The game developer first puts in some obvious checks that disable the game if you don’t have whatever it is you’re using for authentication. The people that crack the game reverse engineer enough of that to bypass those checks and get the game running, but there can be code in a completely different place that checks if that authorization code ran correctly, possibly only triggering hours into the game.

It’s sort of like locking the door, but also putting a tiny piece of clear tape near the floor. Someone can pick the lock, but they don’t notice the tape because it didn’t stop them from getting in. You can then check that tape to see if anyone broke in.

The whole thing is a cat and mouse game, game developers with new tricks, pirates figuring it out and working around it.