how to prevent our game from getting pirated

Sparrow Forum » General Discussion

how to prevent our game from getting pirated

(11 posts) (6 voices)

Started 10 months ago by dprijadi
Latest reply from Dan

Tags:

dprijadi
Member

hi friends

im curious, how do we as developr prevent our games from getting pirated ? how do we check if our apps is running on a jailbroken phone ?

i read this news on apple insider...

quote:

Developer frustrated that Apple grants Game Center support to pirated iOS apps
A game developer victimized by piracy via "jailbroken" iOS devices has expressed frustration that Apple's Game Center service is apparently fully functional for users who run stolen software.

GAMEized, the maker of the 99-cent iPhone and iPad game FingerKicks (iTunes link), told their story in a post on their official site this week. The tale of rampant piracy, highlighted Friday by TechCrunch, reveals that FingerKicks was pirated by 91 percent of those who have played it.

The developer discovered this because those who have stolen the game apparently still have their high scores posted on Apple's Game Center service for iOS. While the soccer-themed game has reportedly sold 1,163 legitimate copies, the developer said at least 15,950 pirated copies have been logged on Game Center.

The number of users who stole the application was helped by the fact that one illicit piracy service showcased FingerKicks as a "featured" game on its main page.

Frustrated by the situation, the developer has publicly questioned why Apple does not at the very least bar users with pirated software from utilizing the Game Center service. A Game Center account is tied to the same Apple ID used to purchase content from the App Store.

"Most bewildering of all is that even with all their rhetoric chastising piracy and intellectual property theft, Apple apparently has no functional counter-piracy safeguards in place on their Game Center -- essentially permitting users to play pirated software on their Game Center without fear of reprisals or consequence," GAMEized's Luis Fonseca wrote.

Despite frustration with what was characterized as a "humiliating piracy problem," the developer also added that they are fans of Apple's products and platforms, as evidenced by the fact that their game is exclusively available on iOS.

Users can install pirated software on iOS devices by "jailbreaking" the operating system. Jailbreaking is a warranty voiding process that exploits security holes in iOS in order to allow users to run unauthorized software.

While jailbreaking is legal and can be used for legitimate purposes such as custom themes and modifications to iOS, it can also be used for illegal purposes such as stealing applications from Apple's official App Store. For its part, Apple has warned users not to jailbreak, citing security risks.

The stigma of piracy connected to jailbreaking is not lost on the hackers who work to find the exploits in iOS. The latest browser-based jailbreak released earlier this month even pleads with users: "Please don't use this for piracy."

Posted 10 months ago #
dprijadi
Member

link to the site :

http://www.appleinsider.com/articles/11/07/15/developer_frustrated_that_apple_grants_game_center_support_to_pirated_ios_apps.html

http://blog.gameized.com/2011/07/12/the-huge-success-of-an-appstore-failure/

http://techcrunch.com/2011/07/15/case-study-how-piracy-destroys-app-profits/

quote from the developer who got pirated ::

>>>> The huge success of an AppStore failure

Posted on July 12, 2011 by Luís Fonseca

GAMEized is one of the newest game development agencies to take the industry by storm, and we did it through an innovative marketing approach and solid game development.

We generally develop branded games and entertainment applications for other companies, but we recently took the bold step of self-promotion by developing a game for ourselves. After several hours of research and development, a new football / soccer arcade game was born, and we called it FingerKicks!

FingerKicks is an exciting and addicting game we developed for all iOS platforms (iPOD, iPHONE and iPAD). It’s simple to play and exciting to master and it has already generated a huge buzz from its fan base for its excellent gameplay and HD graphics. Best of all, it’s only 99¢ and is available on the App Store.

In its first few days after release, FingerKicks amassed over 17,000 players and the numbers were soaring daily. With that many players at 99¢ each in under a week, one would think that FingerKicks was positioned as a runaway hit and a welcome financial windfall for us.

Unfortunately, the reality is that we’ve collected less than $800 in sales for FingerKicks, and Apple’s policies (or lack thereof) are the primary reason for the huge losses.

There is an unfortunate dark side to Apple app development that is often hushed or overlooked. It’s a hard-learned lesson that took us completely by surprise; our story is a cautionary tale for all developers new to creating apps for Apple.

Dave Rosen, founder of GAMEized, said, “We submitted the game to Apple and four days later the game was approved and submitted for sale worldwide. Our hearts started racing desperately to know how the game was doing in the stores but Apple only provides data once a day. Waiting (and sneak-peaking the stores) was the only way to monitor the activity.”

The first day’s results were low but promising: 144 purchases for a profit of $97.35, and we felt it was a good start. Even more encouraging, FingerKicks reached the Top 5 in Portugal, where football is the #1 spectator sport! The second day’s results were a little lower, only 115 purchases, but it was a Saturday and we pinned all our hopes on Sunday’s sales. It didn’t disappoint – the numbers climbed back up to a respectable 122 purchases, and we were on our way.

Posted 10 months ago #
Shilo
Master Sparrow

Hello,

I've always wanted a simple solution to this. The only solution I can think of is making your app free (trial version) and doing IAP (In App Purchase) to unlock the full version. IAP can't be pirated. Only problem is that it might decrease sales with this strategy, Gameloft has tried this IAP strategy and hasn't used it since, so I imagine the sales didn't go so well.

Also, I recently read that freemium apps are grossing more then paid apps. So that would be another solution. You could have ads and then use IAP to disable ads and add whichever features.

Posted 10 months ago #
dprijadi
Member

yes , shilo , that one method is even recommended by apple.. creating free version of apps with ads. btw what do you think of these articles below ?

http://www.iphonedevsdk.com/forum/iphone-sdk-tutorials/29509-iphone-piracy-protection-code-tutorial.html

Quote from the site :

>>>>> The first step towards preventing the piracy of your apps is detecting the piracy, and then taking steps to either monetize your freeloading traffic or disabling your app altogether. The most basic of Anti-Piracy methods is as follows:
Code:
NSBundle *bundle = [NSBundle mainBundle];
NSDictionary *info = [bundle infoDictionary];
if ([info objectForKey: @"SignerIdentity"] != nil)
{
/* do something */
}
The code should be pretty self explanatory. We are checking the info.plist for SignerIdentity, which is implemented in all cracked apps in order to run on a jailbroken phone. This is designed to overcome automated processes at best, and will probably only prevent the most simple-minded of iPhone hackers. The problem with this type of detection is that it can easily be bypassed with a simple hex editor.

The next step towards Piracy prevention is this little piece of code:
Code:
#define INIT_STRING @"SignerIdentity"

NSString *aString = INIT_STRING; ///do this for all of your temp strings
This code should be implemented with the one above. Basically this hides the "SignerIdentity" from a hex editor by applying bit manipulation to each character in the string. This should make it a lot harder to find with a simple hex editor, but does not protect it completely.

This simple code below is designed to also work with the first code sample to hide the "SignerIdentity" string that is so easy to find. It does not work quite as well as the one above, but does provide some adequate coverage from search based hex hacking. Change the NSString of the first sample with this:
Code:
NSString *aString = [NSString stringWithFormat:@"%@%@%@",@"Sig",@"nerI",@"dentit y"];
The output code should look like this in a hex editor: "Sig.nerI.dentit y.. Still not the best, but it should prevent the noobs and automatons.

This is where it gets interesting:
Code:
NSBundle *bundle = [NSBundle mainBundle];
NSString* bundlePath = [bundle bundlePath];

NSFileManager *fileManager = [NSFileManager defaultManager];

NSString* path = [NSString stringWithFormat:@"%@/Info.plist", bundlePath ];

NSDictionary *fileAttributes = [fileManager fileAttributesAtPath:path traverseLink:YES];

if (fileAttributes != nil) {
NSNumber *fileSize;

if (fileSize = [fileAttributes objectForKey:NSFileSize]) {
NSLog(@"File size: %qi\n", [fileSize unsignedLongLongValue]);
}
}
As you can see, this code is much more complex. We are checking the file-size of the info.plist and displaying it in the NSLog. From there, you can change the Anti-Piracy code to match the plist size. Since Apple does not change the info.plist file when coded for distribution in the App Store, it will work in the App Store. With this code, please keep in mind that the size (in bytes) of the info.plist in the Xcode Project Directory and in the Application bundle may differ.

The code below is the biggest step on the road towards Anti-Piracy. We are going to go into ciphers! Enjoy:
Code:
NSLog(@"Substitution Cipher:");
char symCipher[] = { '(', 'H', 'Z', '[', '9', '{', '+', 'k', ',', 'o', 'g', 'U', ':', 'D', 'L', '#', 'S', ')', '!', 'F', '^', 'T', 'u', 'd', 'a', '-', 'A', 'f', 'z', ';', 'b', '\'', 'v', 'm', 'B', '0', 'J', 'c', 'W', 't', '*', '|', 'O', '\\', '7', 'E', '@', 'x', '"', 'X', 'V', 'r', 'n', 'Q', 'y', '>', ']', '$', '%', '_', '/', 'P', 'R', 'K', '}', '?', 'I', '8', 'Y', '=', 'N', '3', '.', 's', '<', 'l', '4', 'w', 'j', 'G', '`', '2', 'i', 'C', '6', 'q', 'M', 'p', '1', '5', '&', 'e', 'h' };
char cfile[256];
[[[NSString alloc] initWithString:@"SignerIdentity"] getCString:cfile maxLength:sizeof(cfile) encoding:NSUTF8StringEncoding];
NSLog(@"%s",cfile);
for(int i=0;i
The code above may seem complicated, but it's not. We are using a substitution cipher, a very basic form of cryptography, to rearrange the alphabet and "translate" (if you will), the "SignerIdentity" to (in this case) "V.NwY2*8YwC.C1". So as you can see, it encrypts the string SignerIdentity to the string V.NwY2*8YwC.C1 then decrypts it back to SignerIdentity.

Now to disguise our piracy check:
Code:
char symCipher[] = { '(', 'H', 'Z', '[', '9', '{', '+', 'k', ',', 'o', 'g', 'U', ':', 'D', 'L', '#', 'S', ')', '!', 'F', '^', 'T', 'u', 'd', 'a', '-', 'A', 'f', 'z', ';', 'b', '\'', 'v', 'm', 'B', '0', 'J', 'c', 'W', 't', '*', '|', 'O', '\\', '7', 'E', '@', 'x', '"', 'X', 'V', 'r', 'n', 'Q', 'y', '>', ']', '$', '%', '_', '/', 'P', 'R', 'K', '}', '?', 'I', '8', 'Y', '=', 'N', '3', '.', 's', '<', 'l', '4', 'w', 'j', 'G', '`', '2', 'i', 'C', '6', 'q', 'M', 'p', '1', '5', '&', 'e', 'h' };
char csignid[] = "V.NwY2*8YwC.C1";
for(int i=0;i
Now the NSString signIdentity contains the string "SignerIdentity", without us having to declare it in the binary and potentially have it hacked! It would probably be a good idea to generate your own symCipher array, and generate your own encrypted strings, so they are unique. Here is a small html PHP script that simply outputs your decrypted string and the substitution array needed to generate it here!

This next cipher is a Transitional cipher. The principal is really simple, just replacing a letter in the ASCII table with one a defined amount above or below it, so if I wanted -1, B would be A, A would be Z etc. An objective-C implementation would look like this:
Code:
NSLog(@"Transpositional Cipher:");
char csignid[] = "SignerIdentity";
NSLog(@"%s",csignid);
for(int i=0;i
This will give us the log: Transpositional cipher, SignerIdentity, pfdkboFabkqfqv. This is harder to crack but pretty easy to spot if you know what you're looking for. Nonetheless, it's one step, and a lot less code, closer to preventing hackers from cracking your app.

So now let's do a basic decryption of the SignerIdentity string that we need, we just use the decryption method with our encryted string:
Code:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
As you can see this contains a lot less code, but with the drawback of being a lot more crackable. This is the end of the cipher code samples.

So now that we have learned how to hide our string from simple hex edits, we can lay a honeytrap in our code. Let's go back to the code we used in the beginning of the tutorial. We used a simple "SignerIdentity" string in full site back then. Now what if we added a small boolean value in there to return true if it has been executed if the ObjectForKey is null? Let's find out:
Code:
bool checked = false;
if([[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] == nil || [[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] != nil)
{
checked = true;
}
if(!checked)
{
// This app be hacked!
}
In this code, the variable checked will be false if someone hex edits out SignerIdentity, a nice little honeytrap. Now what you do after you have detected this piracy is up to you! Personally:
Quote:
My method of choice is to display an alert.. much like "illegal copy detected" then just gobble up all the memory and display a "reporting piracy to apple" with a progress view... so it freezes the phone while "reporting piracy".

of course there is no call to report piracy.. it's just a deterrent.

Guaranteed app uninstall within minutes after they reboot their phone (because it froze) -Root
<<<<<<< end quote

Posted 10 months ago #
enbr
Moderator

Hi,
I have tried to do piracy protection before with little or no luck. I really think there are better ways to spend your time, like creating your app. The code in the thread you mention on iPhoneDevSDK is outdated and IMHO, hard to use.
My best advice is IAP and maybe a freemium model.
Brian.

Posted 10 months ago #
Shilo
Master Sparrow

As Brian said, that code is outdated. If there was a valid way of preventing piracy in code, i'm sure the big developers would be using it by now.

Posted 10 months ago #
dprijadi
Member

yes, i saw your nickname there too enbr =D

Posted 10 months ago #
IlyaK
Moderator

Hi,

Just saw this. I'm curious, what does freemium mean?

Thank you,
Ilya

Posted 10 months ago #
karunabdc
Member

Freemium is when the app is free, but users have to pay for additional levels/features via in-app purchasing.

I think pirates will be pirates, there's no stopping them. It's probably just better to put effort into making a V.good game so the non-pirates of the world enjoy your game and pay well for it

Posted 10 months ago #
IlyaK
Moderator

Got it. Thanks for the response!

Ilya

Posted 10 months ago #
Dan
Member

I have to agree with enbr and karunabdc, you're much better off spending your time on the app rather than worrying about piracy.

As much as i sympathize with the developers in the article you have to wonder whether they would have got as much attention about their game without the piracy. Sounds harsh but would people have actually have heard about the app if it hadn't been featured on a piracy site? They may have found they wouldn't even have got the 800 downloads they did get...

One of my non-Sparrow apps has had every version cracked and distributed on these piracy websites and I'm not convinced how much it affects sales. I actually started talking to a couple of the culprits on the forums for those sites and most of them seemed to be kids who had too much time on their hands, I think most people will pay 99c rather than go out of their way to find a cracked version.

There's no doubt piracy is a problem but I think it's naive to think that everyone who pirated it would have bought it.

Posted 10 months ago #

RSS feed for this topic

Reply

You must log in to post.