Java-Gaming.org    
Featured games (91)
games approved by the League of Dukes
Games in Showcase (581)
games submitted by our members
Games in WIP (500)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Security Issues  (Read 3217 times)
0 Members and 1 Guest are viewing this topic.
Offline Evil-Devil

Senior Member


Medals: 2


Fir Tree Master


« Posted 2006-01-30 18:25:44 »

Hi there,

as of the fact that java bytecode is easiely decompiled I came up with the question how to secure your game app.

Lately I got the demo version of Tribal Trouble and its a very cool game but to make a retail game from the demo version was easy. (I allready ordered a retail version Smiley).

For ppl that only want to play the singleplayer campaign that is enough. But what if ppl hack into the code and create their own gameserver for multiplayer games? The creation of the registry file should that hard too, even if there is much more code to used from the decompiled classes.

So I question what would be good ways to protect your game and or demo version?

One way i mentioned is about ripping the whole content down to the demo version. This way the ppl have to optain the retail version or get it somewhere else.
Additionally the demo version should not be compatible with the retail files. You may ask why?

You may know Unreal Tournament 200x as Epic released the Gameserver Installation that comes as free download and includes allmost the entire content of the retail it was really easy to make a full retail game of it. How to? Unreal Tournament 200x Demo version + Server Installation = Retail.

I will not go into detail, but the problem should be visible.

So, what do you ppl think about it? How do we make JAVA Games more invulnerable?
Even obfuscated code can be decompiled under some circumstances Sad

Evil
Offline Mr_Light

Senior Member




shiny.


« Reply #1 - Posted 2006-01-30 22:51:08 »

wasn't that why game keys where created?

 There was an interesting artikel about game protecting and hacking on tom's-something (since tom's hardware changed there site I'm lost, must be because I'm rusted) it was more about how certain techniques effected, or rather impacted, the user experiance.


It's harder to read code than to write it. - it's even harder to write readable code.

The gospel of brother Riven: "The guarantee that all bugs are in *your* code is worth gold." Amen brother a-m-e-n.
Offline noblemaster

JGO Ninja


Medals: 20
Projects: 9


Age of Conquest makes your day!


« Reply #2 - Posted 2006-01-30 23:36:21 »

My game runs through a server, which I keep private. So, you still have the client which can be disassembled, but it won't help you much without the server! Also, I obfuscate the code, so even if you disassemble the client, you would have a hard time to understand what I did.


Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline princec

JGO Kernel


Medals: 284
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #3 - Posted 2006-01-31 11:19:50 »

The simple answer is: don't. The only people who are going to bother with hacking it are other Java programmers with a bunch of time on their hands and let's face it there aren't many of those about, especially not ones with enough money to buy the game anyway.

Cas Smiley

Offline thijs

Junior Member




Lava games rock!


« Reply #4 - Posted 2006-01-31 11:54:36 »

You can never trust anything that runs entirely on a client, it's like handing over a book to someone and have him read it for you. If you don't know whats in the book you can't tell if he's making things up. An analogy with a client / server architecture would be that you have a copy of the book and read with him, so you can easily tell if he's making things up.

Like cas said there's only a small group who's able to hack your game, make it difficult for them by obfuscating your code, do crc checks on datafiles and do sanity checks on highscore uploading (given certain variables from your game).

<a href="http://www.dzzd.net">3DzzD!</a>
<a href="http://www.arcazoid.com">Arcazoid!</a>
Offline oNyx

JGO Coder


Medals: 1


pixels! :x


« Reply #5 - Posted 2006-01-31 12:10:09 »

If smashing rocks with a sledge hammer gets you the game 4 times quicker... why should you bother with cracking it in first place?

Cracking some every day native cd check needs about a postcard of knowledge and about 2 minutes for cracking and making a patch. Well, duh. Cracking a java game takes way more time and knowledge. Yadda yadda... well, that topic came up several times already Tongue

弾幕 ☆ @mahonnaiseblog
Offline noblemaster

JGO Ninja


Medals: 20
Projects: 9


Age of Conquest makes your day!


« Reply #6 - Posted 2006-02-01 03:37:14 »

I agree with princec, don't spend too much time on protecting your software! Obfuscation is enough. If you have a server where people need to login (if it is multiplayer), you can do some basic checking, but otherwise, there is no way for 100% safety!

Offline kylix999

Junior Member





« Reply #7 - Posted 2006-02-01 10:49:58 »


the best way to secure your java code is programming of the most important java code directly in bytecode using for example jasmin, bcel, jan and others
You can make this code as complicated as you wish (for example giving lots of goto instructions etc. to labels) so the code is harder to understnd by some cracker, you can also use classes criptography (using your own secured class loader), you can also check your compiled classes if they were modificated by cracker, for example storing some information about your classes (size, modification date, or the best creating unique number using  160-bit SHA-1 alghoritm during compilation and later checking this number during execution ). Always try to think like a cracker and how you colud make his live worst.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 605
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #8 - Posted 2006-02-01 10:54:41 »

the best way to secure your java code is programming of the most important java code directly in bytecode using for example jasmin, bcel, jan and others
Ah well, let's screw maintainability all together  Grin

you can also use classes criptography (using your own secured class loader)
You only have to change 1 class in rt.jar and watch all the deciphered classes fly by. Think about it, only decrypted byte-representations of classes can be processed by the JVM.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Breakfast

Senior Member




for great justice!


« Reply #9 - Posted 2006-02-01 17:58:22 »

Would someone who wants to pirate your game have bought it anyway?

If everyone who is going to buy it, has bought it, and someone has a pirate copy, have you lost out?

My feeling is that if I ever get anything good that I want to sell, I'll worry more about game issues than about making it absolutely unpirateable. In other security respects, there are major benefits to using Java because you have some degree of sandboxing going on already- if you're writing a networked game it is that little bit harder for a cracker to find an exploit that lets them own your players' systems for all the usual java security reasons.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline kevglass

JGO Kernel


Medals: 85
Projects: 25


Coder, Trainee Pixel Artist, Game Reviewer


« Reply #10 - Posted 2006-02-01 18:17:41 »

If you're focused on Windows distribution (most pirates live here anyway) - how about Molebox. You can stick the whole VM and the jars into a encrypted, compressed executable. It looks like a native game and its probably more complicated than a normal C executable to crack Smiley

Kev

Offline Jeff

JGO Coder




Got any cats?


« Reply #11 - Posted 2006-02-02 01:45:19 »

This is an over-rated problem.

Game cracking has been around since well before Java and there is more or less nothing that can be done about it.

Don't worry about individuals cracking your game.  It isnt worth the effort..  If you find someone distributing a cracked version of your game online, ask them to stop.  If they don't respond, then you have two choices (1) have a lawyer send them a letter (2) suck it up.

If you chose (1) and they don't res[pond you have two choices:  file a law suit or suck it up.

Welcome to the wonderful world of 21st century IP.


Got a question about Java and game programming?  Just new to the Java Game Development Community?  Try my FAQ.  Its likely you'll learn something!

http://wiki.java.net/bin/view/Games/JeffFAQ
Offline darkprophet

Senior Member




Go Go Gadget Arms


« Reply #12 - Posted 2006-02-02 02:56:35 »

Or you can download the cracked version, and make the crack invalid. Then force your users to update (you do have an update option in the game dont you?). If its a multiplayer game, disable their account if they are sharing their registration code.

If all else fails, setup a P2P server (thats how cracks get distributed mainly) and share an invalid crack (some spamming bot or something), give it to all your friends, relatives, their friends and their relatives, give it good ratings and such. Everybody downloads it, and your in the clear for a while until people catch up to it...

Dirt for dirt, but hey, they started it!  Wink

DP

Friends don't let friends make MMORPGs.

Blog | Volatile-Engine
Offline noblemaster

JGO Ninja


Medals: 20
Projects: 9


Age of Conquest makes your day!


« Reply #13 - Posted 2006-02-02 03:11:26 »

Don't tell anybody about your game. Never give it out. Play it only by yourself. Also, never connect your computer to the Internet. Program in a room with darkened windows, or better no windows, so nobody can grab it off your screen!

Offline Evil-Devil

Senior Member


Medals: 2


Fir Tree Master


« Reply #14 - Posted 2006-02-02 18:13:13 »

Don't tell anybody about your game. Never give it out. Play it only by yourself. Also, never connect your computer to the Internet. Program in a room with darkened windows, or better no windows, so nobody can grab it off your screen!
Well, you`r genious. Why didn't I came up on that myself?

@Topic:
Ok, most replies helped me to understand the situation better from a developers point of view.

As for myself as player i sometimes obtain a cracked version to see if it is worth to buy the retail game.
In the last years many game demos playtime/ fun were like the retail game ones Sad

I know that there is no real protection, but as long i don't provide any content that is expandable like the TT demo i think my problems are much smaller Smiley

thx @ all 4 their replies.
Offline Jeff

JGO Coder




Got any cats?


« Reply #15 - Posted 2006-02-04 06:55:31 »

Or you could release your own "cracked" version to pirate sites that contain various nasty viruses.

Waht?  Who said that?  Could you identify him in a crowd?  I think not...


Got a question about Java and game programming?  Just new to the Java Game Development Community?  Try my FAQ.  Its likely you'll learn something!

http://wiki.java.net/bin/view/Games/JeffFAQ
Offline Alan_W

JGO Knight


Medals: 8
Projects: 3


Java tames rock!


« Reply #16 - Posted 2006-02-04 16:05:26 »

I like darkprophets suggestion.  i.e., issue a steady stream of enhancements to registered users.  Crackers will have to keep updating their cracks.  Obfusticate the code and put one or two sanity checks in each version.  Eventually they'll get bored and move on to something new.

...Of course you need to write a retail quality game first to attract any cracker attention.  That seems to be the difficult bit. Smiley

Time flies like a bird. Fruit flies like a banana.
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xsi3rr4x (55 views)
2014-04-15 18:08:23

BurntPizza (53 views)
2014-04-15 03:46:01

UprightPath (66 views)
2014-04-14 17:39:50

UprightPath (49 views)
2014-04-14 17:35:47

Porlus (66 views)
2014-04-14 15:48:38

tom_mai78101 (90 views)
2014-04-10 04:04:31

BurntPizza (151 views)
2014-04-08 23:06:04

tom_mai78101 (246 views)
2014-04-05 13:34:39

trollwarrior1 (204 views)
2014-04-04 12:06:45

CJLetsGame (211 views)
2014-04-01 02:16:10
List of Learning Resources
by SHC
2014-04-18 03:17:39

List of Learning Resources
by Longarmx
2014-04-08 03:14:44

Good Examples
by matheus23
2014-04-05 13:51:37

Good Examples
by Grunnt
2014-04-03 15:48:46

Good Examples
by Grunnt
2014-04-03 15:48:37

Good Examples
by matheus23
2014-04-01 18:40:51

Good Examples
by matheus23
2014-04-01 18:40:34

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:22:30
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!