Pk3 archives protected by password in FTEQW

[toneddu2000]

Hy guys, I asked a modeler to do some models for my game but he said "I don't feel confortable to know that everyone that buys your game can unzip data archives and see/use my models". Which, of course, seen from a external freelance modeler point of view is not so unreasonable. So, I''m asking you engine gurus, there's a way to tell the engine (I use FTEQW) to search for a password (at least for a specific .pk3 file) before open a .pk3 archive?

Please guys help me!

EDIT: An hardcoded solution (search for password 'foobar' in protected.pk3) would be still great! Thanks!

[Spirit]

Sorry, but that is an idiotic viewpoint of him. You can pretty extract everything from every game ever, often easily. How on earth does he want things to be instead?

What prevents someone to simply check what password your engine uses?

[Jay Dolan]

Yea, because your engine is open source (it is, right?), this would simply never work. The artist needs to get over his fears (and himself, from the sound of it). Despite his paranoia, "hackers" aren't waiting eagerly to leak or repurpose models from free Quake mods. Either he wants to help you out, or he doesn't. He ain't gettin' rich either way

Edit: Wait a minute, you're selling your Quake-based game? Do you have a commercial license for idTech, or are you selling an open source game?

[toneddu2000]

[Spirit]

I didn't mean to insult him, just the thought. And I am honestly interested how he thinks it should be "protected". Has he sold models previously? How was it handled there.

It will be trivial for someone experienced (with reverse engineering or peaking at binaries) to get the model out in any case. It just takes one to publish it then.

You can't technically limit this. Instead, the model is protected by copyright and that should really be enough in my opinion.

[Spike]

firstly, remember that its a pk3. yes its a zip, but your average user will not necessarily know that and won't try opening it (and windows won't guess based upon anything but the extension).

you could just use a pak instead, which do require more specialist tools to read+write properly.

if you're really desperate, you can use/make a filesystem plugin, an example is the mpq filesystem plugin (spirit may remember the diablo2 thing). again, people will be able to decode that if they know what it is and they can find appropriate tools.
if you made a similar plugin that 'contains' a single pk3, you could can hardcode pretty much all the logic to act as a passthrough to decrypt the embedded data, and depend upon fte's nested package support in order to load it using its built-in pk3 loading. of course, filesystem plugins depend upon engine headers, so you can't really get away from the gpl.
and even if you could, a user could just configure a server to allow its contents to be downloaded, or could write some qc to read the files and write them out to a new name that isn't inside a package (or do it in the engine).

it might be interesting to store per-file passwords as some postfix on the filename or something, and have the gamecode specify the passwords that way. you'd need some sort of algorithm to generate the (per-file) passwords to avoid the strings being seen in plain text (at least stored in the string table away from the mdl names), and there's always a problem with people decompiling mods.
however, there's some file types that would be hard to provide passwords for in this way, stuff like textures and shader files.


lots of options, and none of them with any real protection.
which I guess is why you'd be happy with a hardcoded password.


tl:dr:
fte doesn't support any encryption in pk3s.
there's a plugin for mpq (which does still support compression+obfuscation) if you can find tools to write them.
whatever you do, someone can hack the engine to write the file out to disk after any decryption.

[frag.machine]

[Baker]

FTE doesn't support that in the code, so one possibiility rather that going to all that trouble is to skip all of that and overwrite some of the bytes in the zip file to cause it to be invalid.

Store the bytes in a string in the engine source code (const char[] zipbytes = "zAtZkLL40 ..."). Write those bytes to the .pk3 on engine startup causing it to be valid. To be more thorough, you would do it memory and never touch the disk file.

Newbie dudes would not be able to access the file (how can you open an invalid file missing directory header?)

It would be a quick and dirty solution. And I wouldn't recommend it. But if your only problem is someone feeling secure, it would solve your problem.

A more legitimate way would be to store the model in the executable, thus it is never available as an individual file. On Windows you could add the file to resources (.rc section). Someone very determined or knowledgeable would be able to find tools to extract out of the executable, but a casual person wouldn't likely know the right words to even begin that journey in a search engine.

[toneddu2000]

[Baker]

[toneddu2000]

[revelator]

Still problems atleast on my end, the reply page takes several minutes to load and i have a 100/100 mb connection also the entire site takes ages to load.

[frag.machine]

[toneddu2000]

[frag.machine]