Archived

This topic is now archived and is closed to further replies.

Releasing cracks for your own app/game

This topic is 5620 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Anybody ever done this? Here is a little idea I came up with. By releasing your own cracks / invalid keygen''s etc. you can get away with messing witht he end users pc. Its unethical to put ''bad code'' into your program that would corrupt the registry etc, but what happens if the crack they try and apply does this. A bad reg code could also cripple your app etc. By flooding the crack sites with this you will be able to take attention away from your app from would be crackers. If there are already 5 cracks for one app, why would they do it themselves? As I said, the crack/app could work for a while but would then cease function, maybe popup a dialog saying that they have been detected and they should pay their fee or they will be reported etc. /just an idea

Share this post


Link to post
Share on other sites
You''d get sued for writing trojans/virii. It doesn''t matter that the intent of the user is illegal if YOUR intent is illegal as well.

(it isn''t stopping the RIAA from trying to pass legislation to exactly this effect though).

Share this post


Link to post
Share on other sites
It''d be kind of funny if someone installed a "crack", which appeared to work for a few days, then displayed a yes/no dialog: "You have used an illegal crack. Do you wish to report yourself?"

Share this post


Link to post
Share on other sites
quote:
Original post by MadKeithV
You''d get sued for writing trojans/virii. It doesn''t matter that the intent of the user is illegal if YOUR intent is illegal as well.


Not at all. This wouldn''t be a virus or a trojan. It wouldnt touch anything on the machine outside of the program, and it wouldnt propogate itself in any way. Basically, if the user tries to do something illegal, the crack will "attempt" to help them but fail. Nothing more. Besides, even if it was illegal, who would step up to the plate to challenge you? It would be like trying to tell a police officer "I know this guy was going at least 30 over the speed limit, because I was going 20 over and he flew by me".

That said, I dont know if I would bother. I would imagine that all you would be doing is making a cracker''s job easier because (in order for you your fake crack to make it appear to work at first) it would have to bypass some of the copy protection mechanisms. If the cracker than disassembles a very small crack program (instead of the very large application) then it is much easier to figure out where in applicaiton the protection mechanisms are. Think of your fake-crack as a big neon sign.


Ron Frazier
Kronos Software
www.kronos-software.com
Miko & Molly - Coming July 2002

Share this post


Link to post
Share on other sites
Yup, I agree that deliberately putting Trojans out etc is extremely irresponsible - and there is of course the risk that someone innocent would get hurt if it spread. However...

...The idea of assuming a "warez dude" persona and uploading what looks like cracked versions, particularly if you release **before** the warez scene cracks appear is a good one.

A lot of what drives the cracking part of the warez scene is the kudos of being the first to release a crack. Any subsequent cracks are valued a lot less in that scene.

So if you release what appears to be the *first* crack, particularly with say a deliberate 3 week timeout, all the boards, newsgroups, sites are likely to carry that version. And you''re likely to greatly reduce motivation for them to crack that product (until they realise it isn''t "properly cracked").

It''s something I''m increasingly thinking about (many moons ago I was in the intro making division of an Amiga cracking group) - there''s lots of possibilities which aren''t illegal but could hurt some parts of the warez scene ("divide and conquer", "destroy from within", "keep your friends close, your enemies closer" etc )

Rumour has it that even MS are trying something like this with Windows XP. The rumour goes that Service Pack 1 will disable all of the known keygen/cracked versions when applied. To me this seems like a good strategy - give people a years free play demo, if they''re still using it after a year, they can go and buy the full thing. No valid excuses.

Also Microsoft Research have been up to some similar stuff, including having their own "warez dude" who''s active in the scene as a spy:

http://research.microsoft.com/crypto/piracy.asp
http://research.microsoft.com/crypto/openbox.asp



--
Simon O''Connor
Creative Asylum Ltd
www.creative-asylum.com

Share this post


Link to post
Share on other sites
quote:
Original post by LordKronos
Not at all. This wouldn''t be a virus or a trojan. It wouldnt touch anything on the machine outside of the program, and it wouldnt propogate itself in any way.


Modifying the program is illegal, even if you originally wrote that too. It would be like Ford walking into your garage and taking the wheels off your Ford Cougar, saying "we built it, so it''s ours."

Share this post


Link to post
Share on other sites
quote:
Original post by MadKeithV It would be like Ford walking into your garage and taking the wheels off your Ford Cougar, saying "we built it, so it''s ours."

Yeah, but you bought the Ford Cougar. They didn''t buy your program.

Share this post


Link to post
Share on other sites
quote:
Original post by SuperRoy
Yeah, but you bought the Ford Cougar. They didn''t buy your program.



I might have stolen it, and that still wouldn''t give them the right to enter my garage. Two wrongs don''t make a right.

Share this post


Link to post
Share on other sites

What if you put a special clause in the EULA (or whatever) like:

"You give us the right to modify the program in any way, without notice."

Note that when you buy a car its yours, but sometimes you dont own the program, only a licence to it.

--redwyre

Share this post


Link to post
Share on other sites
But by publically releasing a "crack" for your own game, **YOU** as the author of the crack and the game aren't modifying the code of the game. The person who *USED* the crack is!...

Putting a "use at your own risk" disclaimer on the crack should be enough IMO to remove any liability. The point of the crack would be to ONLY disable the illegal copy of the game rather than affect anything else on the users machine.

I doubt anyone who made a copy of a game and then used a crack which they thought would violate the owners copyright which happened to turn the game into a demo version would sue. And even if they did, I suspect they'd be laughed out of court!. Using another analogy: If you buy some drugs off a drug dealer and you discover they're fake, you aren't (in most countries) going to go to the police and issue a complaint because you yourself were intending on breaking the law!

Even using a car analogy - it's similar to websites which offer details/downloads for flashing/chipping engine management units on cars to remove maximum speed limitations etc. If you do it, you might get a faster car. Alternatively you might end up with a dead car - it's a risk you take. Nobody broke into your garage! Nobody forced you to do it! You took the risk and performed the actions in your own garage.

--
Simon O'Connor
Creative Asylum Ltd
www.creative-asylum.com

[edited by - S1CA on July 26, 2002 9:57:42 AM]

Share this post


Link to post
Share on other sites
Here''s an idea... now that the net is so widespread, why not put code in your game to detect cracking, and then when someone does this put up a disclaimer that says "You''re using a cracked version, we''re now sending your information to the proper authorities". You could get them to send their info to you ;-)

Of course I guess that would be illegal too :-D

Keith

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
I think Blizzard did that (upload identifying information) a while ago with people using duplicate CD keys on battle.net. They got sued because the EULA didn''t state that could happen, and people were not told it was happening.

Share this post


Link to post
Share on other sites
quote:
Original post by MadKeithV
It would be like Ford walking into your garage and taking the wheels off your Ford Cougar, saying "we built it, so it's ours."



Unfortunately, it seems that this is how software licensing agreements work.

I remember I used to edit the game Jedi Knight, and a guy had released a very good editor for it, WITH an EULA. Then a few months later he decided he liked men, and posted on his site and on Jedi editing sites that he was terminating all licenses and that it was officially "illegal" to use his program.

http://roninmagus.hopto.org

[edited by - Ronin Magus on July 26, 2002 11:23:03 AM]

Share this post


Link to post
Share on other sites
wouldnt all of this stuff be legal as long as before installation, you put a disclaimer sayin gthat if the user agrees, he is agreeing that if he/she tries to in any way use it illegally, it is OK for the program to report thier info? Just put what ever method you are going to use in the disclaimer as to make it legal... only when they click the i agree button of course.

maybe it is illegal to make such a disclaimer... but just what i think...

tazzel3d ~ dwiel

Share this post


Link to post
Share on other sites
quote:
Original post by Uhfgood
Here''s an idea... now that the net is so widespread, why not put code in your game to detect cracking, and then when someone does this put up a disclaimer that says "You''re using a cracked version, we''re now sending your information to the proper authorities". You could get them to send their info to you ;-)

Of course I guess that would be illegal too :-D

Keith


Not if you specify in the EULA that by installing, they give you the right to upload any and all parts of their registry. Very very very few people do that, but there are a few people who do. Blizzard got nailed for that a while ago when they were trying to figure out why so many people were complaining that their cd-keys didn''t work on Battle.net. They uploaded the registries and didn''t tell people. I don''t remember what happened exactly. I think they were fined a few million. (Someone correct me on that, but I don''t remember for sure.)

In any case, what it boiled down to was that it wasn''t in the EULA. There are some very high end scientific software packages that validate a code against a centralized network database at the company that programmed the software EVERY time it is run. It''s part of the license agreement that you allow them to validate your installation every time you run it. How can they do this? It''s in the EULA.

Of course, these packages cost literally hundreds of thousands of dollars for a single license for a single year. having a central database allows them to revoke any license at any time if they see something fishy. Maybe it comes up from one IP address, and closes. Then 10 minutes later, a different one, and yet another 10 minutes later. They have the ability to ignore validation requests from certain IP addresses and essentially have full control over when you can and cannot run their software.

Having said all that, we''re not dealing with software packages of that magnitude. The sheer cost of implementing such a system are prohibitive for most developers and the added pains of requiring that a customer be logged into the internet when they play the game would be such a turn off to most people that they simply wouldn''t buy it.

My point is though, that if you put in the EULA that any ATTEMPT to hack or crack your software results in X, then I think you can do it. So, I think you can write your fake crack, distribute it to your heart''s content, and then sit back and laugh at the mayhem you create as peoples'' registries are emailed to you on an hourly basis, your tech support lines are flooded with pissed off people because you''re taking their registries without their consent, your website is defaced by an annoyed hacker, and your ISP shuts off your site because he plastered your main page with porn.

hmmm? Sounds tempting huh? While I think that legally you can get away with it, I think that unless you''re very careful to not show a trail of any kind back to yourself, you''re going to have problems with publicity. And those problems with publicity can be much more damaging than a few lost sales due to piracy. If you''re going to do it, then go all out, but you''d better keep your mouth shut and keep it so hush hush that not even your lead programmer knows what you did. All it takes is one person to talk and your public image is ruined. Remember. Three people can keep a secret if two of them are dead.

I know what you''re going to say, and I echo the thought. "Well, if someone''s trying to pirate my software, it''s his own damned fault what happens to him. Who cares what he thinks or does? He was a software pirate trying to rip me off for my hard work!"

And again, I know. I completely understand. But what happens when you put something nasty in your code that you believe will only be activated when you apply your crack? Maybe you decide to format their hard drive. Hmmm. Even worse. Maybe something that''s not so bad. Uploading a file with their registry so you know who they are. That''s not so bad. They''ll never know. But you''d better make sure your code is completely bug free. One errant pointer and poof. You''ve just determined that a legitimate, paying customer is a pirate and you''ll never know the difference. Hard disk errors do happen as well.

In the end, it depends on the stance that you want to take as a software developer against potential pirates. I''m not here to tell you what to do. You can do just about anything you think you can get away with. But you really should look at ALL of the possible repurcussions of your actions, and with the possibility of software traversing the entire planet over the internet, even if you think the chances of something happening are 100 million to 1, it could still happen, and eventually, it probably will.


Looking for an honest video game publisher? Visit www.gamethoughts.com

Share this post


Link to post
Share on other sites
OFFTOPIC:
Isn''t anyone else scared by what is said here:
http://research.microsoft.com/crypto/openbox.asp

Didn''t Disney propose that? Or some big music corporations like Sony? It is like how they are releasing music CDs that aren''t the actual CD standard format or that crash your Apple computer if you use it. Damn DMCA/RIAA.

Share this post


Link to post
Share on other sites
Yea, that sounds bad. The reason I say that is that I can see Microsoft making it proprietary hardware and wanting a kickback for every piece of hardware that is sold with that embedded. Not to mention whole new ground for a digital music monopoly.

The thing is, that hardware encryption like that will be a tough pill to swallow. If it is embedded into the hardware, people will get ticked. Look at how the idea of CPU ID''s embedded in the processor was handled by the public. They want anonymity on the internet. And what hardware will you embed it in? You need to be able to play all of your MP3''s that you''ve made and purchased legally.

Sony''s CD copy protection is easily broken. They spent millions on it and it can be defeated by a four year old with an 89 cent sharpie marker. Just scribble out the outer most track on the disk with the marker. That''s where the protection track is. The PC misses it, and you can copy it or do whatever you want.

Any solution is bound to be broken, given time. It''s unfortunate, but it will always happen. You just need to find new ways to do it.

Share this post


Link to post
Share on other sites
The point with my idea is that A) you let the user know what will happen if they don''t have a valid key B) i''m only proposing crack detecting code, not fake cracks to distribute.

I really don''t have time to go on warez sites to upload cracks, and in fact I wouldn''t want to be caught looking at those sites anyways to make myself look bad.

I also wouldn''t send registry info from my program... Instead i''d rely on stuff like location, and what system the user was on, etc... Maybe finding a way to find the cracker''s ip address... but even like you said, it is a lot of work

;-)

Keith

Share this post


Link to post
Share on other sites
Uhfgood, what you COULD do, is specify in the EULA that if you detect a crack, you are going to upload their IP address to your systems and ban them from your website. Place a database on your website that accepts these IP addresses, and if you ever get a request from that IP address, redirect them to a page that says they''ve been banned for piracy of your software. If they actually care, give them an email address they can straighten it out with. That way, you''re protecting your future software as well. It doesn''t work too well though for people on connections whose IP addresses change all the time. Perhaps you could do it via MAC address, but I can''t think of any way to get that via a web browser connection.

The thing is, if someone is going to pirate your software, they''re not going to pay for it unless they are truly going to benefit by doing so. Most people are honest enough that they will pay unless you hold the serial key under their nose. Anytime you update your software with a patch, you can update the list of keys that you know have been compromised. Anyone attempting to use that key will be banned.

It''s just an idea.

Share this post


Link to post
Share on other sites
I think it is a good idea to have the software regularly "download fixes/patches" for the user to improve the stability of the program or w/e and put in known serial problems in there... that way crackers have something new to crack everytime you realease a fix... problem with this is that the crackers will just remove the autoupdate function from your proggy and that will be the end of the solution... huh.. just some more to think about!

tazzel3d ~ dwiel

Share this post


Link to post
Share on other sites
LOL.

I don''t trust ''auto-update'' programs that automatically connect to
the internet. My security firewall (e.g. ZoneAlarm, Sygate) prevents any un-authorized connections.

But hey, just change the description and call it an auto-update
feature. Who would really know the difference?

Share this post


Link to post
Share on other sites
I dont trust them either and always disable them if possible if not unless the proggy is exceptional quit usin gthe software... But I dont know if this is the case with most gamers... just a thought

dwiel ~ tazzel3d

Share this post


Link to post
Share on other sites
quote:
Original post by MadKeithV
Modifying the program is illegal, even if you originally wrote that too. It would be like Ford walking into your garage and taking the wheels off your Ford Cougar, saying "we built it, so it''s ours."


Not even close. By your logic, releasing patches to your own software would be illegal. I wrote software product A (the app). I also wrote software product B (the crack) whose whole purpose is to modify product A. Whether or not product B works as intended is a different matter. The fact is that the user downloads and runs product B with the express intension of having it modify product A.

To use the car analogy, this would be like saying that if you bought a Cougar and took it back to the Ford dealership (though I''m not sure why you would, since its a Mercury ) and asked them to modify it (give it a tune up or something), they would have to say "sorry, were not allowed to modify that vehicle".



Ron Frazier
Kronos Software
www.kronos-software.com
Miko & Molly - Coming July 2002

Share this post


Link to post
Share on other sites
I like this idea of releasing "bad hacks". And even tho it''s technically illegal to do, nobody has to know it was the developer who made the hack. It''s not that hard to find an independent person who''d be willing to take care of distribution. As long as it''s impossible to trace the hacks back to you, everything is cool.

Share this post


Link to post
Share on other sites
It has to be mentioned: not everyone uses cracks (or cracked executables) for bad purposes. After my CDROM drive destroyed a CDROM (and, consequently, itself) I''ve made sure to use no-CD cracks for every game which I play. If I''d had to the foresight to do this earlier, I''d still be able to play Diablo II. Ironically, if I''d pirated Diablo II, I''d still be able to play it. There''s no way I''m buying another copy . Requiring me to place a CDROM in the drive just to play the game really bothers me (it''s understandable for cinematics, et cetera).

Share this post


Link to post
Share on other sites

This topic is 5620 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Guest
This topic is now closed to further replies.