Java .class files safe?

beowulf03809 · August 4, 2006, 4:08pm

I’m worried from these statements that you’re considering Java unsuitable for single-player games because it’s “less secure”? I would counter that there are probably no ( quality ) single-player games written in C++ that have not already been cracked. Some show up on P2P systems days after release ( sometimes even days BEFORE release ). In addition to just having download-n-play versions floating around for anyone with the bandwidth and knowing where to look, I have seen various resources ( graphics and sounds ) from such games used on web sites and emails.

As long as the user has physical access to the code the program is going to be hacked if someone wants to. Trying to avoid this is right up there with the record company trying to “protect” music or Hollywood trying to “protect” movies. It will deter but it will not stop. The only way to guarantee your game is never hacked after release is to produce a game so poor that no one wants to put in the effort. Otherwise, you should do your best to secure it against the efforts of less skilled folk and maybe some extras ( “call home” stuff, etc ) to deter the next level, and just accept that if you made a quality product some people will pay for it and others will steal it.

kevglass · August 4, 2006, 4:28pm

The question is how much of a deterent are Java class files that decompile into reading source compared to native binaries.

It’s definitely easier in Java to crack software with no online protection. This doesn’t mean it’s more or less likely to happen though. That’s determined by how good your game is.

I’d suggest spending less time on worrying about security and more time worrying on making the game good enough that people want to crack it. It could almost be considered a badge of achievement - you went to the effort of cracking my game - heh, it must be good

Kev

Death33284 · August 4, 2006, 4:55pm

So true… When people try to get enough protection on software (coughstarforcecough) it just ends up being a problem for even regular users. Go the route that even Elder Scrolls IV: Oblivion took, no real protection at all. They knew they had a great game, why delay the inevitable with protection and even though there was no protection they sold millions of copys.

kingaschi · August 4, 2006, 7:32pm

Just because there is no copy protection does not mean people are not paying for it anymore. Just because I see an unlocked bicycle on the street does not mean I am going to steal it.

It is still illegal to distribute copyright protected software - most people will pay for your product: Better worry about writing a cool game … 8)

Ask_Hjorth_Larsen · August 5, 2006, 12:21am

Just write your game in Malbolge instead of Java. Problem solved.

http://en.wikipedia.org/wiki/Malbolge

Markus_Persson · August 5, 2006, 11:34am

haha, I guess that actually WOULD solve the problem.

Now the problem is just managing to write a game in malbolge…

Jeff · August 5, 2006, 7:57pm

And keep in mind that in this case 90% security (security against 90% of the users) is no better then 10% security.

As soon as any ONE person cracks your code, its open.

Welcome to the world of the internet.

zingbat · August 5, 2006, 11:39pm

There is one type of copy protection that can cracked (of course) but will annoy the hell out of hackers. At least it will make them play the entire game which they may not like and give up on cracking the game.

At the beginning of the game ask for the game key and save it somewhere on disk. But don’t place this check only at the beginning of the game. Scater silent checks all over the game code and in several, more or less advanced, stages of the game. This forces the hacker to analize the entire code and play the game from start to finish. Also don’t terminate the game immideatly after an hacked game is detected.

Riven · August 6, 2006, 12:16am

I read an article on a game that Sony built years ago, that removed certain key-elements from the game that prevented you from finishing certain levels.

This ‘delayed’ the first working crack a few months, which for an AAA title might actually increase revenue.

But for anything non-AAA, every brain-cycle spent on clientside-protection is wasted.

Orangy_Tang · August 6, 2006, 12:25am

That’d be Spyro and it’s sequel, the article is on gamasutra and pretty much essencial reading for anyone doing crazy hack prevention. Some really clever stuff, most of which isn’t possible in Java code (or even on a pc). IMHO though all it really proves is that everything will eventually be hacked, and no copy protection is entirely non-intrusive when it comes to normal development. The real question is how much development time you’re willing to spend on it (and so how much you’re willing to take away from actual ‘proper’ development).

zingbat · August 6, 2006, 11:46am

That would depend on how much piracy would take away from your potential profit. Its so easy to pirate anything (just do a torrent search).

Evil-Devil · August 8, 2006, 10:57am

On Client SIde there can be as many cheat/hack tools as the user want. I would not care. Only mp games are really important.
For the hashcheck, how to send another hashvalue when the package access is locked? I thought as long i have a link to a file it can not be changed by third applications. The filesystem will prevent that behavior. Am I wrong with that?

Markus_Persson · August 8, 2006, 11:33am

[quote=“Evil-Devil,post:32,topic:28074”]
Yes.

Here’s a dead simple way of doing it:

Decompile the classes
Search for “java.io” or “javax.nio” to find all places that use the network
Refactor method and variable names to best guesses from there using Eclipse or another ide with good refactoring support. Repeat until the code starts to make sense.
Find the place that checks the hash, copy the code to a new project, and run it on the original files.
Modify the code in any way you want (infinite ammo, double running speed, whatever)
Modify the hash-sending part to send the hash of the original files
???
Profit!

All you need is knowledge of the tools, and some patience.
There is no way to enforce client-side security. Seriously.

In Wurm Online, we obfuscate the classes and try to keep things safe, but we still consider the client hostile. It’s much easier to write relatively good security if you assume the client is hacked.
If it wasn’t for other factors (macroing, automapping), we would probably open source the client, to REALLY enforce this policy.

Breakfast · August 8, 2006, 1:10pm

Someone who is going to download a crack of your game, that person wasn’t going to buy it anyways.

If you publish a book, some people might decide to shoplift a copy. If you stopped them shoplifting, they wouldn’t buy the book. Some people just want something for nothing- maybe the internet is worse for this than the high street, but the principles apply.

Not a world of point worrying about it really.

Riven · August 8, 2006, 5:38pm

Quite some people want the experience. If there is an easy -illegal- way, they might take advantage of it. If it takes too long and they hear people say what a great game it is, they will be tempted to buy it anyway.

This is ofcourse a small group, but even a few percent more sales might make a real difference.

beowulf03809 · August 8, 2006, 7:20pm

This is obviously a minority view, but I…uh…have heard of people…that view hacks as a chance to “try out” a game. At the cost of many modern games ( $30 - $50 ) these people don’t want to waste the little bit of fun-money in the budget on something that turns out to not be fun. You can’t trust reviews of a game any more than you can trust reviews of a movie or book. Taste is just too subjective.

Demo versions of games often don’t give a good example of the true experience. Maybe enough to justify an interrest but often not enough to say “this is what I want to spend my money on.” If this…uh…friend…has enough interrest from a demo or review they may try to find a downloadable version. If that still holds attention after a couple days of play then a copy is purchased. If it turns out that the demo was the best part ( like the previews are often the best part of a movie ) then the copy can be deleted and no money lost. Some older games did a good job of inceasing the value by making a sharable version that gave you one part of the experience ( such as Command & Conquer and Warcraft II ) but you had to pay for the rest. That worked very well.

Similar with music albums ( the one or two good songs on the radio usually don’t justify the cost of an otherwise poor album ).

As long as cost of such items is at the level it is there will be people that do not feel justified spending their hard-earned cash on the chance. Not trying to justify theft, just pointing out that there is a small percentage of “theives” that do still return to the store w/ their cash if the value is there.

Markus_Persson · August 9, 2006, 7:28am

That’s not theft, that’s copyright infringement. Not only is there a possible distinction morally, there’s a clear distinction legally.

Theft = the person you steal from loses the item and can’t sell it to someone else.
Copyright infringement = the person you copy from loses nothing. (“removing potential profit” isn’t a crime, btw. If it was, it’d be illegal to tell your friends a movie you saw was bad)

Evil-Devil · August 9, 2006, 10:34am

Yea, best example for this is UnrealTOurnament 2003 (in most ppl opinion). The UT2K3 demo was great. But the game itself leaks of gameplay and qualility maps. Most ppl bought it anyway. Or started with a illegal copy of it. Or other said: “UT2003 was just the demo for UT2004”

Raghar · August 10, 2006, 1:18pm

It’s correct.

Strange how many people (sometimes even policemen) has problem to grasp this simple concept. It has probably something with majority of people are encouraged in only for profit type of thinking.

Badmi · August 13, 2006, 2:21pm

I am clear on what you are saying: Are you claiming that there is nothing wrong with Copyright infringement ?