by dedicated hardware that doesn't talk to the rest of the computer except in tightly-controlled ways, but even then there's a lot that's tricky. – Charles Duffy Mar 23 '21 at 19:38
  • (You let the computer decrypt the assets so it can display them? That means the decrypted copy is in memory and available to be copied out. You let it decrypt logic so it can be run? That means the decrypted copy is in memory and available to be copied out. Etc). – Charles Duffy Mar 23 '21 at 19:38
  • ...and even then, on platforms that are much more locked down than a general-purpose PC, those schemes only work for so long. PlayStation games can be ripped, XBox games can be ripped... and the teams behind these platforms had real budgets to put into security infrastructure and the ability to design the hardware for their needs. – Charles Duffy Mar 23 '21 at 19:40

1 Answers1

3

You don't. Ren'Py only features basic encryption to prevent players from accidentally deleting/modifying files.

As security, game encryption isn't a fight worth picking. You have to decrypt the files to run them and that will always be a weak point to exploit. Anything you put on top is just delaying whoever wants in. You can write your game in binary and it will do exactly squat to someone who really wants to take it apart.

Ren'Py is designed to be mod friendly. Nothing you do will stop someone from dropping a rpyc file into the game directory and hooking into the game. Even if you modify the engine to only read specific files, you won't stop someone who can just insert the functionality back in. All you're really doing is making it more difficult to preserve the game after you're dead.

Nintendo can't stop people from extracting assets from their games. You don't stand a chance. You should hope to be so lucky as to have people interested enough in your game to want to mess around with the assets and code.

If you're talking about a license players need or some sort of login mechanism, you need to implement an online server to validate the credentials they input. There is no secure front-end way to validate credentials.

jsfehler
  • 154
  • 3