how do i hide ASCII strings from users who try to open up my game in a debugger to crack it?

Don't hardcode strings in your binary. Have them in separate files and encode them somehow.

However, if your security model relies on crackers never being able to get those strings, you're doing it wrong. Any time you have data locally where it is also decrypted locally there is literally nothing you can do to prevent people from getting access to the data: i.e. the decrypt key and the cipertext are both available to the attacker.

So anyway, just do what's in the 1st paragraph it's probably good enough

-me

obfuscation?

yeah... like Cosmic said, you can obfuscate your text by doing something like adding a constant 42 to all bytes in the string when its stored in your code.

When you use the string, you have to scan through and subtract 42 from every character to get the real string.

This makes it so the string isn't viewable in the exe.

HOWEVER, as palidine said, if you are relying on this kind of security, you are probably going about it the wrong way.

"Obscurity through obscurity" is what this is, and is definitely not a best practice for security! (:

Strings are one of the hardest aspects of a binary to hide. Any method of hiding strings will cause a performance drop, there is simply no way to have every string in a binary disappear without having to recover it before being used. However, many protection schemes offer some kind of protection, this article provides a method integrated into Visual Studio http://www.codeproject.com/KB/string/cxr.aspx.

Another method could be to have a file of all your encrypted strings and give each string an alias, such as STR_KILLHS-FFF3FF3GG33FDS (which might decrypt into BOOM HEADSHOT!) and then on runtime load that file into memory and decrypt the strings on a "as needed" basis and re-encrypt them once they are no longer in use.

I reckon obfuscate your code, then try and change all your code to 1's and 0's, so pretty much EVERYTHING in your code is just made up of 1 and 0.
However you go about that, I don't know, i'm not at that level of programming yet (or maybe I am, but I haven't even bothered with this yet), but i'm guessing that for a cracker, it'd be like going through a massive pile of confetti shredded paper and trying to put everything back together.
Then once they DO (IF they do) put it all together and make sense of it all. They have to get past your encrypted code.

It probably sounds like an awesome idea in theory, but as I said i'm just a beginner programmer and to make what i'm talking about possible, it most likely requires a hell of alot more work, especially for an entire program.

The alternative is to just let your game or software get cracked with no crack check at the start of the game, but have the game/software check to see if the exe file is cracked maybe a few minutes into the game, and have it be checked every few minutes.
If the check finds out the exe is cracked, then the bugs are unleashed, such as a massive memory leak, or any character stats being weakened (in the case of ARMA and ARMA 2, you would become extremely fatigued and inaccurate....oh and you'd randomly turn into a seagull or crow)or enemies had perfect accuracy etc etc.

I think there are HEAPS of ways to deter or stop pirates from cracking a program successfully, but those ways are just undiscovered or untested.

And i'm probably just sounding like I have absolutely no idea what i'm talking about right now, so i'll just leave it at that.

I guess the messier you make things in your code, the harder it will be for crackers to "clean it up" so to speak.

A cracker can always dump the memory of a running process and read all the strings conveniently decrypted by your own program.

Quote:Original post by nuclear123
how do i hide ASCII strings from users who try to open up my game in a debugger to crack it?

Don't put it on their computer. Once it is there they pretty much have all the time in the world to figure it out.

Quote:Original post by Storyyeller
It's generally a bad idea to intentionally degrade performance when cracks are detected without also putting up a message, because many users will think it is a real bug. Especially if the detection has false positives, that would give you a bad reputation among those affected.

Also, the crackers would probably just remove the detection code anyway.

You would make 100% sure to not have any false positive detection before the game/software is released.

Some of the games out there that have these deliberate bugs are accused of false-positive crack detection, but I don't have a doubt in the world that it's just pirates who are complaining, trying to drag the game down some other way (via spreading false information) or just having a cry because they just spend 20 hours downloading the game only for it to not work properly, hehe.
I'll jump back to ARMA and ARMA2 again. Both games were accused of having poor accuracy, and the player would get puffed too quick, and enemies were impossibly accurate, blahblahblah.....but it was all anti cracking bugs. Ones that I had not gotten on 5 different computers, ones that many of my legitimate paying friends had not gotten, but ones that my non legitimate buying friends DID get. As soon as I put a crack on my game however, BAM, I got all the bugs that were so very infamous, which resulted in needing to reinstall the game.

I know they are just 2 games, but it's pretty much been the case with every other game that has used a similar method. Like EA's "The Godfather" being a great example. It wasn't a bad game, it was pretty well polished minus a few little bugs, but as soon as you put a crack on it, WHAM, you can't sprint, once you get in a car, you can't get out of the car...oh and the car controls are reversed, and the car eventually explodes. Other bugs were that you would randomly just die on foot....i'm not sure what other anti-cracking bugs were out there, but I know these ones stopped pirates for several months. I also know that pirates seemed to be the only ones making the hundreds of threads in the support forum complaining about every single one of those crack bugs.
Then news articles were being released, accusing the game of being extremely buggy.

The only time legitimate buyers have really suffered is with securom and starforce (look at the Bioshock release for example). They more or less punish the legitimate buyers, while pirates basically toss the securom or starforce in the bin and play without a worry in the world.

Now the latest anti-piracy measure is from Ubisoft, and perhaps the worst anti piracy measure; make legitimate users have to login to the uplay server to play their games, even if the games don't have any form of multiplayer.

Some may know that ubisoft's uplay server crashed, leaving any owner of one of their later games stranded, while they wait for ubisoft to fix up their huge stuff up.
In the mean time...pirates roam happily in their game worlds. The pirates were playing those very same games without the need to be connected to the internet or some silly server which wasn't even running.

It makes you wonder why these so called AAA developers keep running to these anti-piracy/cracking measures, it's either out of desperation, or stupidity...or a bit of both.
They should be trying out new things, not new versions of the same things that haven't worked for years.