★ TouchArcade needs your help. Click here to support us on Patreon.

Anti piracy advices - pls contribute!

11-03-2009, 05:16 AM
#1
Joined: Sep 2009
Location: xor eax, eax
Posts: 755
Anti piracy advices - pls contribute!

I'm starting this thread in order to help you, iPhone dev colleagues to protect your apps. Please contribute in order to help each other. (I would avoid posting full-blown solutions, though.)

Here are some Dos and Don'ts I've collected so far, which might help you in implementing a better protection for your apps.

Just checking for SignerIdentity is a very naive approach. Unfortunately many sites suggest this method, - even commercial frameworks use this check! - however if implemented the way shown below is the same as doing nothing! It only adds some additional bytes to your binary's size, definitely dead code I would say.

The code snippet below is useless in this very raw form:

Code:
NSAutoReleasePool *pool;
    boolean pirate_copy;

    // iphone: piracy detection
    pirate_copy = false;
    pool = [ [ NSAutoreleasePool alloc ] init ];
    {
      if ([ [ [ NSBundle mainBundle ] infoDictionary ]
                objectForKey: @"SignerIdentity" ] != NULL)
      {
        // we have just detected a pirated copy
        pirate_copy = true;
      }
    }
    [ pool release ];
Why won't this work for you?

The string can be easily identified in the binary, and by just replacing one single character, the whole check is history.

Here are my advices which might improve your anti-piracy attempts:
Advice #1 Never use popular snippets to protect your app against piracy (see above).

Advice #2 Strive for original solutions / adapt the existing ones.
No, don't reinvent the wheel, but try to modify or even improve the existing solutions.
This applies for the SignerIdentity check also - do not use it in the well-known way (see reasoning above). However, if applied with a twist, it will make cracker's life harder.
It's not easy, but once you think out something which is not spread all over the internet, your app will be harder to crack (at least an automatic crack tool will probably fail).

Advice #3 If the crack is detected, do not react instantly. Apply some delay logic.
That way there is a good chance that the cracker does not detect the trick, and the pirated version is spread in this form. And actually that's what we want, isn't it? ;-)

Advice #4 Test your anti-crack logic thoruoghly for false positives.
Do not punish legal users! Btw, there is a good chance you'll punish yourself first, as your app will be probably rejected by Apple - and this is the optimal case. Otherwise - if not detected by the review team, and the app goes live - you'll dissappoint your loyal users, which is the worst thing for you as a developer!
Thanks GregH for reminding me this important rule.

Last edited by Carlos; 11-03-2009 at 06:51 PM.
11-03-2009, 05:36 AM
#2
Joined: Nov 2008
Location: Munich, Germany
Posts: 754
Send a message via Skype™ to mobile1up
or.. don't bother..

if your looking to see if someone is using a different signer identity than your own; the above is sufficient.. if you don't cripple the game - the patchers wont go through and bother changing that single byte anyhow. remember - most people run an existing script to crack apps; they don't disassemble the code (they only do that if the developer shows a message or locks out a feature) ... i've been an expert on these things for years; i even wrote a paper on it.

http://www.ardiri.com/publications/palmsource2000.pdf

while it was specifically for palm os; the end result applies.

// Aaron Ardiri
Mobile 1UP is a proud indie developer - support us!
developer of Caveman / Caveman HD and GW Series

11-03-2009, 05:52 AM
#3
Joined: Nov 2008
Posts: 291
Advice 1: Release a lot of useful updates - if someone really likes your app he will get bored of searching for working pirated copies of your app

Advice 2: If you detect a pirated copy don't block everything - use the opportunity to show the user how great your app is - just show a message and apply a time limit or some other solution to make your app a "light" version. In some cases it will be enough to show a nag screen (maybe with a 5 second countdown) every time your app is started.

Advice 3: Use fair and consistent prices for your apps. There are many great apps available for $1, so it is hard to convince users to pay $3-$10 only because your app is new or you compare prices to other systems. This is the Appstore - no XBLA, PSN or a windows mobile device. If you did sales and price drops in the past (even for other apps) users will wait for the next price reduction and maybe lose interest in the meantime. If you don't offer something very special stick to $1 to generate impulse buys and avoid that users wait for price reductions.
11-03-2009, 08:48 AM
#4
Joined: Sep 2009
Location: UK / Toronto
Posts: 602
Do crackers ever remove the "We won't stop you playing, but please buy this game… etc." pop-up messages?
11-03-2009, 08:53 AM
#5
Joined: Sep 2009
Location: xor eax, eax
Posts: 755
Quote:
Originally Posted by EssentialParadox View Post
Do crackers ever remove the "We won't stop you playing, but please buy this game… etc." pop-up messages?
Actually they remove the program logic which leads to displaying this message.
Or to put it otherwise: every anti-crack check is removed (most probably as part of an automated process).

That's why I said that using straightforward and popular methods just won't work: the countermeasures are instantly inserted in the crack tool as soon as a new protection method appears and gets detected by them.

This is nothing but a race, something similar with the one which is between virus/trojan horse makers and antivirus software developers.

Once you have a good anti-crack method, they will find it - if your app is interesting enough or if the method is applied at a larger scale.
If this is not the case, and the automatic check does not work, they probably just don't care.

Last edited by Carlos; 11-03-2009 at 09:10 AM.
11-03-2009, 03:59 PM
#6
Joined: Sep 2009
Posts: 479
Quote:
Originally Posted by Carlos View Post
Actually they remove the program logic which leads to displaying this message.
Or to put it otherwise: every anti-crack check is removed (most probably as part of an automated process).

That's why I said that using straightforward and popular methods just won't work: the countermeasures are instantly inserted in the crack tool as soon as a new protection method appears and gets detected by them.

This is nothing but a race, something similar with the one which is between virus/trojan horse makers and antivirus software developers.

Once you have a good anti-crack method, they will find it - if your app is interesting enough or if the method is applied at a larger scale.
If this is not the case, and the automatic check does not work, they probably just don't care.
With my latest update I put some crack-detection code in my app to make it limit your play-time (like a demo basically) and put up a nag screen. Unfortunately I made a mistake and just found that the crack detection can give a false positive on a legally purchased copy which is the last thing I'd want to happen. Now my latest update will probably have been in review for nearly a month by the time it comes out. At least I caught it before it finished the review process.

Oh well :-)

"when he eats three poops and becomes muscle bound, that was worth the .99 right there." -Super Fly!
Tetris and Bubble Wrap had a baby and named it Super Juicy!
TouchGen Best of 2009 Finalist! 5/5 Best of 2009
11-03-2009, 04:22 PM
#7
This will be unpopular, but I am not doing nothing about piracy, and I don't intend to. I have more important things to do, like add actual features to my game for the people who paid for it.

If the customers are happy, they will talk about it. If the pirates are happy, well maybe they will talk about it.

Or try this: Make your app free for a while when it first hits the app store. In the very least, it will lower the pirate downloads and increase your standing in the App Store. Its a win-win.

A ragdoll physics platformer:Flickitty
The artist: randall schleufer
Twitter: @FlickittyiPhone
11-03-2009, 04:40 PM
#8
Quote:
Originally Posted by Flickitty View Post
Or try this: Make your app free for a while when it first hits the app store. In the very least, it will lower the pirate downloads and increase your standing in the App Store. Its a win-win.
Note to anyone reading... do NOT follow this advice. You'll lose your best shot to actually make money as a small potatoes indie developer- the early adopter crowd. These are the people who need it now, and will pay your asking price. After them, everyone's a harder sell... especially if they think you may make it free again at some future point. In addition, your ranking does not carry over between free and paid when you do finally switch. So I'd say it's lose-lose.

Regarding piracy- I'll add obfuscated detection in my next game just to track how rampant it is, but most likely won't do anything dramatic to the pirate players unless my bandwidth use gets out of hand.

--- ChronoSoft ---
Support your roguelikes! Play Rogue Touch today!
Spirit Hunter Mineko: Demons Reach --- Work in progress! Follow us on Twitter!
11-03-2009, 04:56 PM
#9
Joined: Sep 2009
Posts: 479
I don't think thats "unpopular" at all. Its a perfectly valid plan to just ignore piracy. However, there is an opportunity here and if 90% of our gamers are pirating, then reaching a few of them could be quite significant.

Quote:
Originally Posted by Flickitty View Post
This will be unpopular, but I am not doing nothing about piracy, and I don't intend to. I have more important things to do, like add actual features to my game for the people who paid for it.

If the customers are happy, they will talk about it. If the pirates are happy, well maybe they will talk about it.

Or try this: Make your app free for a while when it first hits the app store. In the very least, it will lower the pirate downloads and increase your standing in the App Store. Its a win-win.

"when he eats three poops and becomes muscle bound, that was worth the .99 right there." -Super Fly!
Tetris and Bubble Wrap had a baby and named it Super Juicy!
TouchGen Best of 2009 Finalist! 5/5 Best of 2009
11-03-2009, 05:16 PM
#10
90% is awfully high. I've seen that number before, so I don't think it is unrealistic.

I know we never even came close to approaching a 90% piracy rate (yet). I think Russia was one of the first countries to pirate our game (UAE or Saudi Arabia was the first actual evidence). However, Russia is the first country to put us in the Top 100 Paid Apps (all categories).

I realize Russia is a much smaller market, but our Russian downloads have always been much higher than most other regions (including USA).

At a 90% piracy rate, there may be other things at play here.

A ragdoll physics platformer:Flickitty
The artist: randall schleufer
Twitter: @FlickittyiPhone