Can you think of ways to stop app thieves with GLBasic code?

Previous topic - Next topic
Print
Go Down Pages1 2 3 4
User actions

Wampus

2011-Dec-02
Some time ago I saw this: http://www.reddit.com/r/Android/comments/lqys0/this_makes_me_sick/

Basically, some guy's app was stolen, the graphics were changed to remove his credits, it was then resold under a different name and had malware added.

Can you think of ways this kind of thing could be prevented using GLBasic?

Wampus

#1
2011-Dec-02
One way I can think of is to check to see if media files have been tampered with by using a checksum like CRC. There is a thread about CRC in GLBasic via INLINE here: http://www.glbasic.com/forum/index.php?topic=3846.0

Wampus

#2
2011-Dec-02
I know Shoebox compresses but I'm not sure if it encrypts too. I'd assume not, since the manual doesn't mention that. Probably not best to use ENCRYPT$ for whole files either because it doesn't like zeros, i.e. if you try to encrypt and decrypt a string which contains the equivalent of CHR$(0) it doesn't work.

BdR

#3
2011-Dec-02
Wait, so now it's not just the users who are pirating apps but other "developers" are also pirating apps? :blink: Geez...

Seems like piracy is becoming a bigger and bigger problem for Android.

Ruidesco

#4
2011-Dec-02
Come up with your own packaging/encrypting/compressing algorithm.
Being non-standard is the best way for anything not being worth the trouble, so if your data is (a priori) unreadable it takes patience and time to disassemble the application and figure out what does it do and what the data is.

MrTAToad

#5
2011-Dec-02
Using shoebox is a start.  You could also call a website with perhaps some key code to check program validity...

Slydog

#6
2011-Dec-02 Last Edit: 2011-Dec-02 by Slydog
It may be hard to determine if any graphic files have changed, except maybe checking the file size, which may be an option.  There may be some kind of check sum you can perform, not sure.

But if you are worried about somebody taking credit for your app, don't 'burn' your credits into an image file.
Have 'print' routines (using any method you wish) that print the credits to a screen, therefore the credits are created and displayed dynamically at run time.

He may have a binary editor that could search for your company name ('wampus' for example) and edit that at the byte level.  So, be extra sneaky, create a custom routine that returns 'wampus' using some confusing code, such as:

Code (glbasic) Select
FUNCTION GetCompanyName$:
  LOCAL s$ = "ZDETFBHIJKYLMNAGOPQRSUVCWX" // Every letter, scrambled
  LOCAL name$
  name$ = MID(s$,25,1) + MID(s$,16,1)  + MID(s$,14,1)  + MID(s$,19,1)  + MID(s$,22,1)  + MID(s$,21,1)
  RETURN name$
ENDFUNCTION


This may be hard to follow at the binary level, unless there are reverse compilers, I'm not too familiar with the 'hacking' process!  If so, make it even harder with weird 'GOTO' statements, loops that do nothing much, etc, call other functions for part of the name, etc.

Damn hackers, if only they would apply their 'skill' to something more productive, like game programming! 8)
My current project (WIP) :: TwistedMaze <<  [Updated: 2015-11-25]

bigsofty

#7
2011-Dec-03
Hmmm,shouldn't have code signing stopped this kind of thing?
Cheers,

Ian.

"It is practically impossible to teach good programming style to students that have had prior exposure to BASIC.  As potential programmers, they are mentally mutilated beyond hope of regeneration."
(E. W. Dijkstra)

AlienMenace

#8
2011-Dec-03 Last Edit: 2011-Dec-03 by AlienMenace
Except that I think shoebox is broken, would love to see this fixed so it can be useable. I tried to use shoebox a while back and it wouldn't load audio files, nor would it load external audio files if you are using the shoebox just for graphics. Major bummer, it is a great concept.. especially if we could encrypt it, that would be awesome.

Quote
Hmmm,shouldn't have code signing stopped this kind of thing?

I think it's only meant to make it more difficult for developers to get their own code uploaded... it surely doesn't seem to slow down anybody else down.
Apps published: 3

Hatonastick

#9
2011-Dec-03
Wow...  That's enough to put anyone off of developing for Android...  Sounds to me that Google needs to rethink a few things.

I must admit I was surprised when I found out Android used Java, as the ease at which people can reverse engineering Java apps has been known about for a long time.  I've never been a fan of Java.
Mat. 5: 14 - 16

Android: Toshiba Thrive Tablet (3.2), Samsung Galaxy Tab 2 (4.1.2).
Netbook: Samsung N150+ Netbook (Win 7 32-bit + Ubuntu 11.10).
Desktop: Intel i5 Desktop with NVIDIA GeForce GTX 460 (Win 8.1 64-bit).

spacefractal

#10
2011-Dec-03 Last Edit: 2011-Dec-03 by spacefractal
Might been gernot should add http://developer.android.com/guide/developing/tools/proguard.html as part of the compiling? This make much harder to decompile code. Could do that when debug is disabled.

Shoebox can still use for graphics, which normally here it's steal, not audio. But would been nice if it's worked for audio, eventually a separate one.

Edit: did not read it's also cannot load external audio files, if used for graphics. So here it's unable? That should been fixed, so we can use a least external audio.
Genius.Greedy Mouse - Karma Miwa - Spot Race - CatchOut - PowerUp Elevation - The beagle Jam - Cave Heroes 2023 - https://spacefractal.itch.io/

AlienMenace

#11
2011-Dec-03
Here's the old thread that talks a lot about shoebox...

http://www.glbasic.com/forum/index.php?topic=3760.0
Apps published: 3

matchy

#12
2011-Dec-04 Last Edit: 2011-Dec-04 by matchy
If you are concerned about exposing raw media and don't mind a bloated executable but stand-alone file; store default media DATA files in code and load straight to memory in runtime! If the executable is decompiled, then the media and decrypt source it exposed.

Sixth Sense

#13
2011-Dec-04
I thought with all the free trials and the low cost of paid android and iPod games that piracy would not be on the same scale as the likes of the Amiga etc. So I thought I'd have a look on Google to see how prevalent it was.

I searched for "+hacked +android + games" and got the result" "About 19,400,000 results (0.12 seconds)"

So I tried the same with +hacked +iPad + games and the result:  "About 6,400,000 results (0.30 seconds)"

6 and a half MILLION results for the iPad!  What chance does anyone have when there are videos on YouTube titled "Android Game Hacks by request"

What about free versions of your game with in-game purchases? Or have they hacked that as well?  :giveup:
Okay, It's been more than ten years now so I confess............I let the dogs out!

ampos

#14
2011-Dec-04 Last Edit: 2011-Dec-04 by ampos
In App purchases for iOS has been hacked also. You can install a "hook", and when you try a InApp purchase, it answer "ok" (does not work with all InApp purchases).

Matchy's InApp wrapper for GLB fails miserably. Any GLB InApp purchase can be bought for free.

Anyway, do not lost your slept because piracy.

1.- If you sell only a few copies, no body will hack your apps (my case)

2.- If you sell a ton of copies, some hacked ones will do no harm (Infinity Blade case)

3.- Users who pirate mobile games will not buy them anyway (John 'Pirate' Smith's case)

In any scenario, piracy will not "affect" you.


Also, Android/Google is changing the way apps are checked. Currently, an app is marked by android as "non-copiable", and that's all.

In a (near) future, your app will have to call Google servers about legimit installation: each time your app launchs, it will ask google "hey, I am XXXX installed on unit YYYY by ZZZZ account. Is this correct, does him bought me here?". Something like InApp purchases.

More info at http://developer.android.com/guide/publishing/licensing.html

When Google switch off the old system and just use the new one, someone will have to write a wrapper or we will not be able to publish in Android market (at least with paid apps).
Print
Go Up Pages1 2 3 4
User actions
SMF 2.1.4 © 2023, Simple Machines
ProCurve Theme Made By : TwitchisMental