Making a Software Security Library
Monday, September 8, 2014 - 14:43
I plan on making a C++ game security library with my game that can be used in any game. If I succeed, it should detect
injected code and take action from there. Where should I start?
Are you planning to make DRM library or library that checks that game binary or resource files aren't altered for cheating?
Yes. Not only that, I plan to code it in C++ from scratch, using no library. I have the full, rundown knowledge of what it should do and it will use a namespace for collision cases.
Restricting modification of files is pure evil, don't do it.
@Calinou: I'm just preventing rougue attacks on innocent software that kill in their paths, not preventing mods period.
Sounds like you are planning a library that should make games more robust. External library won't help for that. You just need to test it more throughly specially with method called fuzzing. In fuzz testing you try out invalid and uxpected values to see if test target can survive from those.
To be honest buy one, it's a never ending battle.
Here's one that I recently started using:
http://www.softwareshield.com/
It's $99 for the ISV version, and $7 a month for their online service, with the first three months being free.
Even at minimum wage (in the US), that's only 12 hours of work. And, $7 a month would barely cover hosting costs.
Sorry, this sounds like “enterprise” BS to me.
By the way, the WOT score card of the site <https://www.mywot.com/en/scorecard/softwareshield.com> doesn't give it too much trust.
First time I've heard of WOT.
All I could see from the page is that not many people (ie probably none) have rated the site.
Runic Games and PopCap can't be wrong, right? The main page contains endorsements from them.
EDIT:
I'm not sure I would trust WOT. Digging a little deeper (using checkpagerank.net). The domain has been registered since 2003, selling a version of the same product. And, has a page rank of 3/10.
Hey,
You have many options to detect code injection but you have many options to inject a code into an application as well. You have to monitor the memory and runnig processes.
Also if you are asking where to start i am sure you will not succeed to make any kind of libary like that.
The first reason is you can not secure an application 100%. The number one rule is: If someone wants to crack a software he will crack it up sooner or later it will be cracked. All you can do is to make it harder. Also if you are creating a game you probably keep it updated with new content and new features. People won't play an outdated game also why would anyone crack your game? The only thing you can do is to change core elements from time to time.
Even companies has no perfect anti cheat software or software that protects their software against beign cracked.
Hope it helps!
And sorry for my english ;)
The best defense seems to be an unpredictable degradation in gameplay if a hack is detected. Someone attempting to hack your game won't test it long enough to find the protection that occur late in gameplay. The reward for hacking a game isn't being able to complete the game, it's knowing that you've defeated the protection.