

Keeping the Pirates at Bay - ssp
http://www.gamasutra.com/view/feature/3030/keeping_the_pirates_at_bay.php?print=1

======
zach
More recently, the developers of the iPhone game BloodnGuns built an anti-
piracy level that would only be seen by those playing a cracked version. It
placed the player in an arena with a never-ending wave of killer chickens
armed only with the weakest weapon and no way to advance.

The forum posts went like: "Hi I can’t seem to get past the first level. I’m
too slow. Only a pistol. Too many chickens. Any help with that? Suggestions?"
It was great.

~~~
jrockway
Well, a few people probably bothered with the forums. Everyone else just
figured that the game sucked, and made a mental note to never buy (or pirate)
your games again. And they told their friends.

~~~
chrischen
They probably aren't very inclined to buy games in the first place, though I
do think they should be made aware they are using a crippled or demo version.

------
Apreche
The thing that struck me was that there was not a word about sales figures in
this article. Yes, it seems they gave the pirates a hard time with their DRM.
However, I think it is fairly obvious that those pirates had little to no
interest in actually playing the game. They just like breaking DRM, that part
is the fun for them.

I think it is also obvious that people who got the game from these DRM-
crackers, and actually did want to play it, would not have ever paid for it.
Even if the DRM was perfect, would sales have gone up? In all that time people
were waiting for a successful crack, how many people gave up on pirating and
bought the game? I'm betting the numbers were ludicrously small.

The developers would have been better off not spending any money whatsoever
developing this copy protection. Unless they can provide evidence of a large
increase in sales, I call BS. All they did was spend money developing a free
game of "crack the DRM" to a bunch of nerds.

~~~
rick888
"I think it is also obvious that people who got the game from these DRM-
crackers, and actually did want to play it, would not have ever paid for it."

You expect sales figures yet you say it's "obvious" that people that got the
game from DRM crackers would never pay for it? Where are your facts to back
this up? Do you really have any proof beyond a blanket statement?

"The developers would have been better off not spending any money whatsoever
developing this copy protection. Unless they can provide evidence of a large
increase in sales, I call BS. All they did was spend money developing a free
game of "crack the DRM" to a bunch of nerds."

Right. We see how well that works. You seem to forget that DRM was created
only recently, in response to mass piracy.

You would think that people would take the hint and stop pirating games. If
this happened, schemes like DRM would start to disappear because companies
would not want to waste the effort or the money.

The next step for game developers is software as a service, which has already
started to happen.

~~~
ThinkWriteMute
_Right. We see how well that works._

You need to research Eclipse Phase, the RPG.

Scratch that, your ignorance is startling.

~~~
rick888
"You need to research Eclipse Phase, the RPG.

Scratch that, your ignorance is startling."

How so? Because you don't agree with me and the only thing you can attempt to
do to silence me is to call me ignorant?

DRM did not exist during the Napster days. This is a fact. Piracy was rampant
during this time. The industry didn't make the right decision by trying to sue
everyone that shared a song, but people have no right to complain when
companies smarten up and start adding more and more protection.

you have given me one example of one game that may or may not even add
anything to our discussion.

Think of it this way: Do you actually think game companies want to add more
protection to their games? It adds more complications, costs more money, and
many times increases development time.

I don't believe that piracy is stealing. It's counterfeiting, which is much
worse than theft. If Toshiba starts getting televisions stolen, their product
value isn't really effected by that one product that is stolen (they can
always sell more at the original price and people won't expect it to pay
less). However, if a company's product is shared on the Internet, It can
eventually destroy the product line. Not only that, if it has a virus or the
crack doesn't work properly it can and will make the original developers look
bad. Also, people start to expect that the software will be free in the
future.

Everything digital is only worth what people are willing to pay. If most
people can do a simple Google search and find your product for $0, less people
will be willing to actually pay for it, devaluing your product over time. It's
funny how so many people say piracy has no direct relation to sales yet when I
disable a crack that I found for any app I am selling, my sales increases by
15-20% (and sales decrease over time when more and more cracks are available).
I have heard this from other software developers.

~~~
Naga
But how do you reconcile the fact that DRM only affects paying customers, such
as AC2's need for a constant internet connection or Spore's original maximum
installations, where pirates can easily just install the crack and not worry
about the DRM?

~~~
rick888
"But how do you reconcile the fact that DRM only affects paying customers,
such as AC2's need for a constant internet connection or Spore's original
maximum installations, where pirates can easily just install the crack and not
worry about the DRM?"

Criminals can get guns illegally. Would you say that because it's so difficult
for the average, law-abiding citizen to get a gun, that we should remove all
the restrictions?

Yes, it affects paying customers, but it's a result of the actions of the
pirates. It's a vicious cycle that's not going to stop until:

1) The pirates stop sharing and cracking illegal software 2) The company finds
a way to completely protect their software

AC2 is on the right track. They are releasing it as a service/app hybrid.
Eventually, all games will be this way.

------
whughes
_Note: This is a PlayStation game!_

It's a key fact which you have to keep in mind when reading this article and
considering it for use on PCs. Console copy protection is today important, but
not critical as PC copy protection is. Chances are, this protection would have
been instantly defeated on a reasonably high-profile PC game.

~~~
ajg1977
That's quite an assertion - care to back it up with your reasons?

FWIW I've written similar "time bomb" crack prevention techniques that were
used in a couple of reasonably high-profile PC games (e.g. 500k to several
million copies sold).

Some of the strategies were inspired by this article when it was originally
published in gdmag, others were based on certain benefits of being a PC title.
What helped a lot was that we had a surprisingly sensible publisher who
acknowledged that safe disc prevention was (at the time, I'm not sure about
now) virtually worthless and allowed us to ship without it. This gave us the
benefit of knowing ahead of time the hashes for various areas of our binary
and being able to use and layer those into different checks.

While non of these were crack-proof (or even close to it!) they did serve
their purpose and prevent any zero-day or launch window warez releases - which
as the author states in this article is about the best you can really hope
for.

~~~
viraptor
I always wanted to ask this to someone who makes the games/protections: do you
take into consideration the sales _lost_ because of the protection? I know
about games from friends mostly - if I can see it, I may be inclined to buy
it. That's the only reason for me to buy the game really, as I don't follow
the gaming news at all. Naturally they have illegal copies sometimes - that
means if the protection is good, they cannot show me the game, or show me only
something that suddenly breaks down (because of protection). That means I'm
not going to be impressed by the game and will never want to have it myself.

Example: I never bought Settlers (2? 3? - the one that exchanged production of
pigs and gold when you were playing a copy) - I've seen it and thought it's
just so buggy it's not worth getting. Learnt about the copy protection a lot
later.

I know many people who buy games this way - mostly grownups who want to have
some fun once in a while but aren't interested in gaming every day. They also
earn and spend their own money, so usually they're more ok with buying a good
game than teens who need to request it from parents / buy for allowance / ....

I've always seen advanced copy protection as games producers shooting
themselves in the foot. But maybe I'm just not part of the market that makes a
difference for producers. Do you remember if this was an issue at all?

~~~
ajg1977
To be honest no.

While there may be people who buy the game after being able to sample it,
there are far more who would happily pirate a game and never look back. Of
course, it's foolish to equate every pirated copy as lost sale (as the
RIAA/MPAA do), but I do believe many titles lose a respectable number of sales
through piracy.

It is important to ensure that any anti-piracy measure that affect gameplay
can be identified as such and not as bugs. This can be difficult to do in the
game since providing messages/warnings gives crackers a place to begin
backtracking, so at least on my games we would carefully seed FAQs
message/boards with questions/answers that if X occurred it was because you
were running a pirated copy.

As a developer my bigger concern, both at the time and ongoing, is ensuring
that any demo we release is produced in a manner that's both expedient and
forward looking. If you go back 5+ years it was fairly standard for developers
to release demos way in advance of a retail release - infact far enough in
advance that it was possible to make changes to the final game based on
feedback/metrics from the demo version.

This practice now seems to have all but died. Many games never release a demo,
and games that do have a demo version often wait until after the retail
version hits the shops to release it. I think that's a real shame and driven
largely by fear of possibly bad press for games that need to recoup multi-
million dollar investments.

------
micrypt
Perhaps approaching gaming as a streamed service in the manner proposed by
OnLIVE (<http://www.onlive.com/>) could be a viable means of reducing piracy.
It seems possible for a sizeable games publisher to move to a subscription
based business model.

~~~
javanix
Except games can't and will never be run off-site as a service - the technical
capabilities for OnLIVE are not and will never be available in the US.

More and more games will be moved to models that require a persistent internet
connection though - the article does a good job of pointing out that winning
the battle for just two months is nearly "good enough".

~~~
jsz0
It's very do-able today. The key is just having the server located close
enough for latency to not be a problem. ISP partnering would be their best
bet. Run the service and let ISPs resell it -- locate the servers in their
headends/datacenters. If you traceroute something and look at your first few
hops it's easy to see how it would work. <10-20MS should be fine.

------
teamonkey
For a more recent example of this technique, see Batman: Arkham Asylum

[http://www.neowin.net/news/deliberate-glitch-foils-batman-
ar...](http://www.neowin.net/news/deliberate-glitch-foils-batman-arkham-
asylum-pirates)

"It's not a bug in the game's code, it's a bug in your moral code."

------
swolchok
Interesting despite its age, but the title needs (2001).

------
vilda
Methods used by Skype to protect its integrity is described in presentation by
Philippe Biondi and Fabrice Desclaux:
[http://www.blackhat.com/presentations/bh-europe-06/bh-
eu-06-...](http://www.blackhat.com/presentations/bh-europe-06/bh-
eu-06-biondi/bh-eu-06-biondi-up.pdf)

Definitely worth reading - actually the integrity tests consume more CPU than
VoIP itself.

~~~
binarray2000
This reminds me of Cubase 3 (software for music production). In 2005 the scene
group H2O needed 1500 manhours for cracking it, from their NFO (iNFO notice
from the scene group about the release) for Steinberg.Cubase.SX.v3.0.2.623:

    
    
       H2O does it again.........!!!
    
       Although everybody thought that Syncrosoft and Steinberg
       had found the ultimate protection, we prove otherwise.
    
       We admit that it's getting harder and harder to do and
       this one may possibly be the last one we do.
    
       Due to the complex nature of the protection we thought
       of approaching it from another direction.
    
       The Emulation is now done on driver-level, which means
       that the Emu essentially mimics a dongle, look in the
       License Control Center to view the applications the Emu
       supports. By writing the Emu at driver-level we probably
       went beyond cracking an application. The amount of
       effort invested in this project is staggering, estimated
       at over 1500 manhours during cracking, developing &
       testing, and probably will never be done again.
    
       (...)
    
       Note to protection coders:
       Unbelievable way you transform an application. We
       estimate that between 30% & 40% of the application are
       wrapped in the script protection. Protection is one
       thing but this surely effects an application
       performance. You probably could get a performance gain
       of 50% without the protection!!
    

NFO for Steinberg.Cubase.SX.v3.1.1.944 has more details on the way the
protection works and its impact on performance:

    
    
       Note to Steinberg/End-Users:
       It seems that our prior Release Note stirred something
       in the Audio Community (Yes, we can read). To get some
       of the facts straight we're going to reveal some
       secrets about the copy protection itself, and why we
       stated that it severely impacts performance.
    
       Info from Syncrosoft website:
       [QUOTE] "Syncrosoft's protection solution is different
       from mainstream software copy protection methods. It is
       based on a secure executer, the eLicenser, and the
       patented MCFACT technology"
       "At runtime, the transformed program code does not
       reveal its semantics. The eLicenser's crypto-services
       are called from time to time by the transformed program
       code."
       "The transformed program code is represented as tables
       in the computers memory. An adversary can not reverse-
       engineer or debug the tables, because a reverse
       transformation from the tables to original program code
       is not feasible. If the tables are manipulated, the
       transformed program code will crash or produce invalid
       results."[ENDQUOTE]
    
       So it's not crackable?...
    
       Now here is the explanation for what really goes on:
       Transformation is based on replacing ordinary machine
       code into tables representing results from calculations
    
       Example: Adding 2 numbers.
    
       Normal machine-code would look something like:
    
       Add eax, ebx
    
       This will take 1 CPU cycle to execute.
    
       Now comes MCFACT:
    
       1) Transform the first number into a table
       2) Transform the second number into a table
       3) Do allot of manipulation of these tables
       4) More manipulation
       5) Transform the Tables back to the numbers
       6) Add the 2 numbers
    
       This entire piece takes up hundreds of machine code
       lines and a lot of loops inside this code...estimated
       CPU-cycles <insert number greater than 1 here> No
       performance loss? We don't think so..........
    
       And this code runs all the time!!......The dongle in
       fact is only called 1 out of 10 times inside these
       scripts.........
    
       A good example is the protection build in the midi-
       part. This is entirely wrapped in the script-crap. Try
       moving a note and swirl it around.....you should notice
       a sluggishness in the movement.
    
       In fact u will notice an improvement in version 3.1
       prior to the 3.0 release. This is not due to
       improvements made by Steinberg (the midi-engine is
       still the same) but improvements made by Syncrosoft!
       (They optimized the script engine)!!!!!!!
    
       To give the end user some peace of mind: the scripts
       aren't built into the real-time audio-engine.....this
       is impossible because of the performance loss u would
       have from the MCFACT.

------
scotty79
Are there any research that indicates that presence or absence of copy
protection has any effect on sales?

~~~
teamonkey
All the major games publishers do it but they don't make the results public.

~~~
scotty79
How can you measure that? You can't make a grand premiere of the same game
with and without protection.

------
Tichy
"If YOTD follows the same trend, as it almost certainly will, those two to
three months when pirated versions were unavailable must have reduced the
overall level and impact of piracy"

Don't they know for sure? What a wasted opportunity.

~~~
Estragon
How would you do the experiment?

~~~
Tichy
I guess it's impossible to create a real test, but at least they should have
some numbers? I don't know enough about the gaming industry. Maybe if it sells
well, it could either be because it is one of the rare hit items, or because
of the reduced piracy. Or maybe they could see some obvious deviation from the
sales of "normal" games.

------
bediger
Is "keeping the pirates at bay" really really worth the effort, heartache, and
whatever you didn't go (opportunity cost) because you were working on
"protection" from something that will happen anyway?

If so, does the rest of society agree with having this cost imposed on them? I
personally never play these games anyway, so I don't care about the problems
with the games that arise from you guys spending your best effort on copy-
protection, but I do care if you want me to finance your idiocy via draconian
copyright laws.

------
jrockway
It is ironic that so much development time went into features designed for
people that didn't pay for it. If they used the time (and skill) to make their
game better, maybe more people would have bought it?

(The computing landscape has also changed significantly since 2001. With
hardware support for virtualization, techniques like debugger detection just
don't work. The attacker can make his computer behave however he wants, at a
level far beyond your control.)

It's probably best to just ignore piracy, because your game is going to be
pirated no matter how advanced you think your protection is. Remember, people
take their xboxes into expensive microprocessor fabs and use electron
microscopes to figure out how to bypass the piracy detection. And, there is
only one of you, but millions of people with plenty of time to spare that want
to break your copy protection just to spite you. You are going to lose, so why
even waste your time? The only people hurt by piracy protection are you and
your users -- and that's a pretty silly demographic to try and hurt.

If your game is good, plenty of people will pay for it. Don't worry about the
pirates; they wouldn't have bought your game anyway.

~~~
chrischen
He said their goal was to slow them down, not stop them. Also their piracy
protection didn't really hurt paying customers, while it massively decreased
value to pirates (2 month delay).

There will be times if you go out of your way to screw pirates and it will be
worth it, and other times it won't.

~~~
jrockway
_Also their piracy protection didn't really hurt paying customers_

Except for the CPU and programmer resources that could be used for something
else.

~~~
chrischen
That doesn't hurt customers. If anything that just doesn't give customers as
much as they could have. But if you read my (short) post you'd know about the
cost/benefit aspect too.

------
eli
I'm sure making your game suck if it detects a crack is annoying for the
pirates, but it also means that most of the people who play crack versions of
your game will just assume it sucks. That can't be good for its word of mouth.

~~~
Herring
You have to make it really obvious.

 _> Some people even thought it was funny when the fairy character, who
normally offers players helpful advice, instead told them they were playing a
modified game._

I found that hilarious.

------
wedesoft
Looks like the computer game of the future will be played by both gamers and
developers: DRM.

------
grumpyfart
So how long did it take for crack to come out? He mentions 2-3 months but he
never says the actual time, or have I missed it?

Because he says they bypassed in a different way maybe it was only 2 weeks.

