• We have updated our Community Code of Conduct. Please read through the new rules for the forum that are an integral part of Paradox Interactive’s User Agreement.

Riffraffselbow

Sergeant
17 Badges
Apr 24, 2009
76
8
  • Deus Vult
  • Europa Universalis IV
  • Hearts of Iron III
  • Magicka
  • Ship Simulator Extremes
  • Crusader Kings II
  • Pillars of Eternity
  • Crusader Kings III: Royal Edition
  • Crusader Kings III
  • Prison Architect
  • Cities: Skylines - Parklife
  • Cities: Skylines - Parklife Pre-Order
  • Age of Wonders III
  • Cities: Skylines - After Dark
  • Cities: Skylines
  • 500k Club
  • Victoria 2
Will Victoria II's checksum be more than 4 characters? Because, currently, a 4-character alpha-only checksum is theoretically very brute-forceable for collisions (~456k possible combinations). Now that I think about it, there may be other vectors of attack (co-opting the code that sends the hash over the wire), but I'm going to stick to my original reason for posting this. Is there something I'm mis-understanding here, that makes 4 character not-very-bruteforceable? because I could totally see adding random comments and the like to one of the checksummed files until I find a collision.

For those who don't understand what I'm saying: a Checksum is a small string of letters and/or numbers that is generated from a piece of data (in this case, the executable and possibly other core files). In PI games, you see a set of four letters, like GFKW. This is the checksum. The checksum is generated using a "hash function" (that is to say, they take the total data of the file and use this number to create a new, far smaller number). This hash is generally considered to be "secure", assuming it's a large enough number; the chance for "collisions" is minimal. The bone I have to pick is that I feel it's not a large enough number.

The following is an attempt to explain to a layman why this is "bad".

How does a hash function work?
A hash function is a way of deriving a small number from a big number. Let's consider a very simple hash function. In this case, H is our resulting hash, N is our starting number, and % stands for modulo (just in case you thought I meant division)
H = N % 32

It's somewhat important to note that most hash functions are far more complex than this, but the end result is the same: They split a number-space in to different "groups".

What is a hash used for?
Okay, let's say we're Paradox Interactive. We release a new piece of software. The entire contents of this software is the number 5872.

That's all well and good, but, being as open to modding as we are, some of our users are modding their games to be 6231! We can't have them playing with our vanilla 5872 players; they'd have an unfair advantage, and there are potential desync issues! How do we solve it? we implement a hash function.

Using the hash function above:
5872 resolves to 16
6231 resolves to 23

So, 5872 and 6231, when trying to start a game, send each other their "hash" (in this case 16 for vanilla and 23 for the modded game). They can't go around sending the entire number; that'd be no good, everyone plays on 1 bit/second modems. You'd have to wait a long time. So, the hashes are sent, and compared, and they realize that they don't share their hash. So they don't play with each other.

What is a collision?

This above situation works well and good, until it doesn't. The problem, as you can probably already see, is that there are other numbers that come out to 16 when hashed through our function. For instance, 5616 also comes out to 16. That's why most hashes are generally longer the 5 bits (the number of 1s and 0s it takes to express a number between 1 and 32). For example, cutting-edge RSA encryption now uses 1024 bits, or more. It's important to note that the difficulty of finding a collision increases exponentially with the number of bits. For instance, 2^10 = 1,024 , but 2^20= 1,048,576.

Why are collisions bad news?
Let's say I'm a big meanie, who wants to cheat at 5872. I go and mod my game to be 6224. I can now play with the 5872 guys, but with a huge advantage! This is totally unacceptable!

How does this example translate to the actual case, here in Paradox games?

4 letters, all upper case, produce a maximum of 26^4 combinations. That's 456,976 potential combinations. In pure mathematical difficulty, this means that, on average, I will find a version of Victoria 2 that generates an identical hash but is a different game once every 228,488 attempts. With a computer, assuming I was able to find what is hashed and what the hash algorithm is (otherwise I'd have to boot up the game every time to check the hash), I'd probably be able to find a collision, that also includes some malicious code (think if(ship.isEnemy()){ship.sink();} bad. Really bad. game-breaker bad), in as little as a few days of running my automated search program. Maybe a few weeks if the program needed to boot up Vicky.

The point is, from my perspective, the current hash of 4 characters is VERY brute-forceable.

What's the solution?

Well, the easiest solution (at least of the solutions that would let me sleep well at night) would be to make the hash something like 8-16 characters, or maybe even longer. This has disadvantages; it'd be harder to go "what version do you have?" "oh, GWBH!", but there's a silver lining. On the client end, you could always just provide the first or last 4 characters of it. This would retain even this value of the current hash system.

It is, of course, always possible that PI are ultra-on-the-ball and already do what I described in the previous paragraph, in which case I congratulate them for out-thinking me. However, I get the feeling that the hash is wysiwig at the moment, and 26^4 combinations just doesn't cut it. For reference, that's a small amount under 19 bits; it's not much data, from a cryptography standpoint.


Before someone goes "blah blah not worth the time to implement" from a position of ignorance, let me remind you that such things are, if they were designed well, relatively easily scalable. Perhaps not with this "version" (I'm willing to bet that this version is feature-complete and going through the final phases of testing, if not already RTM'd), but almost certainly possible for the next version. that said, if a dev wants to tell me "yeah, no, not easily scalable", I'm open to it.

I realize this may seem like a far-off and far-fetched problem, but an ounce of prevention is worth a pound of cure. Imagine the headache if someone brute-forced the vanilla checksum, and started smurfing around online. it could be the end of remotely public games.
 
Last edited:

Riffraffselbow

Sergeant
17 Badges
Apr 24, 2009
76
8
  • Deus Vult
  • Europa Universalis IV
  • Hearts of Iron III
  • Magicka
  • Ship Simulator Extremes
  • Crusader Kings II
  • Pillars of Eternity
  • Crusader Kings III: Royal Edition
  • Crusader Kings III
  • Prison Architect
  • Cities: Skylines - Parklife
  • Cities: Skylines - Parklife Pre-Order
  • Age of Wonders III
  • Cities: Skylines - After Dark
  • Cities: Skylines
  • 500k Club
  • Victoria 2
Should we boycot the game if the checksum doesn't have more than 4 characters?

No.

However, I feel it's an important issue; at least, I'd like to be told "why not".
 

unmerged(71030)

Duke of Virmire
Mar 7, 2007
245
0
Not only should we boycot, it we should start a revolution!!

ViVA! I'll go storm the prisons, you pick up red paint for our slogans/banners. No, wait... You storm the prisons... I'll go get the paint.

No.

However, I feel it's an important issue; at least, I'd like to be told "why not".

I agree with you, however I honestly don't expect Paradox to do anything about it. The game is afaik in code freeze, and this would be too big of a change post-freeze and too little a change to lift the code freeze for. If it proves to be a problem it should make its way into a patch, hopefully.
 

Riffraffselbow

Sergeant
17 Badges
Apr 24, 2009
76
8
  • Deus Vult
  • Europa Universalis IV
  • Hearts of Iron III
  • Magicka
  • Ship Simulator Extremes
  • Crusader Kings II
  • Pillars of Eternity
  • Crusader Kings III: Royal Edition
  • Crusader Kings III
  • Prison Architect
  • Cities: Skylines - Parklife
  • Cities: Skylines - Parklife Pre-Order
  • Age of Wonders III
  • Cities: Skylines - After Dark
  • Cities: Skylines
  • 500k Club
  • Victoria 2
ViVA! I'll go storm the prisons, you pick up red paint for our slogans/banners. No, wait... You storm the prisons... I'll go get the paint.



I agree with you, however I honestly don't expect Paradox to do anything about it. The game is afaik in code freeze, and this would be too big of a change post-freeze and too little a change to lift the code freeze for. If it proves to be a problem it should make its way into a patch, hopefully.
Which is the whole ounce of prevention/pound of cure dichotomy; if they have to fix it because someone is going around with a modded game terrorizing people, it'll be too late; people won't want to play open MP games any more.

I'm not really expecting it in 1.0, but I'd like some consideration given to it for 1.2 (I always just assume 1.1 will be <insert fix for game-breaking bug here>). And no, I don't mean in a money-grubbing expansion!
 

Taylor

Field Marshal
99 Badges
Feb 17, 2006
2.960
5.203
  • War of the Roses
  • March of the Eagles
  • Europa Universalis III Complete
  • Europa Universalis IV: Res Publica
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Sword of the Stars
  • Sword of the Stars II
  • Victoria 2
  • Victoria 2: A House Divided
  • Victoria 2: Heart of Darkness
  • Rome: Vae Victis
  • Warlock: Master of the Arcane
  • Magicka
  • 200k Club
  • 500k Club
  • Cities: Skylines
  • Europa Universalis IV: El Dorado
  • Magicka: Wizard Wars Founder Wizard
  • Crusader Kings II: Way of Life
  • Pillars of Eternity
  • Magicka 2
  • Europa Universalis IV: Common Sense
  • Crusader Kings II: Horse Lords
  • Europa Universalis IV: Cossacks
  • Stellaris: Nemesis
  • Europa Universalis III
  • Cities in Motion 2
  • Crusader Kings II
  • Crusader Kings II: Charlemagne
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Rajas of India
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Darkest Hour
  • Deus Vult
  • Cities in Motion
  • Europa Universalis III: Chronicles
  • Europa Universalis III Complete
  • Divine Wind
  • Europa Universalis IV
  • Europa Universalis IV: Art of War
  • Europa Universalis IV: Conquest of Paradise
  • Europa Universalis IV: Wealth of Nations
  • Europa Universalis IV: Call to arms event
  • For The Glory
  • Heir to the Throne
We're talking about editing the compiled exe here no? Because that is illegal. Who would be stupid enough to go online and show off their illegal exe?

edit: also, has this hash collision happened with paradox games in the past?
 

Baneslave

Field Marshal
121 Badges
Apr 9, 2004
6.941
2.252
  • Hearts of Iron IV: By Blood Alone
  • Hearts of Iron IV: No Step Back
Which is the whole ounce of prevention/pound of cure dichotomy; if they have to fix it because someone is going around with a modded game terrorizing people, it'll be too late; people won't want to play open MP games any more.

To be honest, I know very little about inner workings of Paradox's multiplayer protocol, but I think that there is a good change that the modded game will be kicked out because of different values etc.

And if the server side is only one that crunches the numbers this problem will only come up if the host is cheating.
 

safferli

academic outlaw
Moderator
114 Badges
Mar 10, 2006
12.070
462
  • Europa Universalis III Complete
  • Europa Universalis IV: Call to arms event
  • For the Motherland
  • Hearts of Iron III
  • Hearts of Iron III: Their Finest Hour
  • Hearts of Iron III Collection
  • Heir to the Throne
  • Impire
  • Europa Universalis III Complete
  • Knights of Pen and Paper +1 Edition
  • Leviathan: Warships
  • Magicka
  • March of the Eagles
  • Europa Universalis IV: Wealth of Nations
  • Naval War: Arctic Circle
  • Europa Universalis IV: Res Publica
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Semper Fi
  • Sengoku
  • Ship Simulator Extremes
  • Sword of the Stars
  • Teleglitch: Die More Edition
  • The Showdown Effect
  • Victoria 2
  • Victoria 3 Sign Up
  • Darkest Hour
  • Hearts of Iron II: Armageddon
  • Cities in Motion
  • Cities in Motion 2
  • Crusader Kings II
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Rajas of India
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Commander: Conquest of the Americas
  • Hearts of Iron Anthology
  • Deus Vult
  • Diplomacy
  • Dungeonland
  • East India Company Collection
  • Europa Universalis III
  • Europa Universalis III: Chronicles
  • Europa Universalis III Complete
  • Divine Wind
  • Europa Universalis IV
  • Europa Universalis IV: Art of War
Has this problem occurred so far in any of the Paradox MP games? I think not.

The 4-digit checksum is to prevent "casual" cheating. If you want to start a serious cheating attempt with man-in-the-middle attacks and whatnot, then there is a very easy mechanism that stops this: reputation. Do this twice, and you won't find anyone willing to play with you!
 

henryjai

Field Marshal
28 Badges
Dec 22, 2005
2.553
0
  • Cities: Skylines - After Dark
  • Hearts of Iron IV: La Resistance
  • Hearts of Iron IV: Expansion Pass
  • Cities: Skylines Industries
  • Cities: Skylines - Parklife
  • Hearts of Iron IV: Expansion Pass
  • Cities: Skylines - Green Cities
  • Hearts of Iron IV: Death or Dishonor
  • Cities: Skylines - Mass Transit
  • Hearts of Iron IV: Together for Victory
  • Hearts of Iron IV: Colonel
  • Hearts of Iron IV: Cadet
  • Hearts of Iron IV Sign-up
  • Cities: Skylines - Snowfall
  • Darkest Hour
  • Mount & Blade: With Fire and Sword
  • Cities: Skylines Deluxe Edition
  • Cities: Skylines
  • 500k Club
  • Victoria 2: Heart of Darkness
  • Victoria 2: A House Divided
  • Victoria 2
  • Europa Universalis III Complete
  • Europa Universalis III Complete
  • Heir to the Throne
  • Divine Wind
  • Europa Universalis III Complete
  • Europa Universalis III
To be honest, I know very little about inner workings of Paradox's multiplayer protocol, but I think that there is a good change that the modded game will be kicked out because of different values etc.

And if the server side is only one that crunches the numbers this problem will only come up if the host is cheating.

I guess checksum is to prevent the game from crashing, not about cheating. (though that also prevents cheating, but I think is more like a side-effect)
 

TheLand

Post-Captain
43 Badges
Dec 19, 2004
4.585
618
  • Surviving Mars: First Colony Edition
  • Pillars of Eternity
  • Knights of Pen and Paper 2
  • Stellaris
  • Hearts of Iron IV Sign-up
  • Stellaris Sign-up
  • Stellaris - Path to Destruction bundle
  • BATTLETECH
  • Surviving Mars
  • Age of Wonders III
  • Cities: Skylines - Parklife
  • Crusader Kings II: Way of Life
  • BATTLETECH: Flashpoint
  • Imperator: Rome Deluxe Edition
  • Imperator: Rome
  • Prison Architect
  • Surviving Mars: First Colony Edition
  • BATTLETECH: Season pass
  • BATTLETECH: Heavy Metal
  • Crusader Kings III
  • Crusader Kings III: Royal Edition
  • Victoria 3 Sign Up
  • Europa Universalis III Complete
  • Crusader Kings II: Charlemagne
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Sword of Islam
  • Deus Vult
  • Europa Universalis III
  • Europa Universalis IV
  • Hearts of Iron III
  • Heir to the Throne
  • Europa Universalis III Complete
  • Crusader Kings II
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Victoria 2
  • Victoria 2: A House Divided
  • Rome: Vae Victis
  • 500k Club
  • Cities: Skylines
  • Europa Universalis III: Collection
  • Hearts of Iron: The Card Game
Not many Paradox players are likely to devote weeks of cryptographic analysis to cheating at a computer game. Particularly as the most likely outcome is a broken game, not a more winnable one.

If they do, more fool them; they won't find it easy to find people to play against.

Not worth losing sleep over.
 

Johan

Studio Manager Paradox Tinto
Administrator
Paradox Staff
Moderator
15 Badges
Dec 14, 1999
18.402
38.945
  • Diplomacy
  • Teleglitch: Die More Edition
  • War of the Roses
  • 500k Club
  • Crusader Kings II: Holy Knight (pre-order)
  • Europa Universalis III: Collection
  • Magicka: Wizard Wars Founder Wizard
  • Hearts of Iron IV Sign-up
  • Stellaris Sign-up
  • Imperator: Rome Sign Up
  • A Game of Dwarves
  • Magicka
  • Starvoid
Actually, the displayed checksum is not what is actually checked.. the display checksum is just a hash of our far more complex checksum.
 

Taylor

Field Marshal
99 Badges
Feb 17, 2006
2.960
5.203
  • War of the Roses
  • March of the Eagles
  • Europa Universalis III Complete
  • Europa Universalis IV: Res Publica
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Sword of the Stars
  • Sword of the Stars II
  • Victoria 2
  • Victoria 2: A House Divided
  • Victoria 2: Heart of Darkness
  • Rome: Vae Victis
  • Warlock: Master of the Arcane
  • Magicka
  • 200k Club
  • 500k Club
  • Cities: Skylines
  • Europa Universalis IV: El Dorado
  • Magicka: Wizard Wars Founder Wizard
  • Crusader Kings II: Way of Life
  • Pillars of Eternity
  • Magicka 2
  • Europa Universalis IV: Common Sense
  • Crusader Kings II: Horse Lords
  • Europa Universalis IV: Cossacks
  • Stellaris: Nemesis
  • Europa Universalis III
  • Cities in Motion 2
  • Crusader Kings II
  • Crusader Kings II: Charlemagne
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Rajas of India
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Darkest Hour
  • Deus Vult
  • Cities in Motion
  • Europa Universalis III: Chronicles
  • Europa Universalis III Complete
  • Divine Wind
  • Europa Universalis IV
  • Europa Universalis IV: Art of War
  • Europa Universalis IV: Conquest of Paradise
  • Europa Universalis IV: Wealth of Nations
  • Europa Universalis IV: Call to arms event
  • For The Glory
  • Heir to the Throne
Actually, the displayed checksum is not what is actually checked.. the display checksum is just a hash of our far more complex checksum.

I can't tell if this is a joke or not :p.
 

RELee

A stranger in a strange land.
89 Badges
Apr 28, 2003
12.411
3.664
69
  • Victoria 3 Sign Up
  • Victoria 2 Beta
  • Victoria 2
  • Victoria 2 A House Divided Beta
  • Victoria 2: A House Divided
  • Victoria 2: Heart of Darkness
  • Victoria: Revolutions
  • Europa Universalis III Complete
  • Europa Universalis IV: Pre-order
  • Europa Universalis IV
  • Crusader Kings III
  • Imperator: Rome
  • Hearts of Iron III
  • Hearts of Iron IV Sign-up
  • Hearts of Iron IV: Colonel
  • Cities: Skylines Deluxe Edition
I can't tell if this is a joke or not :p.

It's a technically valid statement, so I would treat it as being serious.
 

Lord_D

Tohu Wabohu
34 Badges
Jun 25, 2006
717
10
  • Hearts of Iron IV: Together for Victory
  • 500k Club
  • Europa Universalis III: Collection
  • Pillars of Eternity
  • Magicka 2
  • Stellaris
  • Hearts of Iron IV: Cadet
  • Stellaris: Digital Anniversary Edition
  • Stellaris: Leviathans Story Pack
  • Victoria 2: Heart of Darkness
  • Stellaris - Path to Destruction bundle
  • Hearts of Iron IV: Death or Dishonor
  • Stellaris: Synthetic Dawn
  • Age of Wonders III
  • Stellaris: Apocalypse
  • Stellaris: Megacorp
  • Stellaris: Ancient Relics
  • Hearts of Iron III: Their Finest Hour
  • Crusader Kings II
  • Crusader Kings II: The Old Gods
  • Darkest Hour
  • Europa Universalis III
  • Divine Wind
  • Europa Universalis IV
  • For the Motherland
  • Hearts of Iron III
  • Cities in Motion 2
  • Hearts of Iron III Collection
  • Heir to the Throne
  • Majesty 2 Collection
  • Victoria: Revolutions
  • Semper Fi
  • Victoria 2
  • Victoria 2: A House Divided
I have no idea how to feel on the issue raised, but I do congratulate the Riffraffselbow on writing a very informative post. I rather enjoyed it :)
 

unmerged(28220)

First Lieutenant
Apr 23, 2004
205
0
Interesting post... seem Johan and Co. are on top of it but even if he was joking I really don't think people are going to invest a lot of time into cheating in a game where certain countries already have massive advantages... I mean if you want an 'easy and overpowered' country just play Germany or Russia or the USA...

This isn't a FPS where the sniper has an aimbot and the heavy weapons guy has nospread/speedhack...

Cheaters are 99.99% Dbags you wouldn't want to game with even if they weren't cheating anyway...
 

TheLand

Post-Captain
43 Badges
Dec 19, 2004
4.585
618
  • Surviving Mars: First Colony Edition
  • Pillars of Eternity
  • Knights of Pen and Paper 2
  • Stellaris
  • Hearts of Iron IV Sign-up
  • Stellaris Sign-up
  • Stellaris - Path to Destruction bundle
  • BATTLETECH
  • Surviving Mars
  • Age of Wonders III
  • Cities: Skylines - Parklife
  • Crusader Kings II: Way of Life
  • BATTLETECH: Flashpoint
  • Imperator: Rome Deluxe Edition
  • Imperator: Rome
  • Prison Architect
  • Surviving Mars: First Colony Edition
  • BATTLETECH: Season pass
  • BATTLETECH: Heavy Metal
  • Crusader Kings III
  • Crusader Kings III: Royal Edition
  • Victoria 3 Sign Up
  • Europa Universalis III Complete
  • Crusader Kings II: Charlemagne
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Sword of Islam
  • Deus Vult
  • Europa Universalis III
  • Europa Universalis IV
  • Hearts of Iron III
  • Heir to the Throne
  • Europa Universalis III Complete
  • Crusader Kings II
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Victoria 2
  • Victoria 2: A House Divided
  • Rome: Vae Victis
  • 500k Club
  • Cities: Skylines
  • Europa Universalis III: Collection
  • Hearts of Iron: The Card Game
Actually, the displayed checksum is not what is actually checked.. the display checksum is just a hash of our far more complex checksum.

That's good to know.

But still you should make the checksum more complicated. Otherwise the CIA may be able to hack multiplayer.
 

DarkWraith

Sergeant
111 Badges
Oct 22, 2003
52
0
www.theworldforgotten.com
  • Europa Universalis IV: El Dorado
  • Europa Universalis IV: Res Publica
  • Victoria: Revolutions
  • Europa Universalis: Rome
  • Semper Fi
  • Supreme Ruler 2020
  • Victoria 2
  • Victoria 2: A House Divided
  • Rome: Vae Victis
  • Warlock: Master of the Arcane
  • Warlock 2: The Exiled
  • 500k Club
  • Cities: Skylines
  • Europa Universalis III Complete
  • Europa Universalis IV: Pre-order
  • Mount & Blade: Warband
  • Crusader Kings II: Way of Life
  • Pillars of Eternity
  • Europa Universalis IV: Common Sense
  • Crusader Kings II: Horse Lords
  • Cities: Skylines - After Dark
  • Europa Universalis IV: Cossacks
  • Crusader Kings II: Conclave
  • Cities: Skylines - Snowfall
  • Europa Universalis IV: Mare Nostrum
  • Stellaris: Necroids
  • Europa Universalis IV: Art of War
  • Cities in Motion 2
  • Crusader Kings II
  • Crusader Kings II: Charlemagne
  • Crusader Kings II: Legacy of Rome
  • Crusader Kings II: The Old Gods
  • Crusader Kings II: Rajas of India
  • Crusader Kings II: The Republic
  • Crusader Kings II: Sons of Abraham
  • Crusader Kings II: Sunset Invasion
  • Crusader Kings II: Sword of Islam
  • Europa Universalis III
  • Europa Universalis IV
  • Hearts of Iron II: Armageddon
  • Europa Universalis IV: Conquest of Paradise
  • Europa Universalis IV: Wealth of Nations
  • Europa Universalis IV: Call to arms event
  • For the Motherland
  • Hearts of Iron III
  • Hearts of Iron III: Their Finest Hour
  • Hearts of Iron III Collection
  • Heir to the Throne
  • Europa Universalis III Complete
  • Magicka
If you're going to change the code to introduce a hack, and you're savvy enough to figure out a way to make it resolve to the same checksum, why wouldn't you just change the checksum computation so it always returns the 'right' number instead?

It seems to me that the checksum isn't very useful for preventing determined cheating. It's more there to prevent accidental problems around the code. Nobody's going to try to brute-force something past checksum, because it's easier to just change the result so you don't have to.