JDPeckham

What is being done to make managed code more secure for commercial applications. I can't see how any companies would be willing to switch to managed code for prime time games as long as MSIL can be easily reverse engineered. I love XNA and Managed code and pray that eventually commercial industry will as well (so I can put my C# skills towards gaming instead of business apps). Our company is already hesitant to make WinForm applications due to the ease in which these applications can be decompiled and reversed.


Re: XNA Game Studio Express Making XNA/Managed code secure

Jim.Welch

The question would probably be better asked over in the .NET forums.

I don't think anything is being done to get rid of MSIL or the ease of disassembly. That was one of the main points of .NET to begin with (using MSIL instead of platform/OS/processor dependent code along with the CLR) and I doubt anyone at MS wants to change the entire framework and change direction in their strategy.







Re: XNA Game Studio Express Making XNA/Managed code secure

Joel Martinez

Is obfuscation not good enough for you




Re: XNA Game Studio Express Making XNA/Managed code secure

schmosef

This is an interesting question.

Does the obfuscator linked above work with XNA Anybody tried it

I know that the "Community Edition" comes with Visual Studio. But I'm not sure if in comes with the Express Editions.





Re: XNA Game Studio Express Making XNA/Managed code secure

pitil

Other
http://www.programmersheaven.com/zone28/cat1016/index.htm


;)





Re: XNA Game Studio Express Making XNA/Managed code secure

JDPeckham

 Joel Martinez wrote:
Is obfuscation not good enough for you

No, see http://www.remotesoft.com/salamander/

 additionally, my whole point is not that it isn't possible to make the code more secure (obviously third party vendors are making money off it) my point is why isn't microsoft shipping a product integrated with visual studio pro or orcas that will secure code. Visual studio is already expensive enough, it should be my whole solution, i shouldn't have to go buy an obfuscator, protector, and all this other junk just to have safe code. I've never had to pay extra to get locks installed on a car or house...






Re: XNA Game Studio Express Making XNA/Managed code secure

drawle

For Windows development, you could always put your IP-critical code in a Win32 DLL (which can still be disassembed but is less readable). Most of what goes into an app isn't worth protecting like that anyway. There are obscufation through encryption tools out there for protecting IL.

For game development, the best programmers will probably be able to figure out how you do everything just by playing the game. The real IP is the art, story, characters, and gameplay. All of that is on the surface of the game. The most successful titles like Unreal, Half Life, Elder Scrolls generate a lot of community support by being open and moddable. Id has always done well and actually shares their engine IP with the community.





Re: XNA Game Studio Express Making XNA/Managed code secure

Jon Watte

You understand that compiled C++ code can be reverse engineered, too, right It's not like there haven't been disassemblers available for the last, oh, 50 years or so.

If I have implementations of special value, then the right kind of protection is a patent. If I think a patent is too expensive, or if I cannot get a patent issued, then the thing I'm protecting isn't actually worth protecting enough to worry about it.

When it comes to content, and the actual source code, those are both protected by inherent copyright, and thus don't necessarily need "extra" protection (although good "code hygiene" is always a good idea).

Also, the cool thing with patents is that I can often selectively enforce them without losing your protection rights, whereas with copyright, I have to enforce any actual infringement I know of, or I may risk losing my protection.

For more information about how to "protect" your own intellectual property, I suggest discussing with a legal professional licensed to practice law in your jurisdiction, as your specific requirements almost certainly won't match those of any random guy you find on the net :-)

In general, the way to create a successful business is to focus on delivering great value to paying customers. Worrying too much about secrecy, protection and theft, as opposed to delivering good value to customers, is a typical sign of a company that's on the way to failure.






Re: XNA Game Studio Express Making XNA/Managed code secure

Joel Martinez

On windows, I have no doubt that it would work ... haven't tried it on 360, but my guess is that it will. Obfuscating doesn't change the functionality of the code, it merely changes the names and structure of the code. That way, if someone tries to decompile it, they will have an unintelligible mess that no one can make any sense of.

As far as the issue of the Express not coming with anything ... that's entirely the point. Express is meant for hobbyists, not professional devs. I understand that pro version of the toolset isn't out yet ... but if you must develop a commercial product before that is available, there are ways to use VSPro for XNA development today.





Re: XNA Game Studio Express Making XNA/Managed code secure

Johnnylightbulb

My $0.02:

People decompile and disect real games like BF2 and WoW, they'll watch the memory and figure out ways to get at it. You can pull shaders and bitmaps out of your graphic card if so inclined, and the fundamental algorithims behind all major games these days are heavily documented on places like this and gamedev.net. Two issues would be IP/Asset theft and cheats/hacks.

I would think, that just like any game or application, so long as your assets and code are not in clear-text, you're fine. People may steal your bitmaps, but they're not going to hurt your business by doing so. I for one, would not buy a subscription to World-of-Johnnylightbulb, the massively multiplayer game that looks and plays strikingly similar to World of Warcraft.





Re: XNA Game Studio Express Making XNA/Managed code secure

Gerix

You should never assume that anything on a machine outside your control is 100% secure. If someone wants to bad enough, if they're technically savvy enough, and if they have total control of the machine on which they're working, they can ALWAYS break in eventually. It may require they physically remove a hard disk and analyze it under a different OS but it's possible if they want to bad enough. It's usually not even remotely that hard. After all, it's just a byte stream. If the computer CPU can figure out what to do, so can a hacker.

Back when I was working on classified software, they would classify the binary if the source was classified.

However, I think that for most commercial applications, that's not really the issue. The issue is what damage is likely to occur. If you can do some things to just make it harder that's often good enough since making it harder means fewer people are likely to do it. It's often no big deal if 0.000001% of the people using your software managed to hack it. Just don't put your social security number in there. While there's always the issues of someone ripping off your art resources, that's always been possible but it doesn't appear to be a major problem.

I know of several games which have been hacked (I suspect most popular ones are eventually hacked) but they continued to do very well even.