I recommend skipping this tutorial as it does more harm than good for your game development uses. If you’re interested in just learning a little bit about computer security, then that’s fine otherwise just jump to the next video. Thank you.
I had a question concerning protecting the save files we were making in Godot to prevent the end-user from modifying them. Many Unity save file tutorials utilize using BinaryFormatter, but Microsoft recommends against using it because it is insecure. BinaryFormatter exposes your users to an attack vector where sharing save files can lead to sharing viruses and malicious code injected by a malicious third party. Your game players will share your save files, so do it safely by just saving text files!
I’ve been a game dev for almost a decade. I’m all about providing a superior experience to my customers. DRM implementations and most obfuscation only serve to hurt you and your customers.
I decided to pull up my old tried and true bit flipper that I have used in the past to protect save files. While the script is named SimpleEncryptDecrypt, it is just a simple bit flipper. Since it is just flipping bits, the method, EncryptDecrypt is used for both saving and loading data. This makes for a very simple way to obfuscate the JSON string we’re using into something completely unintelligible for a human but trivial for a computer to read and write.
The “protection” this offers is honestly completely nonexistent if approached by an experienced programmer since C# compiles to CIL (C# Intermediary Language). It is easily read and modified by CheatEngine or DotNetPeek. This will only stop beginners and non-programmers from editing their save files. An experienced programmer will defeat this obfuscation in a minute or two so the benefit it offers is basically none and only serves to make your diagnostics of save files more difficult during development. Even if you implement SHA1 or other “real” encryption method for your save files, it does not matter because C# does not truly compile down to binary code and your secret key will be discovered. An experienced programmer can read binary code therefore all programs ever written are readable anyways.
๐Tutorial Links ๐
Download SimpleEncryptDecrypt script from my Github: https://github.com/VidyaGameMaka/godot4tutorial/blob/main/Tutorial6_AudioMenu/Scripts/Main/Tools/SimpleEncryptDecrypt.cs
Usage:
String myString = SimpleEncryptDecrypt.EncryptDecrypt(myString);If you use this method to save your file, you must also use it when you load your file immediately after loading the file contents from the file system.1