Pixar Film Rock said:
So they decompile and have the source code to the whole game? That doesn't
sound right.
Well, not generally decompile, although in some cases that may be the chosen
path. Most protection schemes leave a pattern(a specific function call(or
set there of), or whatever) and can seemingly be removed with automated
tools, and all executables can be disassembled and debugged. Anyone with a
decent knowledge of x86 assembly can crack basic protections, someone with
advanced knowledge can crack harder ones.
Imagine a method like this:
bool IsLicenseValid();
assume it uses assembly something akin to(very basic, its been awhile):
;do some stuff
;return false if not valid.
mov ax,0 ;we'll assume the method retuns its value via ax, and 0 is false
ret
all a crack would have to do is change it to
mov ax,1
and the IsLicenseValid function is circumvented. It is generally more
complicated in real life, but that is a simple explination.
A good protection scheme can do little but make it difficult to get around,
it is never possible to make it unbreakable. It is the same with IP
protection. A good reverse engineer will pull your IP right out of the x86
assmebly(and crackers do, its how they produce keygens), they don't need the
source code. When you ship your executable you ship your technology, you
cannot prevent people from examining it, simply make it more difficult to
figure out. Thats where managed obfustication comes in, although as a
general rule I don't think its always worth it. A dedicated attacker will
break the obfustication just as he will break x86 assembly, pseudo
assembly(if your mad enough to run your app via your own VM), or any other
scheme you can dream up. When it comes down to it, developers can't win, we
can only delay.