Vulnerability Development mailing list archives
Re: Software authentication (was RE: Gibson (was Crack Office XP))
From: Mark Collins <me () thisisnurgle org uk>
Date: Wed, 13 Jun 2001 17:57:32 +0100
I had been thinking a little about this when HL came out, glad it came up. Do games like Halflife that don't require a central server really *need* to be authenticated by a central server? In other words, instead of generating bogus or stealing legit serialz, you just disable the client-side registration code and/or spoof the confirmation of authentication from the central server. That would tend to break systems like Ultima Online, where a user merely runs a client, he doesn't host games, but in the Quake/HL model, would anything break? I've noticed that HL runs just fine without authenticating over a LAN-- no central server needed there. This technique might keep you off the WON, but not the net.
I think it's due to the current underground culture. As the traditional crackers went pro (many of the people who cracked games now work in the games industry), the new breed didn't understand how to do the more complex cracking (reverse engineering the copy protection). Instead, they focused on generating serial numbers. Call it a degradation of skills over time, if you will.
And... why not pirate servers that perform whatever game administration is required? Can't be that tough to set up a server that listens to broadcasts and requests; I don't think WON has the market cornered there. And legitimate users could also set up proxies that re-serve the game listings coming off the WON. My guess is that folks join the game through direct connection anyway, so it really would be fairly trivial.
If the authentication server is hardcoded and obfuscated, it would be be nearly impossible to change it. Some serious hacking of the TCP stack would be in order (if it addresses the auth server by IP only), and I'd expect most people who are capable of such would either a) be white-hat or b) be too 'leet to release it.
I think it's premature to declare the warez scene dead.
The cracking scene died with the demo scene though... it was more about fame than piracy, Unfortuneatly, people started ignoring the skilled ones and just got the software. The incentive for inventive cracks is no longer there, so all that remains are the people who just do the piracy...
Without actually looking at current implementations of this method in various games, my guess is that it's probably done badly.
There was a recent discussion about this on the Linux Game Developer list. Having 2 copies of the auth key, one which is MD5 encoded and well hidden would make changing the addresses pretty tough. Alas, most of the copy protection for games these days uses third party software. The traditional rivalry between the developers and the crackers is no longer there, so the developers don't have the input from the crackers. A little bit of history for you: Some developers used to leave hidden messages in the code for the more well known crackers. In return for this fame, the crackers would help the developers imporve the copy protection (so the cracker would have a greater challenge). Mark 'Nurgle' Collins === Lead Author - Linux Game Programming
Current thread:
- Gibson (was Crack Office XP) Fenris (Jun 11)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- Re: Gibson (was Crack Office XP) ian (Jun 13)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- <Possible follow-ups>
- RE: Gibson (was Crack Office XP) Kayne Ian (Softlab) (Jun 11)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) Mark Collins (Jun 14)
- Re[2]: Software authentication (was RE: Gibson (was Crack Office XP)) dullien (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) J Edgar Hoover (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) bill_weiss (Jun 15)
- RE: Software authentication (was RE: Gibson (was Crack Office XP)) Dom De Vitto (Jun 17)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)