HTML5 App Anti-Piracy techniques?

Question

I'm writing an HTML5 based game that runs as a stand-alone application. It is distributed via the web, but there are no other server requirements—no database, etc.—everything is "in-app". This is by design since additional servers would raise the cost of distribution.

So given that it's just a static html file with a lot of JavaScript, what's to keep someone from hosting the file on their own site? Are there any techniques that can be used to help mitigate this?

My concern is not the odd user, it's the identity theft committed by the other site. Non-additional server solutions would be preferred, but any ideas would be appreciated.

Answer 1

I have found that this Javascript Obfuscator is the best protection you will get, it Makes your code completely unreadable, it supposedly shrinks it, and I have done a JSPERF and it seems to run faster as well.

www.javascriptobfuscator.com

About - Free Javascript Obfuscator is a professional tool for obfuscation of javascript. It Converts JavaScript source code into scrambled and completely unreadable form, preventing it from analysing and theft.

The output code looks like this.

var _0xe305=["\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64\x21","\x0A","\x4F\x4B"
];var a=_0xe305[0];function MsgBox(_0xc87ax3){alert(_0xc87ax3+_0xe305[1]+a);}
;MsgBox(_0xe305[2]);

Just make sure you keep a copy of the original :)

Answer 2

First of all, as you are distributing the source-code of your application, any one who has a bit of technical knowledge should be able to understand how it works.

But you can make things harder -- typically, using Obfuscation (so meaningful variables names, such as 'hero_score' are replaced by non-meanningful ones, such as 'a45')

For Javascript code, take a look at the YUI Compressor

Answer 3

I suggest adding a javascript function to test where it is behing played, and then protect your code, in the web you can find a lot of info on obfuscating/encrypting javascript.

EDIT: What I would do in this case, and knowing that stealing/re-editing javascript even obfuscated, can be done:

I would have a server-side page to hold the file, and some core variables would be written via the server-side.

The tough part is to programm this in a way that can't be done exclusively in javascript (without the server-side).

Then, maybe some items could be constructed/placed via the server-side also, this way it would be difficult for the pirate to remake everything.

Also, the script for the domain check could be done via the server-side.

Answer 4

There's not a whole lot you can do if everything is run client side. You can try obfuscating the JavaScript but that's not a very effective solution. What you need to do is tie it to the backend in appealing ways, such as

• Highscores
• Multiplayer
• Achievements
• Integration with your other games

Give them a reason to come back to you by providing a superior experience.

Finally actively seek out and protect your intellectual property. When you find a site that is ripping you off, do everything in your power to shut it down.

Answer 5

Make sure you have a clear copyright in your code. You can't win this fight on technical grounds alone.

Obfuscating and compressing your code is the best technical solution, as Pascal says.

Consider linking to the server for login or something. Something like Google AppEngine makes it really easy and cheap to run a scalable server.