Another Piracy Thread

by **fast_rx** » Nov 21, 2003 @ 10:09pm

I released a game on Handango and PocketGear back in September that requires purchase.

Then on Oct 31st, I released a add-on pack for the "full" version.

I have noticed a huge amount of downloads of the add-on pack vs. the sales of the full version. Approx. a 78 to 1 (yes, 78 add-on packs vs. 1 sale) on PocketGear and 25 to 4 on Handango.

Are people that haphazard about not reading the requirements, or does that mean that my game has been a hit with the warez scene?

I would be interested if that is the case with crazy cart and the other games that have free add-ons.

Info on the game and links to PG/Handange is here if you're interested:
http://lejjo.4t.com

by **Datalore** » Nov 21, 2003 @ 10:26pm

by **sponge** » Nov 21, 2003 @ 10:42pm

by **denthorq** » Nov 21, 2003 @ 11:10pm

by **mlepage** » Nov 21, 2003 @ 11:14pm

by **fast_rx** » Nov 21, 2003 @ 11:20pm

by **denthorq** » Nov 21, 2003 @ 11:25pm

by **StarFury** » Nov 22, 2003 @ 2:19am

I noticed a jump in downloads of Galactic Assault the other day and on checking the warez scene I see that it has been cracked. They've added some code to the program to generate the required key. I think that its by some group/person called CSCPDA - quite busy by all accounts, if you do a google you'll see quite a bit of software under their banner.

by **StephC** » Nov 22, 2003 @ 9:53am

by **sponge** » Nov 22, 2003 @ 6:30pm

If your game slips under the radar, you won't see a crack either, but that's not something you can plan for.

by **StephC** » Nov 22, 2003 @ 6:47pm

by **torus** » Nov 24, 2003 @ 12:37pm

Hi.

Some month ago I had a funny idea to make it hard for the crackers: What do you think about this:

Write a little virtual machine, and put it into your game. Something that interprets byte language. You could use it for key-checking and also parts of your game code. If the cracker wants to bypass your virtual machine he will also break the game.

Now the fun starts: Write a bytecode interpreter for ancient languages such as Fortran or BCPL. The cracker will have a hard time to find out what's going on. Drawback: you need to move quite some code into the virtual machine to make it hard to find out which entry-point does which function.

Also a general hint from someone who cracked a lot of stuf for his personal fun (I never released stuff. I just did it to challenge my mind ... think about solving crossword puzzles).

NEVER EVER have code in your game where you display some message such as "you key is invalid" or so. These places are easy to find and it's a 5 minute job to find out where the function was called from. This will be just a few lines below your key-check. Your game will be cracked within minutes, even using the moronic EVC debugger.

by **StephC** » Nov 24, 2003 @ 2:04pm

I've lost my links to the good tutos on cracking techniques, but the following were easy to google, they are not very advanced, but it's a good start :

http://213.229.8.2/regen/ppc.htm

http://www.woodmann.com/fravia/tsehp_pocketpc.htm

The virtual machine thing is an old trick, and it can be quite efficient, you could even give a small program coded with this small language as your keyfile..

There is no limits to the ways you can obfuscate a program, I've read that it's hard for crackers to crack programs written in VB, 'cause it's a real mess...

by **Dan East** » Nov 24, 2003 @ 2:56pm

Interesting you posted about that, because I had just accidentally come across this article while searching for ARM debugging this morning:

http://www.inventati.info/pub/defcon11/ ... ie-RCE.pdf

Now that one looks pretty advanced.

Dan East

by **fzammetti** » Nov 24, 2003 @ 5:18pm

As an aside, the final project of my Assembly course in school some years ago was to write a program that the professor couldn't crack. This guy was an absolute master of Assembly and he stated that over a 20-year teaching career, he'd only come across three programs that it took him more than a week to crack, none that he couldn't in the end though.

Well, obviously for an overachiever (well, formerly anyway

), I took this as a major challenge.

The first thing I did is I wrote my program in the most massively confusing, inefficient and verbose way I could. It was a simple program: allow the user to enter a password, check it and say if it's valid or not. Should have been maybe, MAYBE, a 1K program at most. Well, mine was 138k.

That might have been enough, but I certainly wasn't satisfied. So, and I have to admit this was cheating a bit... I spent a couple of nights finding every old DOS compressor, obfuscator, encryptor or similar utility I could. I ran it through no less than 14 different programs!

Well, every now and again I get an eMail from this professor telling me he STILL has not cracked it! I think I gave this guy his white whale

But, to tie this in and make it relevant...

I'm wondering why nothing like this exists for PocketPC? Tools do exist to do much the same things to desktop PE files, but they don't seem to work on PocketPC executables (I've tried). I don't suspect I could write one (not enough time certainly and I'm not sure I could anyway), but I can't imagine making these tools work on PPC PE files would be that tough. Anyone know of source for anyway of them? And, more importantly, anyone willing to work on it?