-2

For my Unity Game, I want to save player data by using text files. Text files can be easily modified and so can the data in them be modified. So, I would like to convert the text files to 0's and 1's. So that when you open it you should see 0101011 instead of readable and editable data. I know that I can use Read Bytes of File and replace the text in the file with this data, but how in the world do I make it data again? I need help with that.

Harsh
  • 17
  • 1
  • 6
  • Why not just use PlayerPrefs? Unity PlayerPrefs tutorial: https://learn.unity.com/tutorial/persistence-saving-and-loading-data – Display name May 17 '22 at 10:42
  • Also, does this Unity Forum post answer your question? https://answers.unity.com/questions/40568/base64-encodedecoding.html – Display name May 17 '22 at 10:44
  • @Displayname I am fully aware about Player Prefs, it's just not what I need, but I guess the second link shall do it, I'll try it, I guess. – Harsh May 17 '22 at 10:48
  • @AnimeShinjas obfuscating the data won't prevent modification, it'll just make it slightly more cumbersome to do, and your save files will be huge. What you'll probably want to do is _add a cryptographic signature_ to the end of the file so you can verify it hasn't been tampered with. – Mathias R. Jessen May 17 '22 at 10:50
  • Btw, why do you want to prevent users from modyfing your game? You do know that moddying is a great way to increase popularity of your game? Not to mention that you actually can't prevent users from modyfing your files. You can only make it a bit harder. – freakish May 17 '22 at 10:50
  • @MathiasR.Jessen and what exactly stops a malicious user from modyfing either signatures or keys (which have to be stored locally somewhere) as well? – freakish May 17 '22 at 10:52
  • @MathiasR.Jessen I have no idea what a cryptographic signature. I'll look into it. – Harsh May 17 '22 at 10:52
  • @freakish Look, I'm making an app inside Unity like notes and I'll save the large input from the user into a text file. I need to make sure the text file is not readable to protect the privacy of the user. Also, can I just rename the extension to something else after it is saved and rename it back to .txt?? – Harsh May 17 '22 at 10:55
  • @freakish unavailability of the key. Obviously if the is generated on the device someone could obtain it and use it to re-sign a modified file – Mathias R. Jessen May 17 '22 at 10:56
  • @MathiasR.Jessen but then the app has to compare the signature to something, yes? And so all you need is to modify this something to be generated by you. You don't need to know the original private key. There's no way around it. – freakish May 17 '22 at 10:56
  • @AnimeShinjas If it's for secrecy then you'll want to _encrypt_ the data (scramble it with a key/password so only the holder of the key/password can "unscramble" it again) – Mathias R. Jessen May 17 '22 at 10:57
  • @AnimeShinjas there's literally no way to protect privacy of a user locally, unless he provides a password everytime he runs your app. You are doomed to fail otherwise. – freakish May 17 '22 at 10:57
  • @freakish The contents of the file (up to where the signature starts) would be the reference - you calculate the signature over the content with the same key and compare it to the signature stored - if they don't match, the data has been tampered with. – Mathias R. Jessen May 17 '22 at 10:58
  • @MathiasR.Jessen so what prevents the user from modyfing the stored signature? This can only work if it is done by a remote server. But even then a malicious user can either MITM the server or even modify the code to not do the check. That's literally how hackers hack games all the time. – freakish May 17 '22 at 10:59
  • @freakish Modification of the signature would lead to verification failure (because it would no longer match the calculated signature). – Mathias R. Jessen May 17 '22 at 11:01
  • @freakish, Mathias, I don't think anyone will modify it tbh I just need to make it unreadable. – Harsh May 17 '22 at 11:01
  • @MathiasR.Jessen you don't understand. Given a calculated value X you want to compare it to some stored value Y. What prevents the user from modyfing both to always match? Nothing. – freakish May 17 '22 at 11:03
  • @freakish I understand perfectly fine, the assumption here is indeed that the key can be kept private (signing and validating on a remote host would solve that, as you've already pointed out - but taking a password from the user at runtime and deriving the key from that could work too). – Mathias R. Jessen May 17 '22 at 11:06
  • @MathiasR.Jessen, what if I make a key from the user's password or generate a random one and store it in Player Pref? Then the next the app is booted, generate a random one again. – Harsh May 17 '22 at 11:08
  • @AnimeShinjas Asking for a password and then [deriving a key from that](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes) should work. You then basically want [something like this](https://stackoverflow.com/a/10366194/712649) to encrypt the data with the key derived from the password. – Mathias R. Jessen May 17 '22 at 11:09
  • @MathiasR.Jessen Sounds neat, will try it out. – Harsh May 17 '22 at 11:19
  • @AnimeShinjas there are no way to protect your sensitive data if all of the code will be stored on user machine. Even adding cryptographic calculations into your app will not help you because user will see those calculations. If you _really_ want to protect your data, connect some kind of cloud database (mongo for an example) and build some protection on your server side. – RelativeLayouter May 17 '22 at 11:24
  • @RelativeLayouter I know that, but while I'm still developing the app I would like to keep it in the device – Harsh May 17 '22 at 11:28

1 Answers1

0

Text files can be easily modified and so can the data in them be modified.

Is this a problem? games are made to have fun, so why do you want to stop the user from gaming how he wants? If it is a competitive multiplayer game, or any type of game involving actual money, you should not rely on any data on the client.

So, I would like to convert the text files to 0's and 1's. So that when you open it you should see 0101011 instead of readable and editable data

Please do not do this, it will just reduce performance for no benefit. If you do not want trivial modification of data, just use a binary serialization format. Or use the Unity provided storage options. Using binary serialization will likely be faster and produce smaller files, at the cost of making modifications more difficult. But you do not seem concerned about the last point.

Converting objects to serialized data and back again is a common operation, and there are great libraries for it. Json is common for textual data, I have used Protobuf .net for binary data, and find it quite fast and easy to use.

JonasH
  • 28,608
  • 2
  • 10
  • 23
  • I saw a video yesterday and was thinking about using Binary Serialisation, so I'll use that :) – Harsh May 20 '22 at 09:20
  • @AnimeShinjas Binary serialization is great, just avoid binaryFormatter, that is terrible and should not be used for any new code. – JonasH May 20 '22 at 11:39
  • How else am I supposed to use Binary serialization then? Any piece of code or documentation would be great! – Harsh May 21 '22 at 11:47
  • @Anime Shinjas there are many serialization formats available. See [benchmark](https://aloiskraus.wordpress.com/2019/09/29/net-serialization-benchmark-2019-roundup/), and note how poorly binaryFormatter performs. I suggested protobuf .net in the answer, and a google query should lead you to the project site with examples & documentation. – JonasH Jun 03 '22 at 11:20
  • thanks for this, I'll definitely try it :) – Harsh Jun 03 '22 at 12:37