Sign in to follow this  
tonymontana

Why all games have an cracked version?

Recommended Posts

Ý am very curious about how the games are cracked? why all games that are made by professionals get cracked? what are the techniques that are used for preventing crack? and what are the techniques that are used for cracking? is there any tutorial/book that teaches us how to prevent cracking if so please send this url..

Share this post


Link to post
Share on other sites

There is no standard technique for protecting it, except a bunch of easy to bypass CD checks. All the other stuff needs to be programmed by you.

And those games are cracked because there are people who don't want to buy the game and yet play it(Thus, illegal copying the game). By doing so, the author of the game loses POTENTIAL revenue, since not everyone who warez a game really intents to buy it.

Techniques to prevent games from being cracked can go to standard CD checks, up to sophisticated pieces of code that will make items disappear in a cracked version(Thus, making it impossible to progress in the game). There is some game that used that technique(I think Piro the Dragon, there's an article on it on Gamasutra) and it took crackers about 2 to 3 months release a completely cracked game. By then, the developer made most of it's profit.

Another option is to have a cracked/illegal copy apply double damage to the player, and multiply the damage done to enemies by 0.5. The game would become extremely hard to play, and for most players there would be no fun.

Use your imagination on this, and you can write a bunch of neat anti-crack protections.

Toolmaker

[Edited by - Toolmaker on November 12, 2004 9:03:16 AM]

Share this post


Link to post
Share on other sites
Proffessional games are cracked because people are determined to do so. If you are releasing a something like a shareware game though, it should not be as much of a problem. People use hex viewers to examine the contents of executables and create hacks that let people play without a CD, etc.

You can't really stop people from cracking your game, but a shareware game will probably not get as much attention from crackers as Doom 3 or Half Life 2, for example. Registration is sometimes used to try to stop the same copy of the game from being used on multiple computers, but even then crackers can write a program that generates a registration code for you, or modifies the program to make it think you have registered.

Quote:
Another option is to have a cracked/illegal copy apply double damage to the player, and multiply the damage done to enemies by 0.5. The game would become extremely hard to play, and for most players there would be no fun.
I would not recommend this. The crackers may not realise that their crack has failed, but overall this method could damage your game's reputation. Some companies such as Ubisoft have introduced systems like this that scan the hard drive of your PC for any software that could potentially be used to crack a game, and if so decrease the enjoyability of the game. To me it seems like the wrong solution.

Share this post


Link to post
Share on other sites
the only true fool proof way of preventing a game from being cracked (that i know of), is if the game has a way to connect to a server to verify that the game is a legit copy. unfotunately this only works with online only games like MMORPG's and FPS's. however, i heard HL2 single player will work this way. im thinking as we get further into the future, it will almost be expected all PC's will have a net connection, and so this method will be more common and successful.

the moral issue is that what if you legitamately want to play your game on a computer which has no internet connection.

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
the only true fool proof way of preventing a game from being cracked (that i know of), is if the game has a way to connect to a server to verify that the game is a legit copy. unfotunately this only works with online only games like MMORPG's and FPS's. however, i heard HL2 single player will work this way. im thinking as we get further into the future, it will almost be expected all PC's will have a net connection, and so this method will be more common and successful.

the moral issue is that what if you legitamately want to play your game on a computer which has no internet connection.


Even that can be "cracked", especially if it is only a check (a MMORPG type game would be harder, but then you wouldn't be as concerned about the client being stolen anyway, since your revenue is mainly the monthly fee)

The root problem is that the user has complete control over the client program, with enough time and effort that program can be modified to remove all safeguards. The only true solution is "Trusted Computing", a method where the hardware itself can tell a program if it has been tampered with via a cryptographic process (it is also possible to do this remotely with a system of keys, meaning you can also eliminate many game cheats in multiplayer games by allowing the server to verify a clean client). Since the hardware can't be tampered with like regular software checks, it becomes "uncrackable".

Share this post


Link to post
Share on other sites
i just can't understand because of i don't know enough programming how can they do crack.they are not getting my code and recompilig it? they have my game's compiled version? So they must have and .exe.Don't they see a binary code or something else when they try to open it?

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
the moral issue is that what if you legitamately want to play your game on a computer which has no internet connection.


Move onto another computer? What about just unplugging the wire?

I think that when you make your game unable to be viewed by hex-editor and there are no other ways to dig the disassembly from your distributable, like direct disc sectors address (some Linux hacker kiddie could easily do this. Especially if he's interested), then your game is uncrackable. And unlaunchable.

Quote:
Don't they see a binary code or something else when they try to open it?


They do. Binary code can be disassembled into assembly programming language. They do not bother decompiling it into C++ source or another high-level language. In fact - you're distributing your source with your .exe - it's source on its own, isn't it? The first computer programmers were doing only hex, right?

Oxyd

Share this post


Link to post
Share on other sites
Quote:
it is also possible to do this remotely with a system of keys, meaning you can also eliminate many game cheats in multiplayer games by allowing the server to verify a clean client


You got any links to articles/papers that explain how this works? I though there wasn't any fullproof method of verifying files over a network or does it require the extra protection hardware?

Share this post


Link to post
Share on other sites
Quote:
They do not bother decompiling it into C++ source or another high-level language.


Well, that's not true. You can NEVER get the original C/C++/Pascal (or whatever higher language than asm) source code back from a compiled assembly code since all the variables will change into adresses, the functions names will be mangled and many optimizations will be made, and therefore make the code a lot different than the original C/C++/Pascal code.

Share this post


Link to post
Share on other sites
Quote:
Original post by nife
Quote:
They do not bother decompiling it into C++ source or another high-level language.


Well, that's not true. You can NEVER get the original C/C++/Pascal (or whatever higher language than asm) source code back from a compiled assembly code since all the variables will change into adresses, the functions names will be mangled and many optimizations will be made, and therefore make the code a lot different than the original C/C++/Pascal code.


Or did I miss something?

Oxyd

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
[...]i heard HL2 single player will work this way. im thinking as we get further into the future, it will almost be expected all PC's will have a net connection, and so this method will be more common and successful.

the moral issue is that what if you legitamately want to play your game on a computer which has no internet connection.

there are still people w/o an internet connection and i wonder how they want to realize it. there will be a crack to remove this check or even fake a connection to a checking server. as long as protections are software there will always be cracks. and i don't think they can demand an internet connection for lan play because i often play with friends in rooms with no internet connection. the only way for software companies to make sure that ppl don't warez it is to make it playable over internet. i don't think single player mode can be protected.
i'm not a cracker and i don't know ppl who did any cracking the last 5 years. i guess if there is only a small protection like a cd test one could disassemble the .exe file and just jmp to the adress to which the program jumps if the cd test was successful.
but this is just a guess. google might prove useful. i guess there are tons of tutorials about cracking. the only problem will be to find serious ones under all the wannabe cracker sites who only prompt you to install their "download tool".

Share this post


Link to post
Share on other sites
I worked for a company that did software protection for a little while, so I think I can explain a bit. Keep in mind this is not an all case explination either, or I'm wrong all together in some case.

Quote:
Original post by tonymontana
Ý am very curious about how the games are cracked?


using a program to translate the games .exe file, a person will locate a portion of code that preforms a type of check, usually getting to a CD device and seeing if there is a file with a special name in a known location. simply locate the jump case and reverse it in most cases is fine (most older games only now)

Quote:
Original post by tonymontana
why all games that are made by professionals get cracked?


If you didn't buy the game, then you dont have the CD, so the check will fail.

Quote:
Original post by tonymontana
what are the techniques that are used for preventing crack?


Extra code to locate debuggers (the translating program), will stop the game from loading if the debugger is running. This makes it so they can only read the code, and cannot step thru it. Also common is encrypting portions of the code, and decrypting them when the program loads. The encrypted portions are often the check function, or data that it uses.

Quote:
Original post by tonymontana
and what are the techniques that are used for cracking?


Common to the encrypted method, is to make another program to 'hook' the game when it gets to the point just before the encrypted code is executed, they then assume that the next portion of code has been decrypted my the game already, copy the memory address to a file. Do this for all portions of encrypted code in the game.

Quote:
Original post by tonymontana
is there any tutorial/book that teaches us how to prevent cracking if so please send this url..


I forget off hand, but you might find something if you look for a specific topic on google.

Hope this helps.

Share this post


Link to post
Share on other sites
Release your game but delibertly make it easy to crack. Then release a couple of patches (that cracked uses can download automatically). A couple of weeks later after going retail, when you think you've got enough people you wanna fuck with, during peak hours release a patch that along with bug fixes/addons etc (so it looks like a normal patch) it also detects to see if the users game executeable is legit, and if not pwn them hard - depending on the level of retribution you administer you could get quite a few of the little buggers.

Or, undercover - release a crack for your own game - that also reports ip address of the users, then ban those ips from your servers.

Share this post


Link to post
Share on other sites
Quote:
Original post by mozie
simply locate the jump case and reverse it in most cases is fine (most older games only now)


What he means is find the place in the code where the check to see if the game is valid or not occurs. At some point in that stream, this occurs:

cmp [register]
jmp [GoodGame]
... [Proceed to tell user something's wrong.]

You change the hex code of the original executable to...

cmp [register]
jne [GoodGame]
... [Proceed to tell user something's wrong.]

and wham, your game runs. Yea, it's that easy. Find all those checks and you're good to go. That's a primitive way to do it, but it'll work.

A better way is to totally replace the checking function with your own, that always returns whatever is expected. This way you don't have to find all the checks -- you just have to isolate the function doing the checking. Since most of these protection schemes are prepackaged products the interfaces to the protection are exposed -- somewhere. Find it, replace it, you're golden.

This is why protection that is at a single point is not effective. The most effective protection right now is a scheme that peppers these checks throughout, with more than one place to check against the protection, and adjusting throughout. This is a real pain in the butt to find and do properly and since most "cracking groups" don't actually play the games they release, they may not even realize they have a bad crack for some time.

Quote:
Original post by tonymontana
Extra code to locate debuggers (the translating program), will stop the game from loading if the debugger is running.


This is easily bypassed in a lot of cases though. They only check for known debuggers, for instance, and known debuggers can be run with a little tweaking. Depending upon how the detection takes place you can change the executable name, process name, window name, etc.

Quote:

Also common is encrypting portions of the code, and decrypting them when the program loads. The encrypted portions are often the check function, or data that it uses.


Also easily bypassed because the decrypted code has to exist on the user's machine at some point, somewhere. Follow the registers, watch the program activity, dump the decrypted code to disk. Modify the code that loads and decrypts the code to load the decrypted code instead, crack the decrypted code.

The biggest problem with any sort of encryption system is that the user's computer has to have access to the keys necessary to decrypt the data. Even if you store those keys on a remote network server you can run Ethereal or another network sniffer and watch that data come in. Sure, you can encrypt that as well but that just means the cracker has to run a sniffing session a bit longer -- because the key to decrypt the key has to be sent at some point. If you're storing the key with the software then the person just needs to watch what memory the program accesses and what it does with it.

Quote:
Original post by tonymontana
and what are the techniques that are used for cracking?


Another method is known as DLL injection. This is also used for game cheats, etc. Basically you wait until the process is fully loaded and has checked itself out -- using the above techniques, memory checksums, etc. -- then you hijack the primary DLL's code. This way isn't used too often now as there are several ways to protect yourself against it, but it is effective many times.

You also have to face emulation. I'm a legitimate user of emulation -- I have my entire CD and DVD collection stored as ISO images on my server at home, 3TB or so of data -- but it is used for pirating. Here you emulate the copy protection scheme itself. So much time and effort goes into protecting the check as to whether or not the copy protection exists that much less effort gets placed on ensuring the copy protection you contact is the appropriate type.

For instance, Alcohol Software's CD software includes a virtual CD drive that can emulate the most common CD protections. It's extremely nice, I love it, but as a developer you may hate it.

Quote:
Original post by tonymontana
is there any tutorial/book that teaches us how to prevent cracking if so please send this url..


Learn how to do it, definitely. I can't/won't post links here but they're not hard to find. They're all over the Internet. Learn how the thought process occurs, learn what's done. There is no single way to defeat a crack, because there's no single way to crack. The crux of the matter is that as long as the code exists on an user's machine, it is crackable. You can encrypt, shift, move, check, do whatever you want -- but the processes, memory, hard drive, and CPU on my computer are under my control, all the time. You can't defeat that.

I personally believe that, for shareware, a private/public key pair is one of the best ways to proceed. Encrypt the portion of your software with a private key. When they register have them contact your server and send the private key necessary to unlock the software.

The attacks on this system are numerous, still. A person can register the software and track your key via network sniffing, creating a fake authorization program. (See the Zuggsoft proxy crack that existed for zMud some years back.) Or, they can register the software and then copy out the versions that are different from the public (shareware) and private (retail) release and use those differences to create a patch. They could also isolate and brute force attack your encryption on the original data -- though I wish them luck if your key length is any decent size.

I've played with memory checksums to ensure a function I'm calling is the appropriate one. That is, giving CheckProtection() whose compiled length is 38 bytes, the checksum might be 38F34C. Well now you can't replace CheckProtection() unless you replace either a) the checksum or b) replace it with a function with that same checksum. Modifying the checksum could be made painful by checking the checksum of the checksum table, or... well, you get the idea.

Chain as many ideas as you can together or do as I do and just don't worry about it. Screw 'em. The honest people will register it, the dishonest won't. I won't waste my time on producing something that has been proven to irritate customers (many CD protection schemes are incompatible with many drives, and some customers don't like being told to remove their CD-RW before they can play a game) and lose sales. Technical support at these companies is a joke and the hardware base that the protection companies test on is ludicrously small. You get treated like a thief at every opportunity even when you've bought the game. Screw that.

Treat your customers with respect, your players with respect, disregard those you know have stolen it, and move on.

NOTE: Intel and Microsoft's "Trusted Platform Computing" would make the control of my computer disappear when it is operating under someone else's software. You may view this as a benefit in the short term but I assure you - consider how many security problems are found by outside researchers and made public? Do you think those problems just go away because now no one is publicly researching them? Do you trust Microsoft, Intel, or even me to know what I'm doing on your computer at all times? I sure as hell wouldn't.

Share this post


Link to post
Share on other sites
You can think of cracking a program like stealing an English paper from the internet (something I would never do of course). You go find one about your topic, change the name at the top to your name.

If you took a paper from the internet, you'd probably be careful to change stuff like the name and date on it. You might even change the title. If you were smart (but not smart enought to write your own), you would read thru it and make sure the real auther didn't thank his wife or anything like that.

You can think of stuff like that as cracking protection. Basicly, the company writes its name on the exe (thru CRC check, encryption, ect), and then the exe "reads it thru" once to see if anything is out of place.

The only big difference between stealing a term paper and cracking a game is the language used. For school paper, its written in English. For games its written in machine code.

Share this post


Link to post
Share on other sites
Quote:
Original post by tonymontana
i just can't understand because of i don't know enough programming how can they do crack.they are not getting my code and recompilig it? they have my game's compiled version? So they must have and .exe.Don't they see a binary code or something else when they try to open it?
Ah yes, but doesn't the matrix just look like lots of green characters and symbols running down the screen to us? Yet the characters on the Matrix see what is going on.

Don't worry about it. If you don't know enough about programming to know how people might attempt to crack your code then you aren't going to be able to write any effective countermeasures.
I'm sure I've heard of real companies hiring hackers to find the weak points in their security. That's the best way to do it :-)

You probably wouldn't need to worry about countermeasures anyway. People probably only make cracks of best-sellers.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by iMalc
People probably only make cracks of best-sellers.


There are groups who specialize in everything, including niche market utilities such as auto shop POSes and doctor billing systems. If the program exists, there's a good chance a crack exists.

Share this post


Link to post
Share on other sites
There are some nice ways to prevent hacking.

A slightly simple hacking measure.

Step 1:
Look at This

Step 2: Make your own N, D, and E

Now that you've done that, do the following things:

Move the logic to a vm (good for some freeware games, not so good for other things. remember to hook your standered function, like your renderer, or other functions which need to go fast, from there.)

Make that vm use bytecode.

Assuming your bytecode uses single bytes,

Use dwords, and make all possible dwords, so that both words are valid opticodes.

Encrypt all the dwords, using the formula:
K = O^E mod n
where o is your opticode, K is the output, and n is your key.

make two arrays,
One with the encrypted version of the dword (K), and one with the decrypted version, (The two opticodes).

Once you've finished that,
For each opticode (which should be stored in the executable code, and hopefully as executable statements, just to be transfromed before this),
You look up its corresponding decryption value,
You use that value for execution.

Whenever you need a new value (ie. one that is out of program exec cache), you simply find it from the file, and decrypt it.

I would also recommend having one key per machine.
The machines hardware id's should be haashed, and that value used to find d.

See:
d = (x(p-1)(q-1) + 1)/e

You then make x, the value of
x = SH

Where s is a number made by the server, and stored on the program exe. H is the hash.

Just a thought.

Also, at any time where you hit a section where the hashed value (precomputed, stored on exe), is different to the current one, you know that it was made with another key.
You then use another key that you know to decrypt that section. (so for eg. you would have 1 key for the normal features, and another one for the second type.).
If you can't find another key, and the hash is still invalid, execute it anyway, it causes loads of hard-to-find faults.

This would certainly make it hard (but not impossible), for a crack attempt. Maybe for shareware?

From,
Nice coder

Share this post


Link to post
Share on other sites
Quote:
Original post by Toolmaker

There is no standard technique for protecting it, except a bunch of easy to bypass CD checks. All the other stuff needs to be programmed by you.

And those games are cracked because there are people who don't want to buy the game and yet play it(Thus, illegal copying the game). By doing so, the author of the game loses POTENTIAL revenue, since not everyone who warez a game really intents to buy it.

Techniques to prevent games from being cracked can go to standard CD checks, up to sophisticated pieces of code that will make items disappear in a cracked version(Thus, making it impossible to progress in the game). There is some game that used that technique(I think Piro the Dragon, there's an article on it on Gamasutra) and it took crackers about 2 to 3 months release a completely cracked game. By then, the developer made most of it's profit.

Another option is to have a cracked/illegal copy apply double damage to the player, and multiply the damage done to enemies by 0.5. The game would become extremely hard to play, and for most players there would be no fun.

Use your imagination on this, and you can write a bunch of neat anti-crack protections.

Toolmaker

In essense, what you're referring to is, if the game successfully detects that it's cracked, don't let the player know that it knows that... if you do, the cracker sees that and fixes it. So if you instead punish the player in subtle ways, you can be evil and really annoy him without a "real" cracked copy being released.

Of course, usually this method does not cause people to buy the game instead of download the cracked copy, because they don't know there's anything wrong with it... though their warez friends might tell them the game sucks, so they simply won't play it at all, which is better at least.

Share this post


Link to post
Share on other sites
I remember when Operation Flashpoint came out that it was meant to have special anti-crack technology (I think it was called FADE). The game would slowly degraded until it was unplayable, this sounds a bit like some of the ideas suggested in this thread. But does anyone know how effective this system really was?

Share this post


Link to post
Share on other sites
One old DOS game..I think maybe it was the first Lemmings game, or maybe a sierra title back in the day (this is like early to mid 90s) where the game was on 3.5 floppy and the floppy actually had a damn HOLE punched in it that the game looked for. If it didn't find the hole in the right place, it didn't run. How they fucking looked for a physical HOLE in the disk, I don't know...but that was a pretty tight copyright protection back then.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this