|
|
 |
 |
 | | | | |
 |
|||
 |
||||||
          |
 |
 |
||||
|
Keeping
the Pirates at Bay: In the end,
rather than trying to remove all the checksum code, the crackers simply
found a way to bypass it. I'm not exactly sure how, but I know YOTD
was vulnerable because the copy protection was only run once, at boot
time. I assume the crack bypassed the copy protection and then restored
the data to its original state. Any checksums performed after this point
would not find any alterations (and any checksums before this were removed
by the crackers). While the
protection on YOTD was reasonably effective, there were definitely
things that we could have done better. If we had been able to check the
data on the disk and run multiple copy protection checks, then it would
have been a lot more difficult for the crackers. As I mentioned at the
beginning of this article, there were practical reasons why these approaches
could not be applied to YOTD. Maybe if the protection had been
integrated into the game earlier, these difficulties could have been overcome. Also, too
much of the game could be played with a partial crack. This was a balancing
act, though. If the protection had kicked in faster, perhaps the crackers
would have realized sooner that they hadn't been successful with the first
crack. But in the end, we were perhaps a little too cautious. We could
have reduced the amount of the game that could be played with an incomplete
crack. What We Learned Were all
our efforts worth it? Yes. While the effects of crack protection against
piracy are extremely difficult to measure, we certainly caused a great
deal of confusion. Until the crack came out, YOTD was the most
talked about game on the copying forums. People wasted disks, blamed the
cracking teams, and claimed that the cracks that didn't work were O.K.,
just because they hadn't seen anything go wrong. People were saying nasty
things about Insomniac and Sony because they couldn't "back up"
the game. Some people even thought it was funny when the fairy character,
who normally offers players helpful advice, instead told them they were
playing a modified game. There is also an effect on future piracy to consider:
at the very least we made a few people think twice about buying a cheap
copy of a game. We've gained
valuable knowledge about what works and what doesn't. Layering protection
that doesn't kick in immediately is definitely a very effective protection.
If nobody thinks a crack is required, they won't be working on one. Even
when they do work on the crack, it takes them longer. The crackers apparently
spent quite some time play-testing YOTD before they released the
final crack, just to make sure they didn't get burned twice. Unfortunately,
the crack protection is weaker once the copy protection has been run.
The cracker only needs to remove the code that runs the copy protection.
Once it has been run, the original code can be restored, and the checksum
will be correct. If this is only in one place, it is easier to attack.
To combat this, the copy protection needs to be run as often as practical
from independent copies of the code. If there
is space, put multiple copies of the game data on the disk. The cracker
will have to find out which one is used or alter them all. Either way,
you've slowed them down. An extension to this would be to actually use
multiple copies of the data, either loading a random selection or loading
using a pattern based on when the data is being loaded. If some of the
copies are masked differently and some are never used, the cracker will
have to find and alter them all to ensure that the crack is complete. Even better
than masking the data is compressing it, which offers many advantages
over simple masking. The relationship between compressed and uncompressed
data is much less obvious, the file sizes are different, and any cracked
data has to be compressed or else it won't fit back on the disk. This
means the cracker has to find out what compression was used, and if you
customize the algorithm for your data, they may have to write a compression
program just to be able to make the crack. Looking
back at the choices we made, we could have implemented multiple copy-protection
checks throughout the course of the game. Unfortunately, this isn't always
possible or practical, depending on the method of protection used (especially
if minimizing load times is a primary concern). An alternative is to check
the source data on the disk. Of course you can't check the entire disk,
but all the executables can be checked, along with the table of contents
and boot information. This is something YOTD failed to do and is
probably how it was cracked. Reality Check We may not
be able to stop the pirates, but we can have enough of an impact to make
pirating a much less attractive option. Given the choice of buying a game
or waiting two to three months for a pirated version, a lot of pirates
are going to start buying games. Or at least they'll buy their favorite
ones. There is
also an advantage in numbers; the more games that add effective protection,
the greater the benefit is for all games. Crackers have limited resources,
and the longer that they're tied up on each game, even if it's only for
a few weeks, the fewer cracks they can produce. Games that implement just a standard copy protection scheme can be cracked in less than a day. Sometimes a tool is even available which does it in seconds. Any game that takes longer than this because of added protection will be put in line until the cracker has time to deal with it. The longer that line is, the longer it will take for any given game to be cracked. The trick is to keep your game from reaching the front of that line for as long as possible. For More Information If you are
interested in learning more about how the copying community works and
how cracks are made, try looking at the cracking groups and forums. Here
are a few starting points.
The following
links are not to crackers but to "homebrew" programmers who
make console demos. Still, techniques and tools made for the hobby scene
always end up migrating to the crackers.
 [Back
To] Introduction
|
||||||||||||||
|
|
Features
