Jump to content

  • Log In with Google      Sign In   
  • Create Account

Banner advertising on our site currently available from just $5!


1. Learn about the promo. 2. Sign up for GDNet+. 3. Set up your advert!


Broken Game as an Anti-Piracy Measure


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
22 replies to this topic

#1 ILoveJesus   Members   -  Reputation: 166

Like
0Likes
Like

Posted 21 May 2012 - 04:10 PM

I read about how Batman Arkham City had a feature that left Batman unable to glide if the game verified it was a pirated copy. My question is how in the world do you go about doing something like this and also is it possible to do without their being an internet connection?



Sponsor:

#2 frob   Moderators   -  Reputation: 28185

Like
1Likes
Like

Posted 21 May 2012 - 04:48 PM

There are two parts of your question, I'm not sure which you are asking.

There is the hack detection part. How do you detect when someone has hacked the game?
There is the hack reaction part. Once you detected it, what are you going to do differently?


There have been many articles written on the subject of hack detection posted in Gamasutra and other development sites. There are an amazing number of ways cheaters have implemented, ranging from simply generating fake CD keys, to modifying executables, to having secondary programs that aim or otherwise cheat for you, to modifying or intercepting device drivers to toggle visibility, to having a small network attached to your PC that intercepts network calls, simulates the game, and passes modified network instructions for you.

One of the more effective (yet still readily broken) methods to detect a modified executable is a collection of overlapping hashes across multiple sections of your executable, including overlapping sections over the cheat detection code. If any hash fails you know the executable was modified. A single hash won't work because then the hacker just needs to modify one hash function. Your code needs to have hashes that run on top of the hashing code and other places.

There are many other hack detection systems out there, Google can find a bunch of others.

Note that no matter what you do, a determined attacker can eventually overcome your protections. Several articles recommend a series of cascading hack responses. There is the first obvious one of getting the game to load. That's the one the mainstream hackers will solve first. In the rush to be first they'll proudly announce that they have cracked it. Then people will notice another separate hack detection about ten minutes into gameplay. Then another more subtle issue a few hours into gameplay, another later on, etc., and perhaps a final hack detection that makes the final boss invincible, meaning hackers will have needed to go through the entire game from beginning to end to find all the hacker traps.




As for a piracy response, those are fun and easy. Just pick bugs and don't fix it if the hack detection fails.

You can shut down completely for a hack response, but that is very obvious to hackers and they'll go straight for them.

Or you can do something more fun for you and more difficult for the hacker: subtly break the game, and do so at different intervals, including some late-game breakages that prevent the storyline from progressing.

Two I remember in The Godfather were great: first, the cinescope zoom would go down to a really narrow visible area instead of a normal black-bar cinema view (This was originally a bug, but became a hack-detected feature); second, you could not get out of a vehicle in a hacked game -- you could only exit a vehicle by crashing which made a critical piece of the storyline unbeatable.



Whatever you approach it, make sure you don't spend more money than it is worth.

For a hobbyist's online game, that could simply mean locking out any duplicate accounts since the login process is a natural choke point that you control.

For a hobbyist's offline game it is generally best to have a simple nag screen that pirates won't bother hacking out. Pirates and hackers will still use the software without paying, but at least they'll leave the unobtrusive nag screen in place for the semi-honest users.

Check out my book, Game Development with Unity, aimed at beginners who want to build fun games fast.

Also check out my personal website at bryanwagstaff.com, where I write about assorted stuff.


#3 freakchild   Members   -  Reputation: 557

Like
0Likes
Like

Posted 21 May 2012 - 04:51 PM

This underlying mechanism is often known as an anti-piracy tripwire or an anti-tamper mechanism. Generally, the idea is that some code is inserted which is hard to detect, but monitors for the presence of other code which has to be removed and/or otherwise tampered with if the game is to be successful cracked.

Each of these is hooked up to a feature that is either less obvious to the cracker or is obvious but not important enough to resolve. Thus, the goal is really to get the cracker to put out an incomplete crack (possibly by not even realising it) and the idea is the end user pirate will get pissed off that the game is not fully cracked and go out and buy it.

The logic is a little questionable and for the most part things still get cracked of course.

Traditionally the technique has been somewhat straightforward - setting a seemingly unrelated flag or two (or three) in the observed code, checksumming code and detecting when it will no longer checksum, encrypting code and checking it is still so, checking the output of code is what it should be an so on. Thus usually there is no one technique, but a number of them that are quite basic anyway. In fact, if there is any strength to this sort of technique it is usually because it done en-masse and with a great variety, with many protections built on top of each other, false traps thrown in for good measure, then obfuscated to make then harder to see and finally spreading them out throughout the game (thus forcing the cracker to have to play and QA the entire game).

Going back a couple of years most games would only have a handful of these measures in them which again made them quite weak. More recent efforts added automation to the process of adding this type of protection so that 1000’s of such measures could be added at the cost of little effort. In theory however, automation can often result in a detectable pattern and then there are other counter measures too that almost bypass the problem – crackers are quite clever.

Either way, often the goal of such measures is not one of preventing piracy (which many people think is an impossible goal), but one of making it so the cracker has to put in a lot of time and jump through many hoops, and at least having them partially fail several times over in the process.

Of course, the counter measure or mitigator of for any time and effort driven measure often involved cracking pre-release versions of games anyway.

To answer your other question you don't need to base this anti-cracking measure on anything that requires an internet connection, but it can help in small ways.

Edited by freakchild, 21 May 2012 - 05:09 PM.


#4 GothSeiDank   Members   -  Reputation: 156

Like
0Likes
Like

Posted 21 May 2012 - 05:18 PM

Arma 2 detects it via the Key and then you become a one hit kill.

I want to throw in another method:
Make an extra torrent version.
Like giving your actors in the game a piratehat or anything else that is just cute and funny.
Then cut down the playtime and distribute it to the torrent network as official release by some unknown hacker group.

Advantage is clearly more free attention for your game if it is good and the pirate hats might cause a lulz or two which is always good.
If you say "pls", because it is shorter than "please", I will say "no", because it is shorter than "yes"
http://nightlight2d.de/

#5 ILoveJesus   Members   -  Reputation: 166

Like
0Likes
Like

Posted 21 May 2012 - 06:16 PM

"This underlying mechanism is often known as an anti-piracy tripwire or an anti-tamper mechanism. Generally, the idea is that some code is inserted which is hard to detect, but monitors for the presence of other code which has to be removed and/or otherwise tampered with if the game is to be successful cracked."


So you are saying if I had let's say a key system, I simply have the code check to see if the part of the code that controls this is working properly or is present? What if the hackers develop a CD key generator instead though?

#6 Cornstalks   Crossbones+   -  Reputation: 6999

Like
1Likes
Like

Posted 21 May 2012 - 06:58 PM

So you are saying if I had let's say a key system, I simply have the code check to see if the part of the code that controls this is working properly or is present? What if the hackers develop a CD key generator instead though?

Better yet, what if hackers modify your program so it doesn't even check for a key?

Spore, for example, had one of the most elaborate/invasive DRM protection schemes when it was released, and it was hacked before it was even released. They had many professional developers working on their DRM, and yet the hackers demolished it before Spore even hit the shelves.

What I'm really trying to say is that you can always play the "What if" game. You have to decide how much time you're going to spend on your DRM. You can't possibly cover every single base. Pick a few basic bases, and cover those. Accept the fact that if your game is truly awesome, it will get hacked (and if it's not truly awesome, you probably don't have a lot to worry about :) ).

Spending too much time on this can be a big waste of time, as you could spend months on some DRM system and the hacker may potentially be able to hack the game in the same amount of time as if you had spent only a day on your DRM system. Of course, it can be fun/educational to play the "What if" game, but I suggest you don't take it too seriously.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#7 Postie   Members   -  Reputation: 1204

Like
1Likes
Like

Posted 22 May 2012 - 03:40 AM

My favourite anti-piracy reaction of all time was from last year by Garry Newman of Garry's Mod fame. He pushed out an update via steam that detected if the game was hacked and threw up an error message when you'd try to run it. The error message included a long error code that was actually the user's steam ID. So when the pirates complained in support forums and posted the error code Garry knew exactly which forum and steam accounts to ban.

Using such a scheme is risky due to the chance of false positives. But it was terribly amusing to read about.

In my personal opinion, there's nothing you can do to make your game completely secure. DRM is good in theory, but when it goes wrong (and they ALWAYS seem to go wrong), you risk pissing off your legitimate customers while the pirates have already found a way around it so they aren't inconvenienced.
Currently working on an open world survival RPG - For info check out my Development blog: ByteWrangler

#8 wolfscaptain   Members   -  Reputation: 200

Like
1Likes
Like

Posted 22 May 2012 - 04:25 AM

Crackers are better. That's all there is to it.
Big companies these days wate so much money and effort on protections that get cracked, usually, a few days after their games get released.

Maybe if they would use the money and time on making the games work better, people would be encouraged to buy them.
Right now, the only people suffering costantly from DRM are the legal buyers, pirates don't even see it.

A simple CD key would stop 5 years old kids from spreading games. Nothing beyond that is worth the effort.

#9 Zlodo   Members   -  Reputation: 451

Like
1Likes
Like

Posted 22 May 2012 - 04:35 AM

In addition to the above, I'm not sure intentionally letting your game seem bugged is a very useful method of retaliation against pirates.

The video game industry doesn't have a track record of releasing very stable games, especially on PC, and someone pirating your game and unable to do a thing he's supposed to be able to do is just going to assume your game is yet another buggy piece of crap, and if anything it might vindicate his decision to pirate it instead of purchasing it.

Edited by Zlodo, 22 May 2012 - 04:36 AM.


#10 szecs   Members   -  Reputation: 2316

Like
0Likes
Like

Posted 22 May 2012 - 04:50 AM

The video game industry doesn't have a track record of releasing very stable games, especially on PC, and someone pirating your game and unable to do a thing he's supposed to be able to do is just going to assume your game is yet another buggy piece of crap, and if anything it might vindicate his decision to pirate it instead of purchasing it.


I don't think that's true, since these intentionally left-in bugs are quite obvious bugs that even an average user assumes (since s/he knows that the game is pirated and probably googles the bug) to be fixed in legal copies. Bugs, like missing missions, obviously unbeatable armies/bosses, broken/missing narration scenes etc.

Of course, it can be dangerous to leave in non-obvious bugs, but an experienced programmer should know the difference.

Maybe this doesn't apply to cheap casual games, I don't know how often these are pirated...


Well, maybe, I don't know...

Edited by szecs, 22 May 2012 - 04:54 AM.


#11 Zlodo   Members   -  Reputation: 451

Like
0Likes
Like

Posted 22 May 2012 - 05:38 AM

I don't think that's true, since these intentionally left-in bugs are quite obvious bugs that even an average user assumes (since s/he knows that the game is pirated and probably googles the bug) to be fixed in legal copies. Bugs, like missing missions, obviously unbeatable armies/bosses, broken/missing narration scenes etc.

But if it's obvious, then whoever cracks the game will notice it and fix his crack. You may as well just display a notice half-way through the game saying that the game will quit because it's a pirated version (and no, this wouldn't be very effective either)

Edited by Zlodo, 22 May 2012 - 05:39 AM.


#12 freakchild   Members   -  Reputation: 557

Like
0Likes
Like

Posted 22 May 2012 - 09:33 AM

"This underlying mechanism is often known as an anti-piracy tripwire or an anti-tamper mechanism. Generally, the idea is that some code is inserted which is hard to detect, but monitors for the presence of other code which has to be removed and/or otherwise tampered with if the game is to be successful cracked."


So you are saying if I had let's say a key system, I simply have the code check to see if the part of the code that controls this is working properly or is present? What if the hackers develop a CD key generator instead though?


Nowadays a key system really does have to be online DRM in order to have any effect and the keys can't really be generated using any formula that can be reverse engineered. Combined together this would stop a key from being generated and if a key was 'shared' or guessed, it would help either limit it's use or at least red flag the idea the key is being abused, for which there are a number of follow up actions.

Of course, in this case crackers just don't generate keys...they stick to plain old cracking.

#13 mdwh   Members   -  Reputation: 979

Like
0Likes
Like

Posted 22 May 2012 - 10:05 AM

I agree with Zlodo, I don't think there's anything "obvious" about the bugs described here. By all means do it if you want, but there is the risk of bad reviews from people who see the bugs. And anyhow, even if they suspect it's because of this mechanism, that doesn't stop them being annoyed, and complaining about bugs anyway.

An obvious thing would be to make the game quit at some point into the game, but with a message displayed explaining why.
http://erebusrpg.sourceforge.net/ - Erebus, Open Source RPG for Windows/Linux/Android
http://homepage.ntlworld.com/mark.harman/conquests.html - Conquests, Open Source Civ-like Game for Windows/Linux

#14 freakchild   Members   -  Reputation: 557

Like
0Likes
Like

Posted 22 May 2012 - 10:33 AM

In my personal opinion, there's nothing you can do to make your game completely secure.


Which isn't really that important. The publishers implementing these techniques put them in knowing that protection is generally not foolproof. What they are typically looking for is just to hold off the prospect of piracy for even a small amount of time, even on one amongst a handful of titles.

In addition to the above, I'm not sure intentionally letting your game seem bugged is a very useful method of retaliation against pirates.


The strategy is generally one of making the cracked version seem bugged to impair the credibility of the cracker and encourage people who are interested to purchase a ‘bug free’ version. Naturally it is a strategy that will have mixed results but publishers do undertake strategies to try and tip the result in their favour.

Big companies these days waste so much money and effort on protections that get cracked, usually, a few days after their games get released.


While the goal is obviously to sustain for as long as possible a 'crack free' title do bear in mind that even just more than a few days once in a while is often enough to justify it, even when set amongst a lot of failure. A lot of people suggest these techniques are pointless due to things being cracked so quickly and easily, but when people say that generally they are not aware of the end goal or result that is targeted, which is often met even with what is perceived as such poor results.

Spending too much time on this can be a big waste of time, as you could spend months on some DRM system and the hacker may potentially be able to hack the game in the same amount of time as if you had spent only a day on your DRM system.


A simple CD key would stop 5 years old kids from spreading games. Nothing beyond that is worth the effort.


The more time you put in generally the better result you get. It’s only a waste of time if you spend minimal time on it. Most games are cracked easily because protection is weak. In the latter example above for instance, the game would be cracked within minutes of release – so yes that is pointless.

A common issue publishers face however is resistance from developers in spending time on this problem because they don’t really get a useful result for their efforts. But it’s really a self-fulfilling prophecy…these developers often have had poor results yes, but it’s mostly because they’ve not put the effort in consistently enough in the past to have ever seen a win. A bigger issue for developers is usually that (unless the game is as big as Skyrim or GTA) they won’t ever see the financial benefit of the win. Publishers usually experience a win more easily then developers do.

Developers therefore often have no reason at all to do this. From their standpoint it absolutely is a waste of time because they very rarely will see a return. Publishers are usually the ones paying for the labor though, so developers rarely ‘lose’ either.

Back to the topic though…good results usually take at least two weeks of effort and even then nothing is guaranteed. There are plenty of examples where such time is spent, only for there to be no return at all.

Does this make the effort pointless? For that specific failed example, yes…but actually…no. Usually the effort in doing this across several titles does indeed see the majority of those titles with no result, but a decent result on one title usually justifies the amortized effort. When these measures work publishers do actually get quite a decent return so the goal is really one of trying to make them work while accepting a lot of failure, but ultimately getting the occasional big win.

Thus, when people make comments suggesting the time and effort is pointless, it’s often because they aren’t aware that there is a bigger picture goal and this is the root of a lot of misconceptions on the whole ‘is it worth it?’ topic.

In some ways it’s like gambling, where you lose a lot but occasionally get a win. In real gambling there’s the old saying ‘the house always wins’ which is a comment based on the idea the odds are stacked in the favour of the casino and the players result is a net loss. In the world of copy protection, the wins are rare but big enough to negate this saying and they do justify a gambling lifestyle, albeit one with lots of losses.

It’s human nature to avoid risk and people generally see gambling as risk - they either avoid it or do it for fun. Do bear in mind there are many expert gamblers that are good at it, make a lot of money and most of those people work via a style where a lot of loss is accepted.

DRM is good in theory, but when it goes wrong (and they ALWAYS seem to go wrong), you risk pissing off your legitimate customers while the pirates have already found a way around it so they aren't inconvenienced.


DRM is usually just badly implemented btw. There are a handful of examples where it is done well, to the point where customers have even applauded it believe it or not. Unfortunately because of all the poor and thoughtless implementations it now has a bad name.

Finally then…is it worth it?

It depends on who you are. I’ve outlined scenarios above where it is worth it. If you’re an indie, not putting a lot of titles out there and those titles aren’t selling by the 100’s of 1000’s you obviously won’t be in the position to see the occasional big win. You might see the occasional win, but I doubt it would overcome the loss.

Edited by freakchild, 22 May 2012 - 10:35 AM.


#15 Postie   Members   -  Reputation: 1204

Like
0Likes
Like

Posted 22 May 2012 - 08:22 PM

DRM is usually just badly implemented btw. There are a handful of examples where it is done well, to the point where customers have even applauded it believe it or not. Unfortunately because of all the poor and thoughtless implementations it now has a bad name.

I'm curious about these example you mention. Can you name any such DRM success stories?
Currently working on an open world survival RPG - For info check out my Development blog: ByteWrangler

#16 szecs   Members   -  Reputation: 2316

Like
0Likes
Like

Posted 23 May 2012 - 01:09 AM

I see quite some programmer elitism about this topic.
Maybe I'm the most untalented person ever walked on this planet, but I couldn't break a CD key protection when I was 5. To be honest, I'm not sure if I could crack a simple protection today without much effort and research.

And I like to think that average people are also not able to crack even simple stuff. Okay, a few crackers are enough, since they can spread their cracks on the web, but somehow these big AAA companies make a humble living from selling their products anyway.


EDIT: I was a bit pissed off by this topic but this particular thread didn't deserve my rampage.

Edited by szecs, 23 May 2012 - 01:25 AM.


#17 ILoveJesus   Members   -  Reputation: 166

Like
0Likes
Like

Posted 23 May 2012 - 03:42 AM

I see quite some programmer elitism about this topic.
Maybe I'm the most untalented person ever walked on this planet, but I couldn't break a CD key protection when I was 5. To be honest, I'm not sure if I could crack a simple protection today without much effort and research.

And I like to think that average people are also not able to crack even simple stuff. Okay, a few crackers are enough, since they can spread their cracks on the web, but somehow these big AAA companies make a humble living from selling their products anyway.


EDIT: I was a bit pissed off by this topic but this particular thread didn't deserve my rampage.


I don't understand why you would be angry. A person or company should have a right to protect their own copyrighted material from being obtained through illegal means. Let's face it if you steal a game, whether it be from swiping a physical copy under your jacket at a store, or downloading it from a torrent you are a criminal. Maybe there is some shock from those who read that but it is true. It is illegal and be happy that the FBI doesn't go door to door looking for them because there are hefty fines and even possible jail time for breaking copyright law.

I have done research on what effects piracy has on the video game industry and I don;t think many understand how much it hurts. There is a reason we don't see many PC exclusive titles anymore and why most PC titles are ported from it's console versions. Did you know World of Goo reported about 90% of those who obtained their game pirated it? I could go into the morality of it all, but that would be innapopriate for this website. The financial damage piracy does is enough to prove the point. Also before anyone wants to pretend they know how little piracy effects the video game market, I suggest they do the research first before saying a word.

Edit: I may have misunderstood why you are angry. If it had nothing to do with publishers/programmers wanting to protect their property then I am sorry.

Edited by ILoveJesus, 23 May 2012 - 03:48 AM.


#18 szecs   Members   -  Reputation: 2316

Like
0Likes
Like

Posted 23 May 2012 - 04:00 AM

I am usually pissed off by the "any idiot can crack it so companies are idiots to try to protect it" attitude. But it's not really present in this thread.
(that means I'm with protection, even if it cannot by bulletproof, and that pirating is a crime).
I didn't know about details, that 90% figure is quite surprising to me.

Edited by szecs, 23 May 2012 - 04:01 AM.


#19 SimonForsman   Crossbones+   -  Reputation: 6664

Like
1Likes
Like

Posted 23 May 2012 - 05:52 AM

I am usually pissed off by the "any idiot can crack it so companies are idiots to try to protect it" attitude. But it's not really present in this thread.
(that means I'm with protection, even if it cannot by bulletproof, and that pirating is a crime).
I didn't know about details, that 90% figure is quite surprising to me.


The figures for copy protected games is just as high though, thats the point of the "it will get cracked anyway" attitude, traditional DRM simply doesn't work and thus reduces the value and increases the development cost of the product for no good reason which is just as likely to hurt sales. (Increasing sales is more important than reducing piracy)

There is only really two exceptions,

1) always online DRM such as that used by Ubisoft and Blizzard as it can't just be removed (If the server runs part of the game the pirates have to re-implement the missing pieces), This can be far more of a hassle for consumers (especially those with shaky connections or for singleplayer games where people don't expect the online requirement) but it is also very effective against pirates delaying them by several weeks or even months (depending on how much they have to replicate).

2) Basic serial keys, cheap to implement and stops casual piracy. (gives a fairly high return for a minimal investment and adds very little hassle for paying customers).

Anything between those two is in my opinion a Bad Idea as its just not cost effective.
I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#20 szecs   Members   -  Reputation: 2316

Like
0Likes
Like

Posted 23 May 2012 - 06:02 AM

I have a feeling that a post is missing, or I read it somewhere else?
It was something about that companies have to make some kind of protection. If not for anything else, just for setting apart the legal and illegal versions if there's any chance for any level of jurisdiction. (copied it from an unedited post of mine).

Maybe I dreamed about that statement. I can even remember a Hodgman post that was something like that.
Well, never mind.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS