Archived

This topic is now archived and is closed to further replies.

walkingcarcass

teasing hackers

Recommended Posts

[edit] People new to this thread should skip to the end of page 3, where the first round of good ideas is summarized.[/edit] technical details aside, assume you are working on a game engine designed to deter hackers. assume one feature is to delay expression of a detected cheat, making it harder to work out whether the hack worked. assume to create this delay, we corrupt or somehow alter the game behaviour so as to make it unplayable after a while. (to avoid pissing off potential customers, a crack detection message is eventually displayed to point out the game is hacked, not bugged.) what imaginitive things could be done in the meantime which are A) subtle, and B) likely to make the hacker REALLY angry? ******** A Problem Worthy of Attack Proves It's Worth by Fighting Back [edited by - walkingcarcass on February 4, 2003 7:17:33 AM]

Share this post


Link to post
Share on other sites
Indeed. A hacker is fundamentally non-destructive and tends only to look at information; a cracker is usually destructive and/or interested in changing things.

I think it would depend totally on the game. In an FPS - make the gun jam from time to time (added realism too ).

In an RTS - make units ocasionally unavailable for no apparent reason, or make units out of view disappear ("eh? I thought I had *three* tanks with those infantry..." gradually driving the player insane ).

In a game where time is important - for example, a racing game - tell the game that there are 50 seconds in a minute rather than sixty.

(You can have a LOT of fun with these :D )

Superpig
- saving pigs from untimely fates, and when he''s not doing that, runs The Binary Refinery.

Share this post


Link to post
Share on other sites
please people, bofor you start arguing whats a cracker over whats a hacker. please read http://www.tuxedo.org/~esr/jargon/html/The-Meaning-of-Hack.html from the New Hackers Dictionary (jargon file).



quote:

• If you are a writer or journalist, don''t say or write hacker when you mean cracker. If you work with writers or journalists, educate them on this issue and push them to do the right thing. If you catch a newspaper or magazine abusing the work `hacker'', write them and straighten them out (this appendix includes a model letter).



Share this post


Link to post
Share on other sites
Well, I think that a better way to handle hacking may just be to yell at the hacker as soon as anything''s detected- I can see people having nightmares over things like version changes tripping a "hacker detection". Also, you should probably try to make it clear to the player what they''re being punished for- if a game unceremoniously becomes unwinnable if someone tries to hack it, and players aren''t told that its'' because of the hack, then the game''s going to get a rumor for being unwinnable.

As for frustrating the hacker... There are lots of subtle ways to do that- I''d start by putting checksums on the game''s data files, nad then making certain flags and such not turn on if the checksums didn''t work out- such that the game does, indeed, become much harder to progress in. Eventually, you can give the player a "Winners don''t cheat"-type message to let them know why they''re having so much trouble.

Although, I might warn you that- sadly- after the first time that happens, said hacker probably isn''t going to keep playing your game, and they also may think twice about buying your game 2: the return of your game... So, all in all, it may not be a good idea. My suggestion is that you may want to limit yourself to encryption/checksums on data files and saved games, and perhaps a "This file has become corrupt" error message immediatley after the player has tried to open a modified one.

- HC

-- EMail: cloweh@rpi.edu
-- AIM: SeigfriedH

Share this post


Link to post
Share on other sites
Well, if you ever played Frontier (Elite II), you should be able to get a bit of inspiration there...

Basically, it works like this: From time to time, when you land in a spaceport, the police comes up to you and asks you to "prove that you''re the rightful owner of your ship" *hint hint*. So you enter some letter from the manual, and the game continues. If your answer was wrong, they''ll ask you again next time you land, and when you''ve given the wrong answer 3 or 4 times, the in-game police goes on about how stealing "spaceships" is very bad and not fair to those who make them, so they''re gonna make an example of you, and then the game just restarts, but disables all input from the player... Basically you then just sit around looking at the intro, but you can''t do anything except exit the game... It just doesn''t react if you try to do anything else... Since the police do those spot checks from time to time, even if your answer was correct, and you don''t get notified about whether or not your answer were correct, you have to play for some time before it catches you in any case. You can easily play for several hours before getting caught, meaning it''d take forever to find out if a crack worked.

Share this post


Link to post
Share on other sites
Yeah, I think that the best way to deter crackers is to make it hard for them to tell in a short amount of time if they have been succsessful... You might even try to anticipate some cracks and trick the cracker into thinking that they have succseeded... maybe only check for cracks 90% of the time... this way the cracker tries something.. and it doesn't work.. he tries something else... it doesn't work... tries one more thing... it WORKS!!!he doesn't notice a single problem... what he doesn't know is that the game just desided to not check for cracks this time...next time he tries to run the game... doesn;t work... No computer/programming problem is more annoying than one that is not consistant.

hopefully I made some sence...

"The only thing worse than not having that new _______ , is when some rich kid has it, but can't and/or doesn't appreciate it."-me
Tazzel3d ~ Dwiel

[edited by - tazzel3d on January 18, 2003 6:23:33 PM]

Share this post


Link to post
Share on other sites
A really simple way to slowly mess things up: Write a function that is inlined that picks a random byte in the memory space of the game and checks if it is writable. If so, it reads the value and sets it to a random value. Repeat every 10-15 minutes or so to slowly corrupt the memory space of the game.

Share this post


Link to post
Share on other sites
Okay ladies and gentlemen, I''d like to point out one final time to all those who do not understand.

A HACKER is involved with infiltrating systems for the retrieval of information. Whether their motives are good or bad or whether they''re malicious or not has nothing to do with this term.

A CRACKER alters software on a machine to bypass things like 30-day trials.

Most of the people you hear about that are "Hackers" are actually 12 year old script kiddies doing things like DoS attacks and running code to get buffer overflows and crap.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
quote:
Original post by neurokaotix
Okay ladies and gentlemen, I''d like to point out one final time to all those who do not understand.

A HACKER is involved with infiltrating systems for the retrieval of information. Whether their motives are good or bad or whether they''re malicious or not has nothing to do with this term.

A CRACKER alters software on a machine to bypass things like 30-day trials.

Most of the people you hear about that are "Hackers" are actually 12 year old script kiddies doing things like DoS attacks and running code to get buffer overflows and crap.


No.

Share this post


Link to post
Share on other sites
quote:
Original post by neurokaotix
Okay ladies and gentlemen, I''d like to point out one final time to all those who do not understand.

A HACKER is involved with infiltrating systems for the retrieval of information. Whether their motives are good or bad or whether they''re malicious or not has nothing to do with this term.

A CRACKER alters software on a machine to bypass things like 30-day trials.

Most of the people you hear about that are "Hackers" are actually 12 year old script kiddies doing things like DoS attacks and running code to get buffer overflows and crap.


Shut up and go read the jargon file. There''s already at least one link in this thread.

Share this post


Link to post
Share on other sites
Why are you telling me to shut up? Everything I posted was true, those are the correct definitions of what they are. Perhaps nowadays they''re scewing the meanings to fit whatever buzzwords the media has picked up on lately, but thats what they mean. An AP randomly just saying "No" to my post was ignorant.

Share this post


Link to post
Share on other sites
shut up the both of you

the issure here is that if there are only a few ways the game mutates in response to a crack, after a few attempts, the cracker will recognise them more quickly

what diverse/obscure/subtle ways can you think of to make life difficult for someone trying to figure out if their crack worked?

********


A Problem Worthy of Attack
Proves It''s Worth by Fighting Back

Share this post


Link to post
Share on other sites
I think that one of the best things to do is to make your crack checking only check for cracks say 75% of the time. or even make it so that it checks every 10 mins with a probobility of 25% of actually checking for cracks. If you make it time consuming for the cracker to determine if his crack has worked, it will take longer to make a good one. Also this way users that download cracked versions will get to try your game and see how cool it is but will find that it only works 10% of the time and the other 90% of the time it just gives nice messages telling them that the software has been cracked.

"The only thing worse than not having that new _______ , is when some rich kid has it, but can''t and/or doesn''t appreciate it."-me
Tazzel3d ~ Dwiel

Share this post


Link to post
Share on other sites
Have checks through out the game, but don''t inline the function. Write slightly different checks, that do different things. Mix and match all the nasty in-game tricks you can think of, but keep them subtle for as long as possible.

Share this post


Link to post
Share on other sites
quote:
Original post by Kohai
Have checks through out the game, but don''t inline the function. Write slightly different checks, that do different things. Mix and match all the nasty in-game tricks you can think of, but keep them subtle for as long as possible.


Well, you could make a macro that takes a few parameters and then you could effectively make it different each time while not being difficult to maintain (tho it would be hard to debug... maybe make it a function at first and turn it into a macro when it works). Actually, I''m in favor of using the checksum to control things. If you can be sure the checksum of X (part of the executable, a dll, whatever) will be Y, you can use Y in some calculates somewhere. Do that all over the code and if something is changed nothing works again. You would need to comment the code well and it would take a while to make an update because all the calculations involving checksums would need to be changed. Maybe make a nice automated tool that takes a compiled exe and generates checksums and changes the source with the proper numbers by scanning comments.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
I say forget the whole things, the word has two meanings and the meaning has to be decided based on context. what I think DOES need to be done is to have people realize there are two contexts

Share this post


Link to post
Share on other sites
who gives a shit?
hacker, cracker, cookie, triscuit. nobody gives a flying fuck.



back on topic:
in order to figure out how to stop these triscuits, we need to
think like triscuits. i''d be really helpful if one of them defected
over to ''our side'', or if we could get some sort of documentation
on how they went about triscuiting our games.

i''m fairly sure they monitor the executables (debuging) to see
which variables are getting changed, and at what address.. perhaps
we could confuse them by changing random variables that are irrelevant
to our games?

i dunno. anybody know anything about this stuff?

-eldee
;another space monkey;
[ Forced Evolution Studios ]


::evolve::

Do NOT let Dr. Mario touch your genitals. He is not a real doctor!

Share this post


Link to post
Share on other sites
I propose the new word "Dolorem" to describe the type of person that makes cheats and/or circuments game mechanics and logic (such as eliminating cd checks, or exploiting loopholes in the game). While "triscuit" works, it just doesn''t have the same feel.

In case you cared, I got "Dolorem" from a program I made that uses 4th order character statistics and fed it ~1MB of latin text, and randomly selected lines from the output file(the prog outputs around 10000 `words` randomly generated form the statistics) until I found that was neither too long nor too short that had a nice flow.

By coincidence, "Dolorem" is an actual latin word and means "pain, anguish, grief, sorrow; resentment, indignation" which is pretty funny cuz I didn''t look it up before I picked it from the list. =-)

Share this post


Link to post
Share on other sites
Jesus, people.... when did the Jargon file become some sort of freaking International Standard? 99% of people who talk about "hacker" mean someone who uses computers maliciously, including circumventing copy protection. So that''s what the word MEANS. Just because all you programmers think the word sounds cool and want it to apply to only you doesn''t make it the case. Language is DEFINED by popular use.


Don''t listen to me. I''ve had too much coffee.

Share this post


Link to post
Share on other sites
let some of the code be shuffled (to no effect) at compile-time according to the version number. also, only about 1/6th of the crack checks actually compile in any givern version.

release a (slightly diffent) version frequently but everyone must have the new version in order to play online

if a new version was released every 20 days, say, it would take a while to re-write all the cracks. if any regular users mysteriously stop playing for the few days after each new release, be suspicious.

********


A Problem Worthy of Attack
Proves It''s Worth by Fighting Back

Share this post


Link to post
Share on other sites