Sign in to follow this  

Copy Protection

This topic is 3862 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

The simplest method is probably just to hash some sort of sequentially assigned number, making sure there's some checksum bits.

It's probably not worth doing, incidentally. I'd recommend tying the registration key to the email address or username that the user signed up with, and then requiring them to input both the personal information and the registration key.

Share this post


Link to post
Share on other sites
Ravuya's suggestion is good. Something simple, like a modified popular hasher:

1. At registration, the user sends you their name and email address.
2. Your key generator concatenates them, removes non-alphabetic characters and appends a short, constant string if your choosing.
3. The resulting string is hashed up with an existing hasher (something simple like MD5, CRC64)
4. The hash is sent to the user as their serial.

Validation of the serial, on the user's end is simple: Recompute the key in the same way and compare the two in memory. This is the weakest link in the chain - anybody with a little debugging experience will be able to sniff out their correct serial as it is generated - but this isn't worth thinking about.

Perhaps the most important thing, though, is to make sure that you don't spend too long on the protection system. If you're product is worth pirating, it will be cracked. If not, then it won't. Either way, you're wasting your time by putting too many resources into it.

Admiral

Share this post


Link to post
Share on other sites
Quote:
Original post by lord_balron
Thanks guys, do you know of any sites that teach this?

There's really not much to teach. For the approach I described, you'll need to be able to do the following. Other approaches will require similar operations.

1. Receive text input from a stream source. std::cin would do the trick in C++.
2. Concatenate strings. std::stringstream's << operator will come in handy.
3. Format strings (std::replace_copy_if is a good option).
4. Use a hashing function on a buffer. First pick a suitable hasher, then find an implementation on the web.
5. Output the formatted result to a stream (std::cout).
6. Compare two strings (std::string's == operator).

If you're not using C++, tell us what language you are using. If you're still confused, you may be punching above your weight. Learn your language and its standard library in a tried-and-tested way, then start deciding what you'd like to do with it.

Admiral

Share this post


Link to post
Share on other sites
Quote:
Original post by TheAdmiral
If you're product is worth pirating, it will be cracked.


I'll point out that the cracker generally only attacks the protections that are obvious. Given a bad registration key, rather than post an alert message and quit you might simply let it pass but in-game make a few subtle changes; perhaps the user's inventory has a leak now... or a good chunk of the game code has been swapped with buggy ver 0.01 code...

Share this post


Link to post
Share on other sites
But then legitimate users are punished for mistyping their registration keys with no way of knowing they just made a typo.

Seriously people WILL crack your game if it's worth it so don't try to stop them

Share this post


Link to post
Share on other sites
This is true, but it won't be the first time a copy protection scheme has punished legitimate users. If you're cynical you could argue that theres plenty of precedent.

You could always leave the verification process normal and friendly, but detect at runtime if it has been perhaps bypassed by a crack? This topic needs someone with more experience to shed light on though. -?detecting modified code?

Share this post


Link to post
Share on other sites
Quote:
Original post by haphazardlynamed
This topic needs someone with more experience to shed light on though. -?detecting modified code?

We're straying from the point a little, but by far and above the most common way to verify code integrity is to calculate a hash (again, usually CRC) of the .text PE section, or a sub-range thereof. Finding memory bounds on this can be as simple as referencing the addresses of two functions that enclose the sensitive code, as in the source file (provided you've told the compiler not to use global optimisation). The hash is then compared against the predetermined hard-coded value. Of course, there's nothing to stop the cracker patching the hash value or even the integrity check itself, but such is the cat-and-mouse game of software cracking.

Admiral

Share this post


Link to post
Share on other sites
Quote:
Original post by cshowe
But then legitimate users are punished for mistyping their registration keys with no way of knowing they just made a typo.


Display a cryptic error message (the program has attempted to round a number to greater than 31 decimal places) after 5-10 min. of game play, and ask the user to contact your tech support email with their registration details. I wouldn't dump them out of the game though.
This will 'scare' off the people pirating the game, and allow you to guide the registered user to re-enter their registration code. You could also send them a 'patch' to fix their registration info.

Share this post


Link to post
Share on other sites

This topic is 3862 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this