I think there is a lot of missing the point going on here.

There is no point in storing your data as anything but a resource. Once you have the executable + whatever else, you have everything. In terms of access, packing the data in the resource == packing the data anywhere else. No sense in making your job harder to have little-to-no-effect on some loser who has all the time in the world to screw with your game.

The trick is to make the data non-trivially decodable. Twofish the thing.

But, as already noted ad-nauseum, a determined cracker will extract your resources without too much fuss.

Perhaps we should instead focus on what professional games developers do to protect their games? And the amount of resources needed to do so? At the very minimum you will need a server validating use. Right? You can steal pieces of a picture, but you cannot make the game work without some extra effort.

In terms of preventing resource theft, there isn’t much you can do to stop it. The real point is: what is the worth of the assets?

Even professional game companies, those that make millions for their games, know that there is a limit to preventing resource theft, and instead spend time having expensive lawyers send people nasty letters when they find their assets being used in a way they don’t like — typically something that has unapproved monetary value.

What is your time and effort worth?