Making it hard to break the registration process

Newbie & Debugging Questions
#1

Before everyone jumps, I’ve read (and posted) plenty of times that its not possible to protect your game from all pirates everywhere. With enough time and effort any system is going to be broken. However, I want to release a game with 10 levels in the demo and 50 levels in the full version. I’d like only the people that have payed to be able to play the 50 level version. Given in Java that everything is decompilable and is normally pretty easy to read afterwards, has anyone any suggestions on how to make it hard for people to simply remove the registration checks etc?

In this case, high score tables probably arn’t going to be terribly suitable (although maybe) and there is no online play to cross check registrations.

Kev

#2

Oh, molebox the whole thing into an encypted .exe file is a good solution. However it only works on windows right now - I think MacOSX is a the market to chase atm.

Kev

#3

dynamicly loading the levels and distribute the additional levels afterwards?

they then might be able to break out the this is a demo part but they stil wouldn’t have the extra levels.

#4

Which they’ll find after a few seconds with google.

You might… want to collect data about the system (hardware stuff) and generate a key from that. then - during the registration process - send a bunch of encrypted files that can only be decrypted with that key.

Microsoft gave it a try :slight_smile:

#5

NetworkInterface.getNetworkInterfaces();
–> nextElement().getName()

Dunno how to get the (pretty unique) MAC address through (without running ipconfig /all)

#6

Yeah, sorta ran through these in my head, but Microsoft have the advantage of having natives that do the key generation and decrypting (natives tend to scare your average kiddy cracker). If its done in Java they can reasonably simply decompile the decryption and force the right key in.

I know theres no way round decompilation with Java - trying to think something game related maybe that helps deter people.

One option is to make the game really really rubbish (shouldn’t be too tricky) - then no one wants to play it or crack it :slight_smile: Unfortunately this has other side effects.

Kev

#7

Here is the thing:

Those who know how to crack it, and crack it, wouldn’t buy your game anyway
Those who don’t know how to crack it, and crack it with help of the above mentioned cracker, wouldn’t buy your game anyway

So that pretty much tells you the effort you’re going to make would only make less crackers play it, and would make exactly the same people buy it.

Did you know there are some AA(A?) titles being released these days without any copyright-protection, because of this?

#8

I’ve heard that lots of times - I don’t agree. There are plenty of people in the world that would pay to play a game - but given the option of just taking it for free - will do. Maybe thats not so true in indie games - mostly your sales are going to be based on getting an impulse buy having just got a rush from playing the game - maybe not.

Kev

#9

Implement your own class loader, using a ciphering based on (part of )the registration key, and encrypt strategic class files ?

that way, the .class aren’t decompilable (decrypting only occurs in memory).

That should prevent hackers for a few minutes more…

Lilian :slight_smile:

#10

You only have to replace 1 class in rt.jar to extract all the loaded classes (decrypted)

Think about it, the JVM has only 1 entrypoint to link new classes.

Yeah, a few more minutes it is :slight_smile:

#11

Sounds like this would be worth reading. Some really nice methods described in there, although they’re obviously at a very low level so pure-java implementations are likely to be tricky. IMHO you’re going to have to go native anyway for anything half-decent.

Isn’t piracy generally less of a problem on Mac compared to windows? Moleboxing the windows version and leaving the Mac as-is might be just as effective.

#12

People don’t tend to bother cracking casual games quite so much. Put in basic protections, enough to scare people a little. I would suggest .exe packaging plus a 12 digit “registration key” that is a hash of the owner’s name + salt. Just enough to make people think you’re serious.

Further than that, I’d go for integrating with online in some way. e.g. download each level only on demand coupled with IP-based game-verification at download-level time, so that each player could only crack and distribute the levels they had managed to complete already.

i.e. go this route http://www.gamasutra.com/features/20051005/martin_01.shtml#

#13

hehe that is a pretty good article! i’d say trick is not to stop the cracker but to delay the cracker for a long time hoping that he’ll eventually give up :slight_smile:

#14

Keep in mind that unless you are prepared to scour the internet with great regularity AND pay lawyers to chase whomever you find, all it takes is ONE cracker to crack it and everyone who is willing to get it for free can.

#15

Solution: Dont make games if your paranoid about them being cracked.

But you knew that already :stuck_out_tongue:

DP

#16

Downloading levels as and when people complete them would be nice - but I’m not so sure it’d be good to force people to be online while they play?

Kev

#17

If you write a game that is good enough to be cracked I think you don’t really need to worry about the money from those who use the crack. :slight_smile: … as long as it isn’t some trivial crack where you only need to change system time or something like that. Cost of the game is also a factor, cracker are usually programmers and smart people themselves, I doubt any of them would try to crack a game that costs only few $.

#18

Yep, but as you know there’s really no easy-answers on this stuff :confused: