Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Copy Protection & Cracking History

Copy Protection & Cracking History

@ MindCamp 6

Kartones

May 23, 2014
Tweet

More Decks by Kartones

Other Decks in Programming

Transcript

  1. Storage Filesystem • Recommended encrypted – Even in consoles &

    mobile • Easy to detect – Process Monitor – Obfuscation useless
  2. Storage Custom Optical Drives • Hard or impossible to duplicate

    • Propietary formats • Physical modifications
  3. Storage Custom Optical Drives • Console mod to accept other

    format (e.g. GD-ROM -> CD-ROM) • ISO dump & ISO loader • Can be faster than original!
  4. Techniques Undocummented Hardware/Firmware • Hidden backdoors – 360 DVDdrive debug

    mode • Engineers with time – Firmware “diffs” • Documentation leaks • CPU exceptions • Firmware glitches
  5. Techniques ROM & Flash based storage • ROM OS Bootstrap

    – Cannot be modified – Can be encrypted (Xbox 360 onwards) • Main OS data on Flash • Can get more complex – Boot mini-ROM -> decrypt ROM -> check Flash hash -> boot flash
  6. Techniques ROM & Flash based storage • “Chips” w/secondary ROM

    – Boot original -> redirect to 2nd ROM • Satellite software can have bugs – PSP: Tiff buffer overflow – Xbox: Unsigned Dashboard font files – Savegame buffer vulnerabilities Great paper: 17 Mistakes Microsoft Made in the Xbox Security System
  7. Techniques Time/Uses based Trial • Stops working after X days/uses

    • Usually allows full version – Exception: 3DS demos
  8. Techniques Time/Uses based Trial • System clock == trivial “crack”

    • Encrypt value – 1st launch date, # remaining uses… • Only obfuscation? BAD – Process Monitor
  9. Techniques CD-Check • CD must be in drive • Unreadable

    sectors • Special formatted partitions • Usually combined (like CD-Key) • Made game load slower • DEPRECATED
  10. Techniques CD-Check • Clone CD, Blindwrite… – able to read

    most CDs • CD-Drive emulators + ISOs – DaemonTools • Cracks – Disable or fake check • Special FAIL mention: PS2 Game Swap Trick
  11. Techniques Game CD-Key • Permanent, unbinded • Reusable – Local

    validity check – Online check • install and/or play time – Online activation with # max activations
  12. Techniques Game CD-Key • Extract validation algorithm – Create a

    Keygen • Patch validation algorithm – Allow to accept anything as valid – Crack • Distribute CD-Keys in .NFO – Blacklisting + online checks rendered this obsolete
  13. Techniques Registration CD-Key • Binds upon registering • User/Email +

    Password • As safe as user password • Validation at install time • Usually online validation at play time • Binds IAPs to a certain account • Commercial services available – Microsoft SLP – Steam – Apple Store, Play Store…
  14. Techniques PC Hardware binded • Network MAC, HDD Serial, CPU

    ID… • Severe restrictions – Any change needs reactivation
  15. Techniques USB Dongle • Needs plugged at launch time •

    Uncommon for videogames • Copy-protected – HDD special partitions – HDD sectors with special data – Custom Hardware – Custom Firmware
  16. Techniques USB Dongle • Dongle emulator • Patch validation algorithm

    • Extract validation binaries, distribute them
  17. Techniques Online play • Dump & decrypt received game data

    – Singleplayer games • Server emulator – Multiplayer games – Hard to keep up with updates
  18. Techniques Code/Data Obfuscation • Java/.NET/ASM dissassemblers • Reflection tools –

    Managed languages • Patient cracker will discover any “hidden” format – e.g. Game File Format Central website
  19. Techniques Binaries Encryption • IDA (cross-platform dissasembler & debugger) •

    Memory dumpers • Emulation systems – If you can’t crack it, emulate a legit scenario – Slower than a real crack
  20. Techniques Binaries Signing • Binary comes “clean” -> can’t run

    • “Something” signs -> can run – Usually per-user signature – System-wide signature • e.g. system updates • Consoles • Some mobile platforms
  21. Techniques Gaming SDKs • Steam, Games For Windows Live *

    • Memory & binaries protection – Unsafe memory modification -> crash to desktop – Anti-debugging measures – Disallows game modding • Except if game has solid modding SDK
  22. Techniques Gaming SDKs • Generic SDK == Generic crack Tool

    – SteamEmu, rev-emu, rev-launcher – XLiveLess • Always ends up cracked/emulated
  23. Final Advice Crackers have more time and more determination than

    you Focus on quality content, not anti-piracy measures