Jump to content

  • Log In with Google      Sign In   
  • Create Account


Who has implemented a licensing API/SDK


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
25 replies to this topic

#1 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 19 September 2013 - 05:59 PM

I'm starting this topic to get general information, anecdotes, tips, warnings, suggestions, recommendations, ideas from all those out there who have ever implemented a licensing scheme into their application be it a licensing API/SDK or your own proprietary solution.

 

I've written a small program and have looked at services from Halpeiron, Safe-Net, RLM and others and have recently began implementing one solution into my app. It is a process of learning a new, and from the looks of the documentation, robust SDK that deals with areas of programming I have never explored before.  I do 3d math stuff.  This SDK deals with network calls, encryption, permissions, XML and really tricky code styles that rely on many many defines, function pointers, and many many funky functions that do obscure things that I can't find in a myriad of books that deal with 3d graphics programming.

 

What was your experience like?



Sponsor:

#2 ApochPiQ   Moderators   -  Reputation: 14103

Like
9Likes
Like

Posted 19 September 2013 - 08:22 PM

My experience was that it was an utter waste of time and trivially cracked by an amateur reverse engineer (me) in a matter of a few minutes for the simpler solutions, and a couple of days of hardcore reversing for the more sophisticated options out there. (I won't name them, for legal reasons.)

#3 sweetRum   Members   -  Reputation: 119

Like
1Likes
Like

Posted 19 September 2013 - 09:07 PM

Yes even the most sophicticated services like Halpeiron stipulate that if someone wants to crack your code bad enough, they will do it. So is it even worthwhile protecting your product?

 

what sophisticated solutions did you explore?


Edited by sweetRum, 19 September 2013 - 09:08 PM.


#4 AllEightUp   Moderators   -  Reputation: 4064

Like
7Likes
Like

Posted 19 September 2013 - 09:53 PM

I tend to figure Apoch has it correct. Most DRM solutions are trivial to bypass and generate "valid" keys once folks get even a basic sampling of keys. I have integrated (under protest if it was more than a unique ID) many of the different DRM solutions out there and they are ALL crap in one way or another. They range from light DRM with SHA/MD/whatever generated hash keys to massive invasive BS that is a complete nightmare of integration. The light user friendly ones are easily broken, the heavy handed ones are a pain in the ass to integrate and generally end up pissing off your actual customers and still not preventing piracy.

What Apoch doesn't say, though hinted at it. No matter the DRM, the game *WILL* be hacked and pirated. (Even Ubisoft's 'uncrackable' you don't have all the code was hacked.) You have two choices: live with it or implement a fail solution (tie your game to servers so the client never gets everything) like SimCity 5 which was a complete disaster. The problem with DRM is that it will be broken, usually within days, and you can't do jack about this. It is literally you versus thousands and anything with popularity will be of interest to those thousands. Implementing the Sim City 5 solution is a fail case. Your pre-purchasers are due to the fan base who will buy no matter what. When it comes out and is crippled because of the DRM by a happier name, even your initial fan base starts saying "don't buy this" and you have destroyed your franchise.

So, obviously, my experience is completely negative. First off, no matter how much you work at it, 1:1000 odds are that a cracked version will turn up within days, if not hours of the release. If you really work at it and do a SimCity 5 style always online DRM you will loose even your pre-order fan base because the DRM is onerous and annoying to the point that even those fans become disenfranchised. Loosing the folks willing to preorder is a ***STUPID*** business idea no matter how much you hate piracy. (Could I somehow make "STUPID" stand out more? smile.png)

#5 TheChubu   Crossbones+   -  Reputation: 3601

Like
0Likes
Like

Posted 20 September 2013 - 01:28 AM

I'd even say that if whatever you code doesn't gets cracked in a short while, your product isn't popular at all :D


"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#6 NightCreature83   Crossbones+   -  Reputation: 2651

Like
2Likes
Like

Posted 20 September 2013 - 02:35 AM

Steams CEG solution seems to be the better direction for this stuff, as it doesn't impair the game on a functional level. It just makes it so you can't use certain features or texts are changed to other things. Which can make a game look like this: this is a pirate copy hence the Yarrrr replacement of real text smile.png, we never disabled the game other then the text. Batman Arkham made the game playable up until you had to use your cape to glide somewhere which the game didnt allow if it was a pirated copy.

 

These are also crackable but more subtle and make your game act like a demo for the real product, so that when users start to complain on your forums you can tell them, to buy the full version to get ride of the issues.


Edited by NightCreature83, 20 September 2013 - 02:35 AM.

Worked on titles: CMR:DiRT2, DiRT 3, DiRT: Showdown, GRID 2, Mad Max

#7 wintertime   Members   -  Reputation: 1574

Like
1Likes
Like

Posted 20 September 2013 - 06:14 AM

My opinion on DRM is it will always be cracked and only annoy people who legally bought your program. At the same time people would probably be encouraged in copying when there is no protection.

So I would go for something very light and cheap that just prevents casual copy and paste and hopefully gives you a few days(or more likely hours depending on your luck) before its cracked. Then later you can remove it in a patch without loosing much effort, if you feel like it gives you a reputation boost to call your program DRM-free.

There is an example: http://rampantgames.com/blog/?p=6446



#8 dilyan_rusev   Members   -  Reputation: 858

Like
1Likes
Like

Posted 20 September 2013 - 06:15 AM

My take on this is that you need some really basic stuff to prevent the not-very-small population of extremely nontechnical people from just copy-pasting. Other than that, the more popular you are, the faster they will crack you.



#9 BitMaster   Crossbones+   -  Reputation: 3576

Like
1Likes
Like

Posted 20 September 2013 - 07:19 AM

When The Witcher 2 was released, there was a DRMed disc-based version sold in stores and a completely DRM-free release on GoG.com (as well as some other distribution channels), all at the same time. The game showed up on file sharing sites within hours of being released, however the version showing up there was practically exclusively the cracked, DRM version.
I couldn't find the original interview where that was mentioned but the story is referenced here.

On a more personal note, when I consider buying a game nowadays the first thing I find out is "Does it have DRM?". Unless I can answer quickly that the answer is a simple "No, it does not", I will abandon all intentions of buying the game, no matter how much anything in there interests me.
I have dealt with Steam, I have dealt with other handrolled DRM and I'm just no longer willing to put up with it. On the other hand, I'm spending well over the average when anything in a (DRM-free) Humble Bundle interests me, I have accumulated a rather huge library from GoG and I have left quite a bit of money with several indie developers who go DRM-free (and mark that properly).

A similar attitude is mirrored in friends with the exception that they are generally more accepting of Steam.

#10 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 20 September 2013 - 10:41 PM


These are also crackable but more subtle...

 

That seems like an interesting solution.

 

How do you reason with someone who wants instant gratification by asking them to make the choice between 'free' or 'at-cost'?  It makes it very difficult to make any endeavor profitable.



#11 PhillipHamlyn   Members   -  Reputation: 454

Like
3Likes
Like

Posted 22 September 2013 - 12:50 PM

My background in development is entirely commerical/business, not gaming, but in that area I have had to deal with issues of licensing and copyright protection of APIs (not the product itself - just the API). After some thought we ended up developing a trivial protection system using easily-reverse-engineered license keys purchased by the third party developer company. Althought it in no way prevented software theft, it did provide evidence that software theft had taken place, which was good enough for my bosses.

 

Possession of a key issued to a legitimate third party organisation whose content was copyrighted, was in itself a copyright theft. Use of that key was therefore in some way illegal. The important point seemed to be that (a) the software was protected (however trivially) and (b) the method used to gain access to the software prevented casual or mistaken use by a third party. I put the case to my bosses that theft is a law-enforcement issue, all I could do was provide some basic protection such that there could be no defence of ignorance (i.e. "I didn't know it was copyrighted" or "it was open source code I found on the web"). It was made easier for me because we work exclusively in the Microsoft .net world where all code is open and trivially decompiled - just like (for instance) JavaScript - so there is no real technical protection from copyright theft.

 

Interestingly the prevention of theft of the companies IPR was their main reason for investigating web hosting - it prevented the software from ever leaving our premesis, so was inherently secure. Didn't end up being a strong enough reason to actually convert it for the web, which probably reflects more on the weight given to copyright theft over and above, say, user experience.

 

Phillip.



#12 Bearhugger   Members   -  Reputation: 527

Like
1Likes
Like

Posted 22 September 2013 - 02:49 PM

I'd just leave it to my distribution platform (Steam, Apple App Store, Windows Store, etc.) to handle the DRM and focus on making a good game. I would not lose time with it myself, it's just not worth the effort and I don't care to play that cat-and-mouse game with hackers. People who will crack your game are usually not going to buy it anyway. I'm guilty of having pirated games in the past but those were either games I was never going to buy, or games that I wanted to try before buying. I have never pirated a game from developers I trust to not make cheap cash grab games. I have never pirated a Blizzard game, for example.

 

More importantly, sometimes DRM itself might be the reason why people don't want to buy your game. Don't make it safer and easier to pirate the game than to buy it legit. Mass Effect 3 has been massively pirated, and I bet that one of the reason was that people didn't want to install EA's Origin's DRM/spyware/cloud on their computer. I decided to just not play the game (rumors about the ending cooled my excitement anyway) but those I know that have played it on the PC have all pirated it. Although unless you're called Ubisoft or EA you probably don't have the means to invest into draconian DRMs like Origin or Uplay so you can probably ignore this issue.

 

You might want to go the always-online way, but if you do so you need to ADD VALUE to the always online factor so that it's not just an annoyance for the players. A lot of people have complained against Diablo III's always-online feature (and who am I to tell them that they're wrong) but personally I grew a large friend list by playing World of Warcraft, so being able to chat with my friends while playing any Blizzard game makes always-online awesome for me. I wouldn't play the game offline even if I could.

 

On a side note, I have once successfully used a protection scheme to force the customer to pay the full price of a software when I was working for a company that made industrial machines. I hid the lock/unlock flag into the machine's RAM on a chip. Of course he could have "easily" hacked it, but when you're buying hardware that is one-of-a-kind and costs 5M$, you don't want to risk breaking it (plus voiding your warranty) by hacking the chips for the 5k$ software add-on... Of course, games are all software, so you can't do anything like that. 



#13 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 24 September 2013 - 02:16 PM

when I finish implementing my licensing methods, would all of you try to crack it for me to see how secure my scheme is?



#14 ApochPiQ   Moderators   -  Reputation: 14103

Like
1Likes
Like

Posted 25 September 2013 - 01:10 PM

Of course not. That would be illegal.

#15 SimonForsman   Crossbones+   -  Reputation: 5715

Like
1Likes
Like

Posted 25 September 2013 - 01:35 PM

 

Of course not. That would be illegal.

 

That would depend on what jurisdiction you're in, (Allthough i can't think of any jurisdiction in which it is illegal when you have the copyrightholder and system owners permission)
I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#16 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 25 September 2013 - 06:41 PM

Of course not. That would be illegal.

not necessarily if we do it under the spirit of development testing and I give you permission to test my security.



#17 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 25 September 2013 - 06:44 PM

 

Of course not. That would be illegal.

 

That would depend on what jurisdiction you're in, (Allthough i can't think of any jurisdiction in which it is illegal when you have the copyrightholder and system owners permission)

 

indeed:)



#18 Ectara   Crossbones+   -  Reputation: 2743

Like
2Likes
Like

Posted 25 September 2013 - 10:44 PM


More importantly, sometimes DRM itself might be the reason why people don't want to buy your game.

This, and 100 times this. I own legitimate copies of excellent games, but I still run the cracked versions because of one important DRM technique of the time period: requiring the disc to be in the drive. My main computer is a laptop, and I am always on the go. I rarely sit in one place, and while I'm often seated in my living room, my PC games are upstairs, since they are rarely used. I simply do not want to carry the disc on me, when I have the harddrive space to hold the entire game. It isn't necessary, and it is cumbersome enough for me to buy the game and run the cracks that would allow me to not need the disc. First, carrying the discs sucks. Second, spinning up a CD drive is loud, and can be slower than just as easily reading from the harddrive. Third, having my optical drive spinning while I play drains my battery life and heats up my machine unnecessarily. Fourth, running the game from a removable drive is very useful if you move from machine to machine in a public area, like a school, so cracking it to do so is desirable.

 

These are all ways that local DRM frustrates me. I was very leery of always-online DRM when I started playing Phantasy Star Online 2, for one very big reason: I played Phantasy Star Online in the offline single player mode intermittently for many years! Dealing with the fact that if I wasn't connected to the Internet, I could not level my character was a tough hurdle, when I had been playing the game's predecessor for 10 years. However, I eventually accepted it as a necessary step (PSO was filled with hackers and cheaters).

 

So, let it be known that there is yet another type of customer: if you sell your game with DRM, and I buy it, I will still try to break it to remove the burden that was imposed upon me, despite me doing the right thing. I was very glad that the versions of Quake I, II, and III: Arena that I have for Linux install and ask that you copy the data from the legitimate Windows discs to the install directory, instead of requiring that the disc be in the drive like installing the Windows versions. I own the Ultimate Quake collection, so that is not the problem.


Edited by Ectara, 25 September 2013 - 10:47 PM.


#19 Adam_42   Crossbones+   -  Reputation: 2353

Like
1Likes
Like

Posted 26 September 2013 - 02:34 AM


Most DRM solutions are trivial to bypass and generate "valid" keys once folks get even a basic sampling of keys.

 

Any decent DRM system will use public key cryptography to make sure that the only practical way to generate valid keys is to have the private key.

 

Of course that doesn't stop someone hacking the code to remove the check or replace the public key, but at least it lets you easily and reliably identify pirates.



#20 BitMaster   Crossbones+   -  Reputation: 3576

Like
1Likes
Like

Posted 26 September 2013 - 04:35 AM

Most DRM solutions are trivial to bypass and generate "valid" keys once folks get even a basic sampling of keys.

 
Any decent DRM system will use public key cryptography to make sure that the only practical way to generate valid keys is to have the private key.
 
Of course that doesn't stop someone hacking the code to remove the check or replace the public key, but at least it lets you easily and reliably identify pirates.


I don't see how that is applicable. If you do not require online validation the program itself needs to validate the key and any decent hacker can extract whatever counts as the private key from the executable.
If you require online validation you don't need public/private keys, it's much simpler and safer in the long run to create completely random keys and store them in a database, together with whatever usage information accumulates.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS