Changing a certificate check in a binary is just finger exercise for anyone serious about reverse engineering. "Hard-coded" does not mean what you (seem to) think it means...

True, but this is probably enough to stop quite a bit of piracy. Any program that has the capability to modify the binary of an installed program runs with quite a lot of permissions. Since it is also illegal, average joes don't have a trusted source for the patcher. This means that the only way to break the game is in the form of an executable that is functionally indistinguishable from malware. That alone will stop a good fraction of piracy -- plenty of people who would be willing to rewrite some hosts file to point to a fake server are unwilling to run a crack program that came from PirateBay and probably has keyloggers, spyware, or a rootkit.

I doubt it'll stop any piracy, at all, versus say, an activation check like other games. People willing to install a crack will install a crack.

Also, TPB has trusted uploaders, so you can be reasonably sure you aren't installing malware. I'd wager many of the cracking groups have a higher reputation than EA.

The question is whether hard-coding a trusted CA will reduce piracy in the case that someone reverse engineers the server code.

If you will install a crack, you will install a crack, no questions there. But if don't hard-code a CA then people who might otherwise be hesitant to pirate because it involves a crack program would be perfectly happy to follow a couple steps they find in a blog post.

you know nearly every cracked executable runs in a similar fashion?

they are already nearly indistinguishable from malware.

your average anti-virus program will flag a cracked executable every time, and you can routinely spot the less savvy users by viewing any torrent comment section and looking for "AVG FLAG AS TROJAN DO NOT DOWNLOAD"

That's less because all cracks run in some similar fashion, and more because a lot of antivirus programs flag all cracks / key generators / etc as a matter of policy as "potentially undesirable software".

I never meant that changing the certificate is impossible, just that it isn't trivial.

I only did something like that once, but it was absolutely trivial, since it included the ASCII header. Search, overwrite, add a little padding, done.

toblaso means that rather than finding/changing the certificate, someone patching the game could either replace the certificate with a self-signed/generated one (for your local server instance), or completely bypass the usage of SSL entirely.

I've done similar while reverse engineering a protocol. Just whipped open a hex editor, found the signature of the certificate and bamn. Neutered.

You mean someone will need to use evil hacker tools like an hex editor?

Some games do more interesting keys to try to hide the certificate. Spread it in the binary, encrypt it with a key spread in a similar way, etc.

Of course none of that is impossible to break, and there is a point of diminishing returns (when it's easier to try to change the certificate loading code).

If this were a security product, I would hope so, but I would imagine that they'd just be using a standard HTTPS certificate that uses the system certificate store. I wouldn't be surprised if they were ignoring HTTPS certificate failures as well, like many applications do.

It is quite common practice for online games to use a hard-coded certificate issued by the publisher's CA, largely to prevent cheating.

Seeing how much effort EA have put into preventing piracy of this game (to the extent that it hurts their paying customers a great deal), I would be very surprised if they made so silly a mistake.

It would gain being easier to write. I'm assuming that the OS defaults to checking system certificates, and requires customization to do otherwise. Maybe that's not the case on Windows.

Without a doubt you could eventually patch and replace all of SimCity. The question becomes when it's more work than just building a brand new game yourself.