Java-Gaming.org Hi !
Featured games (83)
games approved by the League of Dukes
Games in Showcase (538)
Games in Android Showcase (132)
games submitted by our members
Games in WIP (601)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Decompilers  (Read 2961 times)
0 Members and 1 Guest are viewing this topic.
Offline Conzar

Junior Devvie




There is nothing common about common sense


« Posted 2002-11-25 17:51:01 »

I would like to point out that a normal java program can be decompilied so that the source is all there and very readable (the variable and function names might be different though).  Granted, all the comments are stripped, but any programmer could figure out what the code is doing w/out too much trouble.  There are several decompilers out there - check this link out for more information on 3 of them

http://www.javaworld.com/javaworld/jw-07-1997/jw-07-decompilers.html

So 2 techniques I know of to thwart decompilation is to obfuscate your code or compile it to binary.  Of course, if you are using Java for its intended purpose, the second option is not resonable.  

Of course, if your game is open-source, then this is mood point.  However, if its not open-source, then there can be distinct problems with people getting at your source especially if its multiplayer.  Also, if you are selling the game then you don't want people to get at the source either.

I would like to know what everyone does for there Java games?  Do you concider this when you develop a Java game?  What about non-multiplayer games?  Multiplayer Games?  Is there anyother way of preventing your class files from being decompilied?

Ubuntu
Offline markuskidd

Junior Devvie


Medals: 1



« Reply #1 - Posted 2002-11-25 17:59:05 »

The best way to deal with this is not to trust your client in the first place. Therefore is simply no way to do anything interesting by decompiling it.
Offline Conzar

Junior Devvie




There is nothing common about common sense


« Reply #2 - Posted 2002-11-26 11:07:47 »

Yea, but what is the speed trade off if you run everything on the server?  Would that be way too slow for any RealTime game?


Ubuntu
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline markuskidd

Junior Devvie


Medals: 1



« Reply #3 - Posted 2002-11-26 15:19:43 »

I guess the most important question is which features you're planning on trusting the client for. That would be central to talking about security for the game.
Games which are compiled to machine code have cheaters as well, this is a design issue that appies to multiplayer games in general rather than just ones in Java.
Offline Conzar

Junior Devvie




There is nothing common about common sense


« Reply #4 - Posted 2002-11-26 16:20:11 »

Yes, I understand the problems with memory hacking.  You can setup your code to make sure that if a player does choose to use a memory hacking program, then you can make it very very hard to effect the game if not impossible.  One of my friends is an expert at using Memory programs to hack on-line games, so he has come up with some good techniques at preventing this.  

The differance between machine code and byte code is that decompiling machine code is next to imposible if not imposible.  Byte code can.  

So what you are saying is that you don't worry about people decompiling your code.  Thats fine.  What does everybody else do?

Ubuntu
Offline rreyelts

Junior Devvie




There is nothing Nu under the sun


« Reply #5 - Posted 2002-11-26 16:36:25 »

The differance between machine code and byte code is that decompiling machine code is next to imposible if not imposible.

That appears to not be the case for just about every game out there. For example, the games I play the most often, Warcraft 3, NeverWinter Nights, and Morrowind all have hacks and cracks released for them. (Frankly, I've been so irritated by cheaters I've pretty much quit playing and unless this changes, I probably won't be a customer anymore). Do you think all those games are compiled to machine code or byte code?

All it takes is one person who takes the time to do the crack.

God bless,
-Toby Reyelts


About me: http://jroller.com/page/rreyelts
Jace - Easier JNI: http://jace.reyelts.com/jace
Retroweaver - Compile on JDK1.5, and deploy on 1.4: http://retroweaver.sf.net.
Offline markuskidd

Junior Devvie


Medals: 1



« Reply #6 - Posted 2002-11-26 17:33:56 »

Quote
Yes, I understand the problems with memory hacking.  You can setup your code to make sure that if a player does choose to use a memory hacking program, then you can make it very very hard to effect the game if not impossible.  One of my friends is an expert at using Memory programs to hack on-line games, so he has come up with some good techniques at preventing this.  


I'm not sure what you mean my memory hacking, but that is probably not what I'm talking about. My question is, what do you need to handle on the client side? Once you know that, you can decide how best to prevent cheating.
Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #7 - Posted 2002-11-26 17:49:38 »

Quote
Yea, but what is the speed trade off if you run everything on the server?  Would that be way too slow for any RealTime game?


Just because you run 'everything' on the server doesnt mean your client sits idle except for input/output essencials, client side you can still do the same calculations and use them for prediction, which (assumeing everything goes ok) are confirmed by the server. If a client gets some prediction wrong - either by a hacked copy or by other means (rounding errors, timing glitches, cosmic rays) then it is corrected by the server. This helps lag and security issues. We did this for CatAttack (although client correction was only very limited due to time limits and the fact that it wasnt really needed Smiley )

Of course, the most difficult to prevent is the 'wall hack' style cracks, which is very difficult to prevent. Just sending the client whats visible is the brute force approach, but considering that visibility calculation is a huge task in itself its not very practical to do on the server. Even if this is half done on the server, a hacked set of drivers (like a certain video card manufacturer produced a while ago) can circumvent this - just a seconds early warning that theres someone about to run around the corner at you is critical in many games.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline leknor

Junior Devvie




ROCK!!!


« Reply #8 - Posted 2002-11-26 17:56:05 »

Conzar, you gotta get off this idea that there is such a thing as security through obscurity. If obscurity made something obscure then Microsoft wouldn't be releasing new security updates every 3 days.

Think of it this way: Imagine two pad locks. Each has a dial from 1 to 10. One requires you to enter 3 numbers to open, the other requires 4 numbers to open. Is the first pad lock less secure than the second? Most people will say yes but an expert will disagree. How can we go about opening those locks?
A novice will just start trying numbers hopeing to get it right. In this case the 4 number pad lock is more secure because the possible combinations of 3 (10^3 steps) versus 4 (10^4 steps) numbers is larger.

An expert will realize that if he can figure out a method to come up with the first number without haveing to try evey combination he can apply that knowledge to each of the other numbers. When a way to reduce the 10 numbers per turn down to one try is found the 3 number lock (3 step) is not really any more more secure than the 4 number lock (4 steps).

So what if a class file can be decompiled more easily than a c/c++ binary. To an expert the difference isn't a big deal. You and I may not be assembly experts but that doesn't matter, there are experts out there. You and I can spend all our time worrying about them and trying to beat them but in the end it will be a waste.

So the real question is what are you worried about being compromised? The game? gonna happen, check the warez scene.
Your code going in to a compediting product? Dude, that is a dream come true, if the product is a failure then don't sweat it, if it is successful sue their ass off for every penny they made.
Multiplayer cheating? The only way to beat that is to never let important game logic outside of your controled enviroment.
Offline Conzar

Junior Devvie




There is nothing common about common sense


« Reply #9 - Posted 2002-11-26 18:47:10 »

Memory hacking is the method of changing values in a programs memory without the program's knowledge.  For instance, say you have a variable that holds the health of a player.  A memory hacking tool can be used to always set the value of the variable to a specific number.  If that information is updated correctly between the server and client, then this sort of hacking can be stopped.  

As for obscuring code, its not the best means of security for multiplayer games or cheating on single player games.  However, it will make decompiliation not as feasible then non-obscured code.  

Ubuntu
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline swpalmer

JGO Coder


Exp: 12 years


Where's the Kaboom?


« Reply #10 - Posted 2002-11-26 22:51:49 »

Quote

As for obscuring code, its not the best means of security for multiplayer games or cheating on single player games.  However, it will make decompiliation not as feasible then non-obscured code.  


Either way it is a VERY weak deterrant.  Lots of people know how to follow assembly code.. at best it simply makes the process of hacking a little bit slower.  Some might say that slowing down the hackers is about the best you can do anyway...  so there could be a point to obfuscation.  But my opinion is that ultimately obfuscators don't by nearly as much security as some people think.

There are apparently decompilers for standard C/C++ code as well.  The one disadvantage in terms of decompiling Java is that without obfuscation you give the hacker a head start because he has variable and function names to help form an idea of what the code is intended to do.

I always thought it would be cute to make an obfucator that didn't choose simple one character names, but rather picked specific key words that looked like real variable names, but weren't.  It would likely through a hacker off more that way as they would get conflicting meanings from the names and the usage of the variables and functions.

Offline markuskidd

Junior Devvie


Medals: 1



« Reply #11 - Posted 2002-11-26 23:14:59 »

I think that some of them use reserved words for variable names... very annoying as well
Offline Captain-Goatse

Junior Devvie




I suck at teh 2D. XBOX IS BIG LOL!111


« Reply #12 - Posted 2002-11-27 08:41:50 »

This problem could be overridden by good design and community.

Let's take roguelike game Adom, where cheating is the easiest thing to do, but still everyone in the community hates the cheaters, so practically there are no cheaters.
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

rwatson462 (30 views)
2014-12-15 09:26:44

Mr.CodeIt (20 views)
2014-12-14 19:50:38

BurntPizza (42 views)
2014-12-09 22:41:13

BurntPizza (76 views)
2014-12-08 04:46:31

JscottyBieshaar (37 views)
2014-12-05 12:39:02

SHC (51 views)
2014-12-03 16:27:13

CopyableCougar4 (48 views)
2014-11-29 21:32:03

toopeicgaming1999 (115 views)
2014-11-26 15:22:04

toopeicgaming1999 (103 views)
2014-11-26 15:20:36

toopeicgaming1999 (30 views)
2014-11-26 15:20:08
Resources for WIP games
by kpars
2014-12-18 10:26:14

Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!