INI protection

Post your own tutorials, guides and demos.

Post » Thu Aug 27, 2009 11:18 pm

Hello all.

I've been making a simple little game to learn more about construct (usually I bite off more than I can chew, give up and never come back to a program again).

Now the basics are done I've been thinking of stuff to add to add replay value, better my construct knowledge and turn the small simple game into something bigger but still simple.

I had two nice ideas stat tracking & achievments. To track these I was going to use INI file(s) but these are simple to hack with a text editor, so I need to protect my files from naughty hackers.

This is what I came up with. It's pretty simple (and probably sloppily made) but seems to work great. When it gets a match between the stored hash it gives one message, if the hash isn't a match it gives a different message. In my game i intent to make it so if the hashes don't match it will simply reset all the stats & values to the default ones.

http://dl.getdropbox.com/u/1646976/inicrc32.zip

Oh and make sure all the files are unzipped to the same folder or else it won't work

Can anyone help me improve upon it? Or have any suggestions?
B
46
S
23
G
7
Posts: 459
Reputation: 6,763

Post » Fri Aug 28, 2009 1:59 am

every time you save a file, save a hash of the file too (with crc32). Then when loading, make sure the hash equals the file.
B
25
S
3
G
6
Posts: 1,197
Reputation: 5,620

Post » Fri Aug 28, 2009 8:20 pm

[quote="Davioware":ry17gpx6]every time you save a file, save a hash of the file too (with crc32). Then when loading, make sure the hash equals the file.[/quote:ry17gpx6]

Thats exactly what I was going to do :D .

At the end of the game it'll write the new info in the crc32.ini then rehash and save the hash in the hash.ini and recheck at the start of the first layout of the game. If they don't match I'll reset all the info to default.

I did have one DUH! moment when playing about with this, I stored the hash of the crc32.ini in the crc32.ini and kept wondering why the hashes never matched.
B
46
S
23
G
7
Posts: 459
Reputation: 6,763

Post » Sat Aug 29, 2009 6:41 am

Omg be sure to pm or email me when this is ready and you will be my new god! As i've always had trouble protectin INIs...
B
11
S
3
G
4
Posts: 622
Reputation: 3,186

Post » Sat Aug 29, 2009 12:04 pm

Your idea of checking the hashes is pretty good. Just keep in mind that it will only keep "honest" people honest. It does little to prevent a "hacker" from using a modified INI file. The reason why is the hacker can simply find the place in the .exe that checks the hash and simply patch it to always go to the "OK" state. This is not hard, probably only take 10 min or less to do.

That being said what you describe will keep average gamers from messing with the INI.
B
8
S
3
G
7
Posts: 835
Reputation: 5,313

Post » Sat Aug 29, 2009 2:30 pm

[quote="Minor":3b93k5x9]
To track these I was going to use INI file(s) but these are simple to hack with a text editor, so I need to protect my files from naughty hackers.
[/quote:3b93k5x9]

I compiled a .cap file, then check and...receive this:
____________________________________________
CRC32 (Table)
|- Signature 77073096 found at offset 000E33DC (VA: 004EC7DC)
|- Signature ee0e612c found at offset 000E33E0 (VA: 004EC7E0)
|- Signature 990951ba found at offset 000E33E4 (VA: 004EC7E4)
|- Signature 076dc419 found at offset 000E33E8 (VA: 004EC7E8)
|- Signature 706af48f found at offset 000E33EC (VA: 004EC7EC)
|- Signature e963a535 found at offset 000E33F0 (VA: 004EC7F0)
|- Signature 9e6495a3 found at offset 000E33F4 (VA: 004EC7F4)
|- Signature 0edb8832 found at offset 000E33F8 (VA: 004EC7F8)
|- Signature 79dcb8a4 found at offset 000E33FC (VA: 004EC7FC)
|- Signature e0d5e91e found at offset 000E3400 (VA: 004EC800)
|- Signature 97d2d988 found at offset 000E3404 (VA: 004EC804)
|- Signature 09b64c2b found at offset 000E3408 (VA: 004EC808)
|- Signature 7eb17cbd found at offset 000E340C (VA: 004EC80C)
|- Signature e7b82d07 found at offset 000E3410 (VA: 004EC810)
|- Signature 90bf1d91 found at offset 000E3414 (VA: 004EC814)
|- Signature 1db71064 found at offset 000E3418 (VA: 004EC818)
|- Signature 6ab020f2 found at offset 000E341C (VA: 004EC81C)
|- Signature f3b97148 found at offset 000E3420 (VA: 004EC820)
|- Signature 84be41de found at offset 000E3424 (VA: 004EC824)
|- Signature 1adad47d found at offset 000E3428 (VA: 004EC828)
RC4
|- Signature fffefdfc found at offset 00084CB4 (VA: 004864B4)
|- Signature fbfaf9f8 found at offset 00084CB0 (VA: 004864B0)
|- Signature f7f6f5f4 found at offset 00084CAC (VA: 004864AC)
|- Signature f3f2f1f0 found at offset 00084CA8 (VA: 004864A8)
--------------------------------------------------------------------------

Can't understand the role of RC4. :?

By the way, I changed text in hash.ini file, but managed to preserve the same CRC32 code. Prog still complaining. :shock: It means, that the main problem is in RC4 check code inside program? :wink:

P.S. would like to know who implemented RC4 check in Construct - developers of Construct or MSVC? 8)
B
2
S
1
G
3
Posts: 102
Reputation: 1,304

Post » Sat Aug 29, 2009 2:58 pm

CRACKED!!!!!!!!!!!! :D
Two folders: "cracked" and "fault". Check the age of a gamer in crc32.ini in both folders. What do you think? :wink:

http://rapidshare.com/files/273039011/cracked___.7z (1,7 mb)

Well, game just check two, but not one (as I think before) file. Simple CRC32, nothing more... :)

EDIT: in original file the age was 20.
B
2
S
1
G
3
Posts: 102
Reputation: 1,304

Post » Sun Aug 30, 2009 10:05 pm

Well so it isn't hacker proof :D but at least some one is going to have to try a lot harder to hack any values.

And nearly every commercial has been hacked/cracked so if proffesional studios can't be hacker safe I feel a bit better.

Thanks for the info Yaraslau.
B
46
S
23
G
7
Posts: 459
Reputation: 6,763

Post » Wed Sep 02, 2009 4:02 am

I find the best way to get rid of the "me too" hackers is to simpley rename the .ini extension to something a bit more scary looking like .cab, .dat or something in the same line of things that way they are to scared to open it.
B
5
S
2
G
4
Posts: 632
Reputation: 2,829

Post » Wed Sep 02, 2009 7:44 am

also keep in mind most knowledgeable people (not even hackers) will know which alogrithm you're using by counting digits.

Mix, cut and interleave hashes (CRC32, SHA1, MD5) to keep them guessing. Don't name the files something obvious, then you have a decent check that requieres some effort to crack.

=)
B
3
S
2
G
4
Posts: 1,445
Reputation: 4,665

Next

Return to Your tutorials & example files

Who is online

Users browsing this forum: No registered users and 0 guests