Encrypted Jpg

Hi all,

Can we use encrypted jpg with Vassal ???

Thx for your response.

Unlikely. What sort of Encryption method are you talking about?

B.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

Thus spake “gaet”:

No. Is there actually a standard for that? Why do you want to use it?


J.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

The only way you could do it is to add a decryption class to the module to handle the encryption, but I doubt it could be done without modifying the VASSAL engine itself.

  • M.

2008/9/21 Joel Uckelman <uckelman@nomic.net (uckelman@nomic.net)>

Post generated using Mail2Forum (mail2forum.com)

This is something I’d like to see as a background standard feature of vassal but it raises questions in my mind how it should be done and Rodney is probably best to outline goal/ vision of how this should happen as it regards to these security type of features

As programmers are aware, from all the headaches weve seen with the CC module being standalone with its own version of Vassal because I asked Rodney to encrypt the module. There was a reason behind it but Ive never really explained it publically.

There was a user on BGG that was basically selling replica packages of games either via photo copy or image rip from alternate source (i.e vassal, cyberboard et al.)
Uproar online aside the user claimed they would stop selling his duplicates but it pointed out a valid publisher concern.
So my agreement with GMT included that their images would be protected and why the CC module was made the way it was.
Funny enough the guy actually posted on the BGG CC forums asking why he couldnt extract the images out of the CC module J

As module developers that have access to original files, we have no intent of distributing or abusing the graces the publishers grant us by handing us their files, we only want to use them in providing legitimate users a means to play their favorite games online.

That being said, a standard encryption that allows users/designers to edit modules (change images/replace etc…) without ripping/extracting the image source by renaming modules to zip would be a huge plus in preventing the above story and give credibility to the engine from the publisher side point of view.

This though, is entering a murky ground as how it should be handled. Rodney created Vassal, has agreements with various entities etc, and ultimately should weigh in as to how the issue of security plays out as it might involve the compromise/collusion of corporate entities with fans/users wanting to provide users with a means to play in a legitimate way that said corporate entities would embrace whole heartedly

From: messages-bounces@forums.vassalengine.org [mailto:messages-bounces@forums.vassalengine.org] On Behalf Of Michael Kiefte
Sent: Sunday, September 21, 2008 7:05 PM
To: VASSAL Engine Forums Mailing List
Subject: Re: [Module Design]Encrypted Jpg

The only way you could do it is to add a decryption class to the module to handle the encryption, but I doubt it could be done without modifying the VASSAL engine itself.

No. Is there actually a standard for that? Why do you want to use it?


J.

Post generated using Mail2Forum (mail2forum.com)

Thus spake “Tim McCaron”:

Why is a technical solution necessary here? Shouldn’t GMT just sue the
guy? It sound like this would not be a hard case to win.

Any technical solution which lets the user see the images is going to be
circumventable.


J.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

It’s the problem.

We want to work with a French Editors but he want to be sure that his work will be protected. He make a module in ZZ with this specification.

For your information read this :
zuntzu.com/forum/viewtopic.php?t=130

A game box with jpg encrypted : ystari.com/amyitis/Amyitis.ztb

Of course, it’s easy to get around the encryption by doing a screen capture or plugging in custom Java code. But I guess the point is that if somebody did hack the encryption, the game publisher could come after them and still allow the VASSAL module to stay around. Before I really gave priority to this feature, though, I’d want more evidence of publishers who draw the line at that point, i.e. how many publishers who don’t currently allow VASSAL modules of their games would allow them if they could encrypt the image data?

rk

Post generated using Mail2Forum (mail2forum.com)

I don’t think that the problem must be read in this way. The important thing It’s not the number but WHO (Ystari and some European editors) And Who can propose this feature : ZZ

At Vassalforge, Soft and me, work hard to present Vassal and theses capacities. The last week, Filosofia has make a news to say “Games’Creator send to us your creation under Vassal module”. It’s a very important news for the European creator communities ans specially in France. But some designer want more protection for their works

There is a middle way beetwenn nothing and a protection like Fort Knox. In my opinion The ZZ way it’s good.

Thus spake “gaet”:

That’s definitely crackable if it works according to the description.
The private key is in ZunTzu somewhere, so it would just be a matter
of finding it. It would only take one person doing that to break the
whole system.


J.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

On Tue, September 23, 2008 12:05 am, Joel Uckelman wrote:

Any system in which you give the same person both the locked box and the
key to open it is going to be crackable.

I don’t like to encourage ‘security theatre’, but plenty of people with
content to ‘protect’ seem to keep on buying the same old DRM snake-oil.

The question, I guess, is whether we’re in a good place to fight the
battle of education, or whether we’re just hurting ourselves in not being
able to work with those particular content owners.

Regards,
Tim.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

I’m sure the content owners understand that the images would be crackable. The question is how many of them will be satisfied by our changing the difficulty of extracting the images from “trivial” to “kinda hard”. If Joel were a content owner, I don’t think he’d be satisfied, but I suspect that many publishers would be.

rk

Post generated using Mail2Forum (mail2forum.com)

Thus spake “Rodney Kinney”:

It’s true that I wouldn’t be satisfied with easily circumventable encryption,
but for the following reasons:

(1) There are already ways of dealing with people who are illegally
selling copies of games.

The sale of pirated games is a legal problem, not a technical one. There
are laws which can be brought to bear to stop people from doing this, and the
law is a much finer tool in this case than encrypting images is. Encrypting
the images in a module affects all users, not only game priates, while legal
action can be targeted at just the pirates.

How common is the sale of pirated games? I doubt it’s very common at all,
if what the pirates are selling has the qualitiy of color photocopies and
the original games have die-cut counters. On the other hand, how common is
it that a user will find an error in a module? This happens frequently, but
encrypted images would make it difficult for users to contribute fixes.
The value of contributions from the user community is far greater than the
value of games being pirated. It’s not worth losing user contributions in
order to fight game duplication when there is already a solution to game
duplication which targets only the game dupicators.

(2) Encrypting images won’t be effective against people who want to sell
duplicate games.

Someone who is willing to sell copies of games by extracting images from a
module is already committed to putting in some hours of effort to do this.
I don’t see that encrypted images are going to be much of an obstacle for
someone like this, because he could (a) modify VASSAL to circumvent the
encryption, or (b) grab the images from screen captures. For (a), VASSAL has
to be able to decrypt the images somehow in order to display them, so all our
pirate would need to do is modify a copy of VASSAL to load the images and
then write them out to disk. Someone familiar with Java could do something
like this in an afternoon, I think, regardless of how we do the encryption,
and then it could be pacakged up so that people without any technical
expertise could use it. For (b), screen captures are simple and can be done
by anyone. The only way to prevent our pirate form getting an image this way
is by not displaying it. It might be tedious to get all of the images through
screen captures, but shouldn’t take that many hours beyond what someone who
plans to sell copies of a game is already committed to. This isn’t exactly a
casual decision…

(3) Encrypting images might leave game companies with a false sense of
security.

I also have some concerns about how encryption would be viewed by the the
game companies who want to use it. We can’t argue in good faith that it
would provide more than a few hours of protection against an attacker.
If we tell them that, and they decide there’s no point in using it, then
why implement encryption at all? On the other hand, if we tell them that
and they still want to encrypt their images, it worries me. Did they not
understand that encryption is nearly useless? Will they be surprised when
someone extracts the images anyway—despite that we told them someone
would? I don’t like the idea of putting ourselves in this situation. If
we explain fully to someone what protection encrypting images affords and
they still want to do it, then I will suspect that they didn’t understand
the explanation.

In the case of the ZunTzu encryption, I suspect that it could be broken in
an afternoon with a debugger. If I remember correctly, it’s writen in C#,
and most likely makes a call to a C# class which handles RSA keys. Find
that call, and then look at what memory it reads in order to get the
private key. Game over. I hope no game companies were told that encrypting
their images this way is actually secure.


J.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)

Now that we’re actively working on an importer for ZunTzu, how are we going to deal with encrypted image files? Are we going to leave that alone or make an attempt? Should we even try?

Thus spake “mkiefte”:

Do you know how are they encrypted? (I seem to recall reading that ZunTzu
used RSA.) If ZunTzu can decrypt them without any user input, then
everything we need to do the decryption is in ZunTzu somewhere—all we’d
need to do is fish out the key.


J.


Messages mailing list
Messages@forums.vassalengine.org
forums.vassalengine.org/mailman/ … engine.org

Post generated using Mail2Forum (mail2forum.com)