Decompiler Scare x2

Today I have two seperate decompiler scares to announce.

The first is for GM6, the second for GM7.

A user whom I have been in contact with before sent me a PM today on the GMC and announced that s/he has made a program to decompile GM6 executables and create GM6 project files out of them automatically. S/he also threatens to release it, and make it open source for all to see.

Of course, I wanted to PM him/her back informing him/her of the consequences and legal action Mark and YoYo games could take against him/her if s/he were to do such an act, but s/he chooses not to accept Private Messages.

S/he included a screenshot of the program which was said to have been made in VB ’05

—-

The second decompiler scare today could be more serious as it is intended (and does) ‘decompile’ (using the term loosely) GM7 executables for the Game Maker program being released only a few days from now. Although more difficult to extract resources out of than GM6… the GM7 decompiler manages to do just as good a job extracting all your scripts, sprites, backgrounds, and other resources.

Considering this decompiler is made by the same people who made the previous GM6 one (see previous article from a few months back), it is probably in safe hands and won’t be distributed amongst the community like the GM6 decompiler listed above could very well be.

So in conclusion, we have two very serious matters at hand today; we have a guy/gal announcing his release of a GM6 decompiler to the whole community, and we have another group of individuals who have already found ways to decompile GM7 beta 2 executables. So, just as we thought we were safe from such distruction, the hackers break through again and manage to build such potentially dangerous software.

What are your thoughts on the issue?

Advertisements

45 Responses

  1. As for the gm7 decompiler, it shows that mark isnt serious about GameMaker, but maybe not since its beta, but if Mark
    doesn’t fix it, well might as well supply the source codes for your game, On the other hand what kind of sick b*tch would
    relase the decompiler, thats stupid and dumb, anyways If s/he
    really wants to be of significance, just give the program to the
    admins, that way it will help future developments for GameMaker

  2. Y-y-ou mean somebody actually made a decompiler for a popular program?!? *faints*
    …….
    This shouldn’t really be a shock. DRM, exe protection and related things are inherently insecure. In order to use the software, the user has to have the key. These schemes are based on the hope that the user won’t be able to fit the key into the lock.

  3. And to think I was waiting for GM7 so my games would be safe! That was a waste of time. 😦
    Just tell Mark about it.

  4. this is interesting and disturbing, it ruins the idea of making your own games! it turns hard-work into rippable games, and crumbles hours spent on a good game.

    p.s, why is there a smile next to the april 06 old news archive link?

  5. I’ve said this before, what’s the big deal here???
    Decompilers for Java and other VM based languages have been about for ages, with little or no detriment to the community that uses them. In the right hands they can be very useful learning tools and not some deviant tool to be scared of.

    As for stealing resources, so what – most of the games on the GMC use stolen resources, how many Sonic, Zelda and Pokemon clones are out there… If someone releases a game on the GMC or YoYo site using your graphics without your permission, simply PM the person and ask them to remove it or better still ask for some credit!

    In a free and open community sharing should be encouraged – how many people can honestly say they’ve released something that’s 100% there’s and that they’ve never looked at a single code example / tutorial. For gods sake even the GM program itself is someone else’s work and without that none of you would have ANY canvas on which to display your “works of art”. Even if your worked in C/C++ that’s someone elses, Direct X ??? We can all see further today because we’re standing on the shoulders of giants!

    Granted – in a commerical environment, allowing a third party to decompile your app to a state where they could re-create it as their own is an unwanted inconvience, however as far as I know no-one has mentioned anything about the YoYo site being used for commerical apps. If you do decide to submit an original work to a commerical site then here’s two simple bit’s of advice.

    1. Make sure you choose to work with a reputable company, which may NOT neccessarily offer the best return but 30% of something is better than 60% of nothing!

    2. Don’t tell them you developed the app with Gamemaker, don’t put a big fat link in the game credits, change the start up logo etc etc. Third party distributors won’t want to see your source, most of them will simply wrap their own DRM layer around your .exe.

    Going back to the Java issue, in my opinion the easiest way to protect your work would be for Mark / YoYo to add an obfuscate option along with the generate .exe. That way all the scripts and code (the bit your really scared of someone else getting hold of) will be rendered practially useless. Anyone who’s ever tried to follow decompiled obfuscated Java will tell you that – it’s more hassle than sitting down and writing the thing from scratch anyway.

    BTW – Anyone of a mind to rip someone else’s code and pass it of as their own, is probably too lazy to bother anyway and will soon get a rep to match!

    Jon…

  6. Any security made by man can be cracked by man. No exeptions. But I sure hope the GMC mods quickly ban every user that (tries to) posts a decompiler.

  7. This is silly.

    First of all, somebody PM’s you, editor of a popular Game Maker News site that has hosted stories of decompilers in the past, saying they’ve made one and threatening to release it. Ever feel like someone’s jerking your chain?
    I wouldn’t really take a screenshot as proof, either.

    But, if you really think this person has succeeded, you can always pm a mod. The mod can put that user on mod preview. Problem mostly solved right there.

    As for GM7, that seems pretty silly too. How can someone possibly crack GM7? That’s like me coming here saying “Hey, I’ve just cracked Photoshop CS3!!!” You can’t crack what you don’t have; at the end of the day, that’s the best form of protection. So, if someone figured out how to crack GM7, all they’ve really done is cracked the Beta.

    To suggest that there will consequently be a zero-day decryptor available is naive. There is absolutely no promise by Mark O. that the encryption used in the Beta will look anything like the final version. For all we know, Yoyo games may be hard at work writing encryption schemes–Mark did mention that having a new company behind the development would add many professional enhancements…

    Don’t worry until there’s something to worry about; due diligence will carry the day here.

  8. When you have a program as popular as GM, decompilers such as this are to be expected. There really isn’t anything you can do about ’em.

  9. mark has not encriped the exe’s yet

  10. Hey look, another case of “Python causes a panic for Game Maker users”.

    What the others might find more interesting than this is that Python has (to my knowledge) made no type of effort to contact a member of GMC staff so we can deal with this problem. Instead he just runs off to post about it.

  11. I already contacted Mark about it Chronic, I’ll be happy to give you details if you PM me.

  12. My point is that some things are best left untold.

  13. I don’t really find the promises that any decompilers will be left in “safe hands” all that comforting, when I know good and well that it will most certainly be ready for misuse in Python’s hands, and whoever else he chooses to share it with.

  14. Well EXE decompiling is illegal to all its like decompiling photoshop!

  15. You do realize that just using a google search for GM EXE recovery makes some decompilers pop up.Hey this could be useful(Not)

  16. AAAAAH!!

    This is not the best thing, but it would be fairly similar to do it with GM7, because the exes are not encrypted..

    I hope this doesnt lead GM down a bad path

  17. About the GM7 decompiler:

    Considering this decompiler is made by the same people who made the previous GM6 one

    This means that it was made by Steve if I am correct. I know for sure he will not use this in any advantage or will share this with others. Maybe he will give this to Mark just like last time and no problems will occur for the moment for GM7.

    As for GM6 decompiler, it is an other story. If you think this is true then remove every link of any website which leads to your .exe made with GM6 and wait until GM7 comes which you can convert the GM6 into a better protected one which only has one decompiler (which is in good hands and it is for the beta).

    The best thing is just to hide a resource in an .exe and ask that guy/girl to show you the resource to check wether he is a lier or not.

  18. I suppose i should post a quick comment here…

    Just about every day i get an IM from someone looking for my “decompiler”, and every day i turn them down. I have NO plans of releasing GMSE, at least as of yet.

    The other decompiler was not created by me (the VB one) but i feel that it’s a fake. A gamemaker editable file CANNOT be extracted using the .exe, the entire GM file does not go into making an executable.

    Remember though, ALL popular programming languages have had decompilers made for them. GM is not the first.

    And Ben, i really don’t agree with you putting this article on here. Last time i enjoyed the publicity, but thats the ONLY good that came from it (for me at least ^_^). Articles like this seem to do more dammage then good.
    -Steve

  19. Yes popular programs tend to get cracks/hacks decompilers… against them but the damage to GM is bigger as it isn’t that popular and decompiling could become commonplace (you can’t ban 5000+ users downloading the decompiler)

  20. A decompiler for gm.exe’s would be quite usful for developers who have lost resources or have corrupted .gm6 files. Because this decompiler would allow anyone to steal and otherwise destroy hours of work, GM could have a feature where when you make your game, you must register the game to yourself. So that if you decompile the .exe later, you must provide the registration information in order to access the resources and such. That way if someone else does decompile YOUR game, they still wont be able to access and steal your sprites, scripts, ect.

    -JumpMan16

  21. I missed the “scare” part.

  22. Every popular program has been cracked no matter what it was made with or how well it was made. As the person who said before “any security made by man can be cracked by another man”

    It is a very good quote that my mother says whenever someone breaks out of jail or something like that 😛

  23. Since GM7 has not aspack protection (check it with a hex editor), maybe we can use our own packers then?
    Remember that with the aspack protection stripped GM6 executables are similar like GM5/4 in the structure, which would be rather easy to decompile I assume.
    So, I have seen somewhere a unpacker for aspack, therefore the solution would be using our own packer with GM7 and using dlls to store the resources externally.

  24. What’s all the fuss about anyway?

    If you make a good game, and somebody decompiles it to use your resources, the chance that person will make a better game than yours is about 0.000001%.

    It just feels better if you make stuff yourself. Others can rip the resources from it but they’ll never have the feeling they made it themselves. That’s something they’ll never be able to steal 🙂

  25. Decompiling takes the fun out of making games. Isn’t that what games are all about? There are plenty of resources, scripts and examples to get people started, so why bother stealing other people’s work?

  26. I think this is great! I have some games from which i lost the GMD (long ago…) or GM6 file. And I don’t want to create them again, so this is great!

  27. Well for some are great, for some is a disaster! XD

  28. ruby@You are probably much more experienced right now so don’t care about the old stuff.

    Steve@Why don’t you make a big post on several forums saying you have deleted the GMSE off your computer and the source nor the exe of the GMSE can be found anywhere, maybe that will remove the attention.

  29. I got in contact with him. He says that the decompiler WOULD be useful if you include a special “object” in the game to decompile it. Unfortunately, he HAS broken the code of decompiling. =/ I will assure you that your sources are safe, unless you put in a “decompi_objh27” in your game. He only intends this to his friends, and won’t be much usefull anyway.

  30. That screen looks fake to me. Personaly I have reverse engineered GM6 in a number of ways. There is only one way that I know of to crack GM7 that I have gotten to work. I talked to mark and he said it would be nearly possible to fix. None the less, GM7 most definatley has better security than GM6

    The problem is that GM6 will most likely remain popular for a time after GM7 is released. If this tool is released to the world there will be hundreds of conflicts between game designers about stolen resources.

    Personally In my own projects I could care less about my sprites, sounds etc. My code is all that matters. It is the hard work I put into the game. I would certainly not want that stolen.

    My challenge to the creator of this tool. Email me at this address: theodred8@hotmail.com

    I will send you an EXE made with GM6. Then you can decompile it with your tool and send me back the .gm6 file.
    If your app works then prove it!!!!

    Even if it does work, why release it and cause chaos? I mean Steve never publicly revealed any secrets. Why should you? You need to respect the developers who work hard on their games. You should also respect Mark. We wouldn’t even have GM without him!!! Think about it before you do anything stupid.

  31. Something I forgot:

    Ya, I sure it’s a fake now

    Unless this person actually cracked the enrcyption on the EXE itself (highly unlikey) the EXE would have to be running. There is no way someone could re-assemble a .gm6 file from RAM!!

    This is just a hoax.

  32. “There is no way someone could re-assemble a .gm6 file from RAM!!”
    That IS NOT TRUE. There are people out there researching on rebuilding c/c++ code (hence a decompiler) and at a degree they have had an unexpected success. That would be c with hudreds of different types of variables, pointers, commands, api includes… Compare that to GM; 2 var types, and like 300 or less commands do you think that would be uncrackable?
    Besides that 80% of resources are retraceable only the code part is missing; and that could be got from the RAM.
    About the 80% look at our site (WIP/LAB page). The unpacker we did unpacks the resource in a way that we could just save everything to different files and when complete, build a new gm6.
    c/c++ decompiler is boomerang in case someone might know what i’m talking about.

    The real problem here IS NOT people finding our resources but the security threat. Let say someone did a real MMORPG (massively played), people might find the code and use it for their own purposes by ie: finding the encryption sequence of the transimmion of data like passwords, then decrypt other data found thus finding other people’s passwords.

  33. “There is no way someone could re-assemble a .gm6 file from RAM!!”
    That IS NOT TRUE. There are people out there researching on rebuilding c/c++ code (hence a decompiler) and at a degree they have had an unexpected success. That would be c with hudreds of different types of variables, pointers, commands, api includes… Compare that to GM; 2 var types, and like 300 or less commands do you think that would be uncrackable?
    Besides that 80% of resources are retraceable only the code part is missing; and that could be got from the RAM.
    About the 80% look at our site (WIP/LAB page). The unpacker we did unpacks the resource in a way that we could just save everything to different files and when complete, build a new gm6.
    c/c++ decompiler is boomerang in case someone might know what i’m talking about.

    The real problem here IS NOT people finding our resources but the security threat. Let say someone did a real MMORPG (massively played), people might find the code and use it for their own purposes by ie: finding the encryption sequence of the transimmion of data like passwords, then decrypt other data thus finding other people’s passwords.

  34. Ya, true, but how do you know that the whole gm6 is in ram?!!!

    I was considering this situation. Not the world of C++ programmers who get 4 hours of sleep a week

  35. Have you even been able to test one of these so called “threatening decompiler applications” you keep crying about? Stop scaring people, you’re not the “holy messenger of warning innocent GM users”.

  36. Eh, posting this is worse than the so-called decompiler. Honestly, if someone steals your scripts or code, it’ll be pretty damn easy to tell if they post it and from there, they will have imprinted “loser” and “shame” into the minds of other users.

  37. Even though these decompilers do exists (maybe not perfect as the sound but they do exist), i don’t see anything scary in this and by the time this news started, nothing happened so i guess the threathening creator might not wanting to publicise the decompiler

  38. QUOTE
    “Eh, posting this is worse than the so-called decompiler. Honestly, if someone steals your scripts or code, it’ll be pretty damn easy to tell if they post it and from there, they will have imprinted “loser” and “shame” into the minds of other users.”

    Not if they steal a nice collection of scripts. And post it for the public on the GMC. The original author wouldn’t be able to shut it down right away, and by then his work is open source. Honestly I would be scared if I had a decent game worth ripping off.

  39. You don’t really need a decompiler, just a memory editor, everything GM uses is in memory…

  40. There are hacks, decompilers, cracks, etc, for just about anything, floating around the Internet. I’m not too worried about one more coming up. Also, I wouldn’t mind getting a copy of a decompiler, actually. I lost the .gm6 file of a program I made a while back. I would really like to get it back, even though it would be technically illegal to decomp the .exe.

  41. Well, the GM7 decompiler needs some good reversing knowledge to work. Which means, 99.99% of people at GMC, being happy with memory viewers, cannot even come close to hijack this 2 second process of resource extraction.

  42. If your only decompiling your own games, is it still illegal? I know that sounds wierd, but in my case it seems an obligation, seeing as my GMK file is gone, and I only have an EXE file on hand.

  43. I see nothing wrong with a decompiler for gm, it would be helpful, I hope the decompilers get released. 🙂

  44. @ Anonymous – Wrong: the resources could be viewed in the memory, but not changed. This includes code.

  45. can you please tell the name of the sender of that pm ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: