Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Any way to replace standard encrypting option? (Sugarcane)

I want to prevent user from viewing and changing my code. The standard rot13 encoding in StorySettings doesn't work for me because my alphabet is not Latin - this is the error message I geteaqYesQ.jpgAnd besides, I need to encrypt digits and other symbols as well as letters. Any way to add my own encrypting function to the engine? Will just replacing the content of rot13() in engine.js (and keeping the algorithm symmetrical) be enough?

Comments

  • edited April 2016
    Any encryption method you decided to use would need to be implemented in both the application's Python source (the Tiddler toHtml function which is where the passage content is encoded/encrypted), and in the Javascript engine of the Story Format which is where the passage content is decoded/decrypted.

    Because the encryption method you decide to use needs to be bi-directional there is actually no way to stop an user from being able to access/copy your story's source code.
    On the other hand there are a number of ways something can go wrong with the decoding/decrypting which can cause the story to be unreadable by the user, which is why encoding/encrypting is generally not recommended.

    Because TWS files can become corrupted you may want to also implement the decode/decrypt process within the application's Import from Compiled HTML file process (the TiddlyWiki addHtml function so that you can recover your story source code.
  • So to alter the encrypting I must know Python, have it installed and write and create a new version of rot_13.pyo in library.zip? Too bad if true :(
    There is one more idea: to calculate the checksum of the story and to prevent the story from running if mismatch. Can this be done easily?
  • can it be done: yes

    can the user overcome the check: yes

    The story is a HTML file which can be edited in a Text Editor, so it would be trivial for a user to replace your checksum with their own or to totally remove the check.
    Short of converting the HTML file into some type of binary executable there is no meaningful way to protect the code of a web-application because the web-browser needs to be able to parse/process that code.
  • Any code can be hacked, be it HTML or Assembler. But finding the right place in 550K html file, especially in the middle of unformatted javascript, is not an easy task. And the check may be not at the beginning but near the end of the story.
    So, any ideas how to calculate the checksum from within the story?
  • Using a CRC32 method (like this or this) on the content returned by the outerHTML method of the HTML element may work.

    But then there is the circler issue of then needing to modify the HTML file to insert the CRC32 number generated based on the unmodified HTML file which would then invalidate the CRC32 number.

    You could calculate the CRC32 based on some portion of the HTML file, but it would need to be an area that does not change when you modify the HTML to insert the CRC32 number.
Sign In or Register to comment.