Jump to content

  • Log In with Google      Sign In   
  • Create Account


DRM protection


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
19 replies to this topic

#1 FGFS   Members   -  Reputation: 196

Like
0Likes
Like

Posted 05 April 2014 - 11:55 PM

Hi

I wonder how to drm protect my stuff better than I do currently. Currently I check at every start for a key and compare it online. I would prefer

to check it not so often or only once. The problem is how to know when my stuff get's copied to another location. (Win/mac/linux) etc. and start a

now online comparison.

Thanks for any ideas

 



Sponsor:

#2 Waterlimon   Crossbones+   -  Reputation: 2465

Like
3Likes
Like

Posted 06 April 2014 - 02:08 AM

Either move part of or all of your game to servers you control, or replace your code checking with a dialog box that politely asks the player whether the game was obtained in a moral way or not.

[exeggaration] Anything else is a waste of your time because your game will be cracked by evil pirates in 3 minutes. [/exeggaration]

 

edit: added tone markup :3


Edited by Waterlimon, 07 April 2014 - 12:08 PM.

o3o


#3 SeanMiddleditch   Members   -  Reputation: 5117

Like
4Likes
Like

Posted 06 April 2014 - 02:40 AM

The 1990's called; they want their business model back. :)



#4 Bacterius   Crossbones+   -  Reputation: 8530

Like
11Likes
Like

Posted 06 April 2014 - 03:23 AM

Locally enforced DRM is a fundamentally flawed concept as information located on digital storage media under the user's control can unconditionally be copied or altered at near zero cost, especially since it is enough that one person do it and then freely release a crack to the world. There is nothing you can do to prevent that - if the information is stored on the user's computer, you've already lost whatever battle you were trying to fight. Indeed, the DRM problem ("the user cannot access the game without being authorized to") can be reduced to the problem of information copy ("the user cannot copy this information without being authorized to"), i.e. they are equivalent, and information copy cannot be prevented without limiting the user's ability to read that information in the first place.

 

That leaves online games (mmorpg's and other persistent worlds, where the closest thing to a DRM breach is setting up a free - or paid - private server and garnering a community of your own), or remotely served gaming (OnLive and the like, which are certainly not designed for DRM purposes anyway).

 

These are the hard facts. The kind of DRM you are thinking of does not work, never has, and never will. Think outside the box, the most successful forms of DRM were those that provided value for actually owning the game, instead of oppressing the player with dozens of "security checks", with half of them not even working reliably and the other half actually favoring players who do not own the game (used CD keys, anyone?). In short, if when people see "DRM" written on a game they mentally conjure up the image of a padlock, you have failed.


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#5 Bluebat   Members   -  Reputation: 390

Like
2Likes
Like

Posted 06 April 2014 - 04:21 AM

While I agree with others that every DRM will be cracked, etc. I don't think that's gonna convince OP to just abandon the idea.

Since what you asked is how to detect moved software, I'd suggest keeping some machine identifier (maybe MachineGuid or just user login) and maybe displaying user's surname on the splash screen or sth. Some people will be uncomfortable running software with different person's name.

And yeah, I know all those things are trivial to bypass, but that's not the point. The OP already has some form of registration and now the point is just to remind an honest user that he needs to register each new machine.



#6 Satharis   Members   -  Reputation: 949

Like
1Likes
Like

Posted 06 April 2014 - 10:29 PM

Anything else is a waste of your time because your game will be cracked by evil pirates in 3 minutes.

Yes, not biased at all.

I have to wonder why people that think they are on some moral high ground always seem to be the ones that make comments just destined to start drama.

Fun fact: you don't have to be a pirate to think DRM is a really dumb and awful software practice.

Edited by Satharis, 06 April 2014 - 10:31 PM.


#7 SeanMiddleditch   Members   -  Reputation: 5117

Like
6Likes
Like

Posted 06 April 2014 - 10:42 PM

The OP already has some form of registration and now the point is just to remind an honest user that he needs to register each new machine.


Which is the stupidity of DRM. It is obnoxious and painful for the honest users and a minor speedbump for the dishonest ones. How is that in any way an actually good quality for a game (especially what I presume to be a small indie project) ? You want to lower barriers to entry for people wanting to play your game, not throw up additional pointless ones.

#8 frob   Moderators   -  Reputation: 20298

Like
7Likes
Like

Posted 07 April 2014 - 04:45 AM

From what I have observed, the best ones are just a nag as part of the loading screen.

 

This works especially well if your clients are businesses, but it can also work well with individuals.

 

A simple message "Registered to x" can be enough. Pirates are going to continue to pirate, and they won't care if they downloaded the game from a cheat site, or if it says "Registered to Lame Hacker", they'll still use the software. More honest people will pay, or at least feel guilty enough about it that someday they might pay.

 

As a real life example, one of my friends has a fairly popular shareware-style utility and is constantly battling piracy, but in a beneficial way as it is tied to support and benefits rather than to disabling features or other punitive measures. In one update he added a 'phone home' capability that reported assorted telemetry in addition to the license key to help discover and disable pirate keys. Among the discoveries, he found Microsoft had about 2000 users in their domains, but only a single license for a team of 12. They were not the only corporate offender, but they were the worst by number. So he amended his splash screen slightly, to say either "Registered to x, single user license" or "Registered to x, n user license" based on the license key. His forum went wild. There were a lot of people turning in their companies "It says registered to our CTO as a single person license, but everyone uses it." Some IT people piped up saying things along the lines of "Our mistake, we have a 2-5 user license for a team of 150, we're paying now" and paid up.  A few individuals piped up "I didn't know it was registered to someone else". 

 

Since updates were frequent people were more likely to get the updates directly from the source rather than pirate sites, so with the added license visibility quite a few companies quickly coughed up money when it was obvious to all the users that it was out of license.  He said that as the worst offender, Microsoft's licensing contacted him and worked out a bulk license deal, but even then he contacted them again with a list of phone-home IP addresses to help them get back in compliance or pay up. The 'phone home' is not just to disable pirate keys (usually accompanied by notification to the person who owned the key) but it also pulls out useful telemetry like feature usage, confusing features, and crash reports.  Some people continue to abuse the license system, but it is tied to their license key so if they ever need to log in for support they are greeted by a screen that says their licenses appear to be out of compliance.

 

Otherwise if they have an unlicensed version of the software they can use it, just with a big nag screen during loading.

 

I also see this kind of thing in software like Perforce or Visual Assist X. They prominently display messages like "Registered to Company, 1500 user license".


Check out my personal indie blog at bryanwagstaff.com.

#9 Norman Barrows   Crossbones+   -  Reputation: 2040

Like
2Likes
Like

Posted 07 April 2014 - 12:18 PM


Currently I check at every start for a key and compare it online. I would prefer
to check it not so often or only once. The problem is how to know when my stuff get's copied to another location. (Win/mac/linux) etc. and start a
now online comparison.

 

i'm a little confused. what does comparing the key online accomplish, other than adding internet connection as a system requirement?  as you can see, it does nothing to prevent illegal copying. or anything else that i can see - except maybe prevent running a legit copy when the internet is down. 

 

NEVER NEVER NEVER deny legit access!   this is _VITAL_ in _ANY_ DRM solution. better to allow access when unsure, than possibly deny paying customers.

 

to know if its been copied, the software will need a systemID or authentication certificate. there may be other methods as well.

 

systemID:

a systemID number is generated using hardware specs on the PC (serial numbers, types of processors and drives, etc).   this systemID is then used to generate a matching registration key.  so a reg key is only good with a given system ID, and a systemID is based on the hardware installed. this makes the reg key hardware dependent.  if they move to another pc , the hardware changes, the systemID changes, and the registration key no longer works.  the downside of this approach is what if they change their hardware? this is typically handled by allowing a couple new reg numbers per user when they upgrade. another approach is to simply licence the software for single user use and installation on a single mass storage device. 

 

authentication certificate:

when the software is installed, a hidden authentication certificate is installed. this certificate identifies the PC as legit. a user copying the software can't copy the certificate as long as it remains hidden. downsides:  1: the certificate must remain hidden.   2: this probably requires install via web, so the user doesn't have a certificate on a master disk or in a master install exe.  

 

 

note that copy protection is only half the battle. the other half is anti-crack protection for your copy protection.

 

in general, research on client server authentication and security procedures should help.   your situation is more of a network AUTH issue than it is a pure DRM issue on a stand-alone pc.


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#10 FGFS   Members   -  Reputation: 196

Like
0Likes
Like

Posted 07 April 2014 - 11:27 PM

Hmm, funny while coding this I've never thought my security through. So wireshark found that remote file on my site. Now another question: Would it be possible to fake that TCP GET request? Get that file locally and tell the myapp to use that instead? If so, I would better drop my DRM before it gets hacked...

 

I'll forget about not checking at every start...seems to complicated and I won't spend any more time on this.


Edited by FGFS, 07 April 2014 - 11:29 PM.


#11 jbadams   Senior Staff   -  Reputation: 17989

Like
2Likes
Like

Posted 08 April 2014 - 03:54 AM


Now another question: Would it be possible to fake that TCP GET request? Get that file locally and tell the myapp to use that instead?

It would be possible, but its likely that your would-be hacker will do something much simpler: they'll examine your software to find the function that performs the check and replace it with a version of their own that simply reports a valid key, bypassing the online check entirely.

 

They'll then likely share their patched version (or a patching program) via download sites and torrent trackers so that less technically skilled users can also benefit.

 

 

Any software running on your end user's hardware can be modified, and for a skilled cracker it isn't even very hard to do.



#12 FGFS   Members   -  Reputation: 196

Like
0Likes
Like

Posted 08 April 2014 - 04:38 AM

Douh, yes I just edited my compiled c++ code with bvi. Sigh, so what to do?


Edited by FGFS, 08 April 2014 - 05:02 AM.


#13 BitMaster   Crossbones+   -  Reputation: 3895

Like
3Likes
Like

Posted 08 April 2014 - 05:14 AM

Personally I require a clear "no DRM" before I buy any game nowadays. DRM translates to an instant "no" regardless of how much I would otherwise want a game. Considering GoG.com appears to be the second most important online distributor behind Steam and there is little reason to buy from GoG over Steam when you do not care about the DRM-issue, I don't think I'm exactly alone in that boat and going no-DRM opens a largish part of the market to you which would otherwise be completely closed to you.

#14 jbadams   Senior Staff   -  Reputation: 17989

Like
1Likes
Like

Posted 08 April 2014 - 05:43 AM

Sigh, so what to do?

The most common suggestion -- at least in this community -- is to just forget about it and go DRM free, and for many people this effects their purchasing decision; "DRM free" can be a selling point for many games, as seen on GOG (Good Old Games), Humble Bundle sales, and elsewhere.

 

Next most common is that you should just go with something a) very quick and simple to implement and, b) that doesn't have any risk of impacting legitimate customers.  In your case, it sounds like the suggestion given above of simply displaying the name of the licence holder may help to discourage piracy.  It's extremely quick and easy to implement, it's extremely unlikely to introduce any bugs, and there won't be any negative impact for legitimate customers.

 

 

Personally, I would just go with one of those.

 

 

If you really want to do something more complicated you should probably consider whether or not you can offer online services (such as match-making, multi-player, etc.) that complement your game.  You can then prevent pirated copies from accessing your online services.



#15 V3ntr1s   Members   -  Reputation: 395

Like
2Likes
Like

Posted 11 April 2014 - 04:40 AM

DRM for me is definitely no go. First point is that many people will turn head when they see DRM.
Second point is that DRM is like magnet for pirates, to them DRM is like trigger and this is in their head:
 
developer: "you will never crack my game!"
pirate:"we will see about that..."
and one day later your game is on pirate sites.
 
Just make fun game(I know it's not a easy task), gamers will pay for it and bunch of pirates will turn for big studios with DRM. biggrin.png



#16 Mouser9169   Members   -  Reputation: 401

Like
2Likes
Like

Posted 11 April 2014 - 08:15 AM

There are a few groups of people that consume games:

 

1) People who buy games - these are people that won't visit a pirate site or download a torrent for any reason (not counting Blizzard's patch torrent and stuff like that). Make a good game, and these people will buy it.

 

2) People who pirate games - these people never pay money for games, so any copies of your game that they get really don't count as 'lost sales', because they were never going to buy your game under any circumstances.

 

3) People who buy games but avoid DRM  - make a good game, and these people will buy it, unless they feel it's "locked down" somehow. Any complicated or "strong" DRM is going to cost you sales with this group.

 

4) People who sometimes buy games, but sometimes 'pirate' them as well. DRM doesn't really matter to these people - unless the 'legit' version is somehow crippleware. Make a good game, set it at a reasonable price point (what reasonable is for them may or may not be reasonable to you) and they'll buy the game.

 

5) Impulse buyers - if your game is $20 or under, and the jewelcase has a picture of a hot chick in a chainmail bikini, these people may buy your game.

 

I may be simplifying this, but I don't think there are any consumers out there saying, "Oh boy! It's got DRM!!!" and buying the game because of it.


"The multitudes see death as tragic. If this were true, so then would be birth"

- Pisha, Vampire the Maquerade: Bloodlines


#17 AzureBlaze   Members   -  Reputation: 854

Like
2Likes
Like

Posted 11 April 2014 - 11:41 AM

Story: Back when I was in college we have a legit 500 user license for some expensive CAD software (donated, I think for tax reasons). But we, including the computer room, all use a cracked version which is given by the dealer. Setting up and maintaining a key server is simply too much trouble.

 

Some DRM cause so much trouble even legal users have to use cracked ones.



#18 Norman Barrows   Crossbones+   -  Reputation: 2040

Like
1Likes
Like

Posted 20 April 2014 - 08:30 PM


If you really want to do something more complicated you should probably consider whether or not you can offer online services (such as match-making, multi-player, etc.) that complement your game.  You can then prevent pirated copies from accessing your online services.

 

yes, keeping part of the game on a server is about the only way, and even then you simply move the battle from their backyard to yours. they can still try the online hack and cheat thing.


Norm Barrows

Rockland Software Productions

"Building PC games since 1988"

 

rocklandsoftware.net

 


#19 swiftcoder   Senior Moderators   -  Reputation: 9859

Like
0Likes
Like

Posted 24 April 2014 - 06:11 AM


Some DRM cause so much trouble even legal users have to use cracked ones.

A few years back Apple was requiring a USB dongle for its 'Pro' audio/video products. Problem was, the damn things were really easy to lose, and a hassle to replace.

 

Most everyone kept the dongle locked in a safe somewhere, and cracked the software on their laptop to avoid carrying the damn thing around.

 

Moral of the story: if your software is worth it, people will buy it, and DRM tends to make those paying customers miserable.


Tristam MacDonald - Software Engineer @Amazon - [swiftcoding]


#20 Bearhugger   Members   -  Reputation: 557

Like
1Likes
Like

Posted 25 April 2014 - 01:37 AM

Just make it easier to buy than to pirate. It's not even about the DRM.

 

I find it much more convenient to spend a few bucks on an online store and not have to worry about viruses, rootkits or trojans, than having to search on torrent sites, looking for a well-seeded torrent, reading the comments, downloading it, and then exposing my machine to viruses, risking getting a crypted zip that you have to pay the pirate to get, follow hacking directive to replace XYZ.dll with a file that will give a heart attack to my AV, or some other crap that is common with pirate site.

 

On Steam I pay 20$ for a special (I only buy games in promotion) and then that's it, it's really easy. I wouldn't go back to piracy.

 

Personally, if I ever get to release my game, I will use the DRM of whatever platform I get it on (App Store, Google Play, etc.) because hey it's free, but I'm not going to lose my time trying to lock the game and risk getting false positives on legit users. 






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS