FAQ Search
Memberlist Usergroups
Profile
  Forum Statistics Register
 Log in to check your private messages
Log in to check your private messages
Moonpod Homepage Starscape Information Mr. Robot Information Free Game Downloads Starscape Highscore Table
Protection schemes
Goto page 1, 2  Next
Post new topic   Reply to topic    Discussion Pod Forum Index -> Independent Game Development View previous topic :: View next topic  
 Author
Message
pflarr



Joined: 23 Jul 2005
Posts: 6



PostPosted: Sat Jul 29, 2006 12:39 pm    Post subject: On the topic of... Reply with quote

Copy Protection: I've read several academic articles recently on a different approach to software copy protection. The basic idea is that you make each copy of the game unique, such that each registration code is unique to a copy of the software. Then pirates (arr...) attempting to create a keygen must base it off one of the these unique copies. The keygen must then be distributed with a unique, traceable copy of game. Locks keep honest people honest, but the possibility of being caught might help discourage the rest.

Most of the articles I've read on how to do this use some sort of security through obscurity machine code magic to make each copy unique. These methods tend to focus on making it difficult to alter the machine code without breaking the software entirely. I've been thinking about a different approach, and was wondering if someone at moonpod might the time or inclination to discuss the real world feasability of using it. I'd just post the idea here, but I'm thinking of it in terms of my CS Master's thesis. Thesis ideas are hard to come by...
Back to top
View user's profile
Poo Bear
Pod Team
Pod Team


Joined: 14 Oct 2002
Posts: 4121
Location: Sheffield, UK



PostPosted: Mon Jul 31, 2006 8:44 am    Post subject: Reply with quote

I'm not sure how you would make each copy of the game unique, have you got a link to an article on the subject or anything? Sounds like some kind of compiler process would be run on each download, might not be practical but I'd need to know more.

GalCiv probably has the best idea, most of the functionality and features come via an online service that is regularly updated. If you pirate the game you cannot access that service, there is just no way. In theory, given enough time, pirates will make available the original game and 6 or 12months worth of addons which reduces the effectiveness of this technique by putting the value back into the pirated version. Still, as long as they keep updating they have an edge.

A better approach would be to focus all post release work on multi-player features i.e. game matching, leaderboards, ranked matches, forums, in game chat, persistent online content. None of that could be distributed by pirates as it is all server based. The only attack then is to reverse engineer the server content as happened with BattleNet, but it seemed easier for Blizzard to shut that down.
Back to top
View user's profile Visit poster's website
Rup



Joined: 19 May 2003
Posts: 363
Location: London, UK



PostPosted: Mon Jul 31, 2006 9:44 am    Post subject: Reply with quote

Old polymorphic viruses (IIRC) used to do things like switch all uses of the BX register for CX in a function, I think. Obviously that's awkward because registers had special meanings back then. You could also link your object files in a different order, reorder the assets in the game data file, steganographically encode their name in the ship sprites, etc.

But what if we could trace a pirated Mr Robot back to someone? The pirates can just hop onto the messageboard, find a legit owner and then hack / social engineer their copy off them. What if you found the pirated copy floating around the internet belonged to Goober? He'd never have ripped you guys off and you don't really have any recourse.

And unique and difficult-to-hack may well mean unique and difficult-to-patch for legit users.

The only thing I've got I suspect might be uniquely built for me is Comeau's compiler. That said I've no evidence for this, it's just the download filename they emailed me has my surname in it - maybe that's all they do just to scare us Smile
Back to top
View user's profile
Poo Bear
Pod Team
Pod Team


Joined: 14 Oct 2002
Posts: 4121
Location: Sheffield, UK



PostPosted: Mon Jul 31, 2006 2:52 pm    Post subject: Reply with quote

I'm just open to new ideas that's all, obviously I wouldn't do anything to inconvenience paying customers if I could avoid it. It would be nice to track a pirate copy back to the purchaser just so you could disable their account and point out to them what they had done was wrong, maybe they would think next time.

Mainly I liked the sound of each game being unique in some way that means simplistic cracking attempts aren't universal. If a keygen or cracked exe only works with that specific download that would be great, but it doesn't sound like it would be easy to do. Obviously all you are doing is making pirates work harder to remove/circumvent more and more of your code. That's still worthwhile though, the longer it takes to crack, the harder it is to crack, the more often you update, the less likely it is people can steal your work.

The other issue is the amount of time it takes to setup, obviously it would be nice if you could spend 99% of your time making the game and <1% protecting it. Anything more than that isn't really practical.
Back to top
View user's profile Visit poster's website
Anticheese



Joined: 17 Nov 2005
Posts: 159
Location: New Zealand



PostPosted: Tue Aug 01, 2006 3:55 am    Post subject: Reply with quote

I like the way Galciv I and II did it, You dont need the CD to play it and registered users get the benefit of pretty much everything. Plus the lead developer does a podcast Very Happy
Back to top
View user's profile MSN Messenger
Darth Dallas



Joined: 18 Oct 2003
Posts: 411



PostPosted: Tue Aug 01, 2006 4:26 pm    Post subject: Reply with quote

I just got Gal Civ II myself but I can't play it yet until I can update some drivers. The first runs like a champ though if I don't play a ridiculous size map.
Back to top
View user's profile
Anticheese



Joined: 17 Nov 2005
Posts: 159
Location: New Zealand



PostPosted: Wed Aug 02, 2006 3:46 am    Post subject: Reply with quote

It should be a trivial matter to update drivers, Just google the name of your video card manafacturer and the word drivers.

Its well worth it Very Happy
Back to top
View user's profile MSN Messenger
Chibi



Joined: 01 Oct 2003
Posts: 271
Location: Denver, CO, United States



PostPosted: Wed Aug 16, 2006 10:21 pm    Post subject: Reply with quote

Perhaps the server writes a timestamp to a certain arbitrary (non-damaging) part of the code?

Being a web-designer, I know that languages such as PHP and ASP are capable of something like this. Log the IP or username of the user who desires to download the file. Then, depending on, say, the hour of the day, the server would write an md5-encrypted IP, Username, and/or Timestamp to one of 24 places inside the executable where it would not damage the program's actual bytecode. All the program has to do is read these places, as variables, and process them into the executable's unique identification code. Assuming the executable is actually the installer, it could write this code into the registry, where the actual game may access it. You can then actively prevent people from sharing access codes, because each access code would be unique.

That's just my first impression at what Pflarr said. Does it sound feasible, from a programmer's point of view? Or would you have to be adept at assembly language to get it to work?
Back to top
View user's profile Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Lothar
Starscape Jedi
Starscape Jedi


Joined: 21 Dec 2003
Posts: 522



PostPosted: Sun Aug 20, 2006 2:50 am    Post subject: Reply with quote

Totally off-topic, but I love the Kiki avatar.
Back to top
View user's profile
starscape junkie



Joined: 15 Jun 2003
Posts: 177
Location: The Thirteenth Colony



PostPosted: Sun Aug 20, 2006 8:26 am    Post subject: Reply with quote

The problem with securing a program is more the multitude of ways to get around copy protection.

If i put together an encrypt algorithm, made it nice and secure with avalanching, guid, etc etc. and no feasible method to break the encrypting and made it a real pain in the *** to reverse-engineer, well then its not too smart for the cracker to sit there and try and muddle through it.

Instead they go find the flag that says the game has been authorized, switch that to true and freeze it, then youve got an effective crack and all that algorithm acomplished was a waste of dev time. Or they find a way to rig up a system where the crack sets up the GUID seeds so that the key will always be the same and then you just need that one universal key. Or a dozen other things.

The best case senario you can hope for in copy protection is to delay the proffesionals as long as possible by making your authentication as paranoid and annoying as possible to remove, whilst not inconviencing/****** off(starforce) anyone who has legitimitely bought your product.
Back to top
View user's profile
Poo Bear
Pod Team
Pod Team


Joined: 14 Oct 2002
Posts: 4121
Location: Sheffield, UK



PostPosted: Mon Aug 21, 2006 7:39 am    Post subject: Reply with quote

starscape junkie wrote:
The best case senario you can hope for in copy protection is to delay the proffesionals as long as possible by making your authentication as paranoid and annoying as possible to remove, whilst not inconviencing/****** off(starforce) anyone who has legitimitely bought your product.


Well, yes of course. It's all about making the pirates job hard enough so they don't bother, that's what all piracy comes down to and that's more than enough. Depending on how popular your game is no human will spend more than X hours / days messing with it and you just need to make sure your protection takes more than X to crack. Add in some reasonably regular updates and you've achieved your goal, maybe not 100%, but enough.

p.s. you can stop people hacking out an annoyingly strong authentication systems by making the same code block fix up things you broke on purpose. Just make sure you pick a texture or sound effect or data file to break from evenly spaced points throuhout the game and randomise their activation. That way they have to play through the entire game multiple times to find them all.
Back to top
View user's profile Visit poster's website
starscape junkie



Joined: 15 Jun 2003
Posts: 177
Location: The Thirteenth Colony



PostPosted: Tue Aug 22, 2006 12:57 am    Post subject: Reply with quote

Poo Bear wrote:

p.s. you can stop people hacking out an annoyingly strong authentication systems by making the same code block fix up things you broke on purpose. Just make sure you pick a texture or sound effect or data file to break from evenly spaced points throuhout the game and randomise their activation. That way they have to play through the entire game multiple times to find them all.


Thats definitely an elegant solution, never woulda thought of doing it like that.

One of the ideas ive been toying with in terms of uniqueness is generating a 1*10 randomized picture so (256*256*256*however long you make it) combinations and including it with the dl. I suppose you could add another 256 if you were using the alpha channel as well. Then said image is used as the cypher for that copies' encryption. This only leaves the problems of a.) securing the cypher image b.) transferring that information with your request code and c.) the logistics of setting the whole system up. A & B are managable, but i have no idea how one would set up such a system or how bad the drain would be on server resources.
Back to top
View user's profile
asuffield



Joined: 30 Aug 2006
Posts: 6



PostPosted: Wed Aug 30, 2006 8:54 am    Post subject: Reply with quote

Poo Bear wrote:

Well, yes of course. It's all about making the pirates job hard enough so they don't bother, that's what all piracy comes down to and that's more than enough. Depending on how popular your game is no human will spend more than X hours / days messing with it and you just need to make sure your protection takes more than X to crack.


Sorry, but this is a fundamentally clueless comment. You appear to be operating under the misconception that the people who do this are acting from some kind of profit motive (not an uncommon belief in the large game studios, who understand nothing but the bottom line, but nonetheless a wrong one).

These people do it for the sheer satisfaction of solving a difficult puzzle. Dissecting somebody else's code, figuring out how it works, and changing it to work differently is a deeply satisfying experience, on a very similar level to what you feel when creating the thing in the first place. Making it hard and intricate does not dissuade them - quite the opposite. It makes it even more satisfying when they finally break it. This is exactly the same thing that sells a large number of games. If it takes them days or weeks to solve, and requires creative approaches, it's just going to attract even more attention and make them try even harder.

Ultimately, they have a massive, unbeatable advantage over the people who create these challenges for them - the creator is acting from the profit motive, and is therefore limited in the amount of time they can spend making the system more complicated, because every hour spent working on it is eating into their profit margin. The hacker has no such constraint; they can keep working on the problem for as long as it takes to solve.

Realistically, most games get solved in under a week from their release date. That means the value of the system to the creator is very low - it only buys them a week's grace - so they can't afford to spend much time working on it. And that's without considering the way the product loses value by having extra annoyances and bugs added to it.

Poo Bear wrote:
p.s. you can stop people hacking out an annoyingly strong authentication systems by making the same code block fix up things you broke on purpose. Just make sure you pick a texture or sound effect or data file to break from evenly spaced points throuhout the game and randomise their activation. That way they have to play through the entire game multiple times to find them all.


That doesn't work against anybody but the greenest rookie. The people who are going to crack such a system not only expect this sort of thing, they're used to beating it. And it's not really that hard - you just have to look at what the code actually does. When you run a dataflow analysis, the parts of the code which depend on the authentication data are the crippleware parts which have to be analysed and repaired. For a project the size of a typical game, this sort of analysis can be accomplished in an afternoon of fairly easy work; it can be largely automated.
Back to top
View user's profile
asuffield



Joined: 30 Aug 2006
Posts: 6



PostPosted: Wed Aug 30, 2006 9:12 am    Post subject: Reply with quote

starscape junkie wrote:

One of the ideas ive been toying with in terms of uniqueness is generating a 1*10 randomized picture so (256*256*256*however long you make it) combinations and including it with the dl. I suppose you could add another 256 if you were using the alpha channel as well. Then said image is used as the cypher for that copies' encryption. This only leaves the problems of a.) securing the cypher image b.) transferring that information with your request code and c.) the logistics of setting the whole system up. A & B are managable, but i have no idea how one would set up such a system or how bad the drain would be on server resources.


Too much, given that you can defeat it by buying two copies, finding the differences between their binaries, then changing all those bytes in your copy. It's possible to construct a unique labelling system that isn't completely trivial to defeat, but it's a lot of work and it'll be defeated anyway, so what's the point? Also, treating your paying customers as if they can't be trusted tends to annoy them, regardless of how valid it may be, and that's never a good idea. You want them to be your partners, not your opponents.

Remember, it only takes one copy with the unique tag stripped out, and then suddenly everybody is sharing that copy. These systems are weak because one failure, anywhere, defeats the entire system for everybody - once a clean copy is out on the internet, you can't lock it up again. That means it isn't worth spending a significant amount of time on them. Find a better idea. Preferably one that gets your customers on your side.
Back to top
View user's profile
Rup



Joined: 19 May 2003
Posts: 363
Location: London, UK



PostPosted: Wed Aug 30, 2006 9:44 am    Post subject: Reply with quote

asuffield wrote:
Too much, given that you can defeat it by buying two copies, finding the differences between their binaries, then changing all those bytes in your copy.

What if, say, you have a 8-bit serial number and the pirates compared copies 252 and 255? They'd only catch two of the eight bits in the serial. Then you'd know within four copies which one it came from.

OK, the pirates can compare a third and fourth copy - but how many do they need to try to be sure they've got it all? Would pirates really go to the trouble of getting that many copies?
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Discussion Pod Forum Index -> Independent Game Development All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group