We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Ok, I Agree

Encrypted Media Extensions – Protect GLTF 3D Models from Download?

Home Forums General Questions Encrypted Media Extensions – Protect GLTF 3D Models from Download?

Tagged: , , , ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • 2024-02-16 at 2:22 pm #70714
    jefferywright
    Participant

    Anyone can crack open the javascript file and locate our models used in the scene to freely download our assets. In browser DevTools our model files are visible.

    Is there a way to protect our properties from being looted from our Verge3D websites?

    Thanks.

    Attachments:
    You must be logged in to view attached files.

    Interactive Multimedia and Visual Design
    https://jefferywright.com/

    2024-02-16 at 2:51 pm #70717
    kdv
    Participant

    No.

    Puzzles and JS coding. Fast and expensive.

    If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.

    2024-02-16 at 9:00 pm #70730
    jefferywright
    Participant

    Odd, Kaon manages to do it. They have a manifest of their models in a js file, where they rename the model extensions to .xmm, the js code seems to create an obfuscated variable name for each model, all beginning with “aghr” that contains attributes of the model, for example: 

    
   "aghrYW9uLXNwdHIWCxIJUGFydE1vZGVsGICAgI743IQKDA": {
        "displayName": "Generic Lab Worker Tall",
        "cz": -7.152557373046875e-07,
        "thetaOffset": 0,
        "psiOffset": 0,
        "pivY": 0,
        "pivX": 0,
        "wy": -0.001413719728589058,
        "wz": -7.152557373046875e-07,
        "cy": 0.9712782895192504,
        "wx": 0,
        "height": 1.945384018495679,
        "depth": 0.5969557285308837,
        "width": 0.6217545509338379,
        "top": 1.945384018495679,
        "cx": 0,
        "matIDs": [
            "join2-mat_8cb60dc9"
        ],
        "objID": "Kaon_Generic_Labworker_WhiteGown_Tall",
        "pivZ": 0,
        "phiOffset": 0,
        "img": "2d/Kaon_Generic_Labworker_WhiteGown_Tall_top.png",
        "paletteImg": "2d/Kaon_Generic_Labworker_WhiteGown_Tall_front.png",
        "filename": "uploads/1668704350/Kaon_Generic_Labworker_WhiteGown_Tall.XMM"
    },

    Is anyone familiar with the framework they use to secure their geometry from being accessed? Where could anyone go to learn how to implement that for our own web pages?

    Accessing uploads/1668704350/Kaon_Generic_Labworker_WhiteGown_Tall.XMM directly results in a Error 404. Not found… possibly blocked by a web.config file, somehow? The XMM files do not appear listed in the DevTools.

    Thanks.

    Interactive Multimedia and Visual Design
    https://jefferywright.com/

    2024-02-16 at 9:20 pm #70733
    kdv
    Participant

    Could you provide a link to that protected app?

    Puzzles and JS coding. Fast and expensive.

    If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.

    2024-02-19 at 1:32 pm #70799
    jefferywright
    Participant

    Well, they’re all protected somehow, I would like to know how they did it and do the same for my Verge3D web sites to protect my models from download.

    This one is especially puzzling https://apps.kaonadn.net/4559009/product.html#waters;4

    No model reference at all, but there it is. That’s how I would like my geometry protected from pilfering.

    Someone must know how that’s done, I can’t find anything on the web about how to do it.

    Thanks.

    Interactive Multimedia and Visual Design
    https://jefferywright.com/

    2024-02-19 at 1:47 pm #70800
    jefferywright
    Participant

    From what I can tell, it looks like the geometry protection is contained here https://apps.kaonadn.net/4559009/core/product.js

    Does it look like they are storing the reference to the geometry as a variable and loading it by constructing a path by assembling a string?

    Has anyone heard of Lepton? Maybe it’s a custom coded protection system, or is it a framework anyone can access, use or reproduce? I can find nothing on the web about it.

    Interactive Multimedia and Visual Design
    https://jefferywright.com/

    2024-02-19 at 4:03 pm #70802
    kdv
    Participant

    all files are listed in https://apps.kaonadn.net/4559009/manifest.webgl.txt and can be easily downloaded (including .bin files containing geometries). the trick is to encrypt .glTF (which is a simple .json file) and then decrypt it using some rules known only to you making it hard to import your models. but in any case, all files used in the scene are dowloaded by web browsers.

    Puzzles and JS coding. Fast and expensive.

    If you don’t see the meaning in something it primarily means that you just don’t see it but not the absence of the meaning at all.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.