Best way to protect your code

[MushroomCake28]

So I know we are a minority, but some of us create our own plugins for our projects, not to be used used by others (so not talking about public plugins here). MV by defaults does not encrypt the js files, so everyone can open them in a project. So my question concerns the protection of plugin.

The first thing that comes to my mind is code obfuscation. Even though I know how it works in theory, I have never tried to use it. So concretely and practically, how do you obfuscate your code? Copy/paste your code in a program that will spit out an obfuscated version that you simply have to copy/paste and save as a js file?

 

[Zevia]

The first thing that comes to my mind is code obfuscation.

As far as I know, that's the only thing you can do for client-side code. There's a discussion on Stack Overflow about the issue I came across that has a couple other suggestions, but all of them boil down to, "This will make it harder to read, but not impossible."

Still, a lot of protection of personal property often comes down to increasing the inconvenience of taking it. Locking your car doesn't prevent it from being broken into, but it's less likely to have things stolen from it than if you don't lock it.

One important note is that there's a difference between minifying your code and obfuscating it and I've seen plenty of instances of devs thinking that minifying the code is good enough. There are readily available tools to unminify code, though. Not sure what's out there to reverse obfuscation.

 

[Engr. Adiktuzmiko]

I dont know how to do this in MV but back in Ace I was able to do it via encrypting the scripts file and tapping into the loading sequence of the engine so that it loads the file correctly.. Nothing too hard but unless someone has the program and enough RGSS know-how I dont think they can easily retrace the steps in order to obtain the original code.

 

[Bex]

I assume People without good Scripting knowledge can not understand the code, obfuscating it could make it impossible for casuals
to adjust it to there likings.
And People with good Scripting knowledge who could crack your stuff, are most likely able to create it themselfs.
Atleast thats what i assume at the moment.

 

[MushroomCake28]

Of course nothing is pirate proof, but the idea is to get better security.

As I said, I understand the principle of obfuscation. I'm asking more about how to do it concretely (program? site? simply copy/paste?)

 

[dulsi]

I don't see obfuscation as helping much. Assuming the plugin is still separate from the code, the obfuscation just means no one to edit it. They could still take it and use it in their own projects. (Assuming they could figure out how to use it and don't mind using the code without permission.)

 

[Poryg]

The most basic obfuscation doable by hand is taking all instances of something and change its meaning. For example substituting all instances of Scene_Menu with a. It's a ton of work though to do it manually though. There are some tools out there though, where you just copy paste code and then take the result.
You can try https://obfuscator.io
but watch out for execution times. I haven't tested it, so I don't know hoe ,uch it bloats execution code.

And you can also compile the javascript files into nwjs native bytecode. I've talked about it a little in my tutorial thread about safeguarding your resources.

 

[MushroomCake28]

@dulsi As opposed to public plugins, I wrote my plugins with the fact that it will only be usable for my project. Two aspects are present to ensure that:
1) Every system is closed in a sense that it doesn't allow customization. For example, you can't create your own skills in the editor since every single skill is coded in the plugins.
2) The code only works with a combination with events in editor. For example my quest system, it's with script commands that I add quests and set the active ones. Everything to do with the editor is encrypted (even if it's not the strongest encryption).

The main goal of obfuscation is to minimize people going into the code to modify certain parameters (like there's one general setting called "tester mode" in my code that allows the player to do lots of stuff that are not supposed to be allowed in game). People with lots of coding knowledge and lots of patience could still reverse engineer and try to understand my code to modify it, but honestly we can't really do much about it. Obfuscation will simply make the process hard, thus discouraging.

 

[peq42_]

Well, MV games run using NW.js on PC(windows/Linux/Mac), so for those platforms, you can use their tool to compile the javascript. I know its not what you asked, but is probably the best way to protect your code on the desktop.
See: http://docs.nwjs.io/en/latest/For Users/Advanced/Protect JavaScript Source Code/

For mobile and HTML5, try minifying first(what by itself can make things pretty hard to copy) then try one of those online code obfuscating tools said above.

 

[MushroomCake28]

Thanks! Will take a look!