Jump to content
  • Advertisement
Sign in to follow this  
RogerThat123

Random CRC on Application Launch

This topic is 3324 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello all, I am wondering how one may be able to change the CRC of a program on application launch. I know I can do it by recompiling m y program with minor code changes. But I need for each time I launch the application, its different from before, by CRC. Thanks, if any of you are able to help.

Share this post


Link to post
Share on other sites
Advertisement
CRC is not an intrinsic property of an application. It is simply an elaborate sum of all bytes of executable.

Random CRC computed from application executable does not make any sense. Just use rand() to obtain random number. It will be exactly the same thing.

Share this post


Link to post
Share on other sites
Yes I know what the CRC is. This is my situation, Im coding an add-on for a game.

And some people try to use cheats on this specific game add on. They are doing CRC

checks to see if my game has updated so they know to update their cheats so they

do not get banned. Ive seen this done before, changing the crc that is, and Im

thinking something along the lines of some sort of Packer/Crypter that modifies

some of the code, on assembly. Thus changing the CRC.

Is something like this possible? And how may I go about accomplishing it.

Share this post


Link to post
Share on other sites
Not really. Once your application launches, you cannot modify the executable since it's locked. This is why patchers need to restart.

You could make a launcher that starts the real executable, but first appends random bytes before launching. Or add a random section in build process, and write garbage into that. But if someone is capable of modifying an executable, they'll circumvent this in 2 seconds flat.

Simply put, once you start dealing with people who can modify actual executable via code injection, reverse engineering, or similar methods, client-side protection fails.


The only way is something like Blizzard does. Inside your application, run an interpreter of sorts. Server then sends a script, which does something with local state. Checks variables, offsets, file contents, etc... It reports checksum of that. If this checksum matches checksum of same test performed server side, the client is assumed to be legit. If not, disconnect them.

All that's left then is to develop test generator, something that generates unique test for each client each time they log on - to prevent reverse engineering of tests and responding with fake data.

This isn't trivial, but it's as close to reliable validation as you can get. Again, you are dealing with people who can interact with running application, not your generic clueless user.

Share this post


Link to post
Share on other sites
Quote:
Original post by Antheus
Not really. Once your application launches, you cannot modify the executable since it's locked. This is why patchers need to restart.

You could make a launcher that starts the real executable, but first appends random bytes before launching. Or add a random section in build process, and write garbage into that. But if someone is capable of modifying an executable, they'll circumvent this in 2 seconds flat.




What do you mean by add a random section in build process and write garbage. Im not worried about someone reversing anything, just that the CRC is random every time. How might this be done.

Share this post


Link to post
Share on other sites
The only way to make the CRC change is to make the program's binary image on disk change. The only way to do that without corrupting your program is to include "extra" areas in the program image that you can write random junk to each time. The problem with that, though, is that the hackers will just start excluding those areas of the DLL from their CRC check.

And if you have a "launcher" executable which modifies the CRC, the hackers will just disable the launcher so that it doesn't modify anything.

The only way, really, is to release - with significant changes - more often. Anything else that you do is just going to be an arms race where the hackers are always one step ahead.

That, or you give hackers less of an incentive to hack the game. That's a domain-specific problem, though.

Share this post


Link to post
Share on other sites
I am not worried about them excluding this "random" area of the code. That is no problem for me.

But what are these random areas where you put random junk in?

Can you give me an example?

Share this post


Link to post
Share on other sites
Quote:
Original post by RogerThat123
But what are these random areas where you put random junk in?
Under Win32 your safest bet is probably to set up a random, and otherwise unused, resource and update that (e.g. through the UpdateResource family of functions.) Unfortunately can't do it on a running executable so you'll either have to dynamically load and update a DLL, or go spawn a helper EXE for the update when terminating your application.

At any rate I wouldn't count on this method to protect you from any but the most inept of hackers.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!