In 2014, it was estimated that video game piracy accounted for $74 billion in lost revenue for software companies. In 2012, Ubisoft’s CEO Yves Guillemot famously said that 93%-95% of worldwide PC players pirate their games. These numbers are staggering and leave a huge hole in gaming companies’ pockets. This piracy is largely facilitated by the rampant use of certain torrent websites. Although many of these websites are facing litigation, their prevalent use ensures the distribution of the pirated software.
The files downloaded from these websites usually contain some kind of “crack” that enabled people to bypass the security checks made by the company and use the game for free. No special software knowledge is needed to crack these games. The cracks are usually straightforward and get the work done in just a few clicks, making people feel like hackers!
What exactly goes on behind the scenes that makes it so easy to “crack” computer games? Before jumping into the methods of cracking, we must first understand the tools used to do that.
Tools used in Cracking
Good tools are a critical part of successfully cracking software. There are many tools available online that let you see and manipulate the code of the game. Here are some of them:
Debuggers are software tools that enable a programmer to monitor the execution of a program. A kernel-mode lets the programmer run the debugger in the same PC that is being debugged. Kernel-mode Debugger’s like Syser help the programmer detect the lines of code where the user enters an invalid registration code and a message window informing them of this appears. This information is crucial for the programmer to locate those lines of code and change them in such a way that disables or skips the built-in security.
An assembler converts a low-level symbolic code to an executable machine code, while a disassembler does the opposite. This allows the programmer to view the code line by line. This can be very useful, as some applications calculate the serial keys within the code. If the algorithm is visible, it’s possible to replicate it and generate a new serial key.
Hex values are used as locations of memory for a given application. Hex-editors allow the changing of hex values for that application, which allows the programmer to change a few lines of code. This is useful when an application displays a warning window telling the user that the serial key they entered is invalid. By nullifying this, a user may skip the message box and register for an application without any obstacles.
System Administration Tools
Windows registry is a database of information, settings, options, and other values for software and hardware being installed on Windows operating systems. The application could access the serial key stored in the registry; to help see this activity, system administration tools are used.
Methods of Cracking
All the methods of cracking, in one way or another, are forms of reverse-engineering the game’s software. The process starts by examining the registry system and identifying ways to circumnavigate it. Usually, a patch is then provided so the user can run the identified loophole in their PC and bypass the registry system. Here are a few ways to do this:
This is the simplest of the available methods. This could be used in very simple games, as it is the entry-level of cracking. This works when a separate executable program is running the serial key registration. The process starts with examining where the registration takes place. For example, it could ask for the serial key, and upon entering the wrong one, it might display ‘Invalid Serial Key, Try again’. Now, a separate serial key registration file is run through a Hex-reader and the displayed term ‘Invalid Serial Key, Try again’ is searched. When the term is identified in the hex-reader, there is a string nearby that looks like a possible serial key. Entering that serial key should crack the game. Many companies have found workarounds to this method, so it works only on select games.
This process starts the same as before—by examining where the registration takes place. For example, let’s say the program asks for the serial key, and upon entering the wrong one, it displays ‘Registration failed’. This message should be noted or written down. As the simple approach to hex-reading doesn’t work here, the program is opened in the dissembler to understand the code of the game. The dissembler shows the code line by line. The strings used in the program show string references, which is how a person can find the message that was displayed (‘Registration failed’). This message box can be identified by clicking the reference that displays the code. The code compares the entered serial key with a preset and jumps to start the program once it is finished.
This offset is noted and the file is opened again in a hex-editor; the code is changed to assembly, making it able to be edited. The offset is identified and the code is manipulated to jump, regardless of which serial key is inputted, thus cracking the game. This can also be done by changing the .dll or .so files linked to the game, which saves the expiration date and registry.
Sometimes the string reference is not hardcoded in the program, but may be accessed through other methods. In that case, the file is opened in a debugger like Syser to set a breakpoint in the program on a Windows API call (writefile, regcreatekeya, etc). The area of code is called and, similar to hex editing, a possible compare and jump instruction is located and edited so that it thinks the user has correctly entered the key when the patch is executed.
This is the least invasive form of cracking. Say the program requires a 12-digit key of numbers from 0 to 9. The company makes their various keys as pattern-free as possible; so it becomes impossible to guess a serial number. However, when a user enters the serial key, the program knows whether or not the key is valid. The program checks a predetermined formula to verify the serial key, which is when dissembling comes in again. The programmer identifies what the program is coded to do when the serial key is inputted, takes the formula and writes another program that generates a serial key that fulfills the formula. This is usually done offline so the software doesn’t check the serial key with the parent website. The Keygen is then run by the user on their PC; the serial key matches the formula and is also patched.
This epic war between hackers and gaming companies is ongoing and seemingly here to stay. As programs get smarter and better encrypted, more advanced in their security, more sophisticated methods will be used to crack them. Perhaps companies will be able to make a completely hacker-proof game in the coming future, but as of today, there are plenty of workarounds that people will use to their advantage!