7

Do I need to encrypt the exe file that the Microsoft Visual C++ compiler makes for me? I have a game made with a few libraries and I have all of the resources encrypted but I'm worried about people breaking into the exe and changing the code, is that possible?

user2184442
  • 71
  • 1
  • 2
  • 16
    Welcome to the world of DRM... It's a fight... that... you... will... not... win... – Mysticial Mar 21 '13 at 06:34
  • 1
    For starters, you'd need to decrpyt the exe and then run it (it'll have to be on disk or you'll have to do some really crazy memory shit to make it run from memory): why bother doing all that work, exactly? Just encrypt the data itself if its so important, not the .exe. –  Mar 21 '13 at 06:36
  • 1
    For a game I'd rate this as utterly pointless. For programs with the kind of price tag to justify it, some of the dongle-based schemes offer at least some security, but their price means they're generally only used for relatively expensive software (thousands of dollars). – Jerry Coffin Mar 21 '13 at 06:39
  • related: http://stackoverflow.com/a/4532568/103167 – Ben Voigt Mar 21 '13 at 06:41

3 Answers3

4

There's no way to make uncrackable software. If it's on a user machine, user has theoretically full control over it.

What you can try to do is make it harder for people to crack. What you are looking for is called "Executable compression". Armadillo does something like this, so does UPX.

A comprehensive list of PE format packers can be found here.

To encrypt zipped resources you can use the LZMA SDK with an archive format that supports encryption. Beware where you try to hide that encryption key though. As they say, "you can run, but you can't hide" :)

Welcome to the ugly world of DRM.

Ed Rowlett-Barbu
  • 1,611
  • 10
  • 27
  • How do professional games that use C++ make it so the average player can't open their renamed zip files with the resources and the exe launcher if it's so easy? – user2184442 Mar 21 '13 at 06:40
  • 4
    @user2184442 They don't. That's why the average player can just download a crack and run the game without a CD in the drive... – Mysticial Mar 21 '13 at 06:41
  • 3
    It encrypts them, but then for the game to use those resources it has to decrypt them. To do that, the algorithm that does the decryption also has to sit on the user's machine, so the user ends up with both the encrypted zip and a means to decrypt it. From there, you know what follows. – Ed Rowlett-Barbu Mar 21 '13 at 06:42
  • @Mystical: Copy protection is ubiquitous in computer games. Technical measures get quite advanced, to the point where they can interfere with using the computer for anything except playing the game (I'm looking at you, Sony rootkit). – Ben Voigt Mar 21 '13 at 06:43
  • Well let's say I'm just trying to keep my code and resources away from the average player, do you have any tutorials on how to make a custom archive format thats encrypted and then decrypt it in the code? – user2184442 Mar 21 '13 at 06:43
  • @user2184442 I have updated my answer to show how you can encrypt those resourdces too. To recap, packer for the code, encrypted archive for resources. – Ed Rowlett-Barbu Mar 21 '13 at 06:46
3

No matter, which technique you will use, if you ship both executable and resources to end user and if it is worth it, they eventually will be cracked and you can do nothing about it. You may only make the decryption process harder, but increasing security will only affect legal users and you will waste your time, which you could spend on improving your software.

Apple programmers are for sure better than you and me, yet all of their iPhones eventually got jailbreaked.

Spook
  • 25,318
  • 18
  • 90
  • 167
0

It does not make a lot of sense. In order to execute the program it will have to be decrypted in memory, so the decrypted code will be in the memory from where it can be dumped.

You can, however, sign your executable (for details you may read this article). When the executable is signed, it is integrity protected, and the best part of it is that this is supported by most operating systems, including Windows. If the executable is modified, the operating system could detect the tampering and won't start it (or at least warns the user).

buc
  • 6,268
  • 1
  • 34
  • 51
  • 1
    Have you tried dumping a packed EXE? It's not that easy. The packer also inserts code that can be accidentally triggered when you attach with a debugger and step through code to reach a state where the image can be dumped. It's not impossible, but it's booby-trapped. Not trivial. – Ed Rowlett-Barbu Mar 21 '13 at 06:44