Game protection on Steam: proprietary mechanisms and third-party DRM. How to protect your account on Steam. Program to protect your Steam account.

Hello everyone, if you are buying accounts Steam with mail, then you were probably always afraid that your account could be restore. From my own sad experience, I know that the owner can still restore his mail and change all the data. How to protect yourself from such situations? How to get almost complete control with the slightest chance of recovery? We will look at the purchased account with mail from mail.ru. Mail is one of the most sophisticated mail scams for buyers. Since the owner, having information essentially unknown to you, can easily restore the account. Let's start with safety measures!

Phone binding

1) Go to settings and select the "Password and Security" tab

Additional email and email forwarding

1) Go to "Password and Security"
2) In the “Additional Email” field, click change or add and change to your

3) Next, go to “Filters and forwarding”
4) Disable all filters and click “Create forwarding”

Account recovery every 12 hours

1) Log out of your account
2) Click recover password
3) Restore
Result: mail.ru has a multiple recovery protection system; a person will not be able to recover the password if you recover it yourself every 12 hours

Obtaining personal data

1) Go to “Inbox” and scroll to the last page
2) If there is a letter like the one in the screenshot, you are very lucky

• Surname:
• Date of Birth:
• Box creation date:

Creating folders in mail

1) In the settings go to the "Folders" tab
2) Click "add folder"

Recording recently sent emails

1) Go to the "Sent" tab

Why you shouldn't try to protect Steam

Many players who buy accounts try to protect the purchased Steam, which fundamentally will not lead to good things, because having a genuine email, the owner can restore or write to technical support about his account. If you steal mail, the process will become extremely difficult for him. After all, he will not have access to replenishment receipts or photographs of keys purchased on the same plati.ru.

According to him, the Steam digital distribution system reliably protects projects published on it from illegal copying. Newell believes that players highly value the service that Steam provides. Over time, they become less and less interested in piracy, because by stealing one of Valve's games, a player risks losing all legally purchased copies.

In 2015, StarForce was contacted by a potential client who wanted to distribute a game stolen from Steam on discs. It sounds like nonsense, but it is the homespun truth. So how good is Steam's protection and what methods do publishers use to prevent pirated copies from spreading?

How does Steam protection work?

By default, games on Steam are not protected in any way and are ordinary files that can be copied or launched without any restrictions. If you want to protect a file (hereinafter, the word “file” means the executable file of an application) from being copied to another computer or from being run on an account for which this file (application) is not authorized, Steam offers four methods.

Method 1: Protect using the Steamworks API

Steam provides developers with a special "Steamworks" API, which can be used to, among other things, obtain information about the user's account and the games purchased with it. Thus, the easiest way to know that a given account is authorized to run an application is to check using the API from the application itself that it was actually purchased by the current user. This is done in literally a couple of lines of code:

If (Steamworks.SteamInterface.User.UserHasLicenseForApp(playerSteamInfo.savedSteamID, new AppID(MyApplicationId)) == UserHasLicenseForAppResult.HasLicense) ( Debug.Log("Valid License"); )

Since an account can only be authorized on one computer at a time, this method also solves the problem of running an application on many different computers under one account. If there is no Internet connection, this method will not be able to confirm the right to launch the application. To avoid this, the Steam software client must first be converted to the so-called. Offline mode, in which the current account state is saved locally. However, if launching an application offline is undesirable for some reason, you can always find out the current mode through the Steamworks API and interrupt the application launch, if necessary.

Currently, to hack this type of protection, the Steamworks API interface library (steam_api.dll) is usually replaced with its own, which emulates the required protection behavior.

Method 2. Protect using Steam Bind

If the publisher does not have the ability to modify the application code to add protection via the API, he can use the “hinged” protection of Steam Bind. This protection is installed on ready-made .exe/.dll files and independently carries out authorization operations similar to those described above. This kind of protection is not particularly burglar-resistant. In the protected file, part of the code section is encrypted and a module is added to call the Steam API and restore the encrypted code if the check is successful. Since the key to decrypt the file is contained in the file itself, protection can be removed from any application without purchasing it.

There is at least one public project that removes such protection - Steamless. The project is open source: https://github.com/atom0s/Steamless.

Method 3. Protection using Steam Custom Executable Generation

As an alternative to the previous method, Steam offers the ability to provide personalized application executables to each user. This method allows you to distribute games that will be physically tied to a specific computer configuration. If the configuration is different, then the user needs to log in to this computer and get the updated files. Judging by the documentation, this method has now been superseded by the previous one.

Method 4: Using Third Party DRM

Steam allows you to use systems developed by third parties to protect games from hacking and piracy.

In mid-January 2016, news appeared that pirates would soon be unable to hack games due to the fact that . In particular, they were talking about Denuvo, an Austrian developer, the successor to SecuROM. This statement looks more like a PR move, but one cannot help but admit that security technologies are constantly being improved, including in the field of code obfuscation.

Recently, quite a lot of games protected by Denuvo have appeared on Steam. What kind of system is this and how fair is it to call it DRM?

Denuvo's main goal is to protect the game code, so it uses a virtual machine, a large amount of obfuscation, and various file encryption methods. If we talk specifically about the DRM functionality, then Denuvo can check the authorization of a copy of the game on the player’s account (see method 1).

Protecting the code of an executable file places a great responsibility on the game developer, as it is necessary to find a balance between performance and degree of security. Also, when using this protection, players have questions about the rapid failure of SSD drives. And although Denuvo representatives claim that their protection system does not affect disks, the fact remains that there is a certain increase in operations for reading program fragments from the disk, therefore, the load on the disk increases.

Traditionally, StarForce offers its solutions for protecting games on the Steam platform. A wide range of products allows you to choose the optimal protection option: code only, code + DRM, DRM only. The main task of StarForce at the moment is to provide protection that does not cause concern to an honest player, but becomes an insurmountable obstacle for a pirate. The main advantage compared to Denuvo can be called the economic aspect - with a high level of burglary resistance, StarForce solutions are cheaper.

Also on Steam you can find games protected by ActControl, Reality Pump, and TAGES systems. They are not as widely known as the previous two, which is rather their advantage. These solutions primarily act as alternative DRM protections, but can also provide code protection.

Economic calculation

Answering the question of how much protection costs is not so simple. It all depends on whether each player will be taken into account separately or whether it is only about protecting the code. In the first case, when connecting an alternative DRM, you will pay for a protection license and separately serial numbers for each player. At the same time, there is also a nuance here - serials can be paid for immediately or, if you can negotiate with the manufacturer of the security system, upon activation by the player. The cost of StarForce rooms varies from 7 to 70 rubles. and depends on many factors: quantity, type of protection, number of activations, payment method.

When protecting the code without taking into account the players, the total cost of using the protection system is determined. It depends on the manufacturer and the territory where the game is distributed.

Players' attitude towards third-party DRM on Steam

Players are wary of games with third-party protection. On the Steam forum you can find headlines like: “Don't buy this game! It uses third party DRM!” and 15 more exclamation marks. What is the reason for this negative reaction from users?

Firstly, restrictions on the number of computers. This goes against Steam's philosophy of allowing you to play anywhere there is an internet connection, and a DRM-protected game can only be activated on a limited number of computers. Many people are worried about the questions: “What if I don’t have enough activations?”, “Will I be able to play this game in five years, when my computer will be completely different?” There are answers to these questions. For example, the StarForce system has the ADA function - automatic addition of activations. It allows players to add new activations after a certain period of time, for example, one activation per year. The publisher will just have to explain this to the players so they don't worry.

The second objection is related to negative reviews on the Internet regarding the additional load on the computer and hard drives. In fact, protection, when implemented correctly, takes up only a small fraction of the computer’s resources, otherwise the game will be uninteresting. As stated earlier, this balance must be found when deploying protection.

Developers of DRM systems make every effort to “not show themselves” to the player. Thanks to the integration with Steam, the user does not have direct contact with the protection system - even the activation of third-party DRM occurs within the standard Steam interface.

Game protection perspectives: Steam and pirates

In the context of a worsening crisis, when the population has less money and more free time, there are serious doubts about the complete disappearance of pirated copies of games. On the other hand, the loyalty of players, especially at such times, is the most important asset of developers and publishers, so the main task when choosing a protection system is to find a middle ground between a positive impression of the game and stopping attempts to pirate the distribution of your product.

Everything that will be said below is no secret to anyone, and will not be anything new to anyone, but despite this, we still neglect all precautions.

Hacking accounts from Steam and other online stores will always be relevant. Users are constantly being attacked by scammers. When the player realizes that his account has been hijacked, it is already too late. As a rule, the first thing that comes to the mind of a gaming consumer is that somehow scammers bypassed the protection of Steam or another gaming service and took his login and password from the database. However, if you think about it, since the scammers had such an opportunity, why didn’t they take all the passwords from the database?

Thus, the conclusion suggests itself: the user gave all his data independently. Of course, everyone who has had their account hacked will swear that they never did this under any circumstances. But it happened anyway, let's figure out how.

The first thing a PC user should do is make sure that their firewall or firewall is secure. In any firewall there are ports from 0 to 1055, that is, 1056 in total, each of them must be protected, in no case open or closed. To check whether the firewall and all ports are protected or not, there is also a service called Grc.com. If not, then you should think about up-to-date protection. If the ports are protected, the following message should appear:

Why is this necessary at all and how does it affect whether the ports are protected or open?

It's simple, if attackers know that the user has an application installed from Steam or Uplay, for example, then two malicious applications are enough for him. The first, under the guise of an update or system service, penetrates the system through unprotected firewall ports and finds active applications; to do this, it is enough to find files with the dll extension from Steam or others in the system and block access to the Internet. The user sees that Steam does not start and periodically displays a connection error or incorrect password entry. Naturally, the player re-enters the password for his Steam account.

The second stage is the activation of the second malicious keylogger application (spyware virus, the main purpose of which is to read data entered by the user from the keyboard).

When a user tries to enter a password and login in a browser or application, the keylogger reads them and sends them to an anonymous person, after a reboot the keylogger self-destructs or continues its work, depending on how long it has been running.

Thus, the user himself gives all his data to the attackers.

How to avoid losing your account, what should you do?

The first thing you need to do is to check whether your antivirus is capable of resisting keyloggers; for this, there is an AntiTest application, with which you can find out whether your registry is subject to changing important system data or replacing it, as well as protecting against keyloggers.

As you can see, I have 360 ​​Total Security installed, the description of which states protection against keyloggers, but this function does not work under Windows 8, but it shows excellent results in Windows 7.

The second thing is to check if there is any suspicious software on the system; Comodo Killswitch is suitable for this.

Third, protect your browser from attempts by phishing sites and other fraudulent tricks to introduce malware into the system.

According to unofficial data, accounts from Google, Mail.ru and Yandex services have been hijacked recently due to the insecurity of the Google Chrom browser. The attackers, knowing about the vulnerability of the browser in storing passwords, extracted logins and passwords from Autofill and entered the corresponding services. Meanwhile, for example, Google completely denies that their service was hacked and talks about the carelessness of users.

In this case, use either additional protection for the browser or install a secure one in all senses.

The conclusion in this case is:

under no circumstances give anyone information about your accounts on Steam and other services;

run Steam and other applications in the antivirus “sandbox”; if there is none, then enter all data using the virtual keyboard, or change the protection to the current one;

use changing your real IP address using CyberGhost 5 or similar programs so that attackers cannot figure out your IP and take advantage of the system’s vulnerability;

install a secure browser and block all data with a master password, or use a browser that does not store cookies, passwords and Internet surfing history, for example Epic Privacy Browser or similar;

Be vigilant and play without worrying about hacking.

Progress does not stand still. If previously games were primarily published on physical media, now the situation has changed - digital distribution services have become fashionable. The most popular service has become Steam, which allows you to buy licensed games and programs at very low prices. All content is linked to the account registered in the system, thanks to which you can download it directly from the official servers. And this is far from the only advantage. Steam has made online gaming more comfortable, made it possible to earn money by selling game items - there’s too much to list.

Since Steam accounts with purchased products have value, they have become an object of interest for attackers. The latter use a variety of methods to try to find out the user information necessary to log into an account and steal it. To prevent this, you need to follow certain rules.

Security rules that every Steam account owner must adhere to:

Complex password. Most users registered on Steam do not pay due attention to this point, limiting themselves to a simple, easy-to-remember password. As a result, the password is easily guessed using special software, and the account is hijacked or various game values ​​are stolen from it. A strong password should consist of a random sequence of letters and numbers with no logical connection between them. The optimal length starts from 7-8 characters and above. There is no need to remember the password - just write it down and keep it with you.
Do not enter your password on third-party resources. The Steam password must be used on the official Steam website or within the game client. If you are suddenly asked to log in using your account, you must make sure that the official address is in the address bar of your browser. Attackers can create websites with an interface copied from Steam and a similar domain, trying to catch users who are not too attentive.

Steam Guard. This feature can be enabled in the Steam client settings. It enhances account protection, preventing you from logging into it from third-party devices without additional confirmation. A written notification with a code is sent to the email address to which the account is linked. This code will need to be entered during authorization in the Steam client. Let's look at the practical benefits of the function using an example. Let's say an attacker found out your password and login. He tries to log into his account, but cannot do so without the code. When you see the letter that arrives in your mail, you will understand that another person is trying to log into your account, and change your password to a new one.

Don't do business with strangers. If a stranger suddenly joins you and offers you a trade or exchange, this is an obvious scam. Especially when his level on Steam is zero and his profile is hidden. It’s better to immediately stop communicating by rejecting the friend request, otherwise they may try to deceive you in a number of ways:

They will send a link to a virus or script that will transfer your personal information to the attacker or clean out your Steam inventory. It is better to open links in chat only from trusted sources, after first making sure that they have not been hacked.
. They will simply throw it at you according to the principle “first you to me, and then I will to you.” You send a person some game values, and he promises to transfer money to you. As a result, you will not receive any money, and you will lose your virtual property. If you doubt a person, invite him to use the services of a guarantor (a guarantor is a trusted person who takes on the role of an intermediary in a transaction).
. They will sell illegally obtained goods, for example, gift games (Gifts) purchased on a hijacked account. The transaction will be successful, you will be happy, but the joy will not last long - the game will be deactivated and disappear from the library.

Email security. A hacked email is 90% of the work to hijack all accounts registered to it. That is why you should pay attention to the security of your mailbox. Firstly, the service itself that provides mail access services must be reliable. We recommend using Gmail and Yandex Mail. Their security is much higher than that of most similar services. Again, you should set a complex password for your email and, if possible, link it to your mobile phone number. It is also advisable to create a separate mailbox for important registrations - payment systems, Steam accounts and other services, without disclosing its address to anyone. This will minimize the chance of your mailbox getting into various spam and hacking databases.

Computer security. Fraudsters can easily steal your login information for your Steam account and other services by introducing virus and spyware onto your computer. For example, keyboard interceptors are especially popular now; they record the user's keystrokes and send this information to the attacker. As you might guess, with such data, choosing a login and password for logging in is not difficult. Or another method is a program that regularly takes screenshots of the user's screen. They may well contain personal information. To protect against all of the above, you need to use a high-quality antivirus and additionally scan your PC with portable utilities such as CureIT. It would not be superfluous to install a good firewall to replace the standard one from Windows.

What to do if your Steam account is stolen?

Let's assume that you stumbled upon this article too late, and your account has already been stolen. Don't be upset - all is not lost yet. If you still have boxed versions of activated games, this will be sufficient grounds to restore access to your account through technical support. The code and box have a 99% chance of returning your account, so try not to throw them away. The account will be returned to you in 3-4 days (usually this is how long the application is considered). Even if the scammer has already cleaned out your inventory, the items will be returned.

That's all. As you can see, protecting your Steam account from scammers is not at all difficult. Yes, you will spend extra time on additional precautions, but then you will not worry about lost money.