Jump to content
  • Advertisement
Sign in to follow this  
Zoomby

copy protection & code obfuscation

This topic is 4499 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi, Where can I learn something about copy protection & code obfuscation with binaries compiled with C++. What tricks are used to write code that is hard to crack or reverse engineer? Edit: BTW, I always wanted to learn some reverse engineering basics, can you recommend some tools that are commonly used? bye, Chris

Share this post


Link to post
Share on other sites
Advertisement
Tools that are used today to reverse engineer an application are really helping software cracking. As a consequence, it is harder and harder to protect your code against cracking (I would say nearly impossible, in fact). Since protection schemes that may help you might also annoy yout customers, I strongly encourage you to limit casual pirating (activation through a network identification might help) rather than trying to develop a ubercomplex anti-piracy scheme.

If you are going to sell an expensive software, you can consider using an USB protection key (Hasp ones are good).

For your second question, I found a web site where you can learn everythign about anything - its name is rather funny, but it is really filled with loads of informations. It is called google [grin].

Regards,

Share this post


Link to post
Share on other sites
Quote:
Original post by Zoomby
[...]Edit: BTW, I always wanted to learn some reverse engineering basics, can you recommend some tools that are commonly used?[...]
IDA Pro from DataRescue is pretty much the best and most-used reverse engineering tool there is. Unfortunately, the least expensive version is nearly $500. Luckily, they are kind enough to have a freeware version (and also a per-run-time-limited demo, but it times out too fast for me). The freeware version is 4.3, and the latest full version is 5.0, so there is obviously a lot missing from thefreeware version, but it's far better than nothing.

Since the freeware version doesn't include debugging capabilities (it only does disassembly), you can use freeware tool OllyDbg for run-time analysis.

Share this post


Link to post
Share on other sites
Quote:
Where can I learn something about copy protection & code obfuscation with binaries compiled with C++. What tricks are used to write code that is hard to crack or reverse engineer?


Start reverse engineering. There is no other real way.

Without understanding the problem, you cannot address it. Books give good overview, but with these topics, the devil is only and only in details.

If you want to develop and use effective protection (not just deter casual script kiddie type hacking), you will need to invest a lot of time.

Generally, obfuscation is not viable, and copy protection only matters as long as its costs don't outweigh the profits. If your product is interesting enough, it will be cracked in a matter of days. Even the best protection schemes out there only last weeks tops. Unless you can benefit from that, you gained nothing, and you just risk additional errors from protection itself.

A large ammount of copy protection can also be bypassed at run-time only, so you can simply use run-time debugger to look at unobfuscated code, or side effects of encryption/obfuscation to bypass it.

Hardware dongles seemed reliable, until people simply create dummy authentication code.

Various challenge/response schemes fail if they don't get called at all.

Embedding signatures and protecting content does not stop run-time attacks.

Some of the most protected software packages with hybrid protection schemes out there apear to be easiest to crack.

Despite that, I still advocate doing reverse engineering yourself is best way to truly understand the problems (not to mention learning assembly, low level system details, compiler specifics, internal workings of applications, and lots more fun stuff). But in the end, make sure to balance the protection schemes to savings they will provide you with.

Online content (not downloadable, but client/server) is the only truly secure option.

Share this post


Link to post
Share on other sites
Thanks for the great replies!
Well, I think Antheus is right. If even the most clever code (surely made by very experienced people) will be cracked within a few weeks, it seems senseless to brood about how create code which is hard to crack...

Share this post


Link to post
Share on other sites
You CAN'T stop a real hacker from cracking your code so don't waste your time with fancy tricks unless you have a lot of free time.

You CAN stop Sally Homemaker who doesn't know computers from cracking it. Just do some simple protection and you'll cover 90% of the people. Anything that takes you more than a couple days to implement is too much work.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
People have already mentioned not trying *too* hard unless there is a very good (monetary) reason to secure your program. If there is such a reason, however, there was a good article at gamasutra about copy-protection in Spyro (some game I never played). One very good thing that they did was not make it obvious whether the game/software/whatever has been cracked or not: people would play a supposedly "cracked" game halfway through before they realized it was broken in some way. It also involved inlining lots of protection code all over the place, and checking runtime images randomly.

It was a lot of work, and I belive it took some cracking group about three whole weeks to get a working crack out.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!