Sign in to follow this  

Software protection newbie question

This topic is 4017 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Ok, I made a game with embedded visual basic 3 for HP IPAQ PDA. I have a couple of questions on software protection concepts: 1. Generally I should create a file with some encryted numbers and put it with a folder with a obscure name and hide it somewhere in the registry of the PDA, correct? I should not hide the file in a folder that have my program name because hackers can easily find that file and copy the contents of the file, correct? 2. For (1), generally which is the best folder to put in the encryted numbers? I don't want to mess up the registry. 3. I feel really uneasy messing with the registry of my PDA; I have never done it before. I thought about putting 5 encryted password in 5 separate text file and hide them somewhere in 5 windows or programs folders. Good idea? 4. Do I need to scramble the evb3 code? 5. Is this all there is to software protection? 6. Any good links? Thanks

Share this post


Link to post
Share on other sites
Quote:
Original post by CRAZY COCONUT COW
Generally I should create a file with some encryted numbers

Is this all reference to a serial number? Or what do you mean by encrypted numbers?

Share this post


Link to post
Share on other sites
Quote:
Encrypted numbers.
My game looks up for the PDA's serial number in hpAssetViewer.txt

Why? Maybe I am missing something, but this doesn't make any sense to me. The serial number of the PDA will vary depending on the PDA...So I just don't see how this is going to protect your game in the least.

Share this post


Link to post
Share on other sites
Aight I'm glad I didn't miss something. At the OP.

If you are really worried, just do a serial check: Ie take the user's name. Hash it a couple of different ways (or w/e tickles your fancy) then compare the generated number to what the user inputed. Isn't perfect, but it'll stop the casual user from being a dick. Besides, most people don't reverse PDA softs...

Share this post


Link to post
Share on other sites
Urgh.

I hate it when someone asks "how do I do X" and all the replies say why you shouldn't do X and instead do Y.

the OP doesn't ask IF he should use copy protection... so saying he shouldn't is sidetracking the thread.

So my reply:
Yes, you probably shouldn't bother because PDA software is cheaper (and the market fragmented by brands) so most crackers won't even touch it.
You might, however, want a simple copy protection to deter trivial copies, the drag-and-drop kind. So don't get overly elaborate, just make it non-trivial. If a good cracker takes a jab at it, he'll probably get it anyway despite of your efforts.

And no, I don't know how to do it. I just stopped by to whine ;)

Share this post


Link to post
Share on other sites
Damn man, I don't even know wtf the OP is talking about "Encrypted Numbers". Hell, PI is encrypted space age technology for all we know :P Then people just suggested not to use this method (reasons given) and use a different way. =) Just trying to help!

Share this post


Link to post
Share on other sites
Quote:
Original post by CRAZY COCONUT COW
3. I feel really uneasy messing with the registry of my PDA; I have never done it before. I thought about putting 5 encryted password in 5 separate text file and hide them somewhere in 5 windows or programs folders. Good idea?


Not really. Isn't the whole point of the registry to give applications a central place to write too that is easily backed up etc.?

I know the web is littered with "Editing the registry may damage your system" warnings but it isn't really that dangerous. Just look up the APIs to use.

It doesn't really matter whether you hide the files somewhere or use registry keys, a cracker would see the calls to either the registry or file and find them easily.

Share this post


Link to post
Share on other sites
"It doesn't really matter whether you hide the files somewhere or use registry keys, a cracker would see the calls to either the registry or file and find them easily."

What?! What should I do then? Don't tell me there is no need to protect my crappy game, I made it for my company.

Share this post


Link to post
Share on other sites
Quote:
Original post by CRAZY COCONUT COW
"It doesn't really matter whether you hide the files somewhere or use registry keys, a cracker would see the calls to either the registry or file and find them easily."

What?! What should I do then? Don't tell me there is no need to protect my crappy game, I made it for my company.



You can certainly attempt to protect it (the choice is entirely yours), you just have remember more than likely it can be cracked. Computers are pretty open, anything you can do someone can reverse engineer, decompile, or dump from memory. It's impossible to protect your program when the user can get the same access to the system. Encryption fails because you, in addition to providing the algorithm, must also provide a key in some form or no one is going to be able to use your program. All I am saying is it's pointless to be overly elaborate. Your protection scheme will depend on what you want to try and prevent. Chances are unless your games get really people likely aren't going to bother to hacking it, so I'd just go with serial number.

The only link I have on the subject is a Gamasutra article on how Insomniac games tried to protect Spyro: Year of the Dragon.

Keeping the Pirates at Bay:
Implementing Crack Protection for Spyro: Year of the Dragon


I think the key to this going to be making acquiring a legit version more attractive than pirating it.

Scheiner's Law, "Anyone can come up with a security system so clever that he himself can't see any means of bypassing it".

[Edited by - prh99 on December 15, 2006 4:36:43 AM]

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Why bother, if you don't have something better to do go visit some galery, or public library. With your current knowledge you'd just annoy users.

Raghar

Share this post


Link to post
Share on other sites
Quote:
Original post by CRAZY COCONUT COW
"It doesn't really matter whether you hide the files somewhere or use registry keys, a cracker would see the calls to either the registry or file and find them easily."

What?! What should I do then? Don't tell me there is no need to protect my crappy game, I made it for my company.


Whatever you do, _don't_ put any trash into system directories. That would make your progam pollute the system. A good way of protection would be to require registration of your program. You display the serial number and ask the user to enter it on a web form, then enter the resulting code into the application. The code you return should be an encrypted version of the original serial number. Store this code into the registry or into a text file _in_the_same_ directory as your program. The program should check for this code, decrypt it with a key burnt into the program, and check if it matches the serial number. If it doesn't, then it should prompt for registration. Registration can be fee driven or free, depending on the game. Retail boxes can use a device serial number and game serial number combination to allow one activation per box. Pay to activate programs use only the device serial number and ask for money on each activation. (microsoft uses the first for retail boxes and the 2nd one for corprate licenses)

Share this post


Link to post
Share on other sites
Quote:
What?! What should I do then? Don't tell me there is no need to protect my crappy game, I made it for my company.


What you're proposing won't work for a number of reasons:
- It's trivial to find out which files a process has opened
- To use the encrypted data you'll have to decrypt it into memory. It can then be read by any would be hacker
- The approach in general is unsound: you're placing the encrypted data, the decryption key and the decryption algorithm on the user's machine. What's to stop a hacker from finding all those then using them himself?






Share this post


Link to post
Share on other sites
Sigma gave you pretty much the only reasonable way of doing it.
No matter which protection you put in place it will be cracked, and rather easily. Dont spend too much time brooding on an uncrackable, or hard to crack, way, since it'll prolly end up costing you more in R&D costs than it saves you.
Generate a serial from the username and machine id, store this somewhere you can easily get it. No use trying to hide it, since if someone wants to find it they will in a matter of minutes, and well.. what would be the point?

Share this post


Link to post
Share on other sites
Quote:
Original post by CRAZY COCONUT COW
A question:If the cracker can find the encryted numbers pretty easily, why even bother to encryt it, the cracker can just copy it in the registry and paste it on the registry of another PDA


The goal of copy protection is not to beat crackers, its to prevent casual users from copying your software or possibly to delay the crackers as much as possible.

however for a independant PDA game you really don't need to go overboard as most crackers focus on big PC titles. (Thus a simple system that keeps casual users from copying is enough), and since your title isn't highly anticipated by the general public there is no need to try to delay the crackers either.

For a big AAA title the first couple of weeks are critical as many gamers want to play asap and are thus more likely to buy it if the cracked version isn't released quickly, for a smaller title it really doesn't matter, people will either buy it or wait until its cracked (or simply ignore the title entierly).

Multiplayer games are ofcourse different since you'll either manage the serverlist or the servers. (which allows you to validate the serials and prevent more than one user from using the same key at the same time)

Share this post


Link to post
Share on other sites

This topic is 4017 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this