Home › Forums › General Questions › Encrypted Media Extensions – Protect GLTF 3D Models from Download?
Tagged: geometry, gltf, model, protection, secure
- This topic has 6 replies, 2 voices, and was last updated 8 months, 2 weeks ago by kdv.
-
AuthorPosts
-
2024-02-16 at 2:22 pm #70714jefferywrightParticipant
Anyone can crack open the javascript file and locate our models used in the scene to freely download our assets. In browser DevTools our model files are visible.
Is there a way to protect our properties from being looted from our Verge3D websites?
Thanks.
Attachments:
You must be logged in to view attached files.Interactive Multimedia and Visual Design
https://jefferywright.com/2024-02-16 at 2:51 pm #70717kdvParticipantNo.
Puzzles and JS coding. Fast and expensive.
If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.
2024-02-16 at 9:00 pm #70730jefferywrightParticipantOdd, Kaon manages to do it. They have a manifest of their models in a js file, where they rename the model extensions to .xmm, the js code seems to create an obfuscated variable name for each model, all beginning with “aghr” that contains attributes of the model, for example:
"aghrYW9uLXNwdHIWCxIJUGFydE1vZGVsGICAgI743IQKDA": { "displayName": "Generic Lab Worker Tall", "cz": -7.152557373046875e-07, "thetaOffset": 0, "psiOffset": 0, "pivY": 0, "pivX": 0, "wy": -0.001413719728589058, "wz": -7.152557373046875e-07, "cy": 0.9712782895192504, "wx": 0, "height": 1.945384018495679, "depth": 0.5969557285308837, "width": 0.6217545509338379, "top": 1.945384018495679, "cx": 0, "matIDs": [ "join2-mat_8cb60dc9" ], "objID": "Kaon_Generic_Labworker_WhiteGown_Tall", "pivZ": 0, "phiOffset": 0, "img": "2d/Kaon_Generic_Labworker_WhiteGown_Tall_top.png", "paletteImg": "2d/Kaon_Generic_Labworker_WhiteGown_Tall_front.png", "filename": "uploads/1668704350/Kaon_Generic_Labworker_WhiteGown_Tall.XMM" },
Is anyone familiar with the framework they use to secure their geometry from being accessed? Where could anyone go to learn how to implement that for our own web pages?
Accessing uploads/1668704350/Kaon_Generic_Labworker_WhiteGown_Tall.XMM directly results in a Error 404. Not found… possibly blocked by a web.config file, somehow? The XMM files do not appear listed in the DevTools.
Thanks.
Interactive Multimedia and Visual Design
https://jefferywright.com/2024-02-16 at 9:20 pm #70733kdvParticipantCould you provide a link to that protected app?
Puzzles and JS coding. Fast and expensive.
If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.
2024-02-19 at 1:32 pm #70799jefferywrightParticipantWell, they’re all protected somehow, I would like to know how they did it and do the same for my Verge3D web sites to protect my models from download.
This one is especially puzzling https://apps.kaonadn.net/4559009/product.html#waters;4
No model reference at all, but there it is. That’s how I would like my geometry protected from pilfering.
Someone must know how that’s done, I can’t find anything on the web about how to do it.
Thanks.
Interactive Multimedia and Visual Design
https://jefferywright.com/2024-02-19 at 1:47 pm #70800jefferywrightParticipantFrom what I can tell, it looks like the geometry protection is contained here https://apps.kaonadn.net/4559009/core/product.js
Does it look like they are storing the reference to the geometry as a variable and loading it by constructing a path by assembling a string?
Has anyone heard of Lepton? Maybe it’s a custom coded protection system, or is it a framework anyone can access, use or reproduce? I can find nothing on the web about it.
Interactive Multimedia and Visual Design
https://jefferywright.com/2024-02-19 at 4:03 pm #70802kdvParticipantall files are listed in https://apps.kaonadn.net/4559009/manifest.webgl.txt and can be easily downloaded (including .bin files containing geometries). the trick is to encrypt .glTF (which is a simple .json file) and then decrypt it using some rules known only to you making it hard to import your models. but in any case, all files used in the scene are dowloaded by web browsers.
Puzzles and JS coding. Fast and expensive.
If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.
-
AuthorPosts
- You must be logged in to reply to this topic.