The most stealth cracking countermeasure I ever witnessed was the application would XOR some of its UI messages with the hash sig of the application binary file, so if you edited the application binary file directly the crack seemed to work just fine ... but then the application would gradually go insane. The cracker who finally posted a working crack was impressed with how simple and devious the countermeasures were.
Brilliant, but be careful about this. There was an article here years ago about an indie game developer who put tons of different piracy checks all throughout his game. He was pretty clever, and made it so that several didn't activate until partway through the levels — that way the crackers might miss them. Also, he didn't show any "pirated copy detected!" messages, which would have made the checks trivial to find. Instead, the application would simply crash with a cryptic error message.
It worked perfectly — the crackers missed the later checks. Anyone who torrented the game found that it crashed reliably as soon as you completed the first level. Game over.
Unfortunately, this did not generate the kind of PR he was hoping for. In fact, all this did was give the impression to everyone who pirated the game that it was a buggy piece of shit. Since there was no obvious reason for the odd behavior, they assumed it was the fault of the application. They stormed the gaming review forums and discussion boards, complaining about how the game was "shitty" and "unplayable". Nobody was keen to mention that they had pirated it, so there wasn't an obvious trend. At the time, the ratio of pirated video games to legal ones was about 10:1, so the bad feedback overpowered the good feedback by about 10:1. He was ruined.
Be careful about anti-piracy. You just might succeed.
I mentioned this game in another comment on this page, but Spyro: Year of the Dragon used this technique and it worked very well for them. It could be that this is because it was on a console and not on the PC, but who knows. The goal for them was to simply keep the crackers at bay for as long as possible to keep the sales high during the initial release of the game. The developers stated that once the game is cracked the sales drop dramatically, so the longer they can keep the game uncracked the more money they made.
A similar (but much simpler) anti-piracy feature was built into Command & Conquer: Red Alert 2. The game would appear to operate normally, and let you start playing; however, after 30 seconds, all of your buildings would explode and you'd instantly lose.
If lots of games used similar methodologies then people would slowly learn that "pirated game" == "buggy game". Wouldn't work unless lots of them did the same thing of course.
Exactly. It's even worse if you add the crippling behavior later on, i.e. in the upgrade from v1.2 to v1.3. All pirates notice is that the new version is really unstable.
I am almost certain Ableton Live for the mac does something like this. It is a piece of music production/performance software. It will appear to function normally, but the audio engine will gradually begin to fail in increasingly ugly ways, especially when you use plugins.
It usually starts doing this after a few weeks or months of regular uninterrupted use. Considering this app is used by professional musicians to perform in front of audiences of thousands of fans, having the possibility of the app crashing hard at a random time hanging over you is a pretty powerful disincentive against piracy.
Over the years, many cracking groups have tried and failed to overcome this. The guys at ableton are extraordinary programmers and they've obviously done a number on this one.
There were even rumours that one of the top audio software cracking group members was actually an ableton developer, and that they leaked these devilishly broken builds to the warez scene themselves.
Why bother with stealth? My favourite approach is the Microsoft approach. It pops up, says "I'm cracked, click here", which takes the user to a web page that shows them all the benefits they'll reap if they get a legit version, just type your credit card number in this box and all is forgiven. It's hilariously easy to make your installation legal, which is the point... it's easier than pirating it, AND you get benefits.
Just wanted to add that this is the exact opposite to what some large game companies do. I bought Settlers 7 (an Ubisoft title) and got kicked out of the single-player campaign every time my internet connection blipped. In contrast, had I pirated the game, I would have had a paradoxically better experience. No incentive to buy, whatsoever.
Forgive my numbness, but how does this work? How do you know the right signature to be verifying against? It seems (to my not-much-of-a-programmer mind) that you've got a chicken and egg scenario here.
But that's obviously not the case, so you can explain briefly how it works? Or just paste a link.
You move the UI messages into a separate resource file, as you would for language translation. The executable signature is unaffected by the changed UI messages.
