I know for many years users have asked how to create closed source games. Whether it be for profit , anti cheat, intellectual property or whatever; they deserve to optional security.
I know some ideas from love2d community regarding this topic are:
- Copyright your code. License is everything.
- Copyright doesnt mean anything to cheaters or people from other countries trying to steal your hard work.
- You can bytecode compile lua files.
- This is easy to bypass via many lua de-compilers out there.
- No better than a decompiler really.
- Write logic on server while keeping the user client bare bones.
- Sometimes we want heavy logic on client side for performance. Why should we need to do so much extra work with love2d to keep it secure if we want?
Now there is no 100% full proof remedy for reverse engineering lua code or even binary files, however you can make it damn hard; so that 99% of people trying would quit.
Lua's easy interpolation with C allows it to do just that. We can create custom loaders for lua (e.g table.insert(package.loaders, 2, load)) to handle encrypted love2d files. The key would be hidden away within love2d itself. When the love2d game is about to execute we read and parse all these encrypted lua files into memory; un-encrypting them and loading them into lua VM via the custom loader I mentioned previously.
We can create a simple "packager" that encrypts every file and stores this key; thus making the level to entry in recovering the user's hard work; non trivial.
I've been looking at the love2d code base a bit and i have some ideas where things might go but thought I would propose this idea to see what people think or if anyone wants to take a jab at it?