2019-03-06 17:31:50

The thing is, every design is useless if it's used too much and therefore cracked. Look at mainstream devs, every game gets cracked (except multiplayer of course, accounts and such) but people don't use them because risk of viruses and steam is easy enough. Every minute spent on security is a minute not spent on features. I wonder how much effect improved obfescation boosts game sales, but with audiogames this will be hard to track.

Roel
golfing in the kitchen

Thumbs up

2019-03-06 21:39:53 (edited by Ethin 2019-03-06 21:42:18)

@50, memset_s (and its friends) are C11-specific and none of the compilers I use implement them. Cppreference.com says: "As with all bounds-checked functions, memset_s is only guaranteed to be available if __STDC_LIB_EXT1__ is defined by the implementation and if the user defines __STDC_WANT_LIB_EXT1__ to the integer constant 1 before including string.h." MSVC breaks this tradition (and compatibility) by making you define a completely different macro. Not sure what it is off the top of my head though. And yeah, one of the stages of clearing memory is zeroing it out.
On Windows you can determine (though it doesn't always work) whether a debugger is attached to your program with IsDebuggerPresent. I haven't found a cross-platform solution though.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.

Thumbs up

2019-03-07 15:37:34

Thanks for the information on memset_s. that's gotta be one of my biggest gripes on c++ and it's compilers. Among other things, I found myself coding a raw implementation of inet_pton because mingw doesn't know what it means. I've often wondered why the hell this is, why I'm able to throw something together but the smart guys who make the compilers can't. Or at least provide some derivative so as I'm not forced to do the same.

IsDebuggerPresent is extremely unreliable, so keep that in mind. It can easily be broken just as is the case with most if not all windows API functions. The function was created not for security, but printing additional mesages/giving other info or generally behaving differently if in the context of a debugger.

Thumbs up

2019-03-08 02:43:15

@53, yeah, I get ya. init_pton() can be ported ridiculously easily. I can post the code here if you like -- I managed to port it with almost no changes to it. And yeah, I don't get why the *_s functions are not enabled for most compilers. It doesn't make sense but it is what it is, and C11 is different from C++ and no C++ standard will be compatible with C11 (strange as that is). I so wish you could compile with two or more standards, but that would ridiculously overcomplicate things.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.

Thumbs up

2019-03-08 15:05:07

The topic is interesting and, as already mentioned, there are those who do not want the sounds of their game to be used, especially when there is work involved that justifies this.
I did not get the code that attempts to decrypt sounds, but for programmers who care about it, it's a good way to test and handle some decryption.
Anyway, there will always be someone trying to hack something and that is a responsibility of each one.
I have already done some tests here, opening the dump file manually in a notepad and managed to locate the key of my game.
when it was customary to put it straight into a string.
What I do now is as follows:
1. I create a function that returns the key encoded in base64.
2. At the time of calling the set_sound_decryption_key () function, I decode the base64 string that was
returned by my function.

I'm not saying it's an infallible solution, I'm just proposing a way to make it difficult. Do your tests. Here I did a search and could not locate, whether it is encoded or decoded.