Encrypted sdkbox_config.json

Encrypted sdkbox_config.json
0

#1

Hi, Is there a way to hide information inside sdkbox_config.json ? i.e. is it possible to somehow encrypt sdkbox_config.json and let sdkbox to read encrypted config …


#2

I know this was on the roadmap in the early days of sdkbox development but I don’t know if it was implemented. @yinjimmy can help us out.


#3

i.e. currently just nobody care to hide account ids(like ad ids, google iap key )…


#4

@AlexGreen before it was supported, but dont know for what reason they removed encrypted config feature.
Sdkbox is getting worse.


#5

Actually i managed to encrypt some json data, and want to share the solution:
first of all, i’m work on mac, so if you work on win/lin, you should write some util,
similar to the one I provide. The idea of encryption is simple: just xor every byte, and IF encrypted data length == encryption key length, then nobody is managed to decrypt it without key. The simplest source of infinity key bytes is… pseudo random generator! The only downside in standard generator is the initial rnd seed, which is just one plain long int. So, i found a wonderful c++ template PRNG by Matthew Leadbetter (Licensed under the Apache License, http://www.mleadbetter.com/how-to-use-a-pseudorandom-number-generator-a-practical-guide/), whose rnd seed initiated by array of 16 64bit int’s.
Then i wrote some useful osx gui util, binXor, one of purposes to encrypt any drag’n’drop files and generate output as c++ header source files: https://drive.google.com/open?id=1kKsWgKTfd2hReeK-O7bk3vB24_H7j-jD
How to use it:
just run binXor, make sure checkbox “Encrypt data” is checked in settings->general, then drag’n’drop some files (f.e. template sdkbox_config.json i included).
then in your game:

#include "sdkbox_config.h"
#include "PRNG.h"
...
PRNG prng(sdkbox_config_seed_array);
char outBuff[sdkbox_config_len];
for(int i=0; i < sdkbox_config_len; ++i) {
    outBuff[i] = sdkbox_config_array[i] ^ prng.getRandomUnsignedChar();
}
std::string jsonStr(outBuff, sdkbox_config_len);
...
//first init some other sdkbox plugins, which require physical presence of sdkbox_config.json
//(but without IAP section in it!)
//f.e. sdkbox::PluginSdkboxPlay::init();
//and then:
sdkbox::IAP::init(jsonStr.c_str());

I’m already using this technique to cypher important data in my games. Actually, you can cypher any kind of binary data: sprites, sounds, levels, etc. I hope it will help.


#6

is this still working with latest sdkbox version?
I thought it removed, o/w we can use our own logic (Thats no big deal)


#7

Yes, it working right now in my app.


#8

Thank you for the solution! This is really good. To use it in it`s full strength it would be good if sdkbox allows to initialize other services with const char* … like

sdkbox::PluginAdMob::init()
sdkbox::PluginSdkboxPlay::init()


#9

Hi all,

we provide a new api for set sdkbox_config.json from v2.4.1.1 :

#include <sdkbox/Sdkbox.h>
sdkbox::setConfig(const std::string jsonConfig);

the jsonConfig MUST is the content of sdkbox_config.json:

{
  "ios": {
     "AdColony": {
         "appid": "123"
     }
  },
  "android": {
     "AdMob": {}
  }
}

so, developers can

  1. encrypt / decrypt data by yourself
  2. remote config without sdkbox.com

then call sdkbox::setConfig(const std::string jsonConfig) to update the config.

or use sdkbox encrypt solution without remote config:

  1. set xxtea key
#include <sdkbox/Sdkbox.h>
sdkbox::init("", "your_key");
  1. encrypt sdkbox_config.json, the sdkbox command version must >= v1.0.2.2, it has been released on staging server, plz update by sdkbox list --staging.

crypt file

$ sdkbox encrypt -i sdkbox_config.json -o sdkbox_config.json --key your_key

decrypt file

$ sdkbox decrypt -i sdkbox_config.json -o sdkbox_config.json --key your_key

one more thing, make sure call sdkbox::init() or sdkbox::setConfig() before any plugin::init();

Thanks for using SDKBox and any suggestion is welcome.

  • Jimmy

UPDATE:
https://github.com/fffaraz/awesome-cpp#cryptography there are some encrypt libs for you.


#10

Thank you! it is exactly what neccessary. Cool!

When call to “sdkbox::init(”", “your_key”);" should be done ? Before/after/not important of SDKBox.init(this); which is in com.sdkbox.plugin.SDKBoxActivity.OnCreate() ?


#11

it’s a c++ api, not java.


#12

Sure. Is it possible to use this api in android libcocos2dx c++ application?

Someone can use admob sdkbox c++ api in his cocos2dx android application… Is it possible to use this encryption feature in Android cocos2d application similarly? Note that Android libcocos2dx app already initialize sdkbox in sdkbox activity… So would it be OK to call c++ api for initialization later?


#13

It’s ok.

case 1:

sdkbox::init("", "your_key"); // the first argument must set ""
sdkbox::IAP::init();
sdkbox::PluginAdMob::init();

case 2:

sdkbox::setConfig("content of sdkbox_sdkbox.josn");
sdkbox::IAP::init();
sdkbox::PluginAdMob::init();

#14

Add document http://docs.sdkbox.com/en/qa/crypt-sdkbox-config/ .
Hope you like it.


#15

Thanks! tried case 2 - it is working OK.