Legend 2. The First Hack or How we grew staff numbers
7 Dec 2015
You may question if it is a good thing to write about a hacking incident because it could harm the company’s reputation. Of course hacking is a bad thing. But it is not always that bad. There are white hat hackers who find vulnerabilities to improve a security system and may be… to find a new job.
Please enjoy an extract from the Dmitry Guseff book “So the Star tempered ... 10 light years”.
One day we found out that someone had published in the net an article containing methods of hacking StarForce protection. It was devoted to the version used to protect the game “Cossacks: European Wars”. The article’s author didn’t pose himself as a professional hacker. He explained that his interest was only in the area of research. We studied the article and the conclusion was disappointing: though the material had some mistakes and misconceptions, on the whole it could be used as the base for a hacking activity. You need to know that after almost 2 years of working on the market we were used to think about our protection system as 100% unbreakable. So the fact that someone was so close to cracking it was like a cold shower on a hot summers day for all of us. A fortnight later the same author published fragments of disassembled code taken from the game. The work was brilliant. We knew about most of the vulnerabilities that the hacker used in his work, but did not have time to close them in time.
- I received this link in the morning, - the Analyst was sitting hunched at the computer screen.
- StarForce Virtual Machine Analyzer – the Architect read aloud from behind the shoulder of the the Analyst.
- Yo-ho-ho – the Developer said nervously, - We have it coming.
- I have studied it already – the author disassembled the virtual machine. Of course the material is raw and it is based on guesses. But it could help to create a crack for Cossacks just a week or two after its release, - the Analyst said.
- But the release was half of a year ago! – the Validator entered the conversation.
- Right you are. It seems to me that he was working hard all this time to find the solution. And ta-dah! But the description of his solution is too difficult and it is highly unlikely that anyone except the author himself could use it – explained the Analyst.
- Taking into consideration the fact that every later protected application has a different protection structure will it work for everyone? – asked the Driver Expert.
- Fortunately it will. What he has done will enter the history books, and who knows what else he could come up with, - answered the System Expert.
- It is necessary to analyze the hacker’s work and understand all the threats – the Logician turned to the Driver Expert, - and when everything is clear we can start to panic.
We agreed to do it like this and after two days of research it was concluded that the hacker was at least very talented. The first fright left because we confirmed that the method offered by the hacker was in fact very tangled and difficult to apply so that in this state only the author could actually use it.
- What a competent lad!
- It might be a girl, LOL!
- Don’t think so – look at the nick.
- Why don’t we invite this mmm… person to join us and direct his or her energy and knowledge to a peaceful course?
- You are reading my thoughts!
It was the time for us to make our move. The Analyst sent a private message through one of the forums. The hacker responded quickly and agreed to meet. Sometime afterwards a new employee was presented to the team:
Please get acquainted – the Researcher, - the Analyst introduced the novice pointedly.
The researcher was involved in prototyping development, studied the solutions of competitors, and analyzed the tamper resistance of StarForce solutions. In particular, based on his Cossacks research, he put forward a number of recommendations to improve the StarForce reliability.