|
Post by TrojanNemo on Apr 1, 2015 19:58:06 GMT
For the sake of argument, if Phase Shift did happen to add encryption, but it got broken after C3 began releasing encrypted stems for it, would it stop offering the encrypted stems? I can't speak as to what C3 would or would not do, since I'm not an admin. But the way I see it, if Phase Shift adds encryption support, C3 would most likely offer encrypted multitracks. If that encryption was defeated, it stands to reason a stronger encryption would then be implemented, and C3 would then move to that new encryption. C3 is now in its third encryption type, not because prior encryption has been cracked (to my knowledge), but because if I can make it stronger, I will. Harmonix implemented stronger and stronger encryption with every game, and songs always used the latest encryption that was available at that time. Unlike Harmonix, C3 can just run a batch process on the files and change their encryption in this hypothetical situation. For an open source project to implement encryption in a secure way is a tough call, since by its nature anyone could look at the source code and see how the game decrypts the files. The reason I thought it was doable for Phase Shift is because it isn't open sourced. With obfuscation of the code and the decryption routine, this means a cracker would need to attack the game executable while running, which is an entirely different beast than opening the source code and looking for the decryption routine. Forgive me for not being too well versed with Phase Shift's features, my only interaction with it has been to test that the files my converter creates work well. But what feature does it have that specifically conflict with audio encryption?
|
|
|
Post by David on Apr 1, 2015 20:24:07 GMT
Encryption isn't my strong side so I'm not sure exactly how much this would complicate things but the main programming issue is that we stream in the audio files for memory reasons. This is a delicate balance to keep things all synced up. I would assume that If the game was to decrypt each track and store it into memory that would allow easy access for cracking to just read the memory where they decrypted file is stored. Can the decryption process be done on the fly as you need the data or must the whole file be processed? Depending on how it's handled it can complicate the file streaming.
But the main issue for me is the general speed of access. Things like unencrypted preview files would be required for the song browser to give a fast preview of each song. So I guess you'd have to allow for both encrypted and unencrypted files in the same song.
Many of the issues are just dealing with failure cases and disabling features such as the Music Studio which lets you preview each stem. Much the same as Rock Band people could exploit the games ability to adjust the volume levels for each track and things to isolate the stems.
There are a bunch of other issues that are hard to explain without knowledge of the game code but it's not a simple thing to implement I even wanted to.
Thanks David
|
|
|
Post by TrojanNemo on Apr 1, 2015 20:36:39 GMT
I would assume that If the game was to decrypt each track and store it into memory that would allow easy access for cracking to just read the memory where they decrypted file is stored. Correct. This is one way someone could get at the C3 files if using cPlayer (my own media player for Rock Band customs) or C3 CON Tools' Visualizer, which lets you preview the song audio. But again, the number of people who know how to do this is so minimal within the people that even know C3 exists, that for me, it's not a real concern. Can the decryption process be done on the fly as you need the data or must the whole file be processed? Decryption happens as you want it to happen really. For my uses I just decrypt the whole file and use it in memory. But it can be done in sections of the file as well, so you could read a buffer, decrypt it, play that, get the next buffer, repeat. Etc. But the main issue for me is the general speed of access. Things like unencrypted preview files would be required for the song browser to give a fast preview of each song. So I guess you'd have to allow for both encrypted and unencrypted files in the same song. Decryption is a very fast process. Rock Band decrypts on the fly, and you are able to preview each song within fractions of a second of highlighting it. The only Rock Band version that takes both encrypted song files and decrypted preview files is the Wii version, since it uses encrypted Bink audio for the actual songs and decrypted mogg audio for the previews. Both PS3 and Xbox 360 just decrypt on the fly and preview the audio using the decrypted stream. Same happens with my Visualizer tool. The whole process takes my computer less than a second, somewhere around 350ms last time I checked. There are a bunch of other issues that are hard to explain without knowledge of the game code but it's not a simple thing to implement I even wanted to. I'm starting to see that. It was worth the conversation.
|
|
|
Post by knapman [FD] on Apr 1, 2015 20:42:48 GMT
For an open source project to implement encryption in a secure way is a tough call, since by its nature anyone could look at the source code and see how the game decrypts the files. I thought we were talking about a system that just needed to be partially effective to deter a casual majority, most people aren't programmers, and working or not, really what does it hurt
|
|
|
Post by TrojanNemo on Apr 1, 2015 20:53:09 GMT
For an open source project to implement encryption in a secure way is a tough call, since by its nature anyone could look at the source code and see how the game decrypts the files. I thought we were talking about a system that just needed to be partially effective to deter a casual majority, most people aren't programmers, and working or not, really what does it hurt I don't see why you need to be snide in your response. I used 99.9% and 0.1% - that's not partially, that's "almost entirely." I know plenty of "programmers" or "wanna-be programmers" (I mostly fall here) that know how to open source code and follow along. That's a far cry from understanding assembly language and manipulation of a running process to grab content from memory.
|
|
|
Post by JarheadHME on Apr 1, 2015 21:02:34 GMT
I'm just going to butt in here for just a second to address something Nemo said... For an open source project to implement encryption in a secure way is a tough call, since by its nature anyone could look at the source code and see how the game decrypts the files. The reason I thought it was doable for Phase Shift is because it isn't open sourced. Iirc, on the FoF forums you said something along the lines of "they refuse to open source their code" in relation to vocals. The way I see it, you want it closed sourced for encryption, but open sourced for people to add their own features, in this case vocals. I suppose in this case they could open source it to when someone puts in vocals, but then they'd have to make it closed source again for encryption. There is no real win-win here.
|
|
|
Post by TrojanNemo on Apr 1, 2015 21:08:26 GMT
I'm just going to butt in here for just a second to address something Nemo said... For an open source project to implement encryption in a secure way is a tough call, since by its nature anyone could look at the source code and see how the game decrypts the files. The reason I thought it was doable for Phase Shift is because it isn't open sourced. Iirc, on the FoF forums you said something along the lines of "they refuse to open source their code" in relation to vocals. The way I see it, you want it closed sourced for encryption, but open sourced for people to add their own features, in this case vocals. I suppose in this case they could open source it to when someone puts in vocals, but then they'd have to make it closed source again for encryption. There is no real win-win here. Two different conversations. I don't like open sourcing projects. None of my own are. The only reason I brought that up as far as Phase Shift in particular, is because I know someone who 1) has the technical know-how to make vocals happen, 2) in the past contacted the devs about it and as I understand it, did not get a response, and 3) would have done it already IF the code was open source. They could also just keep it closed source but share with this individual, who could help them, and that'd be it. But yes, you're right that if it were open source this whole encryption idea wouldn't be as effective. And yes, I am at work in front of my pc with a lot of free time and bored. So I can respond embarrassingly quickly. EDIT: I also happen to know that that individual, and probably a lot of others, would abandon Rock Band entirely for Phase Shift if it supported vocals like Rock Band does.
|
|
|
Post by JarheadHME on Apr 1, 2015 21:12:44 GMT
Do not worry about responding embarrassingly quickly. I have an RSS feed set up for this forum, so I can respond within near seconds of a post if I don't write out too much. Ah but I'm getting off track. I suppose that sort of stuff could appear, and I will admit, I would probably play RB3 even less than I do now to do vocals. But I would also love to do vocals on PS, for easier voxtar type things considering I don't have a mic stand. However, I still remember that this is David and Knapman's learning experience. I want them to be able to get it themselves. You go guys!
|
|
|
Post by TrojanNemo on Apr 1, 2015 21:15:30 GMT
However, I still remember that this is David and Knapman's learning experience. I want them to be able to get it themselves. This is why I also do closed source projects, since for me it's all a learning experience as well and I enjoy (sometimes more than others) racking my head for solutions to problems that I create for myself. But closed source doesn't mean no collaboration with those who can and wish to help you ;-)
|
|
|
Post by knapman [FD] on Apr 1, 2015 21:38:24 GMT
I thought we were talking about a system that just needed to be partially effective to deter a casual majority, most people aren't programmers, and working or not, really what does it hurt I don't see why you need to be snide in your response. I used 99.9% and 0.1% - that's not partially, that's "almost entirely." I know plenty of "programmers" or "wanna-be programmers" (I mostly fall here) that know how to open source code and follow along. That's a far cry from understanding assembly language and manipulation of a running process to grab content from memory. Low hanging fruit, could not resist, entertainment is essential at this point, nothing personal, but 10/10 would fruit again
|
|
|
Post by TrojanNemo on Apr 1, 2015 22:07:52 GMT
Hey, if you don't want me to post on your boards, you could have said so. No need to mock. I'll show myself out.
|
|
|
Post by knapman [FD] on Apr 1, 2015 22:49:18 GMT
there was a valid point in there, if you want to focus on the negative that's up to you
|
|
|
Post by captainoffun22 on Apr 2, 2015 6:40:12 GMT
I'm just happy that GHPCED has a encryption on there songs, I might play that now so I can play Envision.
|
|
|
Post by knapman [FD] on Apr 2, 2015 8:13:10 GMT
we could rename the .ogg to .nothingtoseehere files
|
|
|
Post by captainoffun22 on Apr 2, 2015 12:12:44 GMT
Just make a encryption system please, not everyone has to use it on there songs.
|
|