Game Hacking 101
Software piracy has long been a problem in the computer games business—ever since games moved from stand-alone machines in the 1970s to PCs in the 1980s. Game makers, justifiably, have gone to great lengths to thwart piracy. In the past, game makers added various countermeasures to their software to make games harder to crack. The main purpose was to prevent rampant copying so that people who wanted to play the game had to buy it. In the end, these games were always cracked—but in some cases, the countermeasures delayed the release of a cracked version by days or even weeks. This delay earned real revenue for the game companies because delaying a crack for even a week translated into hundreds of thousands of dollars.
Antipiracy countermeasures made some economic sense in the over-the-counter paradigm, in which a gamer purchased a copy of the game from a retailer and installed the copy locally on his or her PC. But things have changed. Many modern games have moved online, and with the advent of game consoles connected to the Internet, this trend is likely to accelerate.1 That means companies now have two revenue sources to protect: the original game price in the retail channel, and a monthly subscription revenue stream for online access.
In this chapter, we'll describe a number of cheating techniques that have become mainstream and discuss new techniques that have emerged to prevent piracy and cheating. Unfortunately, some of the new security monitoring approaches have grave privacy implications that require vigilance on the part of gamers.
Defeating Piracy by Going Online
One easy way to prevent simple piracy like copying is not to distribute anything to copy. That is, if a majority of your game resides on a central server, it can't be easily copied. By and large, game companies have adopted this strategy to prevent trivial game cracking (recall the client-server model from Chapter 1). Modern games almost all require gamers to play the game online using only supported servers. These online servers, at the very least, can check a local copy of the game client (running on the gamer's PC) for a legitimate serial number or some other key.
Of course, online games also require an online account, implying that some kind of user or gamer authentication is required to play the game. Note that this is a much clearer way to tie a game to a particular gamer than existed in the previous paradigm. Tracking gamer behavior is an important tactic in the fight against cheating.
As we briefly describe in Chapter 1, gaming is big business. For example, Blizzard Entertainment, the developers of World of Warcraft, not only charge over $30 for the game client but also require a gamer to pay $14 per month to log into the online servers. WoW has over 8 million users all paying these fees. You do the math.