Followers 0

# Copy protection system

## 40 posts in this topic

Hi Guys,

Just wondering if I could run some thoughts by you.

I am about to release a DLL for a target client base and obviously you get people who will distribute this amongst dodgy channels.

I have setup my site to provide download links via user accounts and each dll is serialed in some way internally. So, I'll be able to track the source of the Buccanneer (Pirate gag :) )

I am wondering, should I also add an internal 'kill switch', so the DLL communicates back to a server to see if it is 'valid'. Ie. kill the leaked DLL's?

I was thinking of doing this in an unitrusive fashion, so if the DLL is not connected to the internet then it will continue working. But if it is connected and deemed 'not valid' the DLL will fail. Obviously, I want to do this in a way that is 100% non-intrusive to the end 'legit' user.

Although this method isnt perfect, it should slow down the piracy rate. And yes, if someone really wants to they can crack the DLL.

I just dont want the 100's of hours I have put into this go down the drain (being a solo dev). I am sure you'd understand :)

I also don't want to charge alot for my work, thinking around the $10-$20 region. I could charge more, but that is not who I am. I want people to enjoy the DLL as much as I have enjoyed making it. And so far the feedback from the 'target' has been awesome.

1

##### Share on other sites

Businesses invest billions of dollars every year for systems that are only effective for two or three weeks. Some require license servers, some require dongles, some require physical disks, some require license keys, all are defeated quickly. The only effective solution is to run it on your own servers.

Assuming your game is popular enough that anyone would want to steal it, your little secret will be discovered and become freely available online.

Spend your valuable development time actually developing the game.

Hmmm true. I know what you mean. Probably better to cater for the 'true users' rather than spending time, money, and effort staving off the dodgy ones.

Edited by lonewolff
0

##### Share on other sites

I think frequent updates are the best way to make your legit users happy, and make the pirates wish they didn't have to download yet another version because a new update was released. Especially if the update includes changes to a lot of files, which would make the pirates download the entire thing. Again. Worked against me :P

Just an idea here. :)

1

##### Share on other sites

If you really want to add anti-piracy:

Release a purposefully 'cracked' and 'buggy' version of your dll to pirate websites (high-cpu usage, frequent crashes, ect). Several versions infact, make them seem as legit as possible. You can even add a time delay to make it seem like it works perfectly at first. Having an already released 'cracked' version of you software will also deter crackers from actually cracking it too since they think its already been done and if they do crack it.. it will be just be mixed in with your version.

This should really frustrate the pirate community. Though, I'm not sure if that will result in more sales for you :P

Edited by izackp
2

##### Share on other sites

You could embed a separate, unique 128-bit GUID in each individual DLL and assign it to each legitimate customer. Each time a user connects, transmit that GUID and make sure that no one else is current using it. If a second connection is made with the same GUID, disconnect them. This way, although you may have 10,000 pirated versions, only one can connect at a time. Whomever is distributing the software will soon learn when they can't connect...

Edited by mark ds
-2

##### Share on other sites

Sounds like that, too, would be cracked, by someone who figures it out, and replaces that code with either one that brute force increments the GUID until it finds one that is accepted, or generates one from your own machine that is unlikely to collide with anyone else's.

But the server would contain a list of valid GUIDs to compare against - one for each customer. And the chances of 'guessing' a correct one would be unfeasible, there are 5.3×1036 combinations!

Edited by mark ds
0

##### Share on other sites

You could add something to have the username of the person appear on the legit products. That will make pirates feel bad whenever they see the name of the first pirate on their pirate product >:3

1

##### Share on other sites

You could add something to have the username of the person appear on the legit products. That will make pirates feel bad whenever they see the name of the first pirate on their pirate product >:3

I was actually thinking of something along these lines. More or less a name and shame, have the details of the initial leak plastered all over the screen.

If you really want to add anti-piracy:

Release a purposefully 'cracked' and 'buggy' version of your dll to pirate websites (high-cpu usage, frequent crashes, ect). Several versions infact, make them seem as legit as possible. You can even add a time delay to make it seem like it works perfectly at first. Having an already released 'cracked' version of you software will also deter crackers from actually cracking it too since they think its already been done and if they do crack it.. it will be just be mixed in with your version.

This should really frustrate the pirate community. Though, I'm not sure if that will result in more sales for you

I heard of an instance where on company did this and the reviewers got a hold of the 'dodgy' version and the program was reviewed on the faulty merits. This apparently killed sales as the reviewers said 'dont buy it'.

1

##### Share on other sites

I am wondering, should I also add an internal 'kill switch', so the DLL communicates back to a server to see if it is 'valid'. Ie. kill the leaked DLL's?

If you manage to install software on a user's computer, have it call home, and delete or modify files on the user's computer under remote instruction without the user's permissions you have committed a criminal act in many jurisdictions and immoral act in all of them.

0

##### Share on other sites

I am wondering, should I also add an internal 'kill switch', so the DLL communicates back to a server to see if it is 'valid'. Ie. kill the leaked DLL's?

If you manage to install software on a user's computer, have it call home, and delete or modify files on the user's computer under remote instruction without the user's permissions you have committed a criminal act in many jurisdictions and immoral act in all of them.

Not at all, there would be no modifications to the file system at all.

It would communicate to the server > ask if vaild > if response==false > don't operate.

Simple..

To clear things up. It wouldn't be a criminal act if the user obtained the software illegally in the first place?

I'd love to see that stand up in court. "I downloaded this i'llegal software but it won't run on my machine". "Err, I want my money back?".

Edited by lonewolff
0

##### Share on other sites

If you manage to install software on a user's computer, have it call home, and delete or modify files on the user's computer under remote instruction without the user's permissions you have committed a criminal act in many jurisdictions and immoral act in all of them.

So... license validation is illegal and immoral? Software updates are illegal and immoral? Copyright protection is illegal and immoral?

The OP is talking about selling software, which no doubt would come with reasonable terms and conditions. The buyer would be aware of any 'phone home' checks in place.

1

##### Share on other sites

Even if the file was programmed to delete itself from the users hard disk if it was detected to be illegal, does 'ownership' of the illegal file then pass to the pirate just because it is resident on the hard disk?

Microsoft would be screwed if this were the case with all of those Windows 8 Trial copies on peoples computers that will 'blue screen of death' when the trial period is over. It is a case of trial is over, therefore access is over.

0

##### Share on other sites

it depends on the popularity of the product.

my most popular game got hacked. losses were so bad i had to fold the company.

frequent major updates are all fine and good, but not really feasable for a large game (like skyrim or any other large fps type game).

in your case its a dll.  a library.  tech support and updates are your best anti piracy tools.  but  DRM never hurt.

this may be of help:

http://www.gamedev.net/blog/1729/entry-2258666-anti-crack-info/

0

##### Share on other sites

my most popular game got hacked. losses were so bad i had to fold the company.

Man, that is terrible. Proof of what can happen to a good product.

If my library takes off as well as I think it will, I am sure that it will be hacked in no time. That is my biggest worry.

So, I have no idea what I should do to protect my IP in this case.

0

##### Share on other sites
I think you should take measures to protect the game. Maybe not super measures, as even with those measures, you can be hacked.

I don't know about how to actually set up security but I have downloaded a lot of software.

In terms of hacking, think about the hacker as a thief who wants to break into you house and steal your stuff. Or you can think of them as roaches that want to invade your house and eat your snacks.

A thief has to have an entry and exit point. You can't seal off all entry and exit points because you yourself have to get in and out. So, say you have a key. Well, we know keys can be regenerated.

Now, say you have a face scanning technology, that only allows people with the correct face ID to enter. Spiffy.

I think a better way is to assume people will enter, and just confuse the heck out of em by controlling the paths they are able to take. When roaches see raid, they have to go around it. Haha. But you can go right through it.

I think of keys in the way I used to when writing secret code. Keep the key on paper which translates the mumbo jumbo into their actual meanings. Paper can only be hacked if the hacker actually breaks into your house.

Thinking in terms of "thieves" will help you to come up with better solution on how to prevent theft.

One more thing, grey hat hackers are usually called unethical or ethical depending in the situation.

You can hack your own house to prevent hackers can't you? Can't you give a virus a virus? (Independence Day). Haha.
-6

##### Share on other sites

My suggestion would be to implement some basic copy protection that simply informs the user that they need to purchase more licenses if they are running too many copies. It doesn't need to prevent them running the software. It will probably need to call home to a server to do this, so it could also report data back to you so you can work out how much piracy there is. The idea behind this is to reduce casual or unintentional piracy. It won't stop a determined pirate.

However you need to make sure that it's not going to annoy legitimate users. This depends somewhat on who will be buying your dll and how it will be used.

Just embedding an ID in each DLL downloaded is probably a bad plan. For example lets say a company decides to buy a copy of the DLL for each of it's 100 employees. Do you think they want the hassle of re-downloading it for each one of them, and then distributing them internally? However when the company gets some new employees it should inform them that they need to buy more licenses.

1

##### Share on other sites

If you manage to install software on a user's computer, have it call home, and delete or modify files on the user's computer under remote instruction without the user's permissions you have committed a criminal act in many jurisdictions and immoral act in all of them.

So... license validation is illegal and immoral? Software updates are illegal and immoral? Copyright protection is illegal and immoral?

I would argue that illiteracy is a problem.

There's nothing immoral about license validation, there's nothing wrong with an application phoning home to validate authenticity and allow a program to continue, as long as the user has been made aware that personal information is being transmitted over the unprotected public communications systems. Neither of those actions violate the user's privacy or threaten the integrity of their data. A trojan virus that surreptitiously modifies the contents of a person's hard drive is immoral, regardless of the intentions of the person who propagates that virus.

Software updates are run with the user's permissions, they do not match the conditions I stated above. Copyright protection is entirely irrelevant to this discussion, unless there is a surveillance program that scans your drive for illicit source code and removes it extrajudicially. I imagine such shakedowns would be quite profitable if it were legal, since the definition of 'illicit' would be pretty fluid without the usual legal safeguards. Better pay up, we wouldn't want any 'accidents' to happen.

It doesn't matter if a user has obtained a copy of your software through uncontrolled markets, it is immoral for a third party to attempt to change or modify the contents of a user's hard drive (or other storage media) remotely and without the user's consent.  It is the same for any other good:  if you suspect someone has stolen your television, you do not have the right to break in to their home and remove whatever you want.  A person's data is sacrosanct and you do not have any rights to it no matter how much potential revenue you might not earn by not having those rights.

The OP is talking about selling software, which no doubt would come with reasonable terms and conditions. The buyer would be aware of any 'phone home' checks in place.

The OP is talking about getting software installed on a user's computer such that they can remotely exploit it. There was nothing in his post about posting a warning and obtaining consent that such a trojan virus has been installed and will modify or destroy the contents of their hard drive. If that was the case, he should have said it explicitly. What he did say explicitly is "the DLL communicates back to a server to see if it is 'valid'. Ie. kill the leaked DLL's" which to me sounds like delete files, since 'kill' is a synonym for 'delete'. Of course, it would only be a problem for the people who had installed the software and not paid the protection money, not 'the buyer'.
1

##### Share on other sites

I am wondering, should I also add an internal 'kill switch', so the DLL communicates back to a server to see if it is 'valid'. Ie. kill the leaked DLL's?

If you manage to install software on a user's computer, have it call home, and delete or modify files on the user's computer under remote instruction without the user's permissions you have committed a criminal act in many jurisdictions and immoral act in all of them.

Not at all, there would be no modifications to the file system at all.

It would communicate to the server > ask if vaild > if response==false > don't operate.

Simple..

To clear things up. It wouldn't be a criminal act if the user obtained the software illegally in the first place?

I'd love to see that stand up in court. "I downloaded this i'llegal software but it won't run on my machine". "Err, I want my money back?".

Your game only works online? Not buying it. As stated in other threads, I'd put forth the effort to crack the game just because I want to play where I want to play with the game that I bought, not adhere to inconvenient rules that are aimed at people other than me. It is a trivial step for someone less scrupulous to then give a copy to a friend in order to spare them the frustration, then it spreads like wildfire.

-1

## Create an account

Register a new account