Author Topic: Aurora C# Code Protection  (Read 22755 times)

0 Members and 1 Guest are viewing this topic.

Offline Barkhorn

  • Commodore
  • **********
  • B
  • Posts: 719
  • Thanked: 133 times
Re: Aurora C# Code Protection
« Reply #30 on: November 21, 2018, 05:29:27 PM »
Malware: software which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

Maybe you meant something entirely different and used the wrong word? Because malware is harmful to the user by definition.
I think he's saying Steve should add code that does nothing on a legitimate install, but acts like malware on a reverse engineered install.

Kinda like how the piracy prevention worked in Red Alert 2; if you played on a pirated copy, after 30 seconds, all your units would explode.
 

Offline Person012345

  • Captain
  • **********
  • Posts: 539
  • Thanked: 29 times
Re: Aurora C# Code Protection
« Reply #31 on: November 21, 2018, 06:00:03 PM »
Malware: software which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

Maybe you meant something entirely different and used the wrong word? Because malware is harmful to the user by definition.
I think he's saying Steve should add code that does nothing on a legitimate install, but acts like malware on a reverse engineered install.

Kinda like how the piracy prevention worked in Red Alert 2; if you played on a pirated copy, after 30 seconds, all your units would explode.
This would be highly illegal and unethical. Your Red Alert 2 example isn't malware, it's code within the game that modifies how the game behaves and does nothing to the user's system.
 

Offline canshow

  • Petty Officer
  • **
  • c
  • Posts: 29
  • Thanked: 3 times
Re: Aurora C# Code Protection
« Reply #32 on: November 21, 2018, 07:50:46 PM »
It's the closest definition to what I am thinking of.

Malware: software which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

Maybe you meant something entirely different and used the wrong word? Because malware is harmful to the user by definition.
I think he's saying Steve should add code that does nothing on a legitimate install, but acts like malware on a reverse engineered install.

Kinda like how the piracy prevention worked in Red Alert 2; if you played on a pirated copy, after 30 seconds, all your units would explode.
This would be highly illegal and unethical.
By US law malware is only illegal if activated without consent. That's where the ToS come in- it is basically the developers protection for messing with things that can be considered intrusive. There are definitely some "moral bounds" associated with it but it would have to be extreme in order for a court to throw away the ToS.
 

Offline Korsar13

  • Registered
  • Leading Rate
  • *
  • K
  • Posts: 5
  • Thanked: 6 times
Re: Aurora C# Code Protection
« Reply #33 on: November 21, 2018, 11:35:22 PM »
Quote from: canshow link=topic=10217. msg111109#msg111109 date=1542766573
Additionally, you could configure it to act as malware when tampered with. 

two words: FALSE POSITIVE
 
The following users thanked this post: Happerry, QuakeIV, Jovus, theoderic, UberWaffe

Offline Person012345

  • Captain
  • **********
  • Posts: 539
  • Thanked: 29 times
Re: Aurora C# Code Protection
« Reply #34 on: November 22, 2018, 02:06:08 AM »
By US law malware is only illegal if activated without consent. That's where the ToS come in- it is basically the developers protection for messing with things that can be considered intrusive. There are definitely some "moral bounds" associated with it but it would have to be extreme in order for a court to throw away the ToS.
Are you proposing a popup saying "I see you're trying to modify Aurora. Would you like to activate malware?". You'd be on shakey legal ground as far as just slapping a ToS saying "if you try to modify aurora you consent to me trashing your PC". I have to say I have serious doubts such a thing would stand up in court.
 

Offline Garfunkel

  • Registered
  • Admiral of the Fleet
  • ***********
  • Posts: 2781
  • Thanked: 1048 times
Re: Aurora C# Code Protection
« Reply #35 on: November 22, 2018, 09:25:03 AM »
This is getting pretty silly  :o

Terms of Use and Terms of Service are not actually legally enforceable in the EU if they are in conflict with any EU law or regulation, or the national laws or regulations of member countries. Nor do they provide any sort of safe haven from customer protection standards and such. Many EU member countries have passed laws regulating Terms of Use and Terms of Service. While companies are free to write whatever they want in them, customers can generally violate them freely without consequences and they do not offer any special protection to the companies in question. Same goes for End User Licence Agreements. They are not 100% airtight in the US either.

https://www.blakemorgan.co.uk/news-events/news/consumer-rights-act-2015-change-consumer-contracts/
Quote
An unfair consumer notice is not binding on the consumer – we look at what an unfair notice is below.
There are many examples available, basically proving that you cannot claim freedom for unethical or unfair acts in your EULA/TOS/TOU and have a get out of jail free card.

https://www.eff.org/deeplinks/2010/07/court-violating-terms-service-not-crime-bypassing
Quote
Good news: another federal judge has ruled that violating a website terms of service is not a crime. But there's bad news, too — the court also found that bypassing technical or code-based barriers intended to limit access to or uses of a website may violate California's computer crime law.
Websites, and by extension software companies, cannot legally enforce terms of service against their users.

https://www.lexology.com/library/detail.aspx?g=d1ff4369-afcc-4879-97fa-7a8afd8b3380
Quote
This decision does not mean only that software developers cannot prevent second hand sales of their software by their European licensees. It means software licence agreements and all their terms and conditions (not just the one prohibiting transfer) can be ignored by European courts if the licence period is indefinite, and probably even if it is tied to the lengthy period of copyright ­­­in Europe - 70 years after death of last surviving programmer.
Unfair or unethical restrictions written in licenses, especially if they go against previous customs, are illegal. In that case, a corporation tried to prevent second-hand sales of their software and failed. Similar cases have been tried, with the same outcome, for second-hand video-game sales as well.

So please do not even think that you could put anything remotely malware-like in a program, write in the EULA/TOS/TOU something about it and call it a day. You will be sued and you will lose.
 
The following users thanked this post: UberWaffe

Offline canshow

  • Petty Officer
  • **
  • c
  • Posts: 29
  • Thanked: 3 times
Re: Aurora C# Code Protection
« Reply #36 on: November 22, 2018, 09:02:10 PM »
This is getting pretty silly  :o

Terms of Use and Terms of Service are not actually legally enforceable in the EU if they are in conflict with any EU law or regulation, or the national laws or regulations of member countries. Nor do they provide any sort of safe haven from customer protection standards and such. Many EU member countries have passed laws regulating Terms of Use and Terms of Service. While companies are free to write whatever they want in them, customers can generally violate them freely without consequences and they do not offer any special protection to the companies in question. Same goes for End User Licence Agreements. They are not 100% airtight in the US either.

https://www.blakemorgan.co.uk/news-events/news/consumer-rights-act-2015-change-consumer-contracts/
Quote
An unfair consumer notice is not binding on the consumer – we look at what an unfair notice is below.
There are many examples available, basically proving that you cannot claim freedom for unethical or unfair acts in your EULA/TOS/TOU and have a get out of jail free card.

https://www.eff.org/deeplinks/2010/07/court-violating-terms-service-not-crime-bypassing
Quote
Good news: another federal judge has ruled that violating a website terms of service is not a crime. But there's bad news, too — the court also found that bypassing technical or code-based barriers intended to limit access to or uses of a website may violate California's computer crime law.
Websites, and by extension software companies, cannot legally enforce terms of service against their users.

https://www.lexology.com/library/detail.aspx?g=d1ff4369-afcc-4879-97fa-7a8afd8b3380
Quote
This decision does not mean only that software developers cannot prevent second hand sales of their software by their European licensees. It means software licence agreements and all their terms and conditions (not just the one prohibiting transfer) can be ignored by European courts if the licence period is indefinite, and probably even if it is tied to the lengthy period of copyright ­­­in Europe - 70 years after death of last surviving programmer.
Unfair or unethical restrictions written in licenses, especially if they go against previous customs, are illegal. In that case, a corporation tried to prevent second-hand sales of their software and failed. Similar cases have been tried, with the same outcome, for second-hand video-game sales as well.

So please do not even think that you could put anything remotely malware-like in a program, write in the EULA/TOS/TOU something about it and call it a day. You will be sued and you will lose.
Thanks for educating me on the topic.
 

Offline Retropunch

  • Petty Officer
  • **
  • R
  • Posts: 18
  • Thanked: 6 times
Re: Aurora C# Code Protection
« Reply #37 on: November 23, 2018, 02:41:38 PM »
Having worked on a lot of relatively sensitive software projects in the past, it's impossible to stop regardless of what you do and C# is one of those languages which is pretty easy to mess about with (relatively speaking). 

My suggestions would be:
  • -Add as much obfuscation as you can just to stop anyone who isn't determined
  • -Publicly state on the forum (in a banner or something) and in the software that you don't approve. Not just a 'general dislike' but a full 'please do not mod this'
  • -Don't allow any talk of unauthorised modding/etc. on here

At that point, I think you've done everything you can - anything else is overkill. If a determined user wants to mess about with it on their own then that's fine/unavoidable (as it should be really) but it won't become something that is commonly used or distributed as I'm sure most people will accept your wishes.

My only, very humble request (and something that I think would pacify a lot of people who want to tinker) is that you lift the ban if you decide to abandon development completely. I'm always in favour of developers releasing source code if they're completely abandoning a project, but it's asking a lot. Just something to think about.
 
The following users thanked this post: Agoelia

Offline Father Tim

  • Vice Admiral
  • **********
  • Posts: 2162
  • Thanked: 531 times
Re: Aurora C# Code Protection
« Reply #38 on: November 24, 2018, 02:07:49 AM »
I would strongly recommend:

4.  -Include a checksum so you (Steve) can tell if a particular bug report / databse is running modified code.
 
The following users thanked this post: Alucard

Offline Alucard

  • Petty Officer
  • **
  • A
  • Posts: 24
  • Thanked: 32 times
Re: Aurora C# Code Protection
« Reply #39 on: November 28, 2018, 03:48:28 AM »
If you just don't want other people modifing your code, I can understand that and as was mentioned, you can use custom loader and some obfuscation techniques but there is a limit to what they can do.    One thing I should mention is there is a version of SQLite that supports encryption, so you can protect your database that way.    You can find one such version (one I used and works great) here: https://github.   com/utelle/wxsqlite3/tree/master/sqlite3secure

But if you are really just worried about bug reports and nothing else, then I recommend you include checksums as mentioned above + release two versions of the game.    Aurora C# that would be the original version released by you and Some other name, that would be version meant for modding.    You could even make it opensource if you want or not if you don't.    Because it would have different name and presented as different game, it should be much easier to distinguish which bug reports you should handle and which should be redirected to the community.   

Of course, this is purely a suggestion related to the bugs.   I don't think you owe us anything, not even an explanation and should allow or disallow modifications as you see fit and feel like.   
« Last Edit: November 28, 2018, 03:51:34 AM by Alucard »
 
The following users thanked this post: seronis

Offline Myvar

  • Leading Rate
  • *
  • Posts: 10
  • Thanked: 17 times
Re: Aurora C# Code Protection
« Reply #40 on: November 29, 2018, 02:48:56 AM »
Quote from: Alucard link=topic=10217. msg111217#msg111217 date=1543398508
If you just don't want other people modifing your code, I can understand that and as was mentioned, you can use custom loader and some obfuscation techniques but there is a limit to what they can do.     One thing I should mention is there is a version of SQLite that supports encryption, so you can protect your database that way.     You can find one such version (one I used and works great) here: https://github.    com/utelle/wxsqlite3/tree/master/sqlite3secure

But if you are really just worried about bug reports and nothing else, then I recommend you include checksums as mentioned above + release two versions of the game.     Aurora C# that would be the original version released by you and Some other name, that would be version meant for modding.     You could even make it opensource if you want or not if you don't.     Because it would have different name and presented as different game, it should be much easier to distinguish which bug reports you should handle and which should be redirected to the community.   

Of course, this is purely a suggestion related to the bugs.    I don't think you owe us anything, not even an explanation and should allow or disallow modifications as you see fit and feel like. 

This is true, Its a hobby, not a company your not obligated to anything(Bug reports, updates, etc), if you made a version of aurora that your ok with modding, then the modders will understand that that thay cant expect help or fixes from your end and that thay are on there own.  There is nothing wrong with this attitude.
 

Offline Seolferwulf

  • Warrant Officer, Class 2
  • ****
  • S
  • Posts: 73
  • Thanked: 11 times
Re: Aurora C# Code Protection
« Reply #41 on: November 29, 2018, 04:58:24 AM »
Steve already said he doesn't want people accessing his code at all since that would give them the opportunity to copy his code.
Having your code you put effort in used by others to make money is really unpleasant.

That said is it possible to write modding hooks without giving people access to the source code?
 

Offline Myvar

  • Leading Rate
  • *
  • Posts: 10
  • Thanked: 17 times
Re: Aurora C# Code Protection
« Reply #42 on: November 29, 2018, 05:06:06 AM »
Quote from: Seolferwulf link=topic=10217. msg111222#msg111222 date=1543489104
Steve already said he doesn't want people accessing his code at all since that would give them the opportunity to copy his code.
Having your code you put effort in used by others to make money is really unpleasant.

That said is it possible to write modding hooks without giving people access to the source code?

Yes it it totally 100% possible to mod a . net assembly with out accessing the source code.
 
The following users thanked this post: UberWaffe

Offline Myvar

  • Leading Rate
  • *
  • Posts: 10
  • Thanked: 17 times
Re: Aurora C# Code Protection
« Reply #43 on: November 29, 2018, 06:28:49 AM »
Thinking about it, i might make more sense to have build in modding loading support(that is official), it should not be hard to implement, or take very long to do.   

The advantage is that modders will have no reason to try, inject stuff into it, and if thay add the mod using official means the bug reporting, can easily reflect that there are mods installed, and state so in the bug report, and it would permit steve to have more control over what mods do in the game.   This way there is no need to mess with decompiling/deobfuscation/crack/etc the official game. 
 

Offline Alucard

  • Petty Officer
  • **
  • A
  • Posts: 24
  • Thanked: 32 times
Re: Aurora C# Code Protection
« Reply #44 on: November 29, 2018, 08:51:39 AM »
Quote from: Myvar link=topic=10217.    msg111224#msg111224 date=1543494529
Thinking about it, i might make more sense to have build in modding loading support(that is official), it should not be hard to implement, or take very long to do.       

Speaking from experience, doing a good modding support is a lot harder than it seems.     It may be simple to support one mod but once the modding framework has to manage interactions between mods, it quickly becomes a nightmare.     That is why I never suggested it.     It also requires quite a different skill set, that Steave may or may not have.  Also Steave is likely not passionate about making modding support available, as it is of little use to him, so asking him to work on it does not seem right.  That is why I secretly hope it will one day be open-sourced, so others can work on modding support.

As for people stealing his code, copyright laws are ridiculously over-powered these days.    It seems unlikely anyone would steal more than few lines of his code and made any substantial amount of money from it (if he releases under a GPL-style license).   People would likely at most copy some general purpose functions, as that is not something anyone guards. 
« Last Edit: November 29, 2018, 08:56:26 AM by Alucard »
 
The following users thanked this post: UberWaffe