InstantPlay Now Vulnerable to Decompiling

InstantPlay tab of the decompiler.

InstantPlay tab of the decompiler.

This morning an update to the GM Decompiler was released, this time with the ability to decompile InstantPlay games and extract GM7 extensions from games. The update also defeats some methods devised for protecting games from the old decompiler (typically using a hex editor to tamper with the PE).

InstantPlay decompiling automatically detects games you have used via InstantPlay, which are stored in a folder under My Documents. Users are presented a list of games detected and the rest is automatic.

Version two of the infamous decompiler is by the same author (Clam), and includes the same vengeful message about GMK encryption (which was designed to defeat third-party projects).

GMNews and Scorptek do not endorse copyright infringment. This news posting is for informational purposes, and links to the decompiler will be deleted.

23 Responses

  1. cool *goes and looks for decompiler* (just kidding)
    yeah, I think it is wise to keep the sources CLOSED to those “keep your code safe” programs…

  2. Bound to happen anyway.

  3. yes, but still very sad.
    note: I don’t like my currant avatar, so I am going to switch my e-mail (again)

  4. argh, hat that one too… I will just stick with the original one, even though I don’t use that adress anymore…

  5. @caniac – hehehehe.

    @GMNews – well this sucks! I was wondering when it was going to happen, and apparently, it happened today.


  6. Guys, there IS protection against the 2nd decompiler. I won’t name the custom programs so to not get them into target but the ones who won’t be able to be decompiled for sure are commercial wrappers. Also the obfuscator and solutions with dlls still will work. A bit of a problem is for those who relied on the vista converter as this new one reads converted .exes as well.

    This is a minor update concerning exe readability though. I am more concerned on the copyright infringement Clam has caused by releasing a second version of that tool especially with including instantPlay functionality. I am really curious to see YoYoGame’s reactions to this.

  7. yes it does, I didn’t even think about the possibility, but knowing there is so much out there, I am not surprised I missed it.

  8. Yeah that does suck… I just don’t understand why someone would want a decompiler… Every one knew that this would happen, it was just a matter of time. There is no plausible way to stop this kind of thing, someone is eventually gonna decompile it. Nothing is hack proof, unfortuneantly. :/

  9. Hmm… Not the greatest of news. maybe it will push Yoyogames into doing something about it faster though. Not that it really ever bothered me.

    I wonder how well it works, do objects maintain there same name and all? Just how clean of a get is it? Crazy the amount of work people will go through to just to do something like this. I’ll bet it would have been easier to make their own more secure game making software (More fun and more rewarding as well) than make this. Why not lend their talents to something useful like the Enigma Project or something?


  10. From what I understand, extraction is pretty much perfect, and it appears the authors are lending their talents to LateralGM. The release notes say that “the documenting of the gmk encryption scheme led to its testing on executables and hence the making of this tool”.

  11. The creator of the decompiler works on LateralGM, which has a plugin for compiling your games with ENIGMA. For those who don’t know what ENIGMA is, it’s a program that converts your GM game to C++ and compiles it, making it invulnerable to complete decompilation.

  12. Christian Sciberras, how is this pathetic? It is sending YYG’s a message saying that they should release some sort of patch or something to hurry up and fix the very vulnerable stops in the EXE, maybe they should have some sort of encryption?…

    Maybe if they stop talking about what they could be doing, working on pointless and already made wiki’s, crap forums that no one should use [YYG FORUMS] and other things that have already been made by community – community projects.

    Seriously, maybe they could at least tell us how to add some more security? I do know how to make it very, very hard to decompile a game, but it would require a lot of work.


  13. To be honest, I don’t think it matters for any of my games since I struggle to read my code I doubt anybody else could.

  14. GM’s exes used to be encrypted, but the community didn’t like it (including me). Encryption would only make it more difficult to sell your game (since most game retailers use wrappers that don’t like encrypted PEs), and the crackers would break it again. There’s no real solution besides actual compiling.

  15. so basicly, LGM will use the decompiler?

  16. Themida 3 and Armadillo 6 and a couple more DRM work with GM executables. If someone is targetting the market with GM, I suggest trying those.

  17. Caniac, as I understand it, no, it will not use it directly, but much of the research for LGM applies to the decompiler (and vice-versa).

  18. @Elmernite – As mentioned above, the creator of the decompiler originally was helping with LateralGM (LGM). LGM has a plugin for Enigma. So in a way, he was kind of doing both – decompiling and compiling.

    @Caniac – Absolutely not. LGM is currently strictly legal and does not violate the EULA, and we’d like to keep it that way.

    @bendodge – GM’s exes *are* encrypted. They use a very similar method to the encryption used on the GMK. The author of the decompiler (and many other people) were ticked off that GMK was encrypted, so he released the decompiler to prove the point.
    Furthermore, my research for LGM is in the public domain, completely open source and such. If my research helped the decompiler, that’s like accusing Newton of murder everytime someone jumps off a building. The decompiler is closed source, and as such is not aiding in the research for LGM at all.

    -IsmAvatar, Project Leader of LateralGM

  19. @Bendodge,

    ahh, yeah, I guess that makes sense.
    [offtopic] so you are homeschooled? cool! same here 🙂

  20. And i thought Instant play was supposed to be safe, but yea i guess anything is possible.

  21. yeah, I did too, but I guess it isn’t anymore…

  22. The decompiler cannot decompile extensions in the game. Put all of your code into an extension, so that people cannot decompile it!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: