
Keeping the Pirates at Bay – Copy and Crack Protection (2001) - Lrigikithumer
http://www.gamasutra.com/view/feature/131439/keeping_the_pirates_at_bay.php
======
gpcz
The biggest takeaway of this article is that effective security comes from
proper threat modeling and analyzing the cost dynamics.

Most media companies in that era attempted to build an "uncrackable" system
which always got cracked in short order because the mechanism depended on one
tactic. By acknowledging that all protection schemes eventually get figured
out and acknowledging the adversary's strengths and weaknesses, the author
could then employ defense-in-depth techniques to maximize the cost of cracking
the system.

Remember that every adversary has a budget.

~~~
_nullandnull_
> the author could then employ defense-in-depth techniques to maximize the
> cost of cracking the system.

Can you provide more details on this statement? I understand defense-in-depth
and the different methodologies for cracking software but your statement
doesn't make sense when applied as a whole. Do you have any examples?

~~~
gpcz
The real meat of the defense-in-depth analysis is on page three of the
article. Spyro had a two-layer defense-in-depth scheme: one layer that looked
like a normal PSX cracking problem, and another that would look fine for a
while and then mess up the game over time, which forced the crackers to make a
complete play-through (and probably multiple failed play-throughs) to verify
that their cracks worked. This served to make the cracker's feedback loops as
long as possible. The author also acknowledges that it was impractical to add
more layers of protection due to computational/IO/space costs, but that it
would have offered more security, such as having multiple copies of the game's
executable code on disc that are separately encrypted and randomly used, using
custom compression algorithms, etc.

At its philosophical core, defense-in-depth is the idea of delaying an
attacker rather than preventing an attack. In a military or IT situation this
delay usually lets the defender detect the attack and counterattack/prosecute.
In the cracking world, the delay IS the counterattack, since release groups
measure their performance based on release quickness and the company
(theoretically) gains revenue from the game not being on Kazaa during that
critical sales season.

~~~
_nullandnull_
Thank you for the response. I never really thought about defense-in-depth from
the angle of slowing an attacker down. I have always thought about it from a
detection standpoint. You make a good point. Cheers.

------
TazeTSchnitzel
I've often heard people say that piracy isn't harmful, but looking at what it
does to video game developers, I'm not sure it always isn't. Day 1 cracks are
obviously a serious concern if developers like this one would go to so much
effort to prevent them. And I remember Nintendo saying piracy had hurt DS
software sales in Europe (understandably: instead of buying several full
titles, people would buy a cheap "R4" or similar flash cart and play hundreds
of games for free - I recall having friends who did this).

~~~
zak_mc_kracken
It's a bit puzzling to hear this coming from Nintendo since it's pretty clear
that piracy hurts the Windows platform infinitely more than the console
industry.

Very, very few console owners run unlocked consoles, so they don't even have
the option of running cracked games.

On the other hand, every PC owner can run cracked copies, and it only takes a
few minutes of reading for even the most non tech savvy Windows user to find
out about bittorrent and how to procure cracked games.

~~~
sosborn
> It's a bit puzzling to hear this coming from Nintendo

Those R4 carts were all over the place. I was living in Japan at the time and
everyone and their mother had one. There is no doubt it cost them a lot of
money.

~~~
gambiting
Every single person I knew who had a PSP ran only pirated games. My cousin had
a single legit copy and even then he would run a downloadad ISO because it was
faster to load than the UMD. Apparently PSP sold really really well, but no
games matched those sales, which suggests that PSP piracy was fairly
widespread too.

------
minimaxir
Previous discussion:
[https://news.ycombinator.com/item?id=8807135](https://news.ycombinator.com/item?id=8807135)

------
towelguy
It would be interesting to see the difference in sales in the 3rd month
between US and Europe, since the European version took one more month to
crack.

------
hias
Earthbound / Mother 2 for the SNES also did this, way before Spyro.

~~~
danielweber
Among other things, you'd get to the end boss and then everything would break.

[http://earthboundcentral.com/2011/05/earthbounds-copy-
protec...](http://earthboundcentral.com/2011/05/earthbounds-copy-protection/)

------
Borogravia
Fascinating.

