Re: Love2D: a simple, featureful game engine for most platforms
Um... so looking at the way you distribute game executables with Love... are we sure that antivirus programs don't identify this is malicious? Apparently you supposedly create an executable by just appending a .love file (which is just a zip archive) onto the end of love.exe. That's all wonderful and all, but I see two major problems right off the bat:
1. as zip is well-known, its not hard for someone to retrieve the header of a zip file. Knowing that, this makes it possible for someone to, say, extract the .love file from the executable file and then extract the .love file and get the code for the game. This is bad for commercial uses or for storing sensitive information (encryption keys, much?).
2. Is this safe to transport? Do AV programs identify it as malicious? If so, then its pretty much BGT all over again.
Update: Just scanned it with virus total. No engines found it malicious. (Source of analysis: https://www.virustotal.com/#/file-analy … MDg4OQ==). So that's good. But what about the zip extraction? (I'll use Aeternum Blammo for the below demonstration.) The zip file format has four magic numbers: none, PK\x03\x04, PK\x05\x06 (empty), and PK\x07\x08 (spanned). Using PK\x03\x04, I found the possible location of the .love file at offset 0x5e400. Knowing that offset, all I need do is...
Yep, it worked. So, here's exactly what I did (using Aeternum Blammo v1.0 from the Love wiki):
d:\>file Aeternum-Blammo_v1.0.exe
Aeternum-Blammo_v1.0.exe; PE32+ executable for MS Windows (GUI) Mono/.Net assembly
d:\>python
Python 3.7.3 (v3.7.3:ef4ec6ed12, Mar 25 2019, 22:22:05) [MSC v.1916 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> file=open("Aeternum-Blammo_v1.0.exe", "rb")
>>> data=""
>>> data.find(b"PK\x03\x04")
386048
>>> out=open("out.love", "wb")
>>> out.write(data[0x5e400::])
5780386
>>> out.close()
>>> exit()
d:\>file out.love
out.love; Zip archive data, at least v2.0 to extract
d:\>And there you go; I have the original source code of the game, all its assets and so on. if there's a way to compile the love lua code into native code, I don't know of it -- please let me know!
Some notes about this:
* The file offset is [not] constant. That is, each "executable"-ized game will have a different offset.
* The security for this is sad. Its sadder that you can't compile this to native code. I don't really understand why they couldn't have just used luajit and embedded luac... Maybe that's what lovec is for?
I get the spirit behind LOVE -- to make open-source better (or at least that what it seems to be). But there are much better ways of making an executable for a game than just appending data onto the end of an executable and then saying "hey, its an executable!" because, at the end of the day, its really not. As a poster on this reddit thread says, "LÖVE makes it extremely easy to get started on a project and make rapid progress, which is what makes it so good for game jams and prototyping. But there's a tradeoff: the time you save at the start will come back with a vengeance later." Keep using it if you like, I won't stop you. Hell, I couldn't even if I wanted to. Just pointing out things I think are important (or relevant...)
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
