Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
31 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon

Usage Control

posted in A Keyboard and the Truth for project 96 Mill
Published November 30, 2005
Advertisement
Any developer knows you can't Stop piracy.
Morning's Wrath was released totaly open without any usage restrictions; this is probably not a bad idea for a first title, because it encourages use, however going forward, we would like to be rewarded for the work we do.

Solving Piracy

Hahaha, never going to happen (until all software usage is required to be used through positive internet authentication), but you can slow it down a bit, especially for the bottom of the pyramid.

The Pyramid?

The Pyramid.



Above is an illustration of how I view piracy; the idea is to insure that the general populous cannot easily give away your software. Since meda copying has always been simple (except for a slight lull when cds first emerged), it is always the first course of action for any would be weekend pirate.

With Morning's Wrath, anyone could simply duplicate a cd or burn the data to a cd, or zip and transmit the data over the internet.

A bit of deterence

The above is a very open, hastle-free system, there is nothing standing in your way from playing the game, anywhere anytime. This is unfortinetly the good and the bad of it.

So for our next project we are proposing a system of usage control (not copy protection). Here is what I am proposing.



The first thing you should note is that it Requires that an internet connection be present when you start the game. This connection is used to 'ask' the server if it is okay for you to play the game. A system of Key and Machine is used, so that we know whenever you run the game on another system. If large quantities of 'usage' changes are detected we can delete the key, and you will be required to provide proof of purchase via email (likely username and password for the shopping card, and or CC information) so we can vend you a new key. So in the interest of no hastle you would do well to keep your key to yourself otherwise it is going to cause you a headache in the long run.

It is likely this system will see a Large-Scale field test before we actually use it, it will probably be done using GDNet voulenteers, this way we can identify and iron-out any bugs, before we unleash it on paying customers.

This system might be implemented sooner rather than later, because if people can steal your games what good is creating and selling them? =)
Previous Entry more.
Next Entry new ideas.
0 likes 27 comments

Comments

Laz
If I need an internet connection to play your non-internet based game, I will 100% definitely not be playing it. That's not just me. There are a whole lot of gamers with the same mentality.

I wish people (especially indie game developers) would spend more time making games that people want to play, than coming up with ideas to keep people from playing.

And, in reality, as an indie developer, you want your game to get around. So what if it's pirated? You won't be losing $10,000 on a game due to piracy. And in the long run, will your game even be big enough to want to get pirated and/or cracked?

Personally I think the search for tough piracy protection is a stupid idea. It will always get cracked. Just keep the minority from playing it (cd key when installing and cd check when playing) and that will be enough. Anything more and you're just asking to get cracked. It will happen anyway, so why waste time on it?

You're an indie developer. Leave that to the big guys who *do* have time to do that stuff.
November 30, 2005 10:50 AM
Bradsco
I concur. Requiring a network connection is a very inelegant solution. That may not be exactly what you had in mind, but seems like that's in the plan.
November 30, 2005 10:54 AM
Toolmaker
And as always, the elite will break your scheme and freely distribute your game.

They did it with Half-life 2, they have a work-around MS's WGA, and in reasonable time, they will have a way around this too.
November 30, 2005 11:01 AM
Mushu
Random thoughts -

You'll have to make sure that the server passes a hash back to the client (or authenticate the server somehow) otherwise the server response can just be spoofed.

The other problem is checking for exe tampering - a skilled person could probably do a well-timed injection and bypass the whole security system. I guess you could constantly have two processes checksum each other, but, uh... yeah.
November 30, 2005 11:11 AM
DukeAtreides076
I think you should scrap the flowcharts and just make a 'Don't copy that EDI Project Two' rap music video.
November 30, 2005 11:13 AM
ildave1
The internet is everywhere. The days are beckoning that developers realize that the best way to protect their software is through the internet. The loss of a few customers that still use dial-up is a small percentage that exists in a world were broadband (always-on) internet is rapidly increasing. As an indie game that is sold ON the internet, its only logical to think that the user who pays for it, has internet.

Indeed. Any system that is devised, hackers will eventually have their way with it. However. Its not as easy as going onto the IRC and looking up a password key or going to the pirate bay to download anything you want. It will slow and even deter people away from even bothering to attempt to find a way around the system, potentially cracking down to just buying the game. HL2's protection is annoying, but I still own a copy of the game and I suck it up and make sure i'm on the net before I play.

If I remember correctly, Mornings Wrath was cracked and distributed on some website?
November 30, 2005 11:46 AM
Gaheris
Sounds like all one has to do is find the address where you jump to when the key and hash is valid and inject a jmp to that address before all your authentication checks?

I know you want to stop the average Joe from playing your game without having to pay, but there only has to be one guy who cracks the game and releases it somewhere popular.
November 30, 2005 12:06 PM
lwood
Firstly I just want to say congrats on Mornings Wrath and that your new project looks great.

Unfortunately it's going to have to look a hell of a lot better for me to allow it to connect to the internet every time I play, and I have a broadband connection.

One-off activation I can take, although it irritates me, but unless your game is uniquely fantastic (and I mean fantastic) the anti-piracy software would prevent me from purchasing it.
November 30, 2005 12:18 PM
terminate
How does this system allow me to play the game on both my laptop and on my desktop, two systems that would have different hardware keys on which I am the primary user?

I think requiring the internet EVERY TIME you start up the game is, for lack of a better word, asinine. People play games in places that do not have internet connections all the time.

What about users on dialup? Needing to connect (30+ sec) then authenticate, then disconnect would be a horrendous pain in the ass every time you started the game. Keep in mind that a large number of households still use dialup in the US.

Now, if you want to do a one time activation I would agree with that, but needing to activate every time? out of the question. Even Half-life 2 only had to connect once, and look how much outrage there was over that.

I can say with certainty that if the game needs to connect to the internet every time it is played, and is not an online game, I will not be playing it. Not only because I disagree with the concept, but because it is wholly impractical for me to be connected at all times.

Quote:
HL2's protection is annoying, but I still own a copy of the game and I suck it up and make sure i'm on the net before I play.


However, to play singleplayer you only had to connect to the net once. After that you could set Steam to offline mode and play the singleplayer all you want.

-Evan
November 30, 2005 12:23 PM
ildave1
Quote:Even Half-life 2 only had to connect once, and look how much outrage there was over that.


Outrage, and look at there sales.

We have already seen here at Gamedev.net what happens when something changes right out of the blue. There is hate that builds back into love slowly overtime.

Case in point: I am positive EDI will go through some heavy testing to make sure that a system like this rolls into gold status very well and that it will accommodate many scenarios.

Trust me. We are here to provide an excellent gameplay experience to our players, not burden them with demands that doesn't remotely assist with the gameplay when they try to play the game.

Quote:However, to play singleplayer you only had to connect to the net once. After that you could set Steam to offline mode and play the singleplayer all you want.


Ah, true. Well, I'm always on. Never thought about their protection until I installed it on a secondary computer that didnt have internet.
November 30, 2005 12:31 PM
EDI
I am trying to understand why people (with broadband connections) would be upset if the game authenticates itself every time you play it.

As long as nothing has changed then you won't even know, unless you are running somthing that is blocking the connection out.

It seems the majority of you are against usage protection, while I would rather have none, there is no denying that Morning's Wrath is being pirated up the wazoo.

We can make it so that the system only need to connect when you first run the game on a machine. However that will mean running it on another machine is a far more involved process (you will need to 'unbind' your key from the machine that it is registered to via our website or via e-mail)

Otherwise anyone can install it once and then have somone else install it once, the key's ownership will be passed around, but since installation and reinstallation is very infrequent it will be useless.

Another way is by using 'sensitive' information as your key, "for instance a username and password", which you need to install the game. Giving away this username and password however will potentially expose your account 'and all of the identity information associated with it' so you wont give that info away. =)

If you spent 3 years on a game, and released it, and people playing it were using pirated version, having fun playing the game you developed and not giving you a cent for your efforts, wouldn't you be upset?

Maybe not, maybe for you simply having a game people play is enough; well for us that is enough for Morning's Wrath, but for our next game and games there after we have to make sure that if you want to play the full game, you need to pay for it.

There are costs associated with game development (software, computers, marketing, bandwidth (not even counting salaries, which we obviously dont get)) that have to be made back, so that I don't drive my company (and myself) into a hole. As it is we are definetly going to lose money on Morning's Wrath, but that is okay.


I am open to suggestions, so feel free to give them.
however 'just leave it unprotected' is a suggestion we've tried and it doesn't seem to work.
November 30, 2005 12:52 PM
Jesse Chounard
And what happens when the validation server isn't online anymore?

I can still install and play my old games, even the ones from companies that aren't around anymore. (For example: Cavedog and Black Isle Studios.) Steam validation is exactly the reason I did not and will not buy Half Life 2.

Here's my suggestion:

For the downloadable version of the game, include the "call home" mechanism. Since the game is intended to be downloaded, I don't see many alternatives.

For the cd-rom version of the game, require the cd-rom to be in the drive to play the game, but do not include the "call home" mechanism.

And then, after a year or two, you can issue a patch to completely remove all copy protection. (For example: Neverwinter Nights no longer requires me to have the cd-rom in the drive to play. This makes me very happy.)
November 30, 2005 01:28 PM
EDI
those are good ideas.

though having two versions of the game is not very desireable (from a support/patch standpoint), plus requiring the cd isnt a good deterent, people can copy cd's these days as easy as they can copy files (or even easier at times).

Currently the Morning's Wrath CD version doesnt require the cd to play, just install.

I do like the idea for a 'end of life' patch which takes off the protection.

any more suggestions anyone?
November 30, 2005 01:38 PM
Gaheris
Well, you could ask Sony for their rootkit code. ;-)

Anyway, I'd recommend you to just forget all that overhead. It doesn't add much protection, only lots of bad blood and games have been successfull before this Steam like validation schema. Just throw in some anti SoftICE code and a serial key validator, pack the exe and concentrate on developing the game.
November 30, 2005 02:07 PM
Nomad010
I am not really a genius of the way of the Game Protection, but I was thinking about this and I came up with a method that I have no idea if it will work or not.

Here it is: When you load the executable file, it looks in some of the data files for an exact replica of the executable. So, at any one time you have two copies of the executable. The executable would then copy over a new version of the program except it would have a 'timed lease' of probably a minute.

If the executable is run within the time period it would go onto the game. If it wasn't, it would fall back and get a new executable with a new 'timed lease.' Then you could also add some CD Protection to it so that it would only run with the CD.

The advantages of this method is that a hacker would have to dig through your data files and your program to disable the system. Any crack that was not 'designed' for that type of encryption would make be over-ridden when the program gets a new exectuable.

However, I'm guessing this could be overcome by carefully studying your program and finding out how to disable or tamper with lease on both the executable and the data files.

Anyway, I'm guessing this is a pretty poor method seeing that I know nothing about this topic.

EDIT: Maybe I should read the posts before I post. Having two versions of the game has been said, but not in the way I am describing.

EDIT2: Another approach would be to give the game out for free, but make multiplayer the main focus of the game and sell accounts rather than games(Though I'm guessing this is not really that type of game).

EDIT3 (This is the final edit, I swears it, I think): Maybe letting a couple of versions of alphas and betas get 'cough' leaked. This would be like advertising for your game and company. For free(if it was a free beta)! Or how about leaking a version of the game that stops with a massive cliffhanger. Just tell the user that your game had caused a legitimate error and that they should contact EDI with their CD Key(or something) in handy to process it. This should get a couple of the pirates to buy a version of the game, hopefully.
November 30, 2005 02:09 PM
Will F
If you're going to be sending information that can identify a user (hardware hash for instance), make sure you talk to a lawyer first. IANAL, but be careful of any privacy laws. One lawsuit (or even threat of a lawsuit) is going to wipe out any profits from additional sales that would have been pirated otherwise (which I doubt is that many additional sales).
November 30, 2005 02:44 PM
jdhardy
The biggest issue with needing to connect every time isn't for dial-up users (it's a pain, but not impossible), but laptop users. WiFi isn't everywhere yet. If I want to play your game 36,000 feet over the Atlantic Ocean and it won't let me, guess how likely it is that I'll buy Project3?
November 30, 2005 02:54 PM
EDI
Gheris:

might be right, seems noone is quite keen on the internet validation idea, might still be "before it's time".

Quote: nomad010
Or how about leaking a version of the game that stops with a massive cliffhanger. Just tell the user that your game had caused a legitimate error and that they should contact EDI with their CD Key(or something) in handy to process it. This should get a couple of the pirates to buy a version of the game, hopefully.



Definetly not, you never want to release somthing that is deliberately 'or may be' error prone, most common users will simply chalk it up to "omg you game is teh suck", and then tell all their friends how much it sucks.
November 30, 2005 03:01 PM
Turt99
I can see that you want to protect your game, but I can also see that if your going to make it so that you have to be online to play your going to have to have a really good game. People want cracks to get around having to put a CD in the drive (I know I've done it to games I have the CD for)

And then you have to remember that there are people that are not going to buy any games, they just download games and never buy them.

I hope you find something that works, and I know it must be frustrating.
November 30, 2005 04:04 PM
ildave1
Quote:And then you have to remember that there are people that are not going to buy any games, they just download games and never buy them.


Thats a good point really. I mean, if there could be statistics on the subject of, "Even if you download a game, do you even have a spark of interest in purchasing the game (or the money to even put down)?", we would be set.

I mean, I haven't seen anything on how piracy effects the industry. Someday we might, but the percentage of effect is probably relatively low and the effort to stop hackers is consuming a lot of resources. But! Don't get me wrong, the effort still needs to remain focused, because who knows if there is a semi-perfect way to handle this situation. There are a lot of talented minds out there, we just need to patiently wait for something to evolve.

People will never accept piracy restrictions because an ample amount of the people that use the internet on a daily basis, pirate. Its just easy and theres a lot of people who just dont care and haven't felt the concequence.

Case it point: People will get what they want, somehow.

November 30, 2005 04:18 PM
Jesse Chounard
Quote:People will never accept piracy restrictions because an ample amount of the people that use the internet on a daily basis, pirate.


So, anyone who doesn't like a copy protection mechanism must be a pirate? I am a customer, not a criminal. Please don't confuse the two.

Do you remember the old copy protection schemes? "Please enter the seventh word from the sixth line on page 42 from the instruction manual." I guess digital rights assertion (such as "call home" mechanisms, and iTunes DRM) is a step up, but I still feel awfully abused.
November 30, 2005 04:40 PM
Trapper Zoid
This is a problem that I'm not sure if there's an elegant answer for.

I'm fairly unhapppy with any copy protection scheme that requires anything more than a CD-Key or a CD-ROM check. My internet connection for my gaming machine is total crap, so any call home verification scheme is a big minus in my view (which is why I don't have Half-Life 2 despite loving Half-Life 1).

My prefered copy protection scheme would be to include some hard-to-copy material in a game box that adds to the appeal of the game, such as the encyclopaedia that came with "Where in Time is Carmen Sandiego?", or the grail diary in "Indian Jones and the Last Crusade". However, for downloadable games that isn't really an option.

I guess the best thing to do is to appeal to people's honesty; I still feel that most people are honest and will pay for their games (although I wish I had some statistics to back that up!). In that case, the best thing to do is to target the more casual market that will pay for their games, rather than the hardcore market that is more likely to pirate. That might have been a problem with Morning's Wrath; RPG fans are pretty hardcore; but I don't have the statistics to really prove that one way or another.

Since you are making an adventure game, you could just put a guilt message at the start of your games, saying something like "I know adventure games are a dying breed. Please help support those who make them by paying for this game". That way the adventure game fans will know that the chance of a sequel being made depends on the sales.

Of course, if and when I start selling indie games, I plan on protecting my games with gypsy curses. They're very effective [grin].
November 30, 2005 04:52 PM
Ysaneya
One thing you must realize, is that a pirate will hack your code to skip the internet validation process, and continue directly to the "start game" point.

Be honnest: once the cracked version will be released online, all the people in the "pirate" category (from novice to experts) will get it. Who's left ? The good customers.

You'll only succeed in annoying your customers base, while your software will continue to be downloaded by pirates.

Since you're an independant developper, it is unlikely that you'll be able to afford many redundant servers all over the world, to guarantee 99.99% up time for people who want to play. And when you run out of business.. who's left in the dust ? The good customer, again, not the pirate.

I don't really have a good solution to this problem, but i can identify a bad one when i see it :) Just my honnest opinion.
November 30, 2005 05:22 PM
ildave1
Quote:So, anyone who doesn't like a copy protection mechanism must be a pirate? I am a customer, not a criminal. Please don't confuse the two.


I didn't say that 100% of the populus pirates. Re-read my post before you make assumptions.
November 30, 2005 05:55 PM
nolongerhere
For those of you who said to have it require having the CD in the drive... do you know how easy it is to mount the game to a emulated drive and play it?
November 30, 2005 06:01 PM
terminate
Quote:
For those of you who said to have it require having the CD in the drive... do you know how easy it is to mount the game to a emulated drive and play it?


Very easy using programs such as dameontools, I do it for most of my games to keep from needing to hunt out the CD and for speed reasons.

I think some interesting discussion has gone on here today. Here is a simple list of my "wants and needs" when I am playing a game.

- Do not attempt to hide stuff on my computer (Sony, Turbotax)
- Internet connectivity will be available when the game is installed (for activation etc) but may not be afterwards. I like to play games on my laptop and its not unusual for me to be in places that do not have network connections, friends houses, airports, etc.
- It should be able to be simultaneously installed on both of my computers. This may require two activations, one of which may be a more involved process, that is ok. But I do not want to have to do anything special if I am playing the game on my desktop and suddenly have to travel with my laptop.

The other problem I see with your scheme that I do not see addressed is what if the server goes down?

-E
November 30, 2005 07:25 PM
Jesse Chounard
Since Raymond has posted a new entry, I dunno if you guys will notice this and continue the discussion here. There are a couple of points I wanted to address:

ildave1:
I understand that you didn't mean that 100% of the people who have internet access are pirates. What I was trying to get across is that there are good customers out there being treated like criminals because you have to assume that everyone is a potential pirate when attempting to prevent piracy. (Which sucks, and I don't know the solution. I just know that I don't like the current situation. :)

Fallen God:
Quote:For those of you who said to have it require having the CD in the drive... do you know how easy it is to mount the game to a emulated drive and play it?

You incorrectly assume that everyone is as computer savvy as you are. (Well.. I don't know you, but since you're here, it's a pretty easy assumption that you're one of us geeks. ;)

Yes it's very easy to get around most copy protection. But I'll bet you that most gamers have no idea what Alcohol 120% and Daemon Tools are, or how to use them.

The cd-rom check is only to prevent casual copiers. And it works reasonably well, which it's why they still use it.
November 30, 2005 08:49 PM
You must log in to join the conversation.
Don't have a GameDev.net account? Sign up!
Profile
Author
Follow
Advertisement

Latest Entries

Whoa, it's dusty in here
2074 views

Porting Static:IT - Part 2- Engine Differences
3475 views

Porting Static:IT - C++ to HTML5
3315 views

What am I up to?
2880 views

96 Mill is now on Steam!
3178 views

First Youtube Review of 96 MILL
3389 views

First Youtube Review of 96 MILL
3369 views

96 MILL Released!
3072 views

96 Mill product page goes live, new info & gameplay video
3001 views

96 Mill Nearing Completion
2672 views
View more
Advertisement

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top