Can you think of ways to stop app thieves with GLBasic code?

[Omadan]

Hello guys, thanks for fast responses, I do not really want to put any fake IAP, I just want to put an IAP of £0.69 so you are able to buy a ticket for something. How much would that be hacked?, that is my only fear. Just trust me this game is gona be the bomb but I can't do it without IAP, IAP is vital.

thanks again

kind regards
-Joe

[Slydog]

Well, using the above, you can detect when a device has IAP hacked.
If it is hacked, then don't allow the IAP.
No risk, nobody can get your add-on for free.

Just create a function such as:

Code (glbasic) Select Expand

FUNCTION InAppPurchases_IsHacked%:
  // Purchase a fake add-on called 'hack_check'
  IF IAP("hack_check") = TRUE
    RETURN TRUE // IAP is hacked on this device
  ELSE
    RETURN FALSE // IAP is NOT hacked!
  ENDIF
ENDFUNCTION


The function IAP() would be your normal IAP function that would check Apple and try to purchase an add-on, and return true if succeed, or false if fail.

[Edit] To be clear, this check is a global check to see if the device IAP has been hacked.  This doesn't check a specific (valid) IAP item.  I don't know the nature of the hack, but I read it may be proxy based.  If true, once IAP is hacked on a device, ALL in-app purchases will by-pass Apple and return 'success', so there would be no way for a hacked device to actually purchase a valid add-on from Apple, so there would be no way that device could pay you for an item anyways.

Just give them an error if you determine it's hacked.  You could be subtle like "Error communicating with Apple", or call him out with "IAP has been hacked on this device, tough luck!".

[ampos]

Slydog, really it is an easy solution for the InApp hack.

[Omadan]

Does that mean that before we perform any valid IAP we need to check this false IAP to identify if IAPhas been hacked?

And what about replenishable IAP, because this is not only bought once, but as many times as needed by the player.

Do you need this hack check for replenishable IAP etc?

Thanks

[Kitty Hello]

I think the hack works by not sending any iap data to apple but to a locally running "webserver" that just returns "TRANSACTION_SUCCEEDED" or so, no matter what params you send. So if you try to "buy" the IAP item "dog_poo", which does not even exist in iTunes, it will succeed.

[Crivens]

In the end, you will spent more time protecting your game than making it

Exactly. The amount of effort put into this could be put into a whole other game. Seriously the amount of money saved is probably nowhere near potentially what a second game could make. And lets be fair if you amazingly make the next Angry Birds then the amount of money you make anyway you wouldn't really care about a few hacked ones.

Cheers

[Crivens]

And my point is if any of us actually ever get a decent bottom line then it's worth thinking of then. Otherwise in my opinion it's better financially to concentrate on your next game. Plus to go viral then you would need to have a pretty big game and most of these things are for JB phones. Even though everyone goes on about it I only know one person with a JB iOS device and about another 20 others without.

Plus no matter what you do if someone wants to hack it then they will hack it.

Cheers

[fuzzy70]

Out of interest does anyone know roughly what % of hacked games work on a phone that has not been JB?. One thing for sure is the percentage of JB devices is minuscule compared to the non-JB ones.

Obviously the original subject of this topic was about graphics swapped out & resold which is the most basic hack. Not having any devices or clue on how you upload Iapps, Android apps etc means most what is being said just flies over the top of my head. But I understand piracy & hacking so part I am keeping up with.

Lee

[Crivens]

Graphics being nicked? Just keep it in a shoebox. It's not encrypted I don't believe and it wouldn't take much to "hack" it if you know what you are doing (I believe it's just all media one after the other in a single file and then pointers at the end to where to find each media item), but it would stop probably the majority of people who could be arsed. Plus it's built into GLB (and hopefully bug free now!) and so if Gernot ever makes it more secure (eg. proper encryption) then your existing code will simply work with that too.

Cheers

[spacefractal]

with that such of "purchase" for a unused item, whould that not need to insert your iTunes password and can't been done in the background? Its elsewise a nice idea to checking valid of a purchase. Howovier I dont have plan using it on my game yet. Here we might need write support to Apple how its can been done for prevent that.

Shoebox cannot been used, if audio cant been used. I would also dont mind if its only can been used with graphics and data, but not audio. I have not tested shoebox, but its a shame if its happens.

I do pretty sure using ProGuard as I linked in a previous post would been much harder to hack your game and release it with malware. So I guess its should been a part of the compile when no debugger have been selected. Java is sardy elsewise really easy to decompile if you dont do thing like that.

You can also validate the credits string later in the game, so if its got hex removed away, then the hash value would been changed too and then act like a pirate version. I planning do some sort of that. You could also crypt your credits names as well so its harder to hex remove it.

[fuzzy70]

If I ever released an Iapp or Android game (don't hold you breath & that happening ) I would probably implement the logo & the copyright as vector images via data statements to either display directly or create a sprite from them at the start of the program. That way there is no ascii that can be changed in a hex editor nor a real bitmap that can be changed/swapped. I would write a separate program to generate the data & just paste in the output to the main game code.

Sure it doesn't fully protect the game from being hacked but will stop the casual "wannabe hacker but can't be arsed to learn how to hack fully" type of person.

If I did ever get to the stage that what I was creating sold loads of units then I would take a more indepth look at it.

Lee

[Crivens]

Maybe although unless you have a good compression algorithm for your data statements then it will be a lot bigger than just including the graphic files. Plus any changes and it will need to re-compile unlike external graphics.

Shoebox should be fine for graphics (and for audio unless Gernot hasn't fixed it yet) and is more than enough to stop the casual "wannabe hacker" if you ask me. Put it this way, as a programmer try extracting the files from a shoebox manually. I think I know how to do it from within another language (and possibly in GLB itself) but only if I'm right about the format. And if Gernot just tweaks it to be slightly more cunning (doesn't have to be full on encryption or compression but a simple mirroring of data at certain points would be enough to cause issues and a complete mirror of a file would be fine if an image file isn't just concurrent data (ie. obvious it's backwards)) then wham your existing hard to get into format becomes even more air tight at the touch of a compile (and re-build of shoebox at a guess unless shoebox version control is used).

Personally I would also quite like the ability to create and amend shoeboxes (add and delete from existing shoebox). My graphics routine for example resizes everything and places it into another directory (so doesn't have to resize on the next run), obviously exposing all images to phone explorer programs once out of the shoebox. But if I could instead create a second shoebox and then add the resized images into that then that would be much better.

Nudge-Gernot-Nudge

Ahem, but obviously I would quite like the full on encrypted shoebox. Otherwise if someone knows it was written in GLB (esp if you plaster it all over your game) then they can just write a GLB program to extract all data. Not hard. With encryption, and a password key etc against the shoebox then no-one can get the data back. Not even you if you forget the password... Heh, or forget that it's obviously hardcoded in the code 

Cheers

[msx]

Does anyone know what percentage of piracy exists in different platforms roughly?

[spacefractal]

this thread is really not a talk about piracy, which he is much more concern about stealing software and release them with malware, which I agree.

I still see obfuscator is the best way as long with some drm as well hash checking. Its could been cool if we could scrample the picture and then descrable them again directly under loading (as well checking filesize etc).

But dont fail the program directly when flagged, but degrade the game as little well (mine would been harder to get maximum stars in each level, if not impossible). You might do a Piracy on a another check (crypted of course).

Also piracy is also a problem too, but not like when dev stealing other dev apps.

[msx]

this thread is really not a talk about piracy, which he is much more concern about stealing software and release them with malware, which I agree.

I know this is not the subject of this thread but I thought someone could help me with this doubt. I apologize for the off-topic.