Uprising concern for decompilation

LooPeR231

With the latest event of decompilation of MF:LNY2022, I've started to wonder how far can it go.

Turns out that I've discovered how CTF decompilers are getting support for even the latest CTF builds. Even 2.5+ is going to be decompiled soon.

I've made a new video documenting all of this, but I want to know your opinions as well. What do you think will happen in the future and how can this be resolved in your opinion?

1168438795

Maybe some 3rd-party tools will work :D

囿里有条小咸鱼

It's hard to tell this situation since every game contains the chance to be decompiled. Not only CTF2.5, but also Godot, Gamemaker, and other game-making engines or programming software, are with chances to be cracked, too.
This is a trend that if there's a game got its release, there will be, more or less, people who manage to peel them off and publish them online (as their own if the person mentioned is constructed with a dozen of f**king **), even Genshin Impact, Puyopuyo Quest, LoL and other games.
There's a saying goes, "A tall tree catches the wind". In about 100 or 200 years, or even longer time, as long as there is something you made and you got it published, there will be somebody who are trynna interfere in your work and do plagiarism.
What we can do now is to protect the works from being broken down with softs, you know, as possible as we can.
That's what I wanna say all
中文版：
这个很难说，因为现在是个游戏都有可能被解包出来。不仅限于CTF2.5，包括Godot、GM以及其他游戏制作引擎或者编程软件，都有可能会被破掉。
现在，只要你发了个游戏，总会有人想扒拉扒拉这个游戏，然后公之于众（要是这人食油饼的话发完据为己有也是有可能的），像原神、噗哟噗哟Quest（日本Sega的一款消除RPG手游）、LoL等都可能会有解包的。这其实已经成为一种趋势了。
有句话说得好：树大招风。接下来的一二百年，甚至是更长的时间里，只要有人做完一个作品并将它发布，就总会有人手痒想搞点事情。
我们现在能做的也就是尽最大可能去给我们的作品加壳了。

LooPeR231

One thing here, is that Godot's executables can be encrypted before exporting. If you won't know the encryption key, you'll never be able to decompile it

绿色的糖果

Like a computer virus.
就像计算机病毒一样。

数字1528君

I don't mind.
Images in many fan games are often from other games as well(iwanna,SMBX,etc.)
Besides commercial purpose,decompiling them for study,or for fun,fan games,is acceptable in my opinion.
Actually fan games(works) is unacknowlegded or even illegal sometimes,like SMBX
Just respect game authors ,decompile and use it respectful if you need the images and sounds :D

无视我233

EDIT：Experiments turn out that simply using UPX doesn't protect CTF executables.
For me and some staffs here, concerns of decompilation has been existed for years, as you can see that we have Rule #29.
In my understanding, since FNaF became a hit, new decompilation tools of CTF executables are coming out all the time. I myself thought about some ways to defend sometime, like putting self-made extensions, and when event of LNY2022 occurs I experimented some of them before.
My conclusion is: So far, probably the best way is still using UPX to compress your executable. And I'm surprised that around me a few people have already been using this "old" method. Compressing the executable can greatly increase the difficulty for hackers (and scripts) to understand its code, and most importantly there is no universal way to decompile a UPX-protected software. So, a CTF project won't be influenced by things like FNaF hit.
Another topic is: is Godot encryption safe? Though I haven't practiced it, from my knowledge the answer might be: probably not. Getting a key to resource files, especially from an open-sourced engine, might not be that difficult. I'm not sure whether UPX works for Godot games, but if possible, I recommend using UPX to shield your executable, at least encrypt the resources and then compress the exe.

更新：实验表明仅仅用 UPX 无法让 CTF 免遭反编译。
对这边来说其实反编译的担忧应该几年前就有了，像论坛规定第二十九条就明确写了相关事项。
我个人理解是，在五夜后宫火了以后，反编译 CTF 程序的工具就一直在迭代。我以前也思考过去防御的手段，像是往工程里面加自制扩展，也趁着 LNY2022 这次事情我动手实践了一波。我的结论是：目前最好的方法也许依然是用 UPX 对二进制文件加壳。甚至我很惊讶其实周围已经有一些人在用这种“原始”的手段了。给程序加壳可以极大增加黑客（和反编译机器）理解内部代码的难度，而且最关键的是反编译加壳的文件是没有通用办法的。也就是说，像 CTF 程序就不会因为五夜后宫这样的热门游戏就被影响。
另一个我想讨论的话题是：Godot 自带的加密效果好吗？我其实并没有实践过，但根据我的知识我给出的答案是：未必。毕竟从一个开源引擎里面获取一个解密的 key，其实不是那么复杂的事情。我不确定 UPX 能不能用于 Godot 生成的游戏，但只要条件允许，我还是建议用 UPX 对二进制程序加壳，或者至少是把资源文件用自带的加密之后，再对二进制文件加一层壳。

dasasdhba

无视我233 发表于 2022-10-16 12:50
For me and some staffs here, concerns of decompilation has been existed for years, as you can see th ...

you can get more details in godot's documents.
https://docs.godotengine.org/en/3.5/development/compiling/compiling_with_script_encryption_key.html
it's clearly that the encryption is just for scripts. i guess it may be pretty easy to get the resources of a godot game.
indeed you can find some very active godot decompilation projects on github.
(it looks much more active than some ctf decompilation projects)

but anyway i holds the same opinion as num1528, and just don't be too concerned(

LooPeR231

most importantly there is no universal way to decompile a UPX-protected software. So, a CTF project won't be influenced by things like FNaF hit.

You've later mentioned, that cracking an open-source program, like Godot, is not going to be difficult, but how can you guarantee that UPX is not going to be cracked too, if the developers also state that UPX is open-source?

Another topic is: is Godot encryption safe? Though I haven't practiced it, from my knowledge the answer might be: probably not. Getting a key to resource files, especially from an open-sourced engine, might not be that difficult.

There is no way to decrypt any encrypted file without an encryption key. The only way to do it is by key picking which is virtually impossible.

LooPeR231

数字1528君 发表于 2022-10-16 12:31
I don't mind.
Images in many fan games are often from other games as well(iwanna,SMBX,etc.)
Besides  ...

That is a very nice mindset that you have. You have my respect

LooPeR231

dasasdhba 发表于 2022-10-16 19:57
you can get more details in godot's documents.
https://docs.godotengine.org/en/3.5/development/com ...

Thanks for the intel

LooPeR231

I just want to add one another IMPORTANT point.

Storm engine is going to stay as open-source and we have no plans in ecrypting scripts.

数字1528君

数字1528君 发表于 2022-10-16 12:31
I don't mind.
Images in many fan games are often from other games as well(iwanna,SMBX,etc.)
Besides  ...

Somebody may misunderstand me，i dont think what lxz did is acceptable（

无视我233

Hi, there. I've noticed that this thread has drawn a lot of attention from both Chinese and International MF community, and many have expressed their concerns of own games being decompiled and abused by those with malice. For the sake of this, I'm trying developing a protection tool for MMF / CTF generated games. So, there's no need to worry too much about this.

大家好，我注意到了本帖引起了来自国内和国外 MF 社区的大量关注，也有许多人表达了对自己作品被一些不尊重作者、怀有恶意的人反编译并滥用的担忧。鉴于此，我正在尝试编写适用于 MMF / CTF 的游戏的保护工具。所以不必过于担心。

LooPeR231

无视我233 发表于 2022-10-18 00:07
Hi, there. I've noticed that this thread has drawn a lot of attention from both Chinese and Internat ...

Well, glad that I was able to motivate everyone not to ignore this at least