Post reply

Warning - while you were reading 4 new replies have been posted. You may wish to review your post.
Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it's been approved by a moderator.

Name:
Email:
Subject:
Message icon:

shortcuts: hit alt+s to submit/post or alt+p to preview

Please read the rules before you post!


Topic Summary

Posted by: theoderic
« on: June 10, 2019, 02:58:07 PM »

By the way Steve you might want to look into DRM for Aurora since I assume you're really interested in making sure that the game won't be tampered with or have code stolen?

Steam Release when??
Posted by: theoderic
« on: June 10, 2019, 02:43:06 PM »

One problem I've noticed with games who are "impossible to reverse-engineer" is that they tend to produce lots of undesirable side-effects.   For example; STALKER (entire series) by GSC GameWorld was said to be copy-proof due to adding "bugs" in the physics engine if the game wasn't DRM proof.   But that eventually just turned out to make the game explode in the hands of most casual users instead. 

This thread is counter-intuitively a pretty good starting point if anyone would want to hack aurora to begin with.   
Posted by: Steve Walmsley
« on: June 08, 2019, 05:45:37 AM »

i just saw a presentation on youtube about counters to reverse engineering: https://www. youtube. com/watch?v=HlUe0TUHOIc

i don't know how performance will hold up, but there's now at least a c compiler that only uses mov instructions (as that's turing complete); the presentation also covers other techniques to make someone give up reverse engineering your code

Thanks, I'll take a look.
Posted by: rhiwaow
« on: June 07, 2019, 01:49:32 PM »

i just saw a presentation on youtube about counters to reverse engineering: https://www. youtube. com/watch?v=HlUe0TUHOIc

i don't know how performance will hold up, but there's now at least a c compiler that only uses mov instructions (as that's turing complete); the presentation also covers other techniques to make someone give up reverse engineering your code
Posted by: Bughunter
« on: April 21, 2019, 08:02:52 AM »

Never tried using it, but I noticed Visual Studio 2019 comes with a built in obfuscator.
Posted by: Erik L
« on: April 19, 2019, 04:25:22 PM »

If Steve no plaing commercialize Aurora, maybe simple make C# Aurora (or old  VB6 Aurora) as OpenSource Project?

In the past Steve has not been averse to people recreating Aurora. See Pulsar and Quasar.
Posted by: HavingPhun
« on: April 19, 2019, 03:37:15 PM »

Quote from: TMaekler link=topic=10217. msg113068#msg113068 date=1552038357
Quote from: TinkerPox link=topic=10217. msg113063#msg113063 date=1551975153
Hey Ghidra was just released, which allows decompilation/disassembly to reveal, then analyze source code. 
Wow.  Looks like good bye to keeping your code to yourself, I guess. . .  .
It's not really that dire.  Tools like Ghidra have been available for a long time now, it's just that the most competitive one, IDA, has had a solid grip on the market for some time.  IDA Freeware has been available, which has very good disassembly, but limits you on more exotic processor architectures and has no decompilation.  The paid version with the decompiler is 5K+ USD (I don't remember the exact number), only because there was no competitor who could challenge them on that.  The benefit of Ghidra is that now people can get many of the features of IDA Pro but it's completely free and open source, and the community can improve it.  It's not really bringing any tools that didn't exist before into existence.

You also have to consider that, at least for fully ahead of time compiled languages like c++, much of the information in source is lost discarded during compilation, so even with a good decompiler you'll end up with a jumbled mess of code that'll need someone skilled to spend some time discerning what it does and cleaning it up.  For something like C# there is much more information in a binary, and without an obfuscator you can get really nice decompiled code with free tools that existed before Ghidra.  Using an Obfuscator or maybe figuring out a way to completely ahead of time compile the game before releasing it would probably be the best defense against reverse engineering from what I understand.  Of course it won't stop the most determined of people, but it'll raise the bar on skill needed to do so and make it much more time consuming.
Posted by: Bughunter
« on: April 13, 2019, 03:49:36 PM »

He already said he is not interested in open-sourcing it, doesn't want to become a community manager etc. I can see both pros/cons, but that's a different topic.
Posted by: littleWolf
« on: April 13, 2019, 07:02:57 AM »

If Steve no plaing commercialize Aurora, maybe simple make C# Aurora (or old  VB6 Aurora) as OpenSource Project?   
Posted by: ReviewDude01
« on: April 12, 2019, 03:08:05 PM »

I do not know if this is good idea but: (this would still not prevent code stealing, but should delay C# cracking and code injecting significantly, preferably also with other methods mentioned here)

Writing a part of the code in different programming language (c++) that simply periodically (every 1 minute or so) checks exact filesize of some of the main C# files running of Aurora (compiled)?
If exact filesize is different or other condition is not met then Aurora quits.


Posted by: Profugo Barbatus
« on: April 10, 2019, 04:35:55 PM »

Database edits are very different from actual code modification. Making something happen with just database edits is quite difficult as its very limited in what the code does with the database, and when.

This is about protecting the Executable itself. C#, without any additional protections, is fairly easy to pop open and read right through, barring a few compiler optimizations here and there. Combine that with existing, free libraries like Harmony who's entire purpose is injecting code into these sorts of things dynamically, and you can, in theory, make it sing and dance whatever tune you want without a great deal of trouble.
Posted by: ReviewDude01
« on: April 10, 2019, 04:12:12 PM »

I actually posted some post in forums about this but I just wanted to remind you that I actually accidentally modded original Aurora (not C# one) simply by finding password from your access database on google.  (rly)

I never told this password to anyone but from what I learned from modding older Aurora (not this one) is that it is basically easier to code a new game than to try to mod a game such complex as this and hope that there are no bugs.  (Im not trying to hack/mod Aurora atm.  or in future)

So any person that is going to waste time with this is just, well, mostly wasting time.  Happy bug hunting.  Just my 2 cents.

Very Off topic: But, you should at least maybe consider adding at least some limited mod support to some people you know/aurora veterans and maybe consider adding some form of background (instead of blue colors).  Plus adding anti missile countermeasures (decoys), Holo Ship (false radar signatures), and some forms of combined armor (star ruler 2) + Making(taking) some form of procedural space background for example SPACE for Unity - Space Scene Construction *** and taking pictures of it with printscreen + a turn on/off button (blue background or pictures)

Posted by: Madrawn
« on: April 06, 2019, 06:06:37 PM »

I understand that you want to keep your hard work to yourself and I get that a hacked/modded game will produce completely useless bug reports. 

But lets be honest, this is the internet, the second you release the binary there will be some lurker decompiling the code to mod in pink laser resilient hair that grows on ships as long they're watered in orbit of planet with water, or whatever.  And he'll probably share it with his pink hair loving friends.  I just don't see how that affects you negatively in any way and therefore justifies any time put into security measures.  Legally you should be on pretty solid ground, if someone distributes your code you have the power to have them shutdown.  But if you do, the only effect that will have is that no one will show you the mods they made.

I'm not sure if this whole line of thinking is that healthy.  The people most likely to mod your source code are the people who love the game, who want to add features they want while playing, just like you already do.  The devs over at Dwarf Fortress seem to be in a very similar situation and they just ignore it for the most part, they say they never touch the mods and they won't read bug reports from modded versions.  The lack of security measures doesn't look like its hurting them.  In contrary, there are a plethora of tools to make the game more accessible for people.  There are graphics packs, 3D visualizers, data visualizers, templates and other automation tweaks.  By doing nothing more than tolerating the behavior, I feel, the community of Dwarf Fortress became so much richer.

I mean, in the end this is your project and if in 2 years someone puts out a memory access library it is completely in your right to have them take it down.  That will at least limit it's spread.  But I would urge you to at least consider if such an action is actually worth your time.
Posted by: MarcAFK
« on: March 08, 2019, 07:18:08 AM »

You underestimate the capability of anyone with enough skill and determination, hell people program in machine code. Even I can use memory trainers for modding console games running on an emulator and thats basically just brute forcing numbers and seeing what breaks and what doesn't :s.
I'm no coder though :/
Posted by: Scandinavian
« on: March 08, 2019, 05:41:41 AM »

You can still make them work a little for it by running your code through an obfuscator that strips out all the comments, indentation, and other superfluous characters, and renames all the variables to VARIABLE[running number]. A decompiler may be able to correctly reconstruct the original code, but for a program of any real size it would still be unreadable gibberish.