How does hacking work - SO I CAN STOP IT!
Author
I do not want to hack anything, however I''m confused how people say most games get copy-protection hacked in like two days. A 1Mb .exe file is big to search through when it''s all in macjine code - how do they find the right bits?
Am I right guessing most copy protection is some clever function IsPirated(), and at some point you say if(IsPirated())Exit(0);?
If you had no test for piracy but stored some value according to some test or another such that if pirated your ships travel 10000X faster than normal, would that be harder to hack - ie it''s not an extra bit of code but woven into the game (incidentally breaking all OOP rules but thus being very hard to understand)?
Thanks for anything you may know.
Read about my game, project #1
NEW (18th December)2 new screenshots, one from the engine and one from the level editor
John 3:16
Since all programs are ultimately machine code, and there are machine code editors out there, and all copy protection is enforced through the use of a conditional jump that could be replaced with a command that ignores the jump, I would say hack-proofing isn't possible.
But it CAN be made difficult.
The program could do an additional CRC check on itself and refuse to run if the check fails. That would be a second condition that the hacker would have to track down. But, it's still possible to defeat.
[edited by - Waverider on January 5, 2003 10:21:29 AM]
But it CAN be made difficult.
The program could do an additional CRC check on itself and refuse to run if the check fails. That would be a second condition that the hacker would have to track down. But, it's still possible to defeat.
[edited by - Waverider on January 5, 2003 10:21:29 AM]
I don''t think it''s possible to write a crack-proof program. One thing that worked pretty much so far, is the cd-key + multiplayer (a''la blizzard). No original CD, no internet multiplay.
However, yes, you are right in your theory on how cracking are done. Basicly, one trace through the machinecode until the copy-protection throws you out, and then you backtrace until you find the right jump to disable.
About that other scheme, setting the speed 10000x faster if it''s pirated...it wouldn''t work since you should have to use a function that tells you if it''s pirated or not, and that function would probably not be to hard to track down and disable.
-Luctus
Codito, Ergo Sum (Courtesy of ThinkGeek)
[Mail][DreggSoft][Fileformat Guide][n00bs]
However, yes, you are right in your theory on how cracking are done. Basicly, one trace through the machinecode until the copy-protection throws you out, and then you backtrace until you find the right jump to disable.
About that other scheme, setting the speed 10000x faster if it''s pirated...it wouldn''t work since you should have to use a function that tells you if it''s pirated or not, and that function would probably not be to hard to track down and disable.
-Luctus
Codito, Ergo Sum (Courtesy of ThinkGeek)
[Mail][DreggSoft][Fileformat Guide][n00bs]
I once wrote a pretty nifty copy protection scheme (just for fun, if you use something like that in production level code, you can be sure you''ll get sued...). It would register a ring 0 device driver, take direct access to the kernel, write user and product IDs into unused parts of the CMOS RAM. It used tons of self modifying code, direct jumps by wrting into the instruction pointer, self generated code, etc. If it detected a pirated game copy, it made some ''fun'' modifications to some parts of the Windows kernel... 
The only problem: The virusscanner totally freaked out, and thought that my copy protection scheme was a virus... Well, OK, basically it was one
How copy protections are being cracked ? They run your game through a debugger, and trace the code until they find the place where the copy protection is checked. Then they disable that check.
The only problem: The virusscanner totally freaked out, and thought that my copy protection scheme was a virus... Well, OK, basically it was one
How copy protections are being cracked ? They run your game through a debugger, and trace the code until they find the place where the copy protection is checked. Then they disable that check.
Ofcourse you could have your EXE to be encrypted aswell. The first calls are normal code which decrypts another game module which will run. When another module is needed that part decrypts is and then runs it. This would ofcourse be extremely hard to write and to crack but can still be defeated. Another option to make it even harder would be to make the game polymorph itself into another exe, however that would end up in the end in having a piece of code inside the exe that has the same signature as an virus and your virusscanner going crazy.
Sand Hawk
Sand Hawk
The only succesful anti-hack system I''ve ever seen is the CDKEY system, and that only works for the multiplayer portions of games. The way CDKEYs work is that each copy of the game comes with a unique key, usually made up of letters and numbers. With a 16-character key, that gives 36^16 or 7958661109946400768000000 possible keys. As you can see, that''s a lot; even if you sell 1 million copies, that still means it will take an average of 7958661109946400768 tries to crack a single valid key. Thus, by using that method, you can fairly effectively protect the online portion of your game.
- Andy Oxfeld
- Andy Oxfeld
If you make the user enter a serial then there is some windows api that handles that and the cracker knows them, he just have to set a breakpoint on those functions and then it´s "simple" debugging.
Same with cd check, there´s a few api calls that´s always used, breakpoint on them..........
If you want to make it hard for them, read alot about cracking and anti-cracking. You can make it harder but you can never beat them...
Same with cd check, there´s a few api calls that´s always used, breakpoint on them..........
If you want to make it hard for them, read alot about cracking and anti-cracking. You can make it harder but you can never beat them...
There are a few things that you should probably read.
a) read a tutorial on cracking programs and cd protection.. etc
My reason for this is it will give you the insiders view on a quick 101 on how cracking is done and HOW people do find those jne statements or jump if not equal.
Cracking cd protection is ( more or less ) a one two process:
1. program goes through all the execution of finding whether a cd is in the drive and checking, perhaps, certain bits and segments on the cd... OR MAYBE just a label( blah ) as to whether this cd is generic and is the correct cd.
2. now. at this .. there is a line in a program which is equivalent to maybe.. if ( !GameCD() ) exit();
as you had thought. so in that regard you are correct.
the second thing I would think you should read is an article over at gamasutra.com. There is an article about cracking the game spyro. And all the different methods about how they tried to keep the game ill pirated for as long as possible. =) fun read. -- i also believe this article provides a little extended information for more information about your questions.
Hope this helps.
Andy
a) read a tutorial on cracking programs and cd protection.. etc
My reason for this is it will give you the insiders view on a quick 101 on how cracking is done and HOW people do find those jne statements or jump if not equal.
Cracking cd protection is ( more or less ) a one two process:
1. program goes through all the execution of finding whether a cd is in the drive and checking, perhaps, certain bits and segments on the cd... OR MAYBE just a label( blah ) as to whether this cd is generic and is the correct cd.
2. now. at this .. there is a line in a program which is equivalent to maybe.. if ( !GameCD() ) exit();
as you had thought. so in that regard you are correct.
the second thing I would think you should read is an article over at gamasutra.com. There is an article about cracking the game spyro. And all the different methods about how they tried to keep the game ill pirated for as long as possible. =) fun read. -- i also believe this article provides a little extended information for more information about your questions.
Hope this helps.
Andy
quote:The only succesful anti-hack system I''ve ever seen is the CDKEY system, and that only works for the multiplayer portions of games. The way CDKEYs work is that each copy of the game comes with a unique key, usually made up of letters and numbers. With a 16-character key, that gives 36^16 or 7958661109946400768000000 possible keys.
However.. this is more of a brute force way of looking at a program than a algorithmic one and looking at the the machine code.
Andy
quote:Original post by skillfreak
However.. this is more of a brute force way of looking at a program than a algorithmic one and looking at the the machine code.
Well, this only works with a central server, like Battle.net, WON, etc. Assuming the servers are fairly secure, it''s impossible to break into the machine code of Battle.net servers, etc, thus the only way to get in is to brute force it... and the sheer number of keys makes brute force not feasible.
- Andy Oxfeld
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement