• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Tolito

Product Key System

8 posts in this topic

How do these work, exactly? I have done my research and I remain baffled. I could, of course, hard-code thousands of keys as one source has mentioned, but that is very ineffective. How do I know which keys have already been used? Am I supposed to distribute each copy only able to work with a single key? Will I need to make some odd verification system that checks to see if the first digit and the last digit add together to be the square root of the seventh digit, which at the same time is the sum of digits two and eight, and so on? Also, if I sale copies directly from my site and I am paid via PayPal, how would this work? How would PayPal be able to send them a unique Product Key and so on?

Tying all of this together is very confusing for me. Any suggestions and examples on what to do would be greatly appreciated. Thank you! :)
0

Share this post


Link to post
Share on other sites
I'm far from qualified to answer this, but I want to have first crack at guessing.
I could imagine a system very similar to PKI where there is a public/private key. There would be a database at some game company's HQ containing a private product key for each public key distributed with the packaging or downloaded apon purchase online. The game itself may have a hard coded string of characters and using the public key to encrypt that string. Then the encrypted string would be sent over the internet back to HQ in order to be decrypted using the private key. If the hard coded string matches after using the private key, then the public key is good. This is just a guess and I may be completely wrong.
1

Share this post


Link to post
Share on other sites
Thank you for taking a crack at it. This seems like a bit of work if you ask me, especially with connecting to the Internet. I am thinking about having a system built into the game that checks to see if the key entered matches a certain format (like the one I mentioned with the first and last digits being multiplied and such). I suppose that would work, but now I am wondering just how to get PayPal to send someone who purchases a product key, and if each product key should be unique.

Should each product key be unique if this system is used? What are the benefits? Risks? How would thousands of unique product keys be kept up with?
0

Share this post


Link to post
Share on other sites
Here is some more guessing ;)

For PayPal I think they have an 'auto return' feature for business websites. For instance you have a website where a person buys a game and proceeded to PayPal’s website. They pay up and PayPal returns back to a predefined page at your website. At that point your own website issue the product key if payment is received; not PayPal.

The system I was describing was for each unique product/public key there is a corresponding unique private key. So 10k product keys = 10k private keys. All keys are stored in a locally stored database.

I suppose instead of doing it that way, there could be a system where there is only one private and public key pair.[list=1]
[*]You keep the private key, and the public key is hardcoded into software.
[*]Have a unique plaintext string that gets embedded into each game disk.
[*]Take that unique text string and encrypt it using the private key you kept.
[*]The encrypted output ‘is’ the Product Key and is placed on the packaging.
[*]A person buys your game.
[*]The person enters the Product Key
[*]The Product Key is decrypted using the hardcoded public key.
[*]If the plaintext message received from the Product Key is the same as the plaintext message stored on disk, then the Product Key is good.
[/list]

However I could see a few flaws with this right off the bat:[list]
[*]A hacker could replace the public key with their own and the plaintext message on disk gets encrypted with their own private key.
[*]Each game disk is different due to the unique plaintext string which results in multiple iso images.
[*]One Product Key cannot be used with other disks.
[/list]
1

Share this post


Link to post
Share on other sites
Quite an idea! What makes it necessary for each product key to be unique, though? What are the benefits of this, if each copy of the game is exactly the same and there are not any differences from one disk to another? I will need to contact PayPal for more information regarding their services for selling products this way. Thank you for the support. B-)
0

Share this post


Link to post
Share on other sites
Just make it easy for yourself, use online activation of the keys, that way you can just generate them randomly when you print the discs/boxes or sell an online copy, store them in a database and set the date and a hardware hash for the last activation of it, allow uses to activate their game on X machines per month/year/whatever and it will be good enough. (its easy enough to remove the key check entierly and restricting activations will keep people from sharing their key (a shared key would quickly stop working)

alternativly you can use a fairly simple system such as the one you described in your first post and just let the game client verify the key. (that won't prevent key sharing though).

Unless you have a genuine online component to the game however it will be fairly easy for a hacker to simply remove the keycheck entierly from your game and then distribute the modified version. (If you have a online component you can just have the client send a hashed or encrypted serial key to you when he tries to play online and just refuse the connection if another player is playing with the same key (all you gotta do is keep track of which keys have been sold/shipped and which ones are used by currently online players)

Getting the keys out to the users is simple, paypal will send a message to a web address of your choice when a sale is made (with the purchasers contact details) so you can generate the keys and send them out via email when you get the purchase confirmation from paypal. (This is fairly easy to do with for example php or python) Edited by SimonForsman
2

Share this post


Link to post
Share on other sites
The same rule applies here, though. A hacker can remove the thing that checks for online activation keys and distribute the modification for all. There are also programs that allow people to intercept the program's connection with the Internet and pass along a positive value to the program instead so it thinks it has received a message from the server saying the key is valid. You still have a good concept nevertheless.

I think the fairly simple system I described will work for me. Hackers will make the game not require a product key no matter how much work is put into the system. I just want to set up a key system that will lead to an honest individual making a purchase (A.K.A. they would only try guessing (if even that) and not go on torrent sites or anything of the sort).

If I made PayPal do this, would it redirect the user to the page at all? How would I make the page only work if the traffic comes directly from PayPal? I will try Googling for this information. Thank you very much for the packed-with-detail answer! :)
0

Share this post


Link to post
Share on other sites
[quote name='Tolito' timestamp='1343492747' post='4964003']
The same rule applies here, though. A hacker can remove the thing that checks for online activation keys and distribute the modification for all. There are also programs that allow people to intercept the program's connection with the Internet and pass along a positive value to the program instead so it thinks it has received a message from the server saying the key is valid. You still have a good concept nevertheless.

I think the fairly simple system I described will work for me. Hackers will make the game not require a product key no matter how much work is put into the system. I just want to set up a key system that will lead to an honest individual making a purchase (A.K.A. they would only try guessing (if even that) and not go on torrent sites or anything of the sort).

If I made PayPal do this, would it redirect the user to the page at all? How would I make the page only work if the traffic comes directly from PayPal? I will try Googling for this information. Thank you very much for the packed-with-detail answer! [img]http://public.gamedev.net//public/style_emoticons/default/smile.png[/img]
[/quote]

Paypal doesn't redirect the user, it contacts your server on its own

Basically when your web script recives a POST containing the transaction data it should make a connection to paypals server to verify that the submitted details are accurate and then process the data it got.

Here is a PHP code example.
[url="https://www.x.com/developers/PayPal/documentation-tools/code-sample/216623"]https://www.x.com/de...e-sample/216623[/url]

If paypal gives you the verified result you just have to check the data (item number, payment amount, etc) , generate a key (or grab the next unsold key from your database if you got pre-generated keys) and send it out via email to the buyer.
Check: [url="http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm"]http://email.about.c...hentication.htm[/url]
to see how to send an email through a php script. Edited by SimonForsman
2

Share this post


Link to post
Share on other sites
Thanks for the links! I was hoping PayPal contacted my server on its own. I contacted PayPal regarding this and they were wanting me to make the user be redirected and all, so maybe someone on the forums will understand what I mean.

What I would like it to do is send buyer information to a page on my website, which uses this data when generating a product key (it will not always be unique, but it will be pretty close to being unique each time). It prints the product key and a one-time download link to the page. I want PayPal to email this to the user once the payment goes through, unless it is not possible to cancel PayPal transactions. If I do not have to worry about them canceling the transaction and getting the product without payment, the information could be emailed to them as soon as they pay for it. I need some feedback on this concept, though. What do you think?

Thank you for taking the time to share all of this information.
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0