Advertisement

would this anti-crack ideea work ?

Started by April 20, 2001 06:57 PM
13 comments, last by Diodor 23 years, 6 months ago
I''m thinking that for a future game I go shareware with unlock codes, cause this will make registering as easy as possible. I want to cript some of the game so no cracker will be able to find out the unlock code from the executable, or bypass it. But, whats the point if there is only one code and anybody can search the net for codez ... It''d be easier than registering too Is there any download site that can rebuild the archive according to my alghoritms ? (Just cripting the levels/dlls with locked game code and zipping up the game) If not, I thought I distribute different game archives (cripted with different codes). Each game "distribution" will have to query the registering site (kagi or something) for the correct unlock code. Can they do this ?
First of all I would like to say that there is no way you can make it so a cracker can not find the unlock code....

Now thats out of the way....

What if you have several different levels of registration codes / processess....combine several ideas and algorithms, thus making it harder to crack, not impossible but harder.

Matt
Advertisement
Is this what you mean?

Person goes to the how to register screen

he sees a number, randomly generated from one seed every time on his computer

When registering he mails you the code

You plug the code into an equation something like this:

37 ^ X + 17 / 36 * 118 + X
(Just example)

And you mail it back to the buyer.

This works well, especially if you bury the code in a mislabeled registry entry (favorite trick of mine) under something just about everyone has installed (MS Word, for example, but you might want to just have it an entry under Windows) to be sneak-like. Hope it helps...

Oh, and Gonzo's right. It's impossible to have an uncrackable code. However, I once made one that used so many encrypt layers it took my 700MHz computer about a day, doing nothing else, to decrypt it using the "most efficient means possible" according to it.

Edited by - Edward Ropple on April 20, 2001 8:33:52 PM
http://edropple.com
Here''s a problem with your scheme:
If anywhere in your program, you have a line that is something like
if valid_code then decrypt_game
(which you would have to have SOMEWHERE to make your system work)
All a hacker has to do is change a bit or two with a hex editor and suddenly this line becomes
if NOT valid_code then decrypt_game

So, essentially, it''s really not worth the effort. There was an article either here on GameDev or on Gamasutra that talked about possible ways to do copy protection but it''s probably not really worth the effort making a complicated system for copy-protection. If your game is amazingly popular, then it will be cracked no matter what you do, and if your game is ''average'' no one will care enough to bother to crack it. Going through some big convoluted process probably isn''t worth all the time it will take in implementing and debugging it. Just live with the fact that some people aren''t honest and won''t register no matter what you do. It''s just the way things are, unfortunately.
Here''s a different idea... Have the "commercial" game data stored in an encrypted file that requires a key to decrypt. When users register, have it send you the last two series of a GUID slightly encoded. Take this, and use it to make (on your PC) some small, also encrypted file that contains this key, and is encrypted with the partial-GUID as its key.

It''s not foolproof, but a potential cracker would have to first have access to such a key file, decompile your code, and finally stare at it long enough to figure out how the algorithm works so that they could produce their own "key" files from any GUID. All of this should be much harder to do than changing a single properly-placed opcode.

Note: how does the GUID trick work? One of the ways a GUID is made unique is that the last two sets of digits come from your network adapter (or something like that), so that every GUID generated on a given computer will have the same final sets.

--Tr][aD--
--Tr][aD--
You could have them mail you a code that is generated based on thier OS registration, like the name of the individual. Then you send them a code that will work, but only if the registered name in the OS is the same. This means that a reg key will almost certainly not function for any other computer. However if they re-install thier OS, using a different name, then it won''t work on thier computer either, so you''d need to have a db of registered users, and the codes you sent them.

Speaking of general encryption... for a programming assignment that I did a while back we had to include some measure of security. You only needed to have a login with password read from a binary file, but I had some extra time left, so I went to town. Basically I had a password file that used four differnt encryption styles, and could change which style it was using randomly in mid-word. Once that had been decoded all you had was references that told the program where to look in the documentation files for the correct letter, word, or series of letters, and it then simply read the info, and compared it what was typed in. It took a couple of secs. I am not sure how secure it would be, but it was just for fun anyway.


--------------------------------------
Why run? You''''ll only die tired.
--------------------------------------
--------------------------------------Why run? You''ll only die tired.--------------------------------------
Advertisement
An idea someone mentioned to me was to have the registration code checked in multiple places, but done randomly. So 9 times out of 10 a particular reg check isnt done, but every now and then it is, and if there are maybe 20 such checks scattered through the game, then a cracker would have to run through the game maybe 200 odd times to be sure he had zeroed out all of them. Otherwise the ''cracked'' version turns out to only work maybe 70% of the time, which would be enough to persuade most people to register if the game is good.
I don''t agree that every system is crackable. Agreed it is currently very very difficult, but the potential rewards of developing a system are so high that i have little doubt that one day it will happen.

http://www.positech.co.uk
"have the registration code checked in multiple places, but done randomly. So 9 times out of 10 a particular reg check isnt done."

Been done. Held the hackers up for a total of 3 days. Infact it was actually a better idea. which was to have totally seperate CRC checks performed on the code to prevent any messing so that each must be found seperately. The idea you mention of checking the reg code is easier to hack because you only have to search the code for anything that refers to the location that holds the reg code (in other words you just trace back from the reg code).

In addition to the above the game also had on disk protection to stop casual copiers and an additional trick. The coder put corrupted code, which had to be overwritten for the game to work. This was only done after the disk protection had executed so anyone halting the code before the disk protection was activated (in order to get around the disk protection) would end up with useless corrupted code.

In all the coder took two weeks to do all the protection and the game was hacked 3 days after launch.


Dan Marchant
Obscure Productions
Dan Marchant - Business Development Consultant
www.obscure.co.uk
Ok, if u want to try to avoid cracks, avoid most of the API calls like GetWindowText and GetDlgText or something, crackers will run for those calls as mice to cheese.

k, this idea is kind of nice:

Player runs game for the first time, the number of Ticks between system started is saved, then this n is sent to the company, they generate a key that uses the number. The user must use that key.

Now crackign isnt about finding the key, but bypassing it !!
You must avoid at all costs those api calls i mention, getc or something is best, or even create an exe with that code, send to user, and the exe will be the one that unlocks the game...

There are various ways to DELAY cracks, but I havent seen one that could AVOID it !!
It's good to be an outcast, you don't need to explain what you do, you just do it and say you don't belong there.
Your best bet is to create a key from the user''s name, then display the name on the startup screen or on some menu of the game once it''s unlocked. This way you can find out the name of the person who ripped you off and add their name to a blacklist in the next release. Just another reason to release often.


ApeZone
http://www.apezone.com/
Starships Unlimited: Try the free game demo
ApeZonehttp://www.apezone.com/Starships Unlimited: Try the free game demo

This topic is closed to new replies.

Advertisement