INI Protection with CRC32

Just an example of how to use CRC32 to hash an ini file storing highscores, protecting it from easy editing via a text editor. It isn't completely hacker proof but at least you'll make them work for their 100 lives.

It is commented as best i can for new users like myself. Also includes info on reading and writing INI files.

http://dl.getdropbox.com/u/1646976/INI%20Protection.rar

Might not be the prettiest event sheets but it seems to work OK. Don't forget to unzip and have the hash.ini and info.ini in the same folder as the .cap file.

Minor, maybe, protection is good, but I can't understand the logic of your game. Move to...where? Doing... what? And also this:

<img src="http://i28.tinypic.com/20uc01v.jpg">

I can't find any options, that should be cra...checked. My "hero" can move forward, can move back... What should that "hero" do?

P.S. by the way, jumps are really look nice, I like it.

The game isn't really a game. It was just an interactive way of collecting some variables that I could write to the ini.file, I could have just randomly selected them but thought this method might help newer users in Construct.

I have no idea what the error is there should only be 3 files - the cap file and the 2 ini files.

Thanks.

Nice example (and well commented) of checking the hash on the INI file. I'm sure this will help lots of Construct users.

The game isn't really a game.

Would you mind coding a real game example? Even very simple. Well, I can't order, so suppose to see this in future.

I have no idea what the error is there should only be 3 files - the cap file and the 2 ini files.

Yes, three files, but during compilation Construct showed error, then I selected relevant .ini file...and everything was OK. Not think, it's my fault.

I believe this is a pretty nice example. Although many people have some software installed, which gives any hash value by just rightclicking a file and going to properties. Still it's better than no protection at all I guess.

I know how it's supposed to work, but when I made a build, I could change the values like I wanted and it always said "hash values are a match". That was kind of confusing. But then I looked at your cap and I realized the way you set it up it would just change all values to 0 and recheck then. So you always get the positive message... a bit confusing as I said.

I believe this is a pretty nice example. Although many people have some software installed, which gives any hash value by just rightclicking a file and going to properties. Still it's better than no protection at all I guess.

I know how it's supposed to work, but when I made a build, I could change the values like I wanted and it always said "hash values are a match". That was kind of confusing. But then I looked at your cap and I realized the way you set it up it would just change all values to 0 and recheck then. So you always get the positive message... a bit confusing as I said.

Yeah you'll always get a positive match because the ini is changed behind you back, I did have it tell you that the ini had been modified but I kept getting funny results (still kinda new with construct).

Thanks everyone for the feedback.

it's very hard to read text since its nearly all in caps...

> I believe this is a pretty nice example. Although many people have some software installed, which gives any hash value by just rightclicking a file and going to properties. Still it's better than no protection at all I guess.

>

> I know how it's supposed to work, but when I made a build, I could change the values like I wanted and it always said "hash values are a match". That was kind of confusing. But then I looked at your cap and I realized the way you set it up it would just change all values to 0 and recheck then. So you always get the positive message... a bit confusing as I said.

>

Yeah you'll always get a positive match because the ini is changed behind you back, I did have it tell you that the ini had been modified but I kept getting funny results (still kinda new with construct).

Thanks everyone for the feedback.

You could try hash your again with some random stuff with it so it would be allmost impossible to read it if you dont know what there is in.

It isn't completely hacker proof but at least you'll make them work for their 100 lives.

Minor, excellent protection is not the first aim in game development. Let me write some statistics (only as the example):

Sony Vegas was protected with Base32 + Custom + ECDSA-113/ECC-89 -- WAS KEYGENNED by DI team

vTask Studio was protected with online check -- WAS KEYGENNED by TSRh team

HDDlife Pro was protected with nanomites -- WAS CRACKED by ...don't remember

Malwarebytes Antimalware was protected with hash and blacklisting -- WAS KEYGENNED by CRD team

Runtime Revolution Studio was protected with serial number in Virtual Machine -- WAS KEYGENNED by EDGE team

Multi Password Recovery was protected with Themida (the strongest protector!) -- WAS CRACKED by Ismail

Macro Mania was protected with registry key ckecking -- WAS CRACKED by CHiCNCREAM team

What does it mean? Almost any good game will be cracked. If not by keygenning, then by patching. If not by patching, then by loader. If not by loader, then by ... leaching. It's possible to buy a license to learn a protection scheme. Voil?!

Code a nice game - and I (or somebody else) will buy it. People don't buy protections, they buy emotions, feelings...etc.

and...price should be reasonably low.

Agreed! Protection is futile really.

I remember my brother and brother-in-law buying the last Football Manager game (09 I think) and having a hard time registering their official purchased version - both online and by phone. To prove a point I downloaded a pirate version and had it up and running within 5mins. While the other 2 were still trying to register a product they paid for legitimately.

All I was aiming for is a low level protection for the ini files, so at least people would have to try a little to edit the values.

I'm currently playing around with a game and the ini files are commented so that anyone can edit the content however they want, it might break the game but then thats their choice.

If I do ever get round to making anything worthwhile then it'll be free to download.

Thanks Yaraslau.

To prove a point I downloaded a pirate version and had it up and running within 5mins. While the other 2 were still trying to register a product they paid for legitimately.

P.S. go to chat now!

Yaraslau I think you missed the main point here. Point is not to have protected game but not to allow people to cheat! This is anti cheat not anti pirate. I might use this

Yaraslau I think you missed the main point here. Point is not to have protected game but not to allow people to cheat! This is anti cheat not anti pirate. I might use this

Well I say md5 with salt & pepper is more safe than this and we got md5 plugin here so I suggest you use it.

I really don't want to step on anyones toes here but it is fairly easy to "crack" the crc32 hash thingy, all you need is some program that can generate/show the CRC32 code for you, based on the file you clicked/marked.

This is how I managed to do it:

First you could put the file in a rar archive and open it to check that the CRC value is the same as in the hash.ini file, then go on and edit the score.ini file with the values you want and then put the edited file in a new rar archive and open it to look at the CRC it has now. Write that CRC code in the hash.ini file and you sucessfuly managed to change the high scores or whatever.

The point I want to make is it would be "safer" to use a binary file to store your scores and what not, that you don't want people to mess with. Sure the binary files are also reverse-engineerable but not with a simple texteditor. I guess you could still use the CRC32 checking but store the hash value in the binary file instead for less easy reading.

But kudos to Minor for doing this, I accedently got to this part of the forum when I searched on how to read/write from ini files.

My guess is that this is probably achievable through the same way with MD5 hashes if they are put out in clear text that is (MD5 hash in one file and the score in the other as Minor demonstrated in his example).

Cheers!