Jump to content

  • Log In with Google      Sign In   
  • Create Account


How to time bomb a beta?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
80 replies to this topic

#1 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 28 March 2014 - 10:11 AM

How to time bomb a beta?

 

its time to release a beta version of my game into the big wide world. 

 

while its still not complete, compared to the final version, it still needs to be time bombed.

 

What's the best way to do this?

 

a simple check_date, they can change the PC's clock.

 

counting number of runs?

 

storing date of last run?

 

multiple checks in different places with different unique code (anti-hack) ?

 

I have testers waiting, so I need a bullet-proof as possible solution quickly.


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


Sponsor:

#2 fastcall22   Crossbones+   -  Reputation: 3970

Like
0Likes
Like

Posted 28 March 2014 - 10:21 AM

EDIT:
I misread the question, hurrr.

Perhaps you can password-encrypt the game and send it with a launcher with a password prompt, then you can publish the key via twitter or something once you're ready to release the beta.

Edited by fastcall22, 28 March 2014 - 10:21 AM.

WW91J3ZlIGdvdCBhIHNlY3JldCBib251cyBwb2ludCE=


#3 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 28 March 2014 - 10:23 AM

Perhaps you can password-encrypt the game and send it with a launcher with a password prompt, then you can publish the key via twitter or something once you're ready to release the beta.


but that doesn't turn it off after 3 months or whatever.

A further note:

I'm not really interested in any type of "ET phone home" solution.

Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#4 SeanMiddleditch   Members   -  Reputation: 3873

Like
17Likes
Like

Posted 28 March 2014 - 10:44 AM

A further note:

 

i'm not really interested in any type of "ET phone home" solution.

 

Then there's no solution you'll like.

 

Fortunately, you're looking for a solution based on a highly flawed assumption:

while its still not complete, compared to the final version, it still needs to be time bombed.

 

It doesn't need to be time bombed. It's not 2004. Literally no matter what you do, someone somewhere is going to figure out how to post a cracked version of your game on a torrent site. No DRM or access control system for an offline game is immune to being cracked by a 12-year-old with too much time on their hands.

 

Your only sane option is to work within the system, not against it; build models that work better for you when people are sharing and trading and previewing your game. Free-to-play is such a model, and its popularity is in no small part because it entirely sidesteps the question of piracy or illicit access (in a f2p model, you _want_ as many people as possible downloading your game with as absolutely few barriers as possible). In a free-to-play system, monetized betas are a way to make sure that it doesn't matter who is playing your beta so long as you have loose/weak controls over numbers just to be safe with initial ramp up of the player base (so your servers don't get overloaded before you've figured out what kinds of resources you need).

 

For betas, again just don't worry about it. Make sure the game is very clearly marked as a beta. Don't put in every last bit of content you want to keep secret until release. Go ahead and put a simple time check in it if  you want, and just _don't care_ if someone is willing to muck around with their computer to change the local time to play it. What do you lose if they do? Is someone playing a clearly marked beta 3.25 months from now going to hurt your final release? If they were just going to pirate your game anyway, do you really care if they are illicitly playing the beta or full version?

 

If you want absolute control over who plays and when they play, you need to make your game online. Even an "ET phone home" feature by itself is worthless, since defeating those kinds of measures are trivial. Nothing short of a fully server-simulated online game engine is going to stop people from playing your game if they want, when they want, how they want.



#5 Ravyne   Crossbones+   -  Reputation: 6769

Like
7Likes
Like

Posted 28 March 2014 - 10:46 AM


i'm not really interested in any type of "ET phone home" solution.

 

Then you're well and truly SOL. Your players control their box, there's nothing you can do to change that. The only hope you have of something relatively secure is by making their box rely on a box that you control. Its as simple as that.

 

Imperfect security -- making it a hassle for them to break free, but not impossible -- is doable though. My suggestion is to either forget the whole thing (that's what I'd do), or do the minimal thing that will deter the 90% crowd and call it good.

 

You might also be inclined to other creative 'solutions' like the game whose name I forget, but basically if you didn't pay for the full version you could still play the game, but the characters became pirates, and I think there were gameplay consequences to such. Basically this shames/harasses pirates into paying up, but because the game is otherwise 'free' folks were less-inclined to crack the game proper.



#6 Promit   Moderators   -  Reputation: 6109

Like
11Likes
Like

Posted 28 March 2014 - 11:12 AM

Just plaster BETA all over it and write a date on in obnoxious text.



#7 Servant of the Lord   Crossbones+   -  Reputation: 17149

Like
4Likes
Like

Posted 28 March 2014 - 12:14 PM

Just plaster BETA all over it and write a date on in obnoxious text.

 

Good idea. Apply a very subtle gaussian blur to some of the art assets you ship, and put a tiny "BETA" watermark on them.

 

You aren't going to stop pirates, regardless, so if you're wanting to stop legit users from being "satisfied" with only the beta, then just withhold (or degrade) content. But make sure your best content is in the demo, so you present your best face forward for people considering to buy.


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.

[Fly with me on Twitter] [Google+] [My broken website]

All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.                                                                                                                                                       [Need free cloud storage? I personally like DropBox]

Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal


#8 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 28 March 2014 - 12:38 PM


Then there's no solution you'll like.

 

yeah, i know...   : (

 

 

 


It doesn't need to be time bombed.

 

 

have you ever been hacked?

 

so bad you lost the company?


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#9 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 28 March 2014 - 12:39 PM

Good idea. Apply a very subtle gaussian blur to some of the art assets you ship, and put a tiny "BETA" watermark on them.

 

actually, its got no audio yet <g>.



#10 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 28 March 2014 - 12:45 PM

this will be a beta test version, not the demo version.

 

technically, there are 4 versions of the game:

 

developer (the full game + dev tools, testing controls, etc)

 

release (the full game)

 

beta  (for beta testing, not complete, time bombed, features will vary depending on version DL'd.)

 

demo (small free to play trial version)

 

i'm thinking i'll actually end up selling the developer version, IE include all the modding tools and testing cheats.



#11 AlanSmithee   Members   -  Reputation: 958

Like
0Likes
Like

Posted 28 March 2014 - 01:49 PM

 


Good idea. Apply a very subtle gaussian blur to some of the art assets you ship, and put a tiny "BETA" watermark on them.

 

actually, its got no audio yet <g>.

 

 

I think he is reffering to grafic assets, not audio assets?



#12 dmatter   Crossbones+   -  Reputation: 2977

Like
4Likes
Like

Posted 28 March 2014 - 03:31 PM

how to time bomb a beta ?

If you don't want it to phone home then it really just boils down to either checking the system clock and/or writing stuff to a file or the registry.

a simple check_date, they can change the PC's clock.

Changing the clock is annoying and will deter a lot of people. You could always just periodically poll the clock and keep track of how much time is passing that way even if the clock is jumped back you will still be accumulating time towards the quota.

You might consider it as a variant of phoning home but you could grab the time from date.jsontest.com if you want a more reliable time, obviously this would mean your user needs an internet connection.

#13 ferrous   Members   -  Reputation: 1566

Like
0Likes
Like

Posted 28 March 2014 - 03:39 PM

have you ever been hacked?

 

so bad you lost the company?

Sounds like a story, I'd love to hear more about that, perhaps in another thread.  Could be some worthwhile lessons for others in it.



#14 Matias Goldberg   Crossbones+   -  Reputation: 3007

Like
3Likes
Like

Posted 28 March 2014 - 10:04 PM

You can't stop the game from being hacked and circumvent the time bomb.
All you can do is to check the clock, keep a launch count, check timestamps of the files, phone home, obfuscate all of the former and check multiple times. And then there's more intrusively annoying options: depend on an active internet connection to play the game, rootkit and install something in the MBR (if you'd do this on my machine I would hunt you down).

But even then, all of this can be circumvent. Treat your customers well, not like thieves. Are you already a millonaire? Because if your game isn't worth it, it won't even be pirated. You won't need to worry about it. If your game truly rocks, it will get pirated, but you will also get much money from honest customers you won't have to worry about it either.

Do some checks, but going to insane lengths may just damage your image.

#15 Chris_F   Members   -  Reputation: 1941

Like
4Likes
Like

Posted 29 March 2014 - 02:15 AM


rootkit and install something in the MBR

 

That's a good way to ensure nobody ever plays any of your games ever again. wink.png



#16 SeanMiddleditch   Members   -  Reputation: 3873

Like
1Likes
Like

Posted 29 March 2014 - 10:50 AM

have you ever been hacked?
 
so bad you lost the company?

 
In what way does that even remotely have anything to do with DRM on a game?
 

You could always just periodically poll the clock and keep track of how much time is passing that way even if the clock is jumped back you will still be accumulating time towards the quota.

 
This accumulated time is stored on the local machine, and hence it is easy to reset.
 
Literally, there is _no_ way to make  your game time-limited without running the game on a server you control that you can shut down or restrict access to on the desired date. Even games that "phone home" can be trivially defeated; look at the cracks for getting Assassin's Creed running without the online connection, for instance.



#17 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
1Likes
Like

Posted 29 March 2014 - 11:16 AM


You can't stop the game from being hacked and circumvent the time bomb.
All you can do is to check the clock, keep a launch count, check timestamps of the files, phone home, obfuscate all of the former and check multiple times.

 

i realize all this. 

 

i spent yesterday reading up on code obfustication, self modifying code, and DL'ing disassemblers.

 

at this point, the real question is, in a disassember dump, one can see windows  and library calls, correct?

 

any protection will ultimately depend on 3 system calls: get system time, get file time, and read sector. if those calls can found relatively easily, then its the code that uses them that must be obfusticated.  

 

it looks like the best approach is a VM that uses a proprietary machine code and self modifying code. it in turn would have ops for gettime, get filetime, and read sector. 

 

i was hoping for a few pointers or tips on implementation.

 

I find it rather surprising that DRM is not a more popular topic here.   whats the deal?    do most folks here fall into one of two categories: 1. "i have yet to make a game worth cracking", or 2. "i work for a big game company and cracking is someone else's problem" ? 

 

 

for future readers who might be interested in the topic:

 

not only can the user reset the clock before running  the beta, then can also do so BEFORE installing! never thought of that one before!   so saving the install date won't always catch a clock that's been set back after the install. but it should still be done. it DOES trap the case of they install, then set the clock back to run.

 

there should be a check for current date older than release date, as well as current date beyond expiration date.

 

current date beyond expiration date is the basic condition we're interested in. all the rest is cause they can play with the system clock.

 

current date older than release date traps clock set back too far.

 

and since they can play with the system clock, you need to verify by checking the last update time of files on the hard drive. using something that gets updated automatically at startup, such as the hidden backup copy of the windows registery.  i figured i'd just do something like simply check the last update time of all the files in the windows directory (or a few target files if all files is too slow). if any file is "too new" the beta is expired.

 

but as stated in some of the info i found online, the worst case is you're running in a VM (emulator) where the date never changes.

 

i did find a lot of good info, and will be posting it to my gamedev info journal.  my brain was absolute MUSH last night after all that reading!

 

and i do plan to also have missing content / disabled features and beta messages.

 

perhaps i should have started this thread with a disclaimer like:

 

"i know there's no perfect solution, but one must do what one can, so whats the best way?"


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#18 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 29 March 2014 - 11:32 AM

 

have you ever been hacked?
 
so bad you lost the company?

 
In what way does that even remotely have anything to do with DRM on a game?

 

 

 

i was cracked because i jumped on the "e-delivery" bandwagon without good DRM. in v1.3 of Caveman, i switched from a proprietary keyCD DRM technology that i had been using successfully for 15 years to a weak registration key check that got cracked immediately.  the idea was that users no longer had to wait for the full game in the mail, they could enter a hardware based registration key and unlock the full game from the demo. it was hacked by some group in eastern europe or china as i recall, and posted to a warez board out of Zaire or someplace in africa  that was hosted on servers in russia. so no legal recourse possible. when i discovered this, it explained why sales had dropped to almost nil with the release of v1.3.   Losses were so bad, i had to fold the company.  

 

DRM sucks, but then again, people do to, that's why its a necessary evil.

 

i'd much rather be implementing the quest gen than dealing with this BS.   


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#19 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 29 March 2014 - 11:42 AM

 

have you ever been hacked?
 
so bad you lost the company?

 
In what way does that even remotely have anything to do with DRM on a game?
 

You could always just periodically poll the clock and keep track of how much time is passing that way even if the clock is jumped back you will still be accumulating time towards the quota.

 
This accumulated time is stored on the local machine, and hence it is easy to reset.
 
 

 

 

 

actually....

 

you could keep track of execution time, and update a file from time to time.  even if they alt-tab and change the clock while the game is running, it would only screw up the timing for the current interval. so say you used a timer, and once per minute you increment a "minutes_running" counter, and reset the timer. a clock change would only screw up the timing for the current minute. then you set it to stop after something like 3 hours per day  * 60 minutes * 90 days = 16200 total minutes of runtime. and if you used a hi-rez (game) timer, clock changes wouldn't even affect it, would they?


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#20 Norman Barrows   Crossbones+   -  Reputation: 1845

Like
0Likes
Like

Posted 29 March 2014 - 11:45 AM

Literally, there is _no_ way to make  your game time-limited without running the game on a server you control that you can shut down or restrict access to on the desired date. 

 

 

 

too true.  in the end, the only secure code is code you don't give to the user.   : P


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 





Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS