Security for shareware
by AzraelK · in General Discussion · 07/08/2002 (3:58 pm) · 5 replies
Does anyone know a good site or tutorial about writing "serial number" registration for shareware programs/screensavers/games?
Basically I want to add a code for my game that allows a registered user to play the "registered" levels and the neat extra weapons, but to be honest I have no idea how to do that. Well at least I have no idea on how to write the "serial number" algorithm and where to use it in the game (obviously I have to check if its there while loading the levels and weapons I guess)
I know some algorithms for this exist in PHP but I have no idea how to code them on c++
p.s. Yes, im aware that someone will eventually crack this code, but I want to make it as hard as possible (at least for a while).
Basically I want to add a code for my game that allows a registered user to play the "registered" levels and the neat extra weapons, but to be honest I have no idea how to do that. Well at least I have no idea on how to write the "serial number" algorithm and where to use it in the game (obviously I have to check if its there while loading the levels and weapons I guess)
I know some algorithms for this exist in PHP but I have no idea how to code them on c++
p.s. Yes, im aware that someone will eventually crack this code, but I want to make it as hard as possible (at least for a while).
#2
There isn't really a set algorithm for serial numbers. Just build some mathematical rules for the numbers and put a check digit at the end. And serial number can be hacked pretty easy and is only really useful in an online game. So don't worry about it too much.
A better way would just be to not include the registered content at all. Yeah it means they have another download after they register. But in torques case it wouldn't have to be the entire engine again.
07/09/2002 (3:12 am)
Doesn't seem too hard to restrict stuff in script. And a final deliverable would only have the compiled version so that couldn't be easily modified.There isn't really a set algorithm for serial numbers. Just build some mathematical rules for the numbers and put a check digit at the end. And serial number can be hacked pretty easy and is only really useful in an online game. So don't worry about it too much.
A better way would just be to not include the registered content at all. Yeah it means they have another download after they register. But in torques case it wouldn't have to be the entire engine again.
#3
So what you want to do is design the game so that it doesn't matter if hackers get in. Half Life has an excellent system (T2 has a similar system, equally succesful), because you have to authenticate through their servers to play. My HL cd is long lost; I keep a copy of a copy of an ISO around to install from. But I'm not ripping off Valve - I can't, because I _have_ to have a valid, purchased key to authenticate to get on any online server. For ever player (or N players), somebody's paid Valve for a CD key.
Of course, if you don't have a multiplayer oriented game, then you're in a bit more trouble. You'll want to focus more on copy protection - tricks like they used in Spiro would be excellent. In addition, requiring a key to get updates or content packs would be good.
GG could probably help hook you up with professional copy protection people, when you've got a completed game, too.
Edit: Ron, good points. You're right - looking back, I got a little overexcited about my point. :) What I meant to say was this: "Everything not directly under your control should be assumed to be untrustworthy." So the WON servers themselves are probably secure, and it seems unlikely that WON authentication can be falsified - though it can be bypassed. Anyway, having WON _does_ make it much harder for casual hackers to get through, compared to T1's approach ;)
07/09/2002 (7:25 pm)
If you expect your game to be wildly succesful, then you should plan on everything client side being compromised. Hackers WILL get in. If you're lucky you can delay them. You can make a lot of things impossible by good design - for instance, there are no cheats to let you arbitrarily restructure the levels in CS. The network infrastructure and the game engine just can't do it.So what you want to do is design the game so that it doesn't matter if hackers get in. Half Life has an excellent system (T2 has a similar system, equally succesful), because you have to authenticate through their servers to play. My HL cd is long lost; I keep a copy of a copy of an ISO around to install from. But I'm not ripping off Valve - I can't, because I _have_ to have a valid, purchased key to authenticate to get on any online server. For ever player (or N players), somebody's paid Valve for a CD key.
Of course, if you don't have a multiplayer oriented game, then you're in a bit more trouble. You'll want to focus more on copy protection - tricks like they used in Spiro would be excellent. In addition, requiring a key to get updates or content packs would be good.
GG could probably help hook you up with professional copy protection people, when you've got a completed game, too.
Edit: Ron, good points. You're right - looking back, I got a little overexcited about my point. :) What I meant to say was this: "Everything not directly under your control should be assumed to be untrustworthy." So the WON servers themselves are probably secure, and it seems unlikely that WON authentication can be falsified - though it can be bypassed. Anyway, having WON _does_ make it much harder for casual hackers to get through, compared to T1's approach ;)
#4
Not to be negative or condone hacking, but it is 100% possible to play HL or any of its MOD's without a valid CD-KEY. That is one that you do not own/purchased. Their are even servers that are hacked in such a way that it they bypass the normal authentication process.
If a hacker has a will they WILL find a way no matter how secure you think your code is. Especialy in a Client/Server environment.
Valve is currently trying to deal with the hackers, but it is a loosing battle. Within hours of releasing a security module update a new hack is out to bypass it.
It is just a never ending battle.
-Ron
07/09/2002 (7:45 pm)
Sado,Not to be negative or condone hacking, but it is 100% possible to play HL or any of its MOD's without a valid CD-KEY. That is one that you do not own/purchased. Their are even servers that are hacked in such a way that it they bypass the normal authentication process.
If a hacker has a will they WILL find a way no matter how secure you think your code is. Especialy in a Client/Server environment.
Valve is currently trying to deal with the hackers, but it is a loosing battle. Within hours of releasing a security module update a new hack is out to bypass it.
It is just a never ending battle.
-Ron
#5
consider Tribes 1, one of the most pirated multiplayer games ever (it had no serial #s or security). The community was thriving, and the pool of online players was enormous.
now look at Tribes 2, where "WON" might have actually meant "LOSS". The online community has always teetered on the lean side of critical mass, partly because the masses of "evaluators" could not easily get in.
I'm not condoning copyright infringement, and I hope that all game developers can make a living doing what they love, but sometimes the "lock-down" approach is counter-productive to the success of your online title.
07/10/2002 (8:46 am)
another thing to consider is that a bit of piracy might actually help make your game MORE successful.consider Tribes 1, one of the most pirated multiplayer games ever (it had no serial #s or security). The community was thriving, and the pool of online players was enormous.
now look at Tribes 2, where "WON" might have actually meant "LOSS". The online community has always teetered on the lean side of critical mass, partly because the masses of "evaluators" could not easily get in.
I'm not condoning copyright infringement, and I hope that all game developers can make a living doing what they love, but sometimes the "lock-down" approach is counter-productive to the success of your online title.
Torque Owner DavidRM
However, you're going to find it tough to do any kind of real "feature locking" in a product with a scripting engine like this one.
Best of luck.
-David
Samu Games