Don't let them crack your game!!
Author
suppose this scenario:
- You've developed an online game that requires a subscription fee for playing (like most of the MMORPG titles), so players cannot play your game unless they have paid you the subscription fee. (simple isn´t it?)
- But then some hackers-crackers modify the original executable so it allow them play for free, and doing very bad things (Cheating players, Steal items etc.)
How to stop them?(technologically, without using the goverment law defense against piracy)
Which methods are there for verify the authenticity of the game executable file from game server?
You can't really check whether the client .exe has been modified. But you can (and should) perform all sensitive operations on the server, and not trust the client with anything. The client shouldn't be able to steal items. At best, it should be allowed to say "This user initiated a "steal" attempt on player x" to the server. And then the server decides whether it's successful, and what you managed to steal.
Anything subscription wise shouldn't be handled by the client. The only thing the client should know about subscription wise is the player logon information. Verification should be happening server-side. So unless they have hacked someone else's account information, the senario doesn't seem very plausable.
Author
Well, I know that is too difficult to hack the subscription system. That's wouldn't probably occur.
But SUPPOSE the case when they've achieved the invalid access to the server with a cracked version of the game, because someone gives them the source code of the game.
So the only defense against them is to verify the executable, not the accounts.
So there are any firmware md5 code verification for this?
But SUPPOSE the case when they've achieved the invalid access to the server with a cracked version of the game, because someone gives them the source code of the game.
So the only defense against them is to verify the executable, not the accounts.
So there are any firmware md5 code verification for this?
1° Make information irrelevant. Anything the client knows is inoffensive, and the client should not be allowed to ask the server for more than it is allowed to. Because of this, cheaters cannot do anything more than what the normal players could do.
2° Have people pay for their accounts, but distribute the client freely. This ensures that at most one person will be playing on a given account at a given time (there's always someone in the bunch who will change the account password), and you're still getting money for the open accounts.
2° Have people pay for their accounts, but distribute the client freely. This ensures that at most one person will be playing on a given account at a given time (there's always someone in the bunch who will change the account password), and you're still getting money for the open accounts.
You can't really do any kind of checksome or hask on the executable, because that can be hacked too. All you really need to so is look for a value that is sent everytime, and just transmit that instead, bypassing the calculation of the checksum/hash.
Quote:You can't really check whether the client .exe has been modified.
In my current project we run a Cyclical Redundancy Check (CRC) on the executable at runtime, and check that value against the matching versions crc value stored on the server database. If the check fails we dont allow the user to run the application, and inform them that application may have been corrupted and they should reinstall.
Quote:Original post by Anonymous Poster
In my current project we run a Cyclical Redundancy Check (CRC) on the executable at runtime, and check that value against the matching versions crc value stored on the server database. If the check fails we dont allow the user to run the application, and inform them that application may have been corrupted and they should reinstall.
The cracker would simply alter the "compute and send CRC" section of the client to send the correct CRC.
Author
All right all right. MMORPG isn't a good example.
But think about that the last Unreal Tournament 2004 was cracked and let some people play for free. In that case, it is necessary to verify the client .exe .
But think about that the last Unreal Tournament 2004 was cracked and let some people play for free. In that case, it is necessary to verify the client .exe .
You cannot reliably verify the executable file, no matter what you do. The best you can do (if you're a commercial game) is to delay the crack for a month or two.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
