Hello all, I am wondering how one may be able to change the CRC of a program on application launch. I know I can do it by recompiling m y program with minor code changes. But I need for each time I launch the application, its different from before, by CRC. Thanks, if any of you are able to help.

CRC is not an intrinsic property of an application. It is simply an elaborate sum of all bytes of executable.

Random CRC computed from application executable does not make any sense. Just use rand() to obtain random number. It will be exactly the same thing.

Yes I know what the CRC is. This is my situation, Im coding an add-on for a game.

And some people try to use cheats on this specific game add on. They are doing CRC

checks to see if my game has updated so they know to update their cheats so they

do not get banned. Ive seen this done before, changing the crc that is, and Im

thinking something along the lines of some sort of Packer/Crypter that modifies

some of the code, on assembly. Thus changing the CRC.

Is something like this possible? And how may I go about accomplishing it.

Not really. Once your application launches, you cannot modify the executable since it's locked. This is why patchers need to restart.

You could make a launcher that starts the real executable, but first appends random bytes before launching. Or add a random section in build process, and write garbage into that. But if someone is capable of modifying an executable, they'll circumvent this in 2 seconds flat.

Simply put, once you start dealing with people who can modify actual executable via code injection, reverse engineering, or similar methods, client-side protection fails.


The only way is something like Blizzard does. Inside your application, run an interpreter of sorts. Server then sends a script, which does something with local state. Checks variables, offsets, file contents, etc... It reports checksum of that. If this checksum matches checksum of same test performed server side, the client is assumed to be legit. If not, disconnect them.

All that's left then is to develop test generator, something that generates unique test for each client each time they log on - to prevent reverse engineering of tests and responding with fake data.

This isn't trivial, but it's as close to reliable validation as you can get. Again, you are dealing with people who can interact with running application, not your generic clueless user.

Quote:Original post by Antheus
Not really. Once your application launches, you cannot modify the executable since it's locked. This is why patchers need to restart.

You could make a launcher that starts the real executable, but first appends random bytes before launching. Or add a random section in build process, and write garbage into that. But if someone is capable of modifying an executable, they'll circumvent this in 2 seconds flat.

What do you mean by add a random section in build process and write garbage. Im not worried about someone reversing anything, just that the CRC is random every time. How might this be done.

On what platform? With which compiler?

Im using Microsoft Visual Studio 2008 C++

[Edited by - RogerThat123 on August 17, 2009 4:15:14 PM]

I am not worried about them excluding this "random" area of the code. That is no problem for me.

But what are these random areas where you put random junk in?

Can you give me an example?

Quote:Original post by RogerThat123
But what are these random areas where you put random junk in?

Under Win32 your safest bet is probably to set up a random, and otherwise unused, resource and update that (e.g. through the UpdateResource family of functions.) Unfortunately can't do it on a running executable so you'll either have to dynamically load and update a DLL, or go spawn a helper EXE for the update when terminating your application.

At any rate I wouldn't count on this method to protect you from any but the most inept of hackers.