Advertisement Jump to content
Sign in to follow this  
Norman Barrows

checksum / crc / md5 hash check game code in ram

This topic is 1752 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

How does one do a checksum / crc / md5 hash check on a game's code in ram?

 

Specifically, how do you find the address required, and what about page access violations?

 

I assume there's some sort of info available from either the process or OS as to the address of the code segment and its size, but have yet to find any info online.  : (

Share this post


Link to post
Share on other sites
Advertisement


Once you have a module handle, you can use it to retrieve the PE header of your EXE.

 

sweet!  PE header, just what i need!    : )

 

Apoch to the rescue!

 

Thanks man!

 

i take it that as long as i don't try to write to code pages (and stay in my address space), i won't have any access issues? no locking of pages, making lockable duplicates of pages, none of that kind of stuff?  truth is i try to stay away from windows programming as much as possible! <g>.  i can start directx and do a mode-less dialog box, that's about it! <g>.

 

but i do recall something about page access and locking and making duplicates of pages. 

 

and wading through the docs on MSDN... not very efficient.

Share this post


Link to post
Share on other sites


Attackers know to look for it.

 

Absolutely. I don't understand the point of it really. Chances are you are going to spend more time "securing it" than the kid cracking it. Don't delude yourself into believing you have control over such things.

 

That's my opinion anyway.

Share this post


Link to post
Share on other sites


What fun game features did you cut in the schedule in order to make the time?

 

getting paid! <g>.

 

i actually have to postpone release, and therefore realizing any profits, until the work is done. 

 

i can't afford two years of my life just to get cracked, like happened last time to the game.

 

but i'm never forced to choose between DRM and features.    DRM with no features is no game at all!

 

so DRM research comes at the beginning, so you know if you even have a chance of not getting cracked. assuming its an issue. this is the only title out of 15 or so i've had this issue with.

 

then you put in your 1-2 years building the thing (i type fast! <g>).

 

only when you see the light at the end of the tunnel do you begin DRM implementation.

 

In this case, i had figured out DRM for the release, but forgot about time bombing the beta.

 

then i got a response for my call for beta testers from the best possible type of tester:

a fan of the previous version. so now i have to get the beta ready right quick.

Share this post


Link to post
Share on other sites


What makes you think those are the functions people would target?

 

its the virtual machine code that will do the drm stuff.   and any disassember will show the system calls to gettime, getfiledate, and readsector.

 

you write a simple little VM with ops like getdate, get file date, and read sector for DRM stuff, and add, comp, etc for mundane stuff. you write little encrypted programs in the VM's  machine code to do drm related stuff, as well as run portions of the game, such as incrementing action counters (how long your sim has been asleep, etc). the VM decrypts , runs, then erases the code.  so if they bypass the whole vm, the game wont run. but they could still disable the DRM related ops of the VM. hence the idea of a checksum, etc.  but it occurred to me that it needn't be done in ram, unless i anticipate realtime attacks. and its only a beta. i don't think i have to go that far.   

 

 


Premature hack-proofing.

 

 

indeed.   but unfortunately, unlike premature optimization, you can't go back later and add it.   once the genie is out of the bottle, you can never get it back.

 

so you prepare your layers of defense if you expect trouble. this game was targeted in the past by crackers.  that incident cost me the company.   i can't let that happen again.

 

and they are layers of defense, not a sanctuary. eventually the castle will fall to siege. all you have to do hold out long enough until the new version is ready. But when you're talking about a game that's Skyrim sized, new versions are a non-trivial undertaking.

 

 

 

and by the way, if its a game, its "cracking", not "hacking" - apparently we're special! <g>

Share this post


Link to post
Share on other sites

it occurred to me that a check while in ram is only required to detect real-time attacks while running.    

 

a check of the exe file would be sufficient to detect if the DRM related code (or game code in general) had been modified, correct?

Share this post


Link to post
Share on other sites

If you really want to do some easy checksumming (it's hardly worth the trouble, as stated above), you can skip the complicated PE header stuff or querying page protections, and simply get the addresses of a couple of functions (as many as you deem worthwhile/interesting), round down to the next 4096-byte boundary, and checksum the next 4096 bytes. A page in which a function starts is guaranteed to exist and to be executable (which means it's also readable). 4k of code is already quite a bit, do that in a couple of well-chosen locations, and it covers quite a bit of your program.

 

That will obviously leave a lot of "holes", but the amount of protection that you can do beyond what a hobby cracker can rather easily circumvent is... very limited... and not worth the time you waste. But you can still implement a bare minimum hurdle in a straightforward and portable way. If you make the checksum function easy enough so it is inlined at different places, then hooking the checksum function isn't all that easy either. It'll take a bit of work to find 10-20 places spread out everywhere. Sadly, there's enough people who are bored enough and have both a desire for recognition as roxor haxor, and plenty of time.

Also, you must still store the information somewhere, which makes the whole checksumming thing a bit obsolete.

 

The only thing that could conceivably work without being cracked in under a day would be if you don't know the correct checksum at all. Such as, your game needs a particular constant (or several constants) to function properly. It never checks whether the checksum is correct, but it uses the results in some way (to dereference a pointer, or to call a function). Good luck debugging that.

 

Or, even worse, the constants could be hashed on a server, so the server returns some "magically derived" values that the program needs (the code for that isn't in the program at all, so it's impossible to reproduce the calculation). But of course, it will only take 1-2 additional days until someone figures that it's easy to cache the server's reply (if that is always the same one). Then the executable only needs to be patched to contain the constants without needing to run any checks at all.

Good luck in supporting such a nightmare product when you ship updates, too. It's probably 20 times as much work for you to maintain this than it's for someone to crack it.

 

 

 

a check of the exe file would be sufficient to detect if the DRM related code (or game code in general) had been modified, correct?

No. For example, you can write a simple launcher, create a suspended process, and use WriteProcessMemory. 10 or so lines of code, and checking the executable already fails.

Or, take care of the relocations and do everything in your own process space, so you can directly write to any address. It's none different from what exe packers like UPX do, too.

Edited by samoth

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!