Sign in to follow this  
Lenox

Obfuscation and general "Memory Protection"

Recommended Posts

Hey, I have a few questions about the above listed topics. 1.) What are -your- methods of obfuscation? 2.) Do you find obfuscation necessary in large games? 3.) Is there any way to stop other processes ( like a debugger ) from attaching to your game's processes? 4.) Is there any way to generally stop other processes from reading or writing to your game's memory? I'd like to see your answers to the above questions, and perhaps any additional opinions you have about these subjects. Thank you for your time, -- Lenox

Share this post


Link to post
Share on other sites
If I am worried about a program changing the memory in a process I own, i simply duplicate the memory into multiple areas of the heap, store vauge pointers, etc. then you can go in and check for differances. This is somewhat slow but it would get the job done.

You can set process security rights, but im pretty sure that can be averted.

As far as obfuscation goes, what good does it do to natively compiled applications?

Share this post


Link to post
Share on other sites
You could place a system hook on the debugger capabilities and monitor for attached debugger processes. It can be done, but it's easy to circumvent this hook aswell.

Eventually, a hacker will find a way around each security you build in. The harder it's to beat, the more popular it's will become in the hacker scene.

It'll end up as contest material there :).

Toolmaker

Share this post


Link to post
Share on other sites
Quote:
Original post by Toolmaker
You could place a system hook on the debugger capabilities and monitor for attached debugger processes. It can be done, but it's easy to circumvent this hook aswell.

Eventually, a hacker will find a way around each security you build in. The harder it's to beat, the more popular it's will become in the hacker scene.

It'll end up as contest material there :).

Toolmaker


But, the better your security gets the amount of hackers hacking that attempt to hack your game will slowly get lower and lower. Good security weeds out the script kiddies from the real hackers, and eventually, some real hackers will get annoyed and STOP trying, and when you weed out everyone possible, you can then start banning people.

Share this post


Link to post
Share on other sites
Quote:
Original post by Lenox
you can then start banning people.


well.... if you're a MMO (only game type that banning makes sense for) then you don't need any obfuscation. Everything should be checked server side so if the user has a hacked client it doesn't do anything.

Anything that's not an MMO type game (where there is a trusted server) will get hacked. It doesn't matter if 99.9% of hackers "give up". All you need is one to succeed and then your app is cracked with a friendly little exe out on the web. It certainly makes sense to have some verification checking in there just to weed out the casual cheater, but you can't otherwise prevent it.

If it's a single player game who really cares if people cheat? Piracy is another issue but cheating isn't really that big a deal.

-me

Share this post


Link to post
Share on other sites
Quote:
Original post by Palidine

well.... if you're a MMO (only game type that banning makes sense for) then you don't need any obfuscation. Everything should be checked server side so if the user has a hacked client it doesn't do anything.

Anything that's not an MMO type game (where there is a trusted server) will get hacked. It doesn't matter if 99.9% of hackers "give up". All you need is one to succeed and then your app is cracked with a friendly little exe out on the web. It certainly makes sense to have some verification checking in there just to weed out the casual cheater, but you can't otherwise prevent it.

If it's a single player game who really cares if people cheat? Piracy is another issue but cheating isn't really that big a deal.

-me



I really wouldn't call what I'm attemping to make an MMORPG, but an ORPG. ( It doesn't earn the title of MMORPG until it gets at least 1,000 players online at any point in time, so I just name a starting project like this an ORPG until I see if it succeeds or not ) I like how Sony deals with piracy for Starwars Galaxies. They make you enter a key, then they flag it as being used, so unless the user can modify the database or the place in code where it checks to see if the key is used, they're out of luck.

[Edit]

The reason I included Obfuscation is the title because I think I remember hearing about a different type of obfuscation, "memory obfuscation," where the effect is that addresses in memory are rarely ever the same, so it makes client-side hacking an even longer process. ( things like map hack if there's a map.. )

Share this post


Link to post
Share on other sites
Doesn't all this remind you of that movie with the phone call tracer, the trace busta and trace busta busta, lol...

Sorry it's my last day of my summer job and I have 30 mins left and nothing better to do =p

Share this post


Link to post
Share on other sites
Quote:
Original post by Lenox
Hey, I have a few questions about the above listed topics.

1.) What are -your- methods of obfuscation?

Frankly, IMHO, it's a waste of time.

Quote:
2.) Do you find obfuscation necessary in large games?

No.

Quote:
3.) Is there any way to stop other processes ( like a debugger ) from attaching to your game's processes?

No.

Quote:
4.) Is there any way to generally stop other processes from reading or writing to your game's memory?

No.

Quote:
I'd like to see your answers to the above questions, and perhaps any additional opinions you have about these subjects. Thank you for your time,

Basically, if your app runs on someones computer, they can do ANYTHING they want to it, and with a little time and experience, they can crack any possible memory protection you could devise. There are companies that spend tens of thousands of dollars (Microsoft) on copy protection just to have it cracked a few hours after it's released.

That being said, as others have said, if you have a multiplayer game, then server-side checks are your best bet.

Share this post


Link to post
Share on other sites
In windows you can set security attributes to your process to make it unwritable (and unreadable), thats what those programs that hide your app from the process list do.

Share this post


Link to post
Share on other sites
Quote:
Original post by Lenox
1.) What are -your- methods of obfuscation?

Obfuscation is a loosing battle.
Quote:
2.) Do you find obfuscation necessary in large games?

No.
Quote:
3.) Is there any way to stop other processes ( like a debugger ) from attaching to your game's processes?

You can make it harder, but again that's a loosing battle.
Quote:
4.) Is there any way to generally stop other processes from reading or writing to your game's memory?

Yes - running it remotely. A client can't poke around the memory of a server hosted on another computer for example. Otherwise, no.
Quote:
I'd like to see your answers to the above questions, and perhaps any additional opinions you have about these subjects.


Obfuscation is one of the worst methods of security. It's not even damage control, it's damage delayment. And it's much easier to bypass than it is to do - meaning for every N hours you waste, someone else only has to spend some factor of N hours in order to bypass said protection. Not only that, but the bad guys usually outnumber you.

There are two general security measures that come to mind as acceptable:

1) Damage prevention. If you have no security holes and don't trust the client to not lie about it's health, it's going to be rather hard for them to have god mode.

2) Damage control. This has two stages: detection and containment.
Detection comes in the stage of noticing damage - a player is going through walls, turning 180 degrees for an immediate headshot every 5 seconds, player has a lag pattern very consistant with a speed hack, etc.

Containment comes in when trying to deal with the problem. A common soultion is a serverwide ban - this minimizes damage to the single server. Another solution might be a clusterwide ban - a bunch of people agree to ban the same people. Banning occuring either by CD key or IP address, either temporary or permanent (permanent tends to hurt legitimate players however (who had their CD key "borrowed" or who get the same IP from their ISP at a later date), another form of "damage".

Share this post


Link to post
Share on other sites
Quote:
Original post by Daggett
Basically, if your app runs on someones computer, they can do ANYTHING they want to it, and with a little time and experience, they can crack any possible memory protection you could devise. There are companies that spend tens of thousands of dollars (Microsoft) on copy protection ...

Not to mention the various companies overseas that spend tens of thousands of dollars on hack and crack research - (I'm referring more to hardware cracking than software, but the theme remains).

Share this post


Link to post
Share on other sites
Quote:
Original post by stylin
Quote:
Original post by Daggett
Basically, if your app runs on someones computer, they can do ANYTHING they want to it, and with a little time and experience, they can crack any possible memory protection you could devise. There are companies that spend tens of thousands of dollars (Microsoft) on copy protection ...

Not to mention the various companies overseas that spend tens of thousands of dollars on hack and crack research - (I'm referring more to hardware cracking than software, but the theme remains).

Granted, but it's pretty easy to crack stuff if you have a little experience.

Share this post


Link to post
Share on other sites
Theoretically, you can't protect a game.

Practically, you simply need to make it take more effort to crack than it's worth. With a small game, that shouldn't be very difficult.

The practical solution does have a problem in that the effort it takes to crack can turn it into a challenge for a cracker, which increases the reward somewhat and means they will put more effort into it etc.

So, you need to make it not only difficult but also annoying for a cracker. One of the best ways to do this is to make it difficult to know whether the program has been cracked - I read a good example of this in some post-mortem (possibly Tropico?).

Share this post


Link to post
Share on other sites
Also, think about what you're trying to protect.
If you are trying to prevent writing to your game's memory, realize why you want that.

Is it to stop someone from cheating? In a single player game, why do you care? In a multi-player game: you have a server or other peers there, let them check for cheaters.

To keep your copy-protection in place: you're probably fighting the loosing battle referred to above.

To protect your code from being stolen: only give out exe's in release mode. It will be harder to copy and understand a substantial piece of code than writing it yourself.

Share this post


Link to post
Share on other sites
All that protection stuff is a waste. A friend worked on a commercial console title a few years ago that had all kinds of protection. They had all kinds of duplicate functions. 80% of the disk space was filled with fake files. Code that never got executed referred to the files. And a lot more. The game ended up cracked on the streets of China within a week of its US release date. Not only that, the hacker had figured out all the bogus files, removed them, and put 4 other games on the same CD.

The moral of the story: time spent trying to obfuscate your game is time wasted.

Share this post


Link to post
Share on other sites
I'm interested in this kind of security as well. I did a bit of searching a few months ago and found several commercial packages. In particular, I'm looking for protection for .NET applications.

http://www.chosenbytes.com/index.php
http://www.softwarekey.com/
http://www.crypkey.com/index.asp
http://www.oreans.com/
http://www.remotesoft.com/salamander/protector.html
http://thinstall.com/

Some of these companies claim that their security package has never been cracked. Software is cracked all the time, so I'm wondering whether most software security is lightweight and written by the original authors or whether these kinds of security packages are actually used. And if they are, are they really as good as claimed?

There is the option of using hardware dongles (key implemented in attachable device), but a software solution would be much better if it worked well enough. Well enough means that it would be more costly to crack the software than to purchase it.

If anyone has experience using an external security package, I'd be interested in hearing how well it worked.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
I am familiar with all of the protections and they all can be cracked. However, I would say that Themida form Oreans is your best bet because it forces the attacker to either write a custom device driver or use SoftIce (with lots of pain). Even then it will be difficult with all options turned on.

The others can be cracked in half the time at least...........

Share this post


Link to post
Share on other sites
Quote:
Original post by PaulCesar
In windows you can set security attributes to your process to make it unwritable (and unreadable), thats what those programs that hide your app from the process list do.
Yes, and a good hacker will just load up a kernel-space debugger and alter whatever they want reguardless of priveleges because the debugger runs in kernel space and can change permissions as it pleases.


Hardware protection of software only works as long as the 'malicious' software doesn't have "admin rights". It's a decent method of preventing computer illiterate people from changing your game. Anybody that knows how to use a web browser, though, will easily find cracks and cheats.

Softwre protection of software doesn't work at all (though of course you can activate hardware protection via software).


Whatever you do, make sure you don't screw those that are paying you for software. Part of the reason I've stopped buying games is because I'm tired of all the problems that commercial 'protection' causes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this