I’m completely new to html5 game development, so I was wondering if someone could explain to me how licensing of html5 games works.
The reason I’m asking, is that I uploaded my game to Newgrounds in the hope of earning some coffee-money from ads. But to my surprise, just a couple of days later, my game was running on all kinds of game aggregator sites (with ads). I don’t mind for this first game, that other people are making some money from it, but it raises the question of how one can support oneself with html5 games.
That’s when I came across the term ‘licensing’. How do those companies prevent the games they are selling / renting out from being published all over the web ?
I think that “site locking” is a primary method used to prevent distribution of a game, you check location.host in your code and prevent the game from running if it is not what you expect.
Now, the trick is doing so in a way that people won’t be able to easily bypass/strip from your code
On the flash target, it was possible to sitelock if needed and obfuscate to protect your intellectual property, I used to use SecureSWF http://www.kindi.com/ to do this. It would make it much harder for someone to decompile the .swf and make changes to, or copy the game
Unfortunately, due to the nature of the HTML target, it’s futile to protect your code. you could sitelock, obfuscate, and minimize your .js , but at the end of the day it’ll still be a text file that anyone can copy and edit.
@singmajesty… That would be a great Idea if obfuscation is included in a build. Minifyng the js doesn’t guarantee that it is secured… Anyway hope this will be part in a future… thanks
Resurrecting this topic, because just found out that someone copied my HTML5 games to their website.
I have site-lock (yeah, I know, it’s not so effective as in Flash), but code was modified and game locked to another website.
So, can anybody recommend a good effective obfuscator that works for OpenFL games?
Thank you!
it seems that it’s generating pretty good obfuscated code. the only thing you have to do is manually mask accessing LoaderInfo#url (use some sort of reflection on stage.loaderInfo to do it) and obviously, not name site-lock related code with explicit names
I would also recommend not only presenting a “site lock” text/screen, but, silently proceed and randomly disable gameplay features in case of wrong domain (e.g. in a Mario-like game, disable jumping or moving, spawning enemies, corrupting the level, etc).
i’ve also mulled over the idea of generating the sitelocking code at runtime, using some technique like js safe of google ctf 2018 (https://github.com/google/google-ctf/tree/master/2018/beginners/web-js-safe-1) and also this code could also set some global variables that can be used to check their values randomly during gameplay, when the game starts/end, etc. However, I’m not sure how to implement this thingie in Haxe.
additionally, if you game is hosted on your own server, you can use some sort of a “heart-beat” server side script that is called by the client in random placed in the game code -> if the heart beat isn’t there, lock the game (although there might be potential issues with this approach for legitimate players).
Somehow Google’s closure removes parts of my code, while game still works, some features don’t.
For example, it completely removes ExternalInterface.call() function.
Kind of weird behavior.