How to protect my web app (scripts, models)?


#1

For scripts, i know there is something like JScompress to make the scripts smaller and unreadable. but how do i do it with Playcanvas? I use Chrome inspect panel to read the downloads, and the scripts are quite readable. Do i have to download the build and compress it myself?

For models, i use Chrome to read the downloads and find out the 3d models are readable JSON, which mean it’s very easy to convert it to any 3d format. Is there any way to make it more secure? How does sketchfab do it?

Also, is it possible to protect the textures instead of sending it as native image files?


#2

Yep. The paid plans allow exporting the build and you can do post build step to compress/obfuscate the JS code.

You are pretty much sending everything over internet to the clients’ machine so it will be readable by the client in some form.

You have to think about protection as Internet content vs a typical game. So the usual copyright, trademark etc. Trying to protect the content is a losing battle to be honest.


#3

It’s possible to extract the artwork from just about any native game.

Sketchfab uses OSGJS as its rendering engine. Presumably, the models are in the file format of the engine. It’s not encrypted and I doubt there’s any obfuscation. The nature of the web today is that there is no DRM that can be applied to any web content. There’s always a mechanism to access the downloaded data somehow.

If you don’t want to send JPGs/PNGs to the client, just use the Editor’s ability to compress images to GPU supported formats. You should probably be doing that anyway to use less video memory for your textures.

Lastly, the Editor does minify and obfuscate your game scripts. Just ensure when you publish, you check this box:


#4

i have tried “concatenate Scripts”, but my scripts in __game-scripts.js are still very readable. i can just beautify it and copy it toanother project.


#5

That’s the best level of JavaScript obfuscation that can be achieved AFAIK. Unless you are aware of better alternatives?


#6

I’ve been using https://obfuscator.io/ for a web page which really mangles the code and trips breakpoints if someone tries to look in devtools. Haven’t tried it with PlayCanvas code yet though so I have no idea if it works or impacts performance.

Code looks like this afterwards:

function(){var _0x25f653={'cOINL':function(_0x390461,_0x43b144){return _0x390461===_0x43b144;},'GykCg':_0xf5244c[_0x58b8('0x17')]};var _0x39bdfd=!![];return function(_0x2f4a36,_0x5a7f2d){var _0xe6e76a=_0x39bdfd?function(){if(_0x5a7f2d){if(_0x25f653[_0x58b8('0x18')](_0x25f653[_0x58b8('0x19')],_0x25f653[_0x58b8('0x19')])){var _0x32b3c2=_0x5a7f2d[_0x58b8('0x1a')](_0x2f4a36,arguments);_0x5a7f2d=null;return _0x32b3c2;}else{if(_0x480577){console[_0x58b8('0x1b')](e);}}}}:function(){};_0x39bdfd=![];return _0xe6e76a;};}();(function(){if(_0xf5244c['PMIts']===_0xf5244c[_0x58b8('0x1c')]){d=ds[i];d[_0x58b8('0x1d')]['display']=displayValue;}else{_0xf5244c[_0x58b8('0x1e')](_0xf6199d,this,function(){var _0x4eb353=new RegExp(_0xf5244c[_0x58b8('0x1f')]);var _0x405e8b=new RegExp(_0xf5244c['PUUNL'],'i');var _0x2372d2=_0xf5244c[_0x58b8('0x20')](_0x1605ac,_0x58b8('0x21'));if(!_0x4eb353[_0x58b8('0x22')](_0xf5244c[_0x58b8('0x23')](_0x2372d2,_0xf5244c['hySTV']))||!_0x405e8b['test'](_0xf5244c[_0x58b8('0x23')](_0x2372d2,_0xf5244c[_0x58b8('0x24')]))){if(_0xf5244c[_0x58b8('0x25')]===_0xf5244c[_0x58b8('0x26')]){return-0x1;}else{_0xf5244c[_0x58b8('0x20')](_0x2372d2,'0');}}else{_0x1605ac();}})();}}());var _0x111c2a=function(){var _0x31490e={'WxboR':function(_0x9922d2,_0x4f545b){return _0xf5244c[_0x58b8('0x27')](_0x9922d2,_0x4f545b);},'yCWKZ':_0xf5244c[_0x58b8('0x28')],

#7

Okay. Here is my conclusion after some more experiment.

The latest web browsers (chrome/firefox) seems avoiding NinjaRipper ripping the models. i can only get some useless fragments. But with an older firefox, i can rip the models through Ninja Ripper.It works perfectly with PlayCanvas, but for sketchfab, it can only get a messed up model. So I guess they have added some obfuscation,their model probably only works with correct shader.


#8

I just tried obfuscator.io on my own project and it works quite well. It’s a simple project at the moment so I haven’t noticed any performance impact. It’s possible that might change as the project grows, but so far so good.

Thanks for the suggestion!