sigh.
hopefully nobody thinks this is new information. i remember all of this
from 15 years ago when i was programming on a Commodore 64.
if you really want to reinvent wheel as far as anti-piracy goes, feel free
of course. but it might be educational to study the past 20 years of the
anti-piracy war to help understand where it is today. the software
development houses learned some interesting lessons. (and i'm not talking
about techniques for making code harder to disassemble). by the way, the
motivation for cracking software is pretty much the same as the motivation
for climbing Mount Everest. it's a challenge. yes they'll insult you and
taunt you if you don't present much of a challenge. they're trying to get
you to play with them, basically. but is it really worth your time to take
them up on their challenge, and spend tons of time, effort, and frustration
providing them with another fun challenge? they don't really care about
playing your game. for them, the fun is in cracking it, not in playing it.
OTOH, maybe the anti-piracy challenge is fun for you, in which case have
fun. so, by trying to "protect your income", you are actually providing
free, high quality entertainment for them.
(how can i say this... "i know what i'm talking about")
this topic is getting really really really old. and considering it was
already several years old before it got brought up... perhaps the
interested parties would be willing to move to a private discussion?
----- Original Message -----
From: Aaron Ardiri <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: Aaron Ardiri <[EMAIL PROTECTED]>
Sent: Thursday, June 10, 1999 1:35 AM
Subject: LodeRunner: how they cracked it - what you could learn
hi!
ok.. i have the "patch" for LodeRunner right here in front
of me.. and these guys are NOT as smart as they all seem..
:))
here is the "dissasembled" code for my checkRegistration()
routine that i prototyped as follows:
extern Boolean checkRegistration(Word);
the .prc file contains the following (on a normal basis).
lodeRunner.prc - dissassembled.
---
00007f80 4e560000 L639 LINK A6,#0
00007f84 2f03 MOVE.L D3,-(A7)
00007f86 362e0008 MOVE.W 8(A6),D3
00007f8a 6100ffc2 BSR L637
00007f8e 2f08 MOVE.L A0,-(A7)
00007f90 6100ff88 BSR L634
00007f94 b640 CMP.W D0,D3
00007f96 57c0 SEQ D0
00007f98 4880 EXT.W D0
00007f9a 4440 NEG.W D0
00007f9c 262efffc MOVE.L -4(A6),D3
00007fa0 4e5e UNLK A6
00007fa2 4e75 RTS
---
they changed the data at offset "0x7f9a" from 0x4440 to 0x7001
what this does is as follows:
---
00007f9a 7001 MOVEQ #1,D0
---
so.. instead of "negating" D0 (which is what the normal check
would do), they are placing 0x01 (TRUE) into the register D0.
this means that the function ALWAYS returns TRUE.
easy trick.. this is how they are basing a LOT of their cracks
on. do yourself a favour.. dont let it happen to you.
-------------------------------------------------------------
DO NOT USE A BOOLEAN FUNCTION FOR REGISTRATIONS!!!
-------------------------------------------------------------
i admire these crackers.. but now i check for registration
in many places.. hence they need to do more than just
"patch" one area of the code..
getting rid of this "ease" from the hackers can be a good
step for most of us.. now since they cannot do this, they
need to go through a LOT more of the code and find out where
i am doing the checking.. :)
you could also make these small functions "inline".. hence
they have a few places to patch.. :)) that annoys them.
most importantly, if you do have a regCode function, protect
it.. dont let them just dissassemble, then cut and paste your
code into a windows version.. :)
we cannot stop them.. but we want to limit ONLY the ego
guys to be the crackers.. :)
cheers.
az.
--
Aaron Ardiri
Lecturer http://www.hig.se/~ardiri/
University-College i G�vle mailto:[EMAIL PROTECTED]
SE 801 76 G�vle SWEDEN
Tel: +46 26 64 87 38 Fax: +46 26 64 87 88
Mob: +46 70 352 8192 A/H: +46 26 10 16 11
