Hello fellow developers,
assume I had a program that required authorization granted to him by a server over the network. Obviously, at some point within my code there would be something along the lines of:
if (serverResponse == expectedResponse){
//Continue as the authorized user
}
This system has a very, very unlikely weakness. If anybody were to actually modify the executable file and change the code of that if (which I assume to be some sort of branching instruction) to code, that always branches to the true-case. Is there a way to detect such a modification from within my program?
To me this sounds like a psychologist checking his own sanity. If this is not possible, how would such a thing be done? How does software like Punkbuster check for manipulation of game code?
I guess it might be very relevant that this program of mine is written in C++ and compiled with the GCC compiler.
The trick here is not to rely on a simple if statement. As you say that is easily circumvented by someone who can reverse engineer your code. Instead you should use the value returned from the server for some vital function of your program. For instance the response from the server could be used as a key to decrypt some vital data on the client. That would be much harder for a reverse engineer to circumvent.