Downloading game assets to SD card on Android

Question

I'm developing an Android game that has to download some assets to the SD card to keep the size of the app as small as possible. I was thinking of using an uncompressed zip file to bundle all the assets.

A requirement from the client is to protect these assets as much as possible. Being part of the apk is considered enough protection, but if I do this the apk size will be enormous. If I just put a zip bundle in the SD card, then anyone can unzip it and explore its contents.

Is there a simple way to do this without retorting to horrid DRM?

Obviously if someone really wants to check the resources of an Android game, they can. I'm just looking for a simple solution to avoid making this very easy.

Answer 1

You could encrypt the ZIP file with AES but there would an overhead in extracting the assets which might be a problem since performance is usually fairly important when writing a game.

However, as you've said yourself using a secure encryption isn't really worthwhile since if someone's really interested they can find the keys in the source code of your application. So you could write an InputStream and OutputStream yourself to perform some trivial translation on the bytes of the ZIP file. This would be quick to undo when reading the file but would "corrupt" the ZIP file enough to deter someone just browsing through their SD card.

When using it you'd put your stream in between the File and ZIPInputStream, e.g.:

File assets = new File(Environment.getExternalStorageDirectory(),"assets");
ZipInputStream zip = new ZipInputStream(new TranslateInputStream(assets));

As an example translation, you could just XOR all the bytes with a known value:

private static final byte MAGIC_NUMBER = 13;

private void translateBuffer(byte[] buffer) {
    for (int i = 0;i < buffer.length;i++) {
        buffer[i] ^= MAGIC_NUMBER;
    }
}

private class TranslateOutputStream extends FileOutputStream {
    public TranslateOutputStream(File file) throws FileNotFoundException {
        super(file);
    }

    @Override
    public void write(int oneByte) throws IOException {
        oneByte ^= MAGIC_NUMBER;
        super.write(oneByte);
    }

    //In Android write(byte[]) calls this method so we don't need to override both        
    @Override
    public void write(byte[] buffer, int offset, int count)
            throws IOException {
        translateBuffer(buffer);
        super.write(buffer, offset, count);
    }
}

private class TranslateInputStream extends FileInputStream {

    public TranslateInputStream(File file) throws FileNotFoundException {
        super(file);
    }

    @Override
    public int read() throws IOException {
        return super.read() ^ MAGIC_NUMBER;
    }

    //In Android read(byte[]) calls this method so we don't need to override both        
    @Override
    public int read(byte[] buffer, int offset, int count)
            throws IOException {
        int bytesRead = super.read(buffer, offset, count);
        translateBuffer(buffer);
        return bytesRead;
    }
}

Alternatively, you could not use ZIP as you don't care about compression. Just concatenate all the assets together in one large blob. As you create the blob write the start and end location of each asset out to an index file. The index file would then be included in your .apk file allowing to get the data you needed from the big file in your application. As the big blob wouldn't be in a standard format people wouldn't be able to easily extract files from it. To be extra sure you could always pad the beginning of the file with some other data - perhaps just some plain text - to make the blob look like something else.