anti-piracy techniques
Author
Now, being a warez fan myself, I''ve thought up a few ways (none of which are truly original) to prevent the basic idiot from giving his friendy Joey a copy of my software. Please respond with input, suggestions, or critiscm [sic].
Pack the EXE - Probably using ASProtect. This is fairly important - if they can SoftICE into your EXE without any trouble, your other forms of protection are fairly worthless.
Protect the CD - Usually more harm than good, see Securom (War3/GTA3/NWN) as an example. Not always compatible with older CD-ROM drives, and can slow your product down.
Serial Number - By far the most popular, especially when checked against a central server to prevent online play on illegal/multiple serials. Fairly effective in that regard.
Unique Key - This is sometimes done with the registry, but if you use the registry, it''s very easy for a cracker to detect. A better method might be to pull a unique value from the motherboard or some other hardware and store it in your program. Then have your program check on start to make sure the two values (one in your prog, one on the hardware) match.
I can''t think of anything else off the top of my head, so feel free to chime in.
This is a very important topic, and one I know the ASP members discuss quite a lot. I use registry embedded serials, sometimes involving a unique key that i write to the disk during install.
I know that some big digital software distribution companies use trivial serial number protection, and they just ignore the %tage of sales lost to piracy.
With a shareware product you have the big problem that there isnt a CD. Any registry write can be snooped with regmon, and file write can be snooped with filemon.
There was a good article on gamasutra about a company that let the game run if hacked, but added a few obscure bugs and failures after an hour or sos play. I think this is an excellent idea (and one i will use myself), because 99% of hackers dont actually spend much time playing the game once they hack it, and once a hack is released(even if its a poor one) nobody else will hack it.
Imagine a dialog popping up after 5 hours of play on a hacked copy, saying "Sorry this is an illegal copy" and resetting the registration status. All thats needed is a (trivial) serial number check that is easy to spot, which distracts the hackers attention from the real code.
Just my thoughts!
http://www.positech.co.uk
I know that some big digital software distribution companies use trivial serial number protection, and they just ignore the %tage of sales lost to piracy.
With a shareware product you have the big problem that there isnt a CD. Any registry write can be snooped with regmon, and file write can be snooped with filemon.
There was a good article on gamasutra about a company that let the game run if hacked, but added a few obscure bugs and failures after an hour or sos play. I think this is an excellent idea (and one i will use myself), because 99% of hackers dont actually spend much time playing the game once they hack it, and once a hack is released(even if its a poor one) nobody else will hack it.
Imagine a dialog popping up after 5 hours of play on a hacked copy, saying "Sorry this is an illegal copy" and resetting the registration status. All thats needed is a (trivial) serial number check that is easy to spot, which distracts the hackers attention from the real code.
Just my thoughts!
http://www.positech.co.uk
Anything with "uniqueness" tends to be expensive to do - so often serial numbers, unique keys etc aren''t so practical on boxed software. On top of that, you don''t want to force a legitimate user to register over the internet just to use your software.
A pretty effective thing used by Pro-DG (development software used for console development) is to tie a license file to the (unique) MAC address of the network card installed (can''t guarantee that with consumer s/w though).
Compression and encryption schemes usually aren''t going to do anything to beat a determined cracker - if your program exists as a process in the address space of a machine it can be saved out - there are even programs to do that available.
On at least 90% of products, copy protection is a total afterthought. The publisher recieves the unprotected gold master, runs it through an off the shelf CD protection system, then sends the protected image off for mastering.
What that means is the average protection is nothing more than a fancy encryption scheme, the program and data don''t _really_ require the protection to be present to run. That''s why its so damn easy to remove.
A determined cracker is never going to be prevented from cracking your product. If it can be done it can be undone!
Better solutions ? (I don''t know your motives or who else is reading so I''m going to be vague):
* plug the leaks - before the final gold master CD goes through any kind of protection scheme it passes (usually) unprotected through many different departments of the published. It even goes to third parties (magazines, compatibility testers, localisation houses etc). Much of the stuff which is supposedly "cracked" and available for full download is actually sourced in its unprotected form from leaks at the above (at least one product I''ve worked on was...). A pre-protection .exe is also a perfect 0% work candidate to call a "no protection patch". Protecting the CD at development stage and requiring protection devices (say numbered dongles) to be used by the above potential leak sources would help immensely (i.e. if an ISO can''t be made of the CD, the crackers require an actual CD - much harder to obtain than the image).
* Track the leaks - numbered internal versions for example - find where the leak is and them fired + find who they''re uploading to.
* Track the cracker - who touched the .exe before it appeared on the internet ?... [if you use your imagination, this can be done legally
]
* Work with the CD protection. CD protection schemes check whether the CD marking is still present. Games hardly ever check much to see whether the protection itself is still present.
* Detect media type properly. If your product fails to work off CDRW its going to delay release of the crack (while that level of protection is removed) or at least cost the cracker a little bit of money.
* Program code dependent on bytes in movie and music files - no more lightweight downloads, hard to remove.
* Code dependent on data, data encryption dependent on code checksums - NEVER show an error box when protection altered - just crash. Error boxes are easy peasy to trap, a crash in a piece of D3D rendering code isn''t!.
* Gameplay & game level dependent checks on the integrity of the protection scheme - fine, let them crack the protection which makes the game run, but do another protection check after 3 levels of the game. If cracker releases without playing through then all they''ve done is distributed a 3 level demo for you. In peace of mind terms if they discovered a second protection check after 3 levels, theyd be paranoid that there might be another one 3 levels on from there. - The key here? DELAY the properly cracked version for as long as possible - DELAY==more *potential* sales.
--
Simon O''Connor
Creative Asylum Ltd
www.creative-asylum.com
A pretty effective thing used by Pro-DG (development software used for console development) is to tie a license file to the (unique) MAC address of the network card installed (can''t guarantee that with consumer s/w though).
Compression and encryption schemes usually aren''t going to do anything to beat a determined cracker - if your program exists as a process in the address space of a machine it can be saved out - there are even programs to do that available.
On at least 90% of products, copy protection is a total afterthought. The publisher recieves the unprotected gold master, runs it through an off the shelf CD protection system, then sends the protected image off for mastering.
What that means is the average protection is nothing more than a fancy encryption scheme, the program and data don''t _really_ require the protection to be present to run. That''s why its so damn easy to remove.
A determined cracker is never going to be prevented from cracking your product. If it can be done it can be undone!
Better solutions ? (I don''t know your motives or who else is reading so I''m going to be vague):
* plug the leaks - before the final gold master CD goes through any kind of protection scheme it passes (usually) unprotected through many different departments of the published. It even goes to third parties (magazines, compatibility testers, localisation houses etc). Much of the stuff which is supposedly "cracked" and available for full download is actually sourced in its unprotected form from leaks at the above (at least one product I''ve worked on was...). A pre-protection .exe is also a perfect 0% work candidate to call a "no protection patch". Protecting the CD at development stage and requiring protection devices (say numbered dongles) to be used by the above potential leak sources would help immensely (i.e. if an ISO can''t be made of the CD, the crackers require an actual CD - much harder to obtain than the image).
* Track the leaks - numbered internal versions for example - find where the leak is and them fired + find who they''re uploading to.
* Track the cracker - who touched the .exe before it appeared on the internet ?... [if you use your imagination, this can be done legally
]* Work with the CD protection. CD protection schemes check whether the CD marking is still present. Games hardly ever check much to see whether the protection itself is still present.
* Detect media type properly. If your product fails to work off CDRW its going to delay release of the crack (while that level of protection is removed) or at least cost the cracker a little bit of money.
* Program code dependent on bytes in movie and music files - no more lightweight downloads, hard to remove.
* Code dependent on data, data encryption dependent on code checksums - NEVER show an error box when protection altered - just crash. Error boxes are easy peasy to trap, a crash in a piece of D3D rendering code isn''t!.
* Gameplay & game level dependent checks on the integrity of the protection scheme - fine, let them crack the protection which makes the game run, but do another protection check after 3 levels of the game. If cracker releases without playing through then all they''ve done is distributed a 3 level demo for you
. In peace of mind terms if they discovered a second protection check after 3 levels, theyd be paranoid that there might be another one 3 levels on from there. - The key here? DELAY the properly cracked version for as long as possible - DELAY==more *potential* sales.--
Simon O''Connor
Creative Asylum Ltd
www.creative-asylum.com
quote:Original post by cliffski
There was a good article on gamasutra about a company that let the game run if hacked, but added a few obscure bugs and failures after an hour or sos play.
I believe you are refering to this article on the copy protection in the Playstation game Spyro: DOTD.
It depends on the game, too. Basically, no matter what, if the game is good, it will be hacked, end of story. The only thing you can do is prevent the 95% of casual hackers who don''t have the dedication to get past ASProtect.
The "screw with user if hacked" idea doesn''t go over well (with the crackers), and besides getting your software truly hacked, could lead to things like packeting of your website and other problems.
Now, as an admitted warez user (of which software? pfft. as long as I don''t tell you, it''s all good, right?), I''ve found that the most effective and frustrating is the serial number with online database method. This is when a program won''t let you play online unless you have a correct serial. Very hard to get around, since the serial must be in the home database, or you just can''t play. NWN uses this - of course, you can play with friends on a cracked server, but you can''t just join an online game.
CD Protection is worthless as far as I know, and the registry key/key file method hasn''t been truly effective as far as I can see...
I''d really like to try the "pull unique value from hardware" method, and then perhaps actually write the value into the .EXE somewhere? It could work.
The "screw with user if hacked" idea doesn''t go over well (with the crackers), and besides getting your software truly hacked, could lead to things like packeting of your website and other problems.
Now, as an admitted warez user (of which software? pfft. as long as I don''t tell you, it''s all good, right?), I''ve found that the most effective and frustrating is the serial number with online database method. This is when a program won''t let you play online unless you have a correct serial. Very hard to get around, since the serial must be in the home database, or you just can''t play. NWN uses this - of course, you can play with friends on a cracked server, but you can''t just join an online game.
CD Protection is worthless as far as I know, and the registry key/key file method hasn''t been truly effective as far as I can see...
I''d really like to try the "pull unique value from hardware" method, and then perhaps actually write the value into the .EXE somewhere? It could work.
The thing is you get some unique value ie netwrok card address and write that to somewhere in the .exe file. Apart from the obviousl problems if the user changes their system, this is fine. However to generate a copy all you need is to compare two copies of the .exe and see which bytes change. Then see where in the code references this memory address. This requires assembly knowledge but only a bit.
Maybe you put loads of keys in so the comparison software finds 213 values that need checking. You make only one of those value actually important. That''s a lot of delving into asssembly code to see what''s going on. Even better, change the order of bits of the .exe during insatllation, based on a serial no. Then comparison software finds completely different files so you don''t know where to look for the security checking code.
If we could make every CD unique then life would be so much easier. You have to register online before it will install. Every copy needs a unique security code as every copy is different. During regisration the server checks that the code you have works for the actual copy you have. Or even better to order, you give your address. This is kept on the server with which copy of the software you have. Now during registration you also ask for the user''s name. Now no-one can install that copy without knowing not only the unique secutiry key, but also the name of the person who paid. This has the added benefit - if copies are found, it can be determined which user''s copy has been cloned - the user is les likely to allow this to happen knowing they can be traced as the source of pirated copies.
John 3:16
Maybe you put loads of keys in so the comparison software finds 213 values that need checking. You make only one of those value actually important. That''s a lot of delving into asssembly code to see what''s going on. Even better, change the order of bits of the .exe during insatllation, based on a serial no. Then comparison software finds completely different files so you don''t know where to look for the security checking code.
If we could make every CD unique then life would be so much easier. You have to register online before it will install. Every copy needs a unique security code as every copy is different. During regisration the server checks that the code you have works for the actual copy you have. Or even better to order, you give your address. This is kept on the server with which copy of the software you have. Now during registration you also ask for the user''s name. Now no-one can install that copy without knowing not only the unique secutiry key, but also the name of the person who paid. This has the added benefit - if copies are found, it can be determined which user''s copy has been cloned - the user is les likely to allow this to happen knowing they can be traced as the source of pirated copies.
John 3:16
Hrmm... just a quick idea that I haven''t bothered to think through, but what would you think of packing the game up on the CD, then at install check for a unique serial on the machine. Use this serial as an encryption key to encrypt portions of the game data and code. Then at runtime check the serial again on the machine (don''t store it separately), and use that to decrypt the remainder of the game.
Any ideas on the feasibility/effectiveness of this technique?
Any ideas on the feasibility/effectiveness of this technique?
I don''t know if this is a method used by anything, but I''ve always thought of "adding" up the exe. Basically, use a method of reading different variable types (int, char, etc.) from the exe itself. Add them all together and store it in a place inside the exe. The exe itself wouldn''t have the method used to add the numbers, and one byte changed would change the final total. You could even add the total to final total as long as you leave enough blank space for it, and make an algorithm to account for it. Again this isn''t fool proof, but it would take them time.
The best protection I have ever seen was on Thief. The CD was about 730MB, and had an illegal TOC. There were files on there that reported at over 1GB. I was personally trying to crack it because I make backups of my games. There''s nothing worse than taking your game to a lan party and getting it destroyed...
That being said, I think there is something to just making the software and taking the hit for warez. How many sales are actually lost from it? For example, let''s say you have someone who can''t afford Photoshop (who can?). They download it. Did you loose a sale? I say no. They weren''t going to buy it anyway. Now the big time people who make copies and sell them, that''s a different story all together. They are stealing sales. But again, how do you stop them from making the copy? It ends up costing more money in development time and effort than the lose of sales. I''m not saying all the time, but it does seem to come out that way on some software.
I really like Tribes 2''s method. You can play a personal lan game without registering, and coping the CD isn''t that hard. But if you want to play an internet game, you have to have a key that is used to create an online account. It depends on the game of course, that isn''t always possible. You wouldn''t want that kind of protection for a card game. But then again, do you really loose that much?
A good example of a trusting behavior is my brother. He writes web apps. (MKStats and CalendarScript) He employs a method of download it, use it, pay me if you like it. He has a high average of people that actually pay him, and has made quite a bit of money from it. I don''t really want to get into number details for his own privacy, but you get the idea. He isn''t concerned with protection in any way. He feels it''s just not worth it. I tend to agree a lot of times.
Always remember, you''''re unique. Just like everyone else.
The best protection I have ever seen was on Thief. The CD was about 730MB, and had an illegal TOC. There were files on there that reported at over 1GB. I was personally trying to crack it because I make backups of my games. There''s nothing worse than taking your game to a lan party and getting it destroyed...
That being said, I think there is something to just making the software and taking the hit for warez. How many sales are actually lost from it? For example, let''s say you have someone who can''t afford Photoshop (who can?). They download it. Did you loose a sale? I say no. They weren''t going to buy it anyway. Now the big time people who make copies and sell them, that''s a different story all together. They are stealing sales. But again, how do you stop them from making the copy? It ends up costing more money in development time and effort than the lose of sales. I''m not saying all the time, but it does seem to come out that way on some software.
I really like Tribes 2''s method. You can play a personal lan game without registering, and coping the CD isn''t that hard. But if you want to play an internet game, you have to have a key that is used to create an online account. It depends on the game of course, that isn''t always possible. You wouldn''t want that kind of protection for a card game. But then again, do you really loose that much?
A good example of a trusting behavior is my brother. He writes web apps. (MKStats and CalendarScript) He employs a method of download it, use it, pay me if you like it. He has a high average of people that actually pay him, and has made quite a bit of money from it. I don''t really want to get into number details for his own privacy, but you get the idea. He isn''t concerned with protection in any way. He feels it''s just not worth it. I tend to agree a lot of times.
Always remember, you''''re unique. Just like everyone else.
There''s also a few ideas here:
http://www.flipcode.com/cgi-bin/msg.cgi?showThread=04April2001-SoftwareProtection&forum=askmid&id=-1
Ron Frazier
Kronos Software
www.kronos-software.com
Miko & Molly - Coming July 2002
http://www.flipcode.com/cgi-bin/msg.cgi?showThread=04April2001-SoftwareProtection&forum=askmid&id=-1
Ron Frazier
Kronos Software
www.kronos-software.com
Miko & Molly - Coming July 2002
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
