This would be great thanks!
Anyway I thought there was something that Corona made available.
I was also watching Unity and it seems to do this automatically…
Since nobody has responded…
Remember each step makes it more complex. I am creating a coloring app but since I buy the illustrations from an artist I feel like I need to protect those assets. I am not protecting all the images. Everything I have tried has a workaround or hackaround.
-
The easiest and easiest to hack. Although it is not as easy as changing .apk to .zip. People would still be able to get to the images if they can access the images while it is running or they realize that those files are binhex of images.
– From: https://stackoverflow.com/questions/34618946/lua-base64-encode local b=‘ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/’ local function dec(data) data = string.gsub(data, ‘[^’…b…’=]’, ‘’) return (data:gsub(’.’, function(x) if (x == ‘=’) then return ‘’ end local r,f=’’,(b:find(x)-1) for i=6,1,-1 do r=r…(f%2^i-f%2^(i-1)>0 and ‘1’ or ‘0’) end return r; end):gsub(’%d%d%d?%d?%d?%d?%d?%d?’, function(x) if (#x ~= 8) then return ‘’ end local c=0 for i=1,8 do c=c+(x:sub(i,i)==‘1’ and 2^(8-i) or 0) end return string.char© end)) end – end of code from stackoverflow local image = require( “forwardIcon” ) – A test project with this file is attached. local path = system.pathForFile(“image.png”, system.TemporaryDirectory); – You can specify other paths. local file = io.open(path, “w+”); file:write( dec(image)); io.close(file); display.newImage( “image.png”, system.TemporaryDirectory, 100, 100 ) – Placed the image on the screen.
-
The other options that I have looked at is storing the binhex of the file in Gamespark encrypting it with the IDFV (but it can be any key really) at the time it is requested and then decrypting on the device. Big pain for me and not sure if that scheme would require review by the US government.
I plan to use the patch plugin from @roaminggaming to downloading the entire “lua” image file. I was going to do a video of my proof of concept once I get done with the GDPR mess.
Thank you so much for the code and for being back to respond!
I’m receiving this error though: "main.lua:33: file image.png’ does not contain a valid image…
am I doing something wrong?
However I expected a greater impact on the corona community. It seems to me an important issue also because now all the great apps hide their images…
Where did you test it? What type of machine are you using? Did you use the sample project? Using the same technique you can do an image sheet and do a bunch of images at the same time so it wouldn’t be so tedious.
I just tested the project attached on my machine and uploaded it on my android device and it worked on both on my MacBook and on my Android device.
I’m on windows, I’m using the project you attached to me, daily build 2018.3297, being your example I’m trying to create the image.
I checked in the sandbox and the image is created but it seems impossible to even open from there
Can you push it to a test device and see if it works? I am really baffled. I just downloaded the zip and tried it and it works. I have a windows machine but has been broken for many months. I’ll try to fix it this weekend and test it.
Just tested on the device. everything works perfectly!
I see the play button with a brown background.
so the problem is with the emulator or with the daily version …
I seem to recollect you need to use the “wb” flag on io.open with Windows, could give that a try.
@nick_sherman is right. You need to treat images as binary files. I would use “rb” flag on reading the image too. The cause of this is that line endings in Windows are two character sequences (CR and LF). Unix based systems just use a single character (LF), so if you don’t use binary for your file IO then any byte that’s an ASCII 13 or 10 will get treated as a text file and be converted back and forth and it will mess up the file.
Rob
Thanks! Now it also works on the emulator
Do you know a better way to hide images? Which approach do you recommend?
I don’t hide the images. If someone can get to your images in the APK, they can easily unpack them from a resource file.
Rob
You say emulator. Do you mean you’re running on a device emulator, or did you mean to say simulator as in the Corona Simulator.
I know this seems like a moot point, but it is confusing and may affect the answers folks give.
I see this conflation all the time and while most of the time it doesn’t matter, I like to be sure when I answer whether the user is really emulating hardware or simply using the simulator from Corona. If the prior then I know they are probably using the android emulator (or a 3rd party emulator) OR they are using the xCode simulated devices.
Sorry to hijack. 
Right observation!
I meant the Corona Simulator.
General advice. Don’t go to extreme lengths and effort to obfuscate, encrypt, or protect content unless you have a legal or other very pressing reason to do so.
Doing so costs time, effort, and may introduce bugs, bad behavior, and poor performance.
Finally, no matter what you do, end-users who really want to will be able to get your content. You’re only stopping the most casual of theft.
Note: Many things I’ve made and sold have been stolen, including:
- both my books
- some of my apps
- a few of my templates (one guy even went to far as to resell it on chupamobile for a big price increase.)
Some end-users just suck. 
Note: I like Nick’s suggestion and code. Very cool and reasonable if applied only to some assets.
You could always include assets as a password protected zip file and decompress at runtime. I believe there is a zip plugin you can use for this?
I understand, you’re right there will always be someone who wants to hurt. But when I think about it bothering me. For this I thought of a way to better protect my file.
@SGS
thank you, I did not know about this now I’m looking for it even though it seems a little expensive in terms of speed
Most people won’t be able to get access to your .apk file directly. They don’t run rooted devices and if so, they are likely not going to peek at your code. While there are plenty of services that will let you download a .apk to your local computer, any one looking inside your .apk are doing so with ill intent. Any one with ill intent will succeed at getting your images regardless of what you do.
The idea about using a password protected zip file may be a good choice. It doesn’t necessarily have to be downloaded. You can copy it to system.TemporaryDirectory and then unzip your files to system.DocumentsDirectory (on iOS, I would use system.CachesDirectory or you will have to flag each file to not be backed up). But once they are unpacked so Corona can load them, anyone with a rooted device can just grab the files out of your documents directory.
Rob