I read about how Batman Arkham City had a feature that left Batman unable to glide if the game verified it was a pirated copy. My question is how in the world do you go about doing something like this and also is it possible to do without their being an internet connection?
Broken Game as an Anti-Piracy Measure
There are two parts of your question, I'm not sure which you are asking.
There is the hack detection part. How do you detect when someone has hacked the game?
There is the hack reaction part. Once you detected it, what are you going to do differently?
There have been many articles written on the subject of hack detection posted in Gamasutra and other development sites. There are an amazing number of ways cheaters have implemented, ranging from simply generating fake CD keys, to modifying executables, to having secondary programs that aim or otherwise cheat for you, to modifying or intercepting device drivers to toggle visibility, to having a small network attached to your PC that intercepts network calls, simulates the game, and passes modified network instructions for you.
One of the more effective (yet still readily broken) methods to detect a modified executable is a collection of overlapping hashes across multiple sections of your executable, including overlapping sections over the cheat detection code. If any hash fails you know the executable was modified. A single hash won't work because then the hacker just needs to modify one hash function. Your code needs to have hashes that run on top of the hashing code and other places.
There are many other hack detection systems out there, Google can find a bunch of others.
Note that no matter what you do, a determined attacker can eventually overcome your protections. Several articles recommend a series of cascading hack responses. There is the first obvious one of getting the game to load. That's the one the mainstream hackers will solve first. In the rush to be first they'll proudly announce that they have cracked it. Then people will notice another separate hack detection about ten minutes into gameplay. Then another more subtle issue a few hours into gameplay, another later on, etc., and perhaps a final hack detection that makes the final boss invincible, meaning hackers will have needed to go through the entire game from beginning to end to find all the hacker traps.
As for a piracy response, those are fun and easy. Just pick bugs and don't fix it if the hack detection fails.
You can shut down completely for a hack response, but that is very obvious to hackers and they'll go straight for them.
Or you can do something more fun for you and more difficult for the hacker: subtly break the game, and do so at different intervals, including some late-game breakages that prevent the storyline from progressing.
Two I remember in The Godfather were great: first, the cinescope zoom would go down to a really narrow visible area instead of a normal black-bar cinema view (This was originally a bug, but became a hack-detected feature); second, you could not get out of a vehicle in a hacked game -- you could only exit a vehicle by crashing which made a critical piece of the storyline unbeatable.
Whatever you approach it, make sure you don't spend more money than it is worth.
For a hobbyist's online game, that could simply mean locking out any duplicate accounts since the login process is a natural choke point that you control.
For a hobbyist's offline game it is generally best to have a simple nag screen that pirates won't bother hacking out. Pirates and hackers will still use the software without paying, but at least they'll leave the unobtrusive nag screen in place for the semi-honest users.
There is the hack detection part. How do you detect when someone has hacked the game?
There is the hack reaction part. Once you detected it, what are you going to do differently?
There have been many articles written on the subject of hack detection posted in Gamasutra and other development sites. There are an amazing number of ways cheaters have implemented, ranging from simply generating fake CD keys, to modifying executables, to having secondary programs that aim or otherwise cheat for you, to modifying or intercepting device drivers to toggle visibility, to having a small network attached to your PC that intercepts network calls, simulates the game, and passes modified network instructions for you.
One of the more effective (yet still readily broken) methods to detect a modified executable is a collection of overlapping hashes across multiple sections of your executable, including overlapping sections over the cheat detection code. If any hash fails you know the executable was modified. A single hash won't work because then the hacker just needs to modify one hash function. Your code needs to have hashes that run on top of the hashing code and other places.
There are many other hack detection systems out there, Google can find a bunch of others.
Note that no matter what you do, a determined attacker can eventually overcome your protections. Several articles recommend a series of cascading hack responses. There is the first obvious one of getting the game to load. That's the one the mainstream hackers will solve first. In the rush to be first they'll proudly announce that they have cracked it. Then people will notice another separate hack detection about ten minutes into gameplay. Then another more subtle issue a few hours into gameplay, another later on, etc., and perhaps a final hack detection that makes the final boss invincible, meaning hackers will have needed to go through the entire game from beginning to end to find all the hacker traps.
As for a piracy response, those are fun and easy. Just pick bugs and don't fix it if the hack detection fails.
You can shut down completely for a hack response, but that is very obvious to hackers and they'll go straight for them.
Or you can do something more fun for you and more difficult for the hacker: subtly break the game, and do so at different intervals, including some late-game breakages that prevent the storyline from progressing.
Two I remember in The Godfather were great: first, the cinescope zoom would go down to a really narrow visible area instead of a normal black-bar cinema view (This was originally a bug, but became a hack-detected feature); second, you could not get out of a vehicle in a hacked game -- you could only exit a vehicle by crashing which made a critical piece of the storyline unbeatable.
Whatever you approach it, make sure you don't spend more money than it is worth.
For a hobbyist's online game, that could simply mean locking out any duplicate accounts since the login process is a natural choke point that you control.
For a hobbyist's offline game it is generally best to have a simple nag screen that pirates won't bother hacking out. Pirates and hackers will still use the software without paying, but at least they'll leave the unobtrusive nag screen in place for the semi-honest users.
[font=Arial, sans-serif]This underlying mechanism is often known as an anti-piracy tripwire or an anti-tamper mechanism. Generally, the idea is that some code is inserted which is hard to detect, but monitors for the presence of other code which has to be removed and/or otherwise tampered with if the game is to be successful cracked.[/font]
[font=Arial, sans-serif]Each of these is hooked up to a feature that is either less obvious to the cracker or is obvious but not important enough to resolve. Thus, the goal is really to get the cracker to put out an incomplete crack (possibly by not even realising it) and the idea is the end user pirate will get pissed off that the game is not fully cracked and go out and buy it.[/font]
[font=Arial, sans-serif]The logic is a little questionable and for the most part things still get cracked of course.[/font]
[font=Arial, sans-serif]Traditionally the technique has been somewhat straightforward - setting a seemingly unrelated flag or two (or three) in the observed code, checksumming code and detecting when it will no longer checksum, encrypting code and checking it is still so, checking the output of code is what it should be an so on. Thus usually there is no one technique, but a number of them that are quite basic anyway. In fact, if there is any strength to this sort of technique it is usually because it done en-masse and with a great variety, with many protections built on top of each other, false traps thrown in for good measure, then obfuscated to make then harder to see and finally spreading them out throughout the game (thus forcing the cracker to have to play and QA the entire game).[/font]
[font=Arial, sans-serif]Going back a couple of years most games would only have a handful of these measures in them which again made them quite weak. More recent efforts added automation to the process of adding this type of protection so that 1000’s of such measures could be added at the cost of little effort. In theory however, automation can often result in a detectable pattern and then there are other counter measures too that almost bypass the problem – crackers are quite clever.[/font]
[font=Arial, sans-serif]Either way, often the goal of such measures is not one of preventing piracy (which many people think is an impossible goal), but one of making it so the cracker has to put in a lot of time and jump through many hoops, and at least having them partially fail several times over in the process.[/font]
[font=Arial, sans-serif]Of course, the counter measure or mitigator of for any time and effort driven measure often involved cracking pre-release versions of games anyway.[/font]
[font=Arial, sans-serif]To answer your other question you don't need to base this anti-cracking measure on anything that requires an internet connection, but it can help in small ways.[/font]
Arma 2 detects it via the Key and then you become a one hit kill.
I want to throw in another method:
Make an extra torrent version.
Like giving your actors in the game a piratehat or anything else that is just cute and funny.
Then cut down the playtime and distribute it to the torrent network as official release by some unknown hacker group.
Advantage is clearly more free attention for your game if it is good and the pirate hats might cause a lulz or two which is always good.
I want to throw in another method:
Make an extra torrent version.
Like giving your actors in the game a piratehat or anything else that is just cute and funny.
Then cut down the playtime and distribute it to the torrent network as official release by some unknown hacker group.
Advantage is clearly more free attention for your game if it is good and the pirate hats might cause a lulz or two which is always good.
Author
[font=Arial, sans-serif]"This underlying mechanism is often known as an anti-piracy tripwire or an anti-tamper mechanism. Generally, the idea is that some code is inserted which is hard to detect, but monitors for the presence of other code which has to be removed and/or otherwise tampered with if the game is to be successful cracked."[/font]
[font=Arial, sans-serif] So you are saying if I had let's say a key system, I simply have the code check to see if the part of the code that controls this is working properly or is present? What if the hackers develop a CD key generator instead though?[/font]
[font=Arial, sans-serif]So you are saying if I had let's say a key system, I simply have the code check to see if the part of the code that controls this is working properly or is present? What if the hackers develop a CD key generator instead though?[/font]
Better yet, what if hackers modify your program so it doesn't even check for a key?
Spore, for example, had one of the most elaborate/invasive DRM protection schemes when it was released, and it was hacked before it was even released. They had many professional developers working on their DRM, and yet the hackers demolished it before Spore even hit the shelves.
What I'm really trying to say is that you can always play the "What if" game. You have to decide how much time you're going to spend on your DRM. You can't possibly cover every single base. Pick a few basic bases, and cover those. Accept the fact that if your game is truly awesome, it will get hacked (and if it's not truly awesome, you probably don't have a lot to worry about
).Spending too much time on this can be a big waste of time, as you could spend months on some DRM system and the hacker may potentially be able to hack the game in the same amount of time as if you had spent only a day on your DRM system. Of course, it can be fun/educational to play the "What if" game, but I suggest you don't take it too seriously.
My favourite anti-piracy reaction of all time was from last year by Garry Newman of Garry's Mod fame. He pushed out an update via steam that detected if the game was hacked and threw up an error message when you'd try to run it. The error message included a long error code that was actually the user's steam ID. So when the pirates complained in support forums and posted the error code Garry knew exactly which forum and steam accounts to ban.
Using such a scheme is risky due to the chance of false positives. But it was terribly amusing to read about.
In my personal opinion, there's nothing you can do to make your game completely secure. DRM is good in theory, but when it goes wrong (and they ALWAYS seem to go wrong), you risk pissing off your legitimate customers while the pirates have already found a way around it so they aren't inconvenienced.
Using such a scheme is risky due to the chance of false positives. But it was terribly amusing to read about.
In my personal opinion, there's nothing you can do to make your game completely secure. DRM is good in theory, but when it goes wrong (and they ALWAYS seem to go wrong), you risk pissing off your legitimate customers while the pirates have already found a way around it so they aren't inconvenienced.
Crackers are better. That's all there is to it.
Big companies these days wate so much money and effort on protections that get cracked, usually, a few days after their games get released.
Maybe if they would use the money and time on making the games work better, people would be encouraged to buy them.
Right now, the only people suffering costantly from DRM are the legal buyers, pirates don't even see it.
A simple CD key would stop 5 years old kids from spreading games. Nothing beyond that is worth the effort.
Big companies these days wate so much money and effort on protections that get cracked, usually, a few days after their games get released.
Maybe if they would use the money and time on making the games work better, people would be encouraged to buy them.
Right now, the only people suffering costantly from DRM are the legal buyers, pirates don't even see it.
A simple CD key would stop 5 years old kids from spreading games. Nothing beyond that is worth the effort.
In addition to the above, I'm not sure intentionally letting your game seem bugged is a very useful method of retaliation against pirates.
The video game industry doesn't have a track record of releasing very stable games, especially on PC, and someone pirating your game and unable to do a thing he's supposed to be able to do is just going to assume your game is yet another buggy piece of crap, and if anything it might vindicate his decision to pirate it instead of purchasing it.
The video game industry doesn't have a track record of releasing very stable games, especially on PC, and someone pirating your game and unable to do a thing he's supposed to be able to do is just going to assume your game is yet another buggy piece of crap, and if anything it might vindicate his decision to pirate it instead of purchasing it.
The video game industry doesn't have a track record of releasing very stable games, especially on PC, and someone pirating your game and unable to do a thing he's supposed to be able to do is just going to assume your game is yet another buggy piece of crap, and if anything it might vindicate his decision to pirate it instead of purchasing it.
I don't think that's true, since these intentionally left-in bugs are quite obvious bugs that even an average user assumes (since s/he knows that the game is pirated and probably googles the bug) to be fixed in legal copies. Bugs, like missing missions, obviously unbeatable armies/bosses, broken/missing narration scenes etc.
Of course, it can be dangerous to leave in non-obvious bugs, but an experienced programmer should know the difference.
Maybe this doesn't apply to cheap casual games, I don't know how often these are pirated...
Well, maybe, I don't know...
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
