Short answer: I looked at the SHA signature of the .class file (where all the compiled classes' bytecode is stored) and checked it against a known signature stored in an encrypted data file.
And the best part was the encryption on ALL the games' data files was based on a key derived from the binary executable (the .so file), so if anyone were to hack that executable, the game wouldn't run at all. I should have thrown up a screen that let people know that it was a cracked version, and where to get the real thing. And I DEFINITELY should have changed the Flurry code; my "paid game" analytics were completely shot after the cracks were released. Duh.
A serious hack attempt would have broken it, no question; there's no unbreakable DRM, after all, and I wasn't even using serious encryption (I decided it didn't matter: A typical attacker is not going to attack the encryption mathematically, they're going to decompile the binary to get the key AND algorithm, so as long as it can stand up to trivial attacks, it's strong enough -- connecting to a known encryption algorithm might actually make it EASIER for them, since then they'd have known function names and parameters). I just wanted to raise the bar.
And the best part was the encryption on ALL the games' data files was based on a key derived from the binary executable (the .so file), so if anyone were to hack that executable, the game wouldn't run at all. I should have thrown up a screen that let people know that it was a cracked version, and where to get the real thing. And I DEFINITELY should have changed the Flurry code; my "paid game" analytics were completely shot after the cracks were released. Duh.
A serious hack attempt would have broken it, no question; there's no unbreakable DRM, after all, and I wasn't even using serious encryption (I decided it didn't matter: A typical attacker is not going to attack the encryption mathematically, they're going to decompile the binary to get the key AND algorithm, so as long as it can stand up to trivial attacks, it's strong enough -- connecting to a known encryption algorithm might actually make it EASIER for them, since then they'd have known function names and parameters). I just wanted to raise the bar.