Developers Club geek daily blog

2 years, 9 months ago

It is a little determinations

CEG (Custom Executable Generation, Russian. Generation of the Unique Performed File) — a security feature from piracy (it is as if paradoxical did not sound), developed by the great and awful company Valve in 2009. It was initially planned that the new security feature will be used nearly at each game released in Steam. However, having reviewed the priorities, the Valve company understood that if the potential developer wants to use such 'happiness' in newly made game, then it would be desirable to pay also not the cheap price. Therefore, historically it developed that CEG is used only by the large companies which are able to afford it.
The essence of this protection consists in the following: as soon as the downloading game from service of digital distribution Steam comes to an end, on the personal computer of the client the "naked", not signed yet performed file is loaded. Then, on the same client computer, the digital certificate and by means of special library SteamServices.dll (which loading, is by the way, made in TEMP) is loaded and a special key with AES the mentioned performed file is signed by enciphering above.

Actually, fast review of protection

"And what then practical value of such 'protection' if it only also does what just signs the performed file?" — you ask. And here I will answer — not everything so simply as it seems at first sight. The matter is that when drawing the digital signature on the file, information on folders and files which are present at client system, and also some iron gathers. In an effect, collected information, also finds the place in the performed file. And this information will be really unique as the following components are considered: a time stamp of files and folders in unix style (date of creation, last modification date), unique keys of the register (and also check whether the client of Steam is installed on the PC, by means of the same orthodox register), the number of files in the set directory, the ID processor, serial number of the hard drive. It should be noted that the last two — are used only in the latest CEG versions (for example, such games as: XCOM: Enemy Within, Grid Autosport, DiRT Rally).


So, what we have — a such binding of the 'unique' performed file to iron and files of the client PC. Well it or is bad? In general — good idea and implementation. Minus in all this if, let us assume, you went to the dacha to friends and took with themselves a complete backup of favourite game with this CEG, having reset it on the portable carrier and hoping that you will be able quietly to play. But there was unexpected — the Internet does not work for the friend! But on the notebook Steam is set. It does not matter, you do recovery of a backup embroider games in the offline Steam mode, you click "to Play", but nothing occurs! And all because iron and other components about which it was written above do not match iron of your friend. And without access to a wide area network, at you just it will not turn out to start in any way game as for obvious reasons it is impossible to generate the new performed file. Or it is possible to start the performed file after all?
In the following part of article the speech about whether it is possible to disaccustom completely to CEG the performed file will go, having near at hand a debugger and software development environment (A Visual Studio, for example).
Whether it was interesting to you to learn about the CEG technology?

132 persons voted. 33 persons refrained.

The users only registered can participate in poll. Enter, please.

This article is a translation of the original post at
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here:

We believe that the knowledge, which is available at the most popular Russian IT blog, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus