Robust serial keys validation: an idea.

Moderator
Posts: 3,579
Joined: 2003.06
Post: #16
Najdorf Wrote:I am wondering, is code signing effective to prevent hackers from modifying the binary?

Judging by how easy it is for crackers to steal iPhone apps, I'd say code signing is worthless, in general.
Quote this message in a reply
Moderator
Posts: 1,560
Joined: 2003.10
Post: #17
From the little I understand of it, code signing prevents a hacker from modifying your software and then posing as the original. They can re-sign it themselves and it'll run, but you'd be able to tell by the signature that it wasn't the same code you distributed.
Quote this message in a reply
Sage
Posts: 1,482
Joined: 2002.09
Post: #18
No. Code signing does not prevent things from running if the signature does not match.

Remember the "This program wants to access your keychain" messages whenever you upgraded a program that used stored passwords? It fixes that, so that the OS can trust that a program is from the same source even across versions.

You might be able to use the signing check for yourself as a secondary check though. Don't allow it to launch if the signature does not match.

Scott Lembcke - Howling Moon Software
Author of Chipmunk Physics - A fast and simple rigid body physics library in C.
Quote this message in a reply
Member
Posts: 749
Joined: 2003.01
Post: #19
I've decided to separate full version and demo version.

When people buy the game they get a code, which they can enter on a member's area in my site to be able to download the latest full version and other stuff, which then they need to activate again with the same code.

©h€ck øut µy stuƒƒ åt ragdollsoft.com
New game in development Rubber Ninjas - Mac Games Downloads
Quote this message in a reply
Moderator
Posts: 608
Joined: 2002.04
Post: #20
Najdorf Wrote:I've decided to separate full version and demo version.

When people buy the game they get a code, which they can enter on a member's area in my site to be able to download the latest full version and other stuff, which then they need to activate again with the same code.
What kind of response have you gotten from customers? Do they seem to mind? Any idea how that has affected piracy?

For a bit of perspective, my app was cracked within a week of release. Basically just a binary crack that removes the license checking.
Quote this message in a reply
Member
Posts: 749
Joined: 2003.01
Post: #21
I still haven't released the game yet (soon though Smile.

I dont think having a crack floating around is that bad, I wouldnt risk the security of my computer to save $20.

I don't know how effective the demo-full version thing will be, it certainly won't hurt though (and will save me some bandwidth).

©h€ck øut µy stuƒƒ åt ragdollsoft.com
New game in development Rubber Ninjas - Mac Games Downloads
Quote this message in a reply
⌘-R in Chief
Posts: 1,261
Joined: 2002.05
Post: #22
I find it a bit odd you're going with demo/full version since the goal of this thread was a robust key validation scheme that couldn't be cracked, and now all anyone would have to do is simply download your game from a torrent after someone uploads it, no cracking involved. Rasp
Quote this message in a reply
Member
Posts: 749
Joined: 2003.01
Post: #23
Im doing both actually, customers use their key also to validate the full version.

©h€ck øut µy stuƒƒ åt ragdollsoft.com
New game in development Rubber Ninjas - Mac Games Downloads
Quote this message in a reply
⌘-R in Chief
Posts: 1,261
Joined: 2002.05
Post: #24
Ahh ok. That's what I was going to suggest (but obviously didn't). Sounds like a plan!
Quote this message in a reply
Member
Posts: 749
Joined: 2003.01
Post: #25
Thanks Smile

©h€ck øut µy stuƒƒ åt ragdollsoft.com
New game in development Rubber Ninjas - Mac Games Downloads
Quote this message in a reply
Member
Posts: 81
Joined: 2007.05
Post: #26
Here is a corny idea. Probably been done. Not sure if this makes sense.

Say the game is distributed without all its content. The content ( or critical items of it ) is encrypted but hosted on your site. So, there could be a service associated with new content -- free or paid. You encrypt the content in such a fashion that it can only be decrypted with the correct checksum of the application and a key. So, if the hacker tampers with the app then the checksum is incorrect. Any changes in the binary then you get the wrong checksum. Try to use a default system library to calculate the checksum .... people don't want to mess with that.

If there is an update, then new content would have to be downloaded because the checksum would be different. But when you update the app the new checksum would be unpredictable. Since the data is new and the app is new, then you could change the keys again too.

Not all the content would be encrypted this way. Only key items in a game for instance. So, downloading costs could be reduced.

I guess the hacker would have to tamper with the application and then re encrypt the data. Or if he did not want to host I suppose the user would not get the update to the content...

Still, might not be full proof but the strategy is to keep the hacker working. Smile
Quote this message in a reply
Post Reply 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Mac <-> PC meta keys? WhatMeWorry 1 2,815 Oct 22, 2006 10:58 AM
Last Post: akb825