LuaC Encryption

dennis · April 6, 2010, 12:47am

In order to avoid hacking of the LuaC binary code, some type of encryption (using the developers serial hash maybe) would be very helpful. In it’s current state, it’s not very hard to unzip the package, sneak into the LuaC binary and change some bits and bytes (in conjunction with the use of a decompiler), sign with a different key and post it to some pirate boards (where no one cares about broken signatures).
LuaC Encryption shouldn’t be very hard to implement. Not a very important feature request, but maybe you put it in on your roadmap somewhere. Thanks.

Regards,
Dennis [import]uid: 3642 topic_id: 734 reply_id: 300734[/import]

Eric · April 6, 2010, 1:14pm

Your apps are secure against this kind of “repurposing”. In addition to the Apple signing process, Corona internally signs the binary to prevent this possibility. [import]uid: 54 topic_id: 734 reply_id: 1476[/import]

dennis · April 7, 2010, 12:05am

Some kind of encryption is still required to disallow easy decompliation of the LuaC binary in order to hide the inner working of the lua script. [import]uid: 3642 topic_id: 734 reply_id: 1489[/import]

Eric · April 7, 2010, 8:33am

I’ve seen discussions about this for other platforms… Any obfuscation scheme that runs on the phone would also have to contain the decryption mechanism, so it would still be possible to decompile the binary. This is true for any executable on modern operating systems, unfortunately. We would also be concerned about the performance impact. We want Corona to remain super fast.

That said, I do understand your concern about protecting your investment in code. I would think people would also be concerned about graphical and sound assets. This potentially brings us into the level of DRM schemes, which are pretty complicated (and expensive), and have other issues for customers as well.

What level of protection do you think is adequate? [import]uid: 54 topic_id: 734 reply_id: 1499[/import]

dennis · April 7, 2010, 8:50am

You are right - every encryption mechanism could be broken. I am not talking about real code protection or any DRM mechanism, it’s currently very easy to take the package, unzip the application, use a LuaC finder (search for \ESC\LUA) and decompile the LuaC into Lua. Take a look at the table definitions and post e.g. all level codes, hints, etc without actually playing the game (this is just an example).

I was thinking about a very very low level encryption that makes searching for LuaC a little bit harder. I do know that every keen hacker could disassemble the whole thing or run it through a debugger, thus rendering any encryption mechansim obsolete - but that’s not my concern.

Just a very low level (and thus fast) “encryption” of the lua binary helps keeping “low level hackers” away.
[import]uid: 3642 topic_id: 734 reply_id: 1502[/import]

Eric · April 7, 2010, 8:54am

Ok, I put it on the list for future discussion. [import]uid: 54 topic_id: 734 reply_id: 1504[/import]