Code+Name obfuscator, should I release?

[inio]

Originally posted by usaar33
Inio, very nice.
I take it that you were able to get around the texture problem? (when I wrote a patcher for s3 textures using DarkBytes obfuscator as a base, I ran into huge problems with those offsets).

Parsing the property list was the most annoying part. I just subtract the export's offset on the way in, and add it on the way out.

DB's strips xx functions and zz variables.
The reason for the CSHP4+ and UTPure size differences is do to changes in the stripping program. The stripper for 4+ used an EXE. The UTPure one used a commandlet, which turned out to be easier and more powerful (I have not yet seen the code).

I replace zz functions and variables with 2-byte non-ascii values. I found that if you don't give some things unique names it causes problems. I haven't done a exhaustive search for what situations names can be set to null strings.

Speaking of which, is yours an EXE or a ucc commandlet?

It's a macintosh application (written in ANSI C++). If I release I'll cross-compile to an EXE.

As for dummy names, I was able to write something up with very limited program base. I won't go into details, but it is rather simple just reading some parts of the UTPT doc. I'd love to post a rip of CSHP I did

I based my work on this document.

eh, reverse lookup table? I know we used 0 byte variable names as well as false ones, but not quite sure what you meant by reverse (oh.. you mean how import/export table order is reversed from the norm?)

Actually, I'm talking about the decryption of the strings. One of the functions called indirectly by xxPreDecrypt (don't know it's name obviously) uses a for loop through an array to determine the value associated with a partially-decrypted character...

Suddenly theres helecopters hovering around my house so I figure I better shut up now

[edit: initial version had way too much space]

 

[usaar33]

Originally posted by inio

Actually, I'm talking about the decryption of the strings. One of the functions called indirectly by xxPreDecrypt (don't know it's name obviously) uses a for loop through an array to determine the value associated with a partially-decrypted character...

Suddenly theres helecopters hovering around my house so I figure I better shut up now

[edit: initial version had way too much space]

Oh that... I cracked it about a day before joining the team
Pretty cool how it works. Obviously I cannot reveal details..
I don't think Pure used it though...

 

[RegularX]

Originally posted by usaar33
Inio, very nice.
...
DB's strips xx functions and zz variables.
The reason for the CSHP4+ and UTPure size differences is do to changes in the stripping program. The stripper for 4+ used an EXE. The UTPure one used a commandlet, which turned out to be easier and more powerful (I have not yet seen the code).

Speaking of which, is yours an EXE or a ucc commandlet?
..eh, reverse lookup table? I know we used 0 byte variable names as well as false ones, but not quite sure what you meant by reverse (oh.. you mean how import/export table order is reversed from the norm?)

um wow. I retract my earlier "simple" comments .


rgx

 

[inio]

Based on the current poll results, my position is to not release. If people have GOOD, NEW arguments for why I SHOULD release, please post them here. PMs regarding this matter will not be concidered higly.

If I do not release, I may offer a service to those who want their code protected. If they send me their code I will unilaterally decide what parts, if any, deserve protection. After obfuscating these elements I would send them back a compiled+obfuscated package, and the altered source code. If you have an opinion on this, reply here or PM me (replies are preferred).

 

[TaoPaiPai]

I wonder if Uscript obfuscation is legal.

All I know is that all Uscript code becomes Epic's property,therefore useable by all licensee

^
(Totally on-topic smily)

 

[Mychaeel]

All I know is that all Uscript code becomes Epic's property

I do not hope so. Neither do I hope that all my Word documents become property of Microsoft.

 

[TaoPaiPai]

That's what I've been told by someone from the industry who had discussed the question with one of Epic's Guru (don't remember which one).
That might not be true ,even if it was, this might be legally objectable.
Anyway that wouldn't bother me in any case.For what lines of code are worth.

 

[Raeled]

Neither do I hope that all my Word documents become property of Microsoft.

If only M$ had that chance

 

[(v)adOnion]

Keep the thing to yourself and trusted anticheat producers ....

 

[inio]

I have decided not to release the code. anti-cheat developers should look twoards the UTPure team - they have tools capable of prevent the file from being opened in UTPT.

Other developers who feel their code deserves protection can send me email with a description of what their code does and why they think it deseves protation. If I find it worthy I will work with them to obfuscate it. Under no foreseeable circumstances, however, will I release my obfuscation tools to anybody.

 

[Doctor SiN]

(god.. lost my old password)

I say release it with a license that allows mod authors to use it as a method to reduce the size of their mod. Make sure it's noted that it may only be used if the mod also makes the source available online. If anyone releases a version and refuses to release the source, you can then shut them down.

We use encryption (if you could really call it that) in CSHP because we had to. I'm against mod groups locking down their sources. It's the best way for people to learn.

All of my mods have been released with the source available. This is because I feel it's a good way to learn and I actively encourage people to do the same.

But that doesn't mean a user should be forced with the wasted bytes for the source in the package. Hell, I bet a large mod can save 20-40%.

 

[2COOL4-U]

I can understand you DrSiN.

If you want to release it perhaps it would be better to only give it to developers who contact you and have a valid reason for obscuring their code.

 

[DainHarper]

Darned if I can find the proof, but *all* code written in UnrealScript for the purposes of extending the Unreal/Unreal Tournament engine is owned by Epic *unless* you are a registered licensee of the Unreal engine.

Its a standard feature of an extensible game - they are not going to do anything about ownership as the community is a self regulating entity. If however, you decided to batch up a whole mod and sell it on the shelves of Electronics Boutique for £20, you can guarantee that you wouldnt see a penny of the profits.

Counterstrike was bought out by Valve (or their owner, VU) simply because they saw a merchantable queality game.


OK, if you are concerned that you dont own something that you spent so much time on, dont be. I only own the house I bought for another 70 years... legal stuff is confusing and you can usually get by not worrying about it.

So finally, you cannot claim that you are protecting your own code by hiding the implementation details. If you wrote something of quality, chances are you are known, and its existance is known, and the likelihood that some 'punk' can make a reasonable claim on it by copying vast chunks of code is risible.

Release the source, fully. Then we can all learn how the system works that bit better.

Dain

 

[Doctor SiN]

Dain,

No, Epic does not OWN anything you do. It's not possible though arbitary agreement to force the assignment of a copyright that doesn't exist. Anything you create is automatically copyrighted by you (NOTE: that doesn't mean it's a recognized copyright).

What a company can do is limit what you can do with something created with their tools. In otherwords, Epic can tell you that you can't sell something you create, but they would be unable to copy or distribute it themselves without your authorization.

So if you write a mod it's yours and you can decided how it is used as long as it's within the guidelines of the EULA.

This includes not releasing the source to something you create. Yes, EPIC would prefer that mod authors make their sources available, but mod authors can feel free to do as they please.

And yes, it is technically illegal to duplicate a mod, though you can make the case for derivative works provide you change the legal limit (which is either 25% or 75% I forget which).

Counterstike was bought by Valve because it would make money.. but they HAD to buy it.. they couldn't just take it and release it.

 

[DainHarper]

And yes, it is technically illegal to duplicate a mod, though you can make the case for derivative works provide you change the legal limit (which is either 25% or 75% I forget which).

Surely by making a mod you are modifying someone elses work... so unless you have changed over 25% then you cannot claim derivative work...

It doesnt affect me though, as I have jusy been told by our technical director that any game/mod I create whilst working in this games industry belongs to my employer. Ho hum.

 

[Doctor SiN]

Do you mean working for a game company or working with someone elses game.

Most companys require you to sign a contract that details any work you do while under their employment becomes their property, some even when it's done on personal time.

 

[RegularX]

Originally posted by DainHarper


Surely by making a mod you are modifying someone elses work... so unless you have changed over 25% then you cannot claim derivative work...

It doesnt affect me though, as I have jusy been told by our technical director that any game/mod I create whilst working in this games industry belongs to my employer. Ho hum.

You might want to double check that. As Sin said, some companies clause that what you produce is their property, but the details usually differ. Like he said, it's possible that your free time is included on this (esp. for salaried), but I think it would be rare for it to be all-inclusionary. Writing a mod for free using freely available tools doesn't seem like it should fall under your employer's umbrella (even if you are working for Epic), but it's possible.

But it also wouldn't be the first time a technical director didn't know what he/she/it was talking about...


rgx

 

[DainHarper]

I've checked my contract before, and I know he's right. Doesnt matter what tools I use or when I do it, if I am moonlighting as a programmer/designer on any project then my employer has a precident to claim ownership.

If it actually upset me though, Id leave.



But the question in hand was whether someone should release code that encrypts the UScript. My opinion on this is that mods should all be open source, we have exactly the kind of atmosphere that OS thrives on, and a community that supports it.

The reasons for closing a mod are pretty weak, as we all know it is possible to reverse engineer as much as you could want and to steal ideas for the bits you cant. All that you acheive is stopping the flow of fixes from third parties, stigmatising growth and all the other problems listed in such works as Raymonds 'The Cathedral and the Bazaar' (good read btw)

So with all the comments above, I cant see a reason to hide the encryption code. It is after all, a choice for the individual mod dev guys (and gals).

Dain

 

[Doctor SiN]

But see.. that's your employment contract and they are different from having rights assigned in an EULA without compensation.

I agree that mods should be open source, but there are reason to encrypt source, especially in a mod like CSHP. Yes, our encryption was cracked each time, but most times it took more than a few days. Leaving the source would have allowed it to be cracked in mins.

But I still think source should be removed from the package itself and made available on a web site.

 

[RegularX]

I'd be curious to see how much smaller my mod would be with this, actually. It's mostly code and some custom textures, so I'm thinking the source code might be a goodly percentage (not that it's ever going to be that big, but for those modemers out there).

My original plan was to do a project post-mortem on the codebase anyway, post it and make it downloadable.

I'm glad you're OK with that situation Dain, but I wouldn't ever agree to it. I generally code about 4-8 hours at work a day, and then another 2-6 at home (big ranges, I know ... some nights Buffy is on, what can I say). Course, my day job and night job are widely different avenues, and I don't think my employer has much interest in a UT mod


rgx