ELI5: What is source code? Why is it so harmful if known or leaked in the case of video games and websites? (e.g GTA6 & 4chan)
ELI5: What is source code? Why is it so harmful if known or leaked in the case of video games and websites? (e.g GTA6 & 4chan)
Comments
It’s the set of instructions that tells the computer what to do to make the game, website, or other program do what it’s supposed to do.
It’s not inherently harmful if it’s leaked, there are lots of “open source” programs and games that intentionally publish their source code for anyone to look at, copy, or use in various ways.
It’s harmful to a for-profit publisher if the code to “closed source” games or programs are leaked because once you have the source code, you have everything you need to make the game or program, so there’s no need to buy it. It’s essentially the same thing as having a pirated copy out there, just with a few extra steps.
When you’re designing a piece of software or a video game, what you’re doing is writing a bunch of very specific instructions that the computer can follow. When the computer follows all those instructions, that’s how it runs a game or a program. Those instructions are called the source code.
For a website, the risk is that people can find a mistake you made in the program that they can exploit to steal information or do some other hacking. For a video game, the risk is more that the game might leak early or that someone may be able to break the DRM or something.
Source code is the human readable and editable software. In the case of this like games, the main concern with leaks is over piracy, since you can easily remove the copy protection and create a working copy of the game that needs no licence to run
For websites, it allows you to more easily look for bugs/vulnerabilities that you can use to attack the live website to steal data or insert malware
Basically its the instructions of how it works. With that knowledge you can easily temper with it (hacks and stuff)
If a computer program is like a cake, then you can think of the source code as the recipe for that cake.
If you have a cake in front of you, you can examine it to make some approximate guesses about its recipe, but you won’t be able to reproduce it exactly. It’s the same thing for source code, just looking at the compiled program isn’t enough to figure out what exactly the source code looked like, although depending on the program you may be able to get something close.
Now, why is it dangerous if the source code gets leaked? Well it shouldn’t really be too much of an issue in most cases; many programs are even “open source” which means that their source code is intentionally made publicly available. But it’s true that seeing the source code can make it easier for hackers to find bugs that they can exploit in your program, because they’re able to see in more detail how it works.
Source code is basically the instruction kit that builds games, websites, apps, etc. You’d know exactly how something is built and if you wanted to break it, take advantage of people using it, or recreate and sell it yourself you could.
Imagine you knew that there was a bookshelf in a library that was made in a way that isn’t structurally sound (like a beam was made out of weak wood) if you wanted to you could take it down or hold the library ransom by threatening to do so.
Source code is computer instructions written by humans. It is then compiled to run on the destination computer / phone / server / game console / etc.
There are usually unexpected vulnerabilities or programming mistakes contained in source code. Trying to find these vulnerabilities in compiled programs is tricky because you try a bunch of different stuff and hope for an unexpected outcome that can be exploited. With access to the source code, it can be easier to see programming errors (like hard coded passwords) or potentially vulnerable techniques (like insecure shared memory.)
For example, if you think of a website as the compiled code: it takes a lot of trial and error to figure out what the directory structure is and what pages are stored in which directories when you can only access it through a web browser and the developer tries to restrict you to the intended pages. But if you are able to access all of the code that makes up the website, you would be able to see where passwords are stored, where permissions are set incorrectly, what database calls are used, etc.
Doesn’t necessarily mean you will find vulnerabilities, but it is a lot easier to do from source code.