DRM

Cero · July 10, 2012, 12:31am

Lets talk about DRM again. I’m just interested in the technical aspect - how its done and works, not whether or not to use it and stuff. I just want to have a basic copy protection. Because I figure if someone is going to crack it, its already popular enough probably. But having none at all - I would like to avoid that.

In traditional DRM (back then it was of course just called copy protection - because there was also no limit on how many times you could activate a product), you had to input a serial key, which in old times came in the box with your game or other software.
Lets assume in this case, that the activation itself is safe, using an online connection, checking the key and all…
Once its activated, what stops a user from THEN copying the whole folder and distribute/share the application ?
My experience is that a registry entry would be missing and thats all… but of course, such a thing is easily added with a .reg file on windows and stuff.

lhkbob · July 10, 2012, 12:37am

Just have them create accounts so they have to log in before they play. Then it doesn’t matter how many times they copy it since you can just allow one authentication at a time.

If you’re worried about people wanting to play offline, just keep them “logged in” for an hour if they disconnect without going through the proper protocols. That way that can’t just unplug their comp and let someone else log in.

Cero · July 10, 2012, 12:45am

Oh yeah sure, but apar from server costs - thats Diablo 3 Blizzard style and will people piss off to no end. Having to log in every time…

I mean, how did this work back then, when you bought Half life 1, which came on 3 discs with a serial key ?

Riven · July 10, 2012, 12:46am

Lot’s of additional work for a crappy user experience. :cranky:

So, what stops them from copying an activated acount? Probably a DRM solution that pretty much resembles a rootkit.

Keep in mind that the ‘big companies’ can’t manage to get their act together, with faulty activation servers and unreachable/unstable monitoring servers. So, try to learn from the mistakes of others, and don’t come up with a scheme that involves a network connection.

Ofcourse you can raise the bar, a bit, but in the end, clientside security is plain stupid (again, unless you infiltrate and takeover a system).

Danny02 · July 10, 2012, 12:51am

In the time, before one could easily create images of CDs(I know very long time ago). One type of copy protection was that they destroyed some sectors of the CD and then checked if the CD from which one tryed to play the game from had the same bad sectors. This was some quite good copy protection, because one could not reproduce these bad sectors easily.

lhkbob · July 10, 2012, 1:05am

I think it was a key that got linked to your steam account, and then the DRM was tied to logging in with steam, and that is basically like how I described above. It auto-logs in and remembers credentials locally, which is convenient, and is fine for DRM purposes since it really only needs to stop multi-comp logins.

Cero · July 10, 2012, 1:08am

When there was no steam yet, I mean =P

Yeah I know that one SafeDisc / CLOKSPL.EXE, right ? well today with the internet being as it is, its a non issue of course…

sproingie · July 10, 2012, 3:51am

Steam was created for Half Life 2. HL1 used pretty much standard CD key systems without any internet activation IIRC.

endolf · July 10, 2012, 7:38am

So, just entering a serial in the old days was only enough because most people didn’t know what it was doing with the thing. As copy protection became more common, and hacking groups sprung up, a simple serial wasn’t enough, that’s why there were so many pirate sites and CDs full of cracked games, also keygens were popular.

What you could do, would be to combine the serial with a machine id before storing it, that way, it would only work on that machine. Of course, this would probably be mac address or ram or disk based (they were in the old days on CAD systems for example), this then leads to fun issues when people upgrade their hardware. Some games would need the key re-entering or reinstalling though.

There are lots of ways to screw up the user experience that won’t stop pirates/cracked copies, even small games get cracked these days.

I think the way Cas does it for puppygames games might be a good compromise.

Endolf

lhkbob · July 10, 2012, 7:40am

I read Half life and instantly thought Steam didn’t stop to think about the timeline.

princec · July 10, 2012, 9:00am

The coolest DRM ever (seriously, google it :D)

Cas

Cero · July 10, 2012, 1:20pm

What I dont get about it is: How do you “bake” personal data into the game ? Not technically, but, I mean that would imply that you cannot ship the same game just like that to everybody, but everytime a part of it is customized. How does that work ?

princec · July 10, 2012, 2:14pm

Registered owner’s name and email address is encoded by the private key. If you’re fine with giving out those two bits of information to a warez board that’s fine by me.

In any case we still use server validation and can permanently disable a key should the games be allowed to connect to the internet. In practise it’s just way too much bother to disconnect from the internet just to play it, versus the actual amount of money we ask for our games.

Cas

Cero · July 10, 2012, 2:27pm

But how does the name and email get into the game. Since, when you sell it using BMT Micro for instance, its already a big .exe installer for example. How do you then inject those informations ?

Or do you do it later when the person starts the game for the first time ? / In your case tries to activate it from demo to full version

princec · July 10, 2012, 3:12pm

Well, try one and see. You register the demo version by popping in your email address; we send back the key, and stash that using Java Preferences APIs. All detailed in the blog post.

Cas

Oskuro · August 1, 2012, 8:14pm

Actually, the best DRM out there is quite simple: Just make sure no one has any interest in your game [/sarcasm]

Now, seriously, not even online activations are safe (Steam gets pirated quite easily, for example, and there are plenty of WoW “private servers” out there).

In my opinion, apart from doing like PuppyGames and implementing a user-friendly DRM that doesn’t punish legitimate players (And them being unable to activate their game when you eventually pull the plug on the validation server is a punishment), the best bet is to protect the online components of your game, if there are any.

Say, require registration for multiplayer, to download patches, to access the support forums… Or, if you have the infrastructure, stream content from the server upon connection.

Just don’t be obnoxious, unless you turn out a megahit, intrusive DRM will do you more harm than good.

Oskuro · August 2, 2012, 9:12am

Also, these are interesting ways to handle DRM that can be fun to implement:

6 Hilarious Ways Game Designers are Screwing With Pirates

(Yes, I know this thread is more about the technical aspects of DRM, but the other thread on copy-protection is almost a year old :’()

princec · August 2, 2012, 9:18am

As a small bombshell we are actually probably going to completely ditch our DRM, and even our direct sales, and sell exclusively on Steam in the not too distant future. Direct sales are now so pitifully low it’s almost pointless maintaining the infrastructure for it any more. All we’re waiting for is the Steam Linux launch, honestly, and that’s a wrap.

Cas

UprightPath · August 2, 2012, 9:24am

Dear lord. That’s… The Earthbound one… That’s… Wow… Ow.

I mean, I applaud them (They did think of everything, even sound effects that you can only hear during the ending) but that hurts.

theagentd · August 2, 2012, 1:18pm

I thought number 3 was a lot more hilarious… xDDDD