Ever Wondered How Pirates Crack Games?
Reddit had a great ExplainLikeI’mFive (ELI5) thread on “How do pirates crack games without access to the source code?” There has been a large number of comments, along with questions from the community on how this is done.
Essentially, the person who cracks the game edits the files to bypass the checks that are done by the game. Although the source code of the game is encrypted, it needs to be encrypted by the computer at some point to run, else it will be impossible to play. Using the knowledge that the source code has to be decrypted at some point, the cracker finds where and when this happens, first, and then finds how the game will check for legitimacy of the copy. Therefore, no source code is required.
- You’ll Be Able To Play (Expensive) PS2 Games On Your PS4 Now | 2 months ago
- Jessica Jones Disempowers Its Male Characters And The Effect Is Refreshing | 2 months ago
- Hell Is 30 000 Deathclaws Tearing Through Boston And It’s Glorious | 2 months ago
- Sony Santa Monica Is Teasing Something Truly Strange | 2 months ago
Once the cracker finds that, he is able to bypass the check for a legitimate copy. A very simple way to help one understand this would be: ‘if no CD, run game’, as opposed to ‘if CD, run game’.
When it comes to more complex systems, like DRM, the top comment explains how this works quite well.
‘Most’ DRM schemes used to protect games work by scrambling (encrypting) the actual game code. The program that you run therefore isn’t the game itself merely a stub that performs the following:
- Check that this is a genuine game and the user is allowed to run it
- Decrypt the actual game program code
- Run the actual game
There are many methods crackers use to break the protection but one is similar to the following:
- Install a genuine, licensed copy of the game
- Run the game allowing it to decrypt itself in memory
- Use a software tool to ‘save’ the unencrypted program code from memory to a file
- Make the program executable and remove all the software ‘tendrils’ that the DRM leaves behind
No. 4 tends to be the hardest part and can often be a cause of controversy within The Scene. Sometimes cracks will be nuked because they fail to meet the required standard by cracking groups.
Note: There are a few DRM schemes that don’t fall under this umbrella (such as Codemaster’s FADE).
From this one can gather that Warez Scenes have strict rules of compliance. When these rules are broken, no matter how small or insignificant the rule, feuds between groups can arise.
This is another great comment that explains all of this, however it may be a bit more complicated.
Cracks There is legitimate debugging software that allows you to see the code and instructions that are processed by your computer’s CPU. The CPU’s processes simple instructions only in Assembly language – like increments, comparisons, and jumps. Programming languages use these basic elements to build complex functions, but in the end the source code is complied into these simple instructions. Sort of how complex life and substances are only made of electrons, protons, and neutrons (not the best analogy – but I’m rushing to dinner).
You run the program and set a break point. Let say I want to break a game so that it doesn’t check for CD disc. I can listen for when the game accesses my CD drive and place a break there (using the debugging software). I know the comparison is done before then. Then I place a break a few hundred lines before then and monitor the code, walking through it one step at a time. After years of doing this, you become very skilled at reading the code. Find the comparison and change the jump requirement. So something like:
If “CD Disc exists”
Jump to “start game”
If “CD Disc does not exist”
Jump to “start game”
Of course the code doesn’t say that. Instead it will say:
cmp ecx, edx (compare two registers, basically variable storage)
jz ###### (“jump if zero” or equal to a given address in the code)
You would change jz to jnz or “jump if not zero”.
The final step would be to create a program – patch, to update the game’s executable to modify the values that control the jump instruction.
Hopefully that is simple enough. There are of course many approaches used to find your way through the code and locate the crucial code. There are also a number of DRM technologies to work around this and make it more complicated. Just like in the lock industry – lock makers build better locks, thieves come up with better ways to defeat them. It’s an endless cycle. Software publishers and crackers play the same game.
If this basic approach has piqued your interest, the source link will keep you entertained for quite some time.