Copy Protection
The simplest method is probably just to hash some sort of sequentially assigned number, making sure there's some checksum bits.
It's probably not worth doing, incidentally. I'd recommend tying the registration key to the email address or username that the user signed up with, and then requiring them to input both the personal information and the registration key.
It's probably not worth doing, incidentally. I'd recommend tying the registration key to the email address or username that the user signed up with, and then requiring them to input both the personal information and the registration key.
Ravuya's suggestion is good. Something simple, like a modified popular hasher:
1. At registration, the user sends you their name and email address.
2. Your key generator concatenates them, removes non-alphabetic characters and appends a short, constant string if your choosing.
3. The resulting string is hashed up with an existing hasher (something simple like MD5, CRC64)
4. The hash is sent to the user as their serial.
Validation of the serial, on the user's end is simple: Recompute the key in the same way and compare the two in memory. This is the weakest link in the chain - anybody with a little debugging experience will be able to sniff out their correct serial as it is generated - but this isn't worth thinking about.
Perhaps the most important thing, though, is to make sure that you don't spend too long on the protection system. If you're product is worth pirating, it will be cracked. If not, then it won't. Either way, you're wasting your time by putting too many resources into it.
Admiral
1. At registration, the user sends you their name and email address.
2. Your key generator concatenates them, removes non-alphabetic characters and appends a short, constant string if your choosing.
3. The resulting string is hashed up with an existing hasher (something simple like MD5, CRC64)
4. The hash is sent to the user as their serial.
Validation of the serial, on the user's end is simple: Recompute the key in the same way and compare the two in memory. This is the weakest link in the chain - anybody with a little debugging experience will be able to sniff out their correct serial as it is generated - but this isn't worth thinking about.
Perhaps the most important thing, though, is to make sure that you don't spend too long on the protection system. If you're product is worth pirating, it will be cracked. If not, then it won't. Either way, you're wasting your time by putting too many resources into it.
Admiral
Normally I would've told you to Google this, but since I'm trying to get my rating up - here goes nothing;
Small codesnippets showing how to use the MD5CryptoServiceProvider class in .NET languages (this code is written in C#, but is easily translateable)
MD5 for C++
SHA1 Hash Implementation for C++
C# SHA1 Hash Implementation
C# HashTable tutorial
C++ HashTable introduction
Small codesnippets showing how to use the MD5CryptoServiceProvider class in .NET languages (this code is written in C#, but is easily translateable)
MD5 for C++
SHA1 Hash Implementation for C++
C# SHA1 Hash Implementation
C# HashTable tutorial
C++ HashTable introduction
Quote:Original post by lord_balron
Thanks guys, do you know of any sites that teach this?
There's really not much to teach. For the approach I described, you'll need to be able to do the following. Other approaches will require similar operations.
1. Receive text input from a stream source. std::cin would do the trick in C++.
2. Concatenate strings. std::stringstream's << operator will come in handy.
3. Format strings (std::replace_copy_if is a good option).
4. Use a hashing function on a buffer. First pick a suitable hasher, then find an implementation on the web.
5. Output the formatted result to a stream (std::cout).
6. Compare two strings (std::string's == operator).
If you're not using C++, tell us what language you are using. If you're still confused, you may be punching above your weight. Learn your language and its standard library in a tried-and-tested way, then start deciding what you'd like to do with it.
Admiral
Quote:Original post by TheAdmiral
If you're product is worth pirating, it will be cracked.
I'll point out that the cracker generally only attacks the protections that are obvious. Given a bad registration key, rather than post an alert message and quit you might simply let it pass but in-game make a few subtle changes; perhaps the user's inventory has a leak now... or a good chunk of the game code has been swapped with buggy ver 0.01 code...
But then legitimate users are punished for mistyping their registration keys with no way of knowing they just made a typo.
Seriously people WILL crack your game if it's worth it so don't try to stop them
Seriously people WILL crack your game if it's worth it so don't try to stop them
This is true, but it won't be the first time a copy protection scheme has punished legitimate users. If you're cynical you could argue that theres plenty of precedent.
You could always leave the verification process normal and friendly, but detect at runtime if it has been perhaps bypassed by a crack? This topic needs someone with more experience to shed light on though. -?detecting modified code?
You could always leave the verification process normal and friendly, but detect at runtime if it has been perhaps bypassed by a crack? This topic needs someone with more experience to shed light on though. -?detecting modified code?
Quote:Original post by haphazardlynamed
This topic needs someone with more experience to shed light on though. -?detecting modified code?
We're straying from the point a little, but by far and above the most common way to verify code integrity is to calculate a hash (again, usually CRC) of the .text PE section, or a sub-range thereof. Finding memory bounds on this can be as simple as referencing the addresses of two functions that enclose the sensitive code, as in the source file (provided you've told the compiler not to use global optimisation). The hash is then compared against the predetermined hard-coded value. Of course, there's nothing to stop the cracker patching the hash value or even the integrity check itself, but such is the cat-and-mouse game of software cracking.
Admiral
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement