
The Awful Anti-Pirate System That Will Probably Work - jeff18
http://jeff-vogel.blogspot.com/2010/02/awful-anti-pirate-system-that-will.html
======
tumult
_1\. Make your own, free saved game server and alter the application code to
use it.

This means a lot of work and expense, both to duplicate Ubisoft's game saving
code and to set up and maintain the servers. Won't happen._

I'm not even a very good game hacker, and I've done much more dramatic things.
It's really not a huge deal. People have reverse-engineered entire online game
protocols in order to have their own unofficial servers before the games were
even out of beta. The client<->server model of protection is actually a good
thing to cracking and the people who use cracks, since the original binary
doesn't need to be modified in any way. You just run a little thing in your
system tray that emulates whatever portion of the server protocol it needs to.
And now you can also get the official updates from Ubisoft, re-activate with
your own fake server any time, etc. It's not a "disable one line of code" type
deal, but if you think that's even a simplification of how things have been
for a while, that's pretty naive.

~~~
jskinner
_the original binary doesn't need to be modified in any way_

It's easy for Ubisoft to also force the binary to be cracked: have the client
request the server sign a random token with its private key, and verify it
with a public key embedded into the client. This way a third party server
could only be written if the client was also cracked to either change the key
or remove the check.

~~~
brown9-2
Isn't this the type of "check at startup" that the article mentions hackers
can easily null out?

~~~
pyre
Maybe game designers should take lessons from Skype in making it as hard as
possible to disassemble/hack the binary.

~~~
nitrogen
Something tells me both game developers and crackers have been at this a lot
longer than Skype... I remember playing cracked Atari games as a young kid,
but back then I didn't know what "cracked" meant. In case anyone wonders, I
found the games in a huge box of 360K floppies that came with the Atari system
when I got it.

------
DarkShikari
"Probably work"?

It was already cracked two weeks before release! From a few days ago on Buzz:

 _Just saw a post on the Steam Forum for Assassin's Creed 2 that the
impossible to beat, always online, can't save your game or even play the
stupid thing without being connected to the internet DRM for it has already
been cracked 2 weeks before its release. sigh Did Ubisoft really expect this
to work any better than previous attempts to crack down on piracy? Now what
they're left with is a piece of software which is being pirated just as much
as any other game, except that it treats its legitimate buyers like they're
suddenly going to turn into pirates after they've already bought the game._

~~~
vaksel
precisely, the only people stuff like this hurts are the legit users who pay
the money.

The hackers will rewrite the whole game if they have to, to make it free. It
might take a little longer for them to release it...but can you honestly name
a single game that hasn't been cracked?

~~~
ericbb
From the article:

    
    
      Edit 2: One quick question for the "Anything can be cracked
      right away." crowd. Where do I get my cracked copy of World
      of Warcraft that can play the real game (not some cobbled
      together emulation server) without paying. Answer: You can't.

~~~
vaksel
of course you can't play on Blizzard's servers...but you can still play on
emulation servers.

And WoW is a web only game. Non-web games don't suffer from that.

------
mambodog
Jeez guys, have none of you ever played a ROM on an emulator? You know how
they save and resume? By taking a snapshot of the RAM and restoring it later
on. Sure, its not great to have to take a snapshot of the 2gb+ of memory being
used at runtime by a modern AAA game, but it wouldn't be hard to work out what
is just content (textures, geometry, sound), and what are the variables
(player location, progress, etc) and just save/load that. And that's only if
its too much work to emulate the back-and-forth with the DRM server. And even
that is only if its too hard to patch those functions out.

All these people talking about 'significant portions of the game running on
the server'... are you serious? Do you realise how fast game engines run?
People have enough trouble putting up with the lag on multiplayer games with
relatively few actors/entities, running on dedicated servers. If this were
truly the case, single player games would also be susceptible to lag, not to
mention the amount of load of millions of players' AI routines running on
Ubisoft's servers. Damn.

No, this will be cracked, patched or emulated, and the only people negatively
effected will be legitimate customers. I'd say that would be the exact
opposite of the system 'working'.

~~~
danparsonson
> it wouldn't be hard to work out what is just content (textures, geometry,
> sound), and what are the variables (player location, progress, etc) and just
> save/load that

As the saying goes - I'd love to see you try it!

In order to capture the state of a running application in such a way that it
can later be restored, you need, not only the memory contents, but also the
processor state. Imagine that the app is in the middle of modifying an in-
memory data structure: the variables used while doing that (e.g. loop
counters) will likely be stored on the stack and/or in processor registers.
Just as an example!

Even assuming you could accurately pause an application and capture its state
completely, how do you propose restarting it? You'd need to reinitialise all
the external stuff (graphics device, sound, file handles, etc.), then start
the application code at exactly the right instruction.

Maybe installing some sort of hypervisor underneath the OS would allow these
things? Good luck :-)

Emulators can do all this with impunity because they're virtual machines - a
computer running within a computer. The emulator always has complete control
over the memory and (virtual) processor state, display, sound devices, etc.,
and saving/loading that state is therefore much easier.

~~~
jcl
It's not that outlandish of a proposal. The application does not need to be
savable at all times; it just needs to be savable at _some_ point, which could
be a point when the game state is particularly easy to capture. For example,
most applications can go into a minimized background state where almost no
code is running and nothing is loaded in the graphics card.

------
jasonkester
You missed Option 4, which is what will actually happen:

4\. Make it easy to set up your own local game server and alter the hosts file
on your machine to point to it.

That is dead easy to do. I actually did it for the game FantasticContraption,
not to steal it (it's well worth ten bucks. go try it:
<http://www.fantasticcontraption.com/>), but because their server is so
hopelessly overloaded at peak times that the game is unplayable.

Sniff network traffic with Fiddler or similar, construct a simple webapp to
mimic what's needed (which for this game would only involve storing what
you're given and handing it back when asked for it), and run it on localhost.
Sorted.

It'll end up the same as every other copy-protection scheme: An annoyance for
paying customers, no sweat for pirates. I suspect legitimate paying customers
will be running their own servers too.

~~~
jvdh
While I agree that this is probably what will happen, it is probably not going
be as easy as you make it seem. There is a very good chance that in this case
the entire conversation with the server will be encrypted. In order to emulate
this, the encryption will have to be broken. That's hard enough as it is, and
you also don't really know what the plaintext is.

~~~
tptacek
Many of the major game protocols are not only encrypted, but are extremely
complex and irregular. They're absolutely no fun to reverse.

~~~
pyre
Though it's sad that the 'extremely complex and irregular' part is probably
_not_ by design, but due to haphazardly adding features just to push out a
product.

~~~
tptacek
In a couple cases, I know that to be the truth. You're basically looking at
the results of getting PC LAN developers to implement Internet protocols, and
getting Win32 systems programmers to implement encryption.

------
cabalamat
The solution to onerous DRM is: just don't buy any product using it. No-one
needs to buy Assassin's Creed II; there are plenty of other computer games out
there.

~~~
tptacek
That's a valid point but it dodges the thrust of the post, which is that
piracy is pushing the industry in this direction --- this is a mainstream
title from a mainstream vendor that is making a clear and visible usability
concession to protect the new release window from pirates.

Most users probably won't care (remember that we're a disproportionately vocal
minority --- or, you are; my job is to make these titles worse for you, and I
don't ever play video games), and vendors are going to get users to adapt to
concessions like this.

~~~
rbranson
What's funny is that they're making it more convenient to play the pirated
version than the legit version. The more invasive DRM you force on your legit
users, the more they're going to look for workarounds online and fuel piracy.

~~~
stcredzero
Why is more pervasive DRM necessarily more of an inconvenience for the user?
It will be an inconvenience for an unfortunate minority, but a well designed
and executed system could well be unnoticed by most.

I only notice Apple's DRM in iTunes when I have to de-authorize an old
computer or authorize a new one, which is only once or twice a year at most.

~~~
_delirium
It depends on how common the minority is, yeah. In the days where DRM required
you to insert the original game disc to verify it, a lot of legitimate
purchasers of games got cracked copies too just to avoid the hassle of having
to swap CDs. With the internet-based DRM, I think it depends on how many
gamers have flaky internet connections, or play on laptops at places where
there's no internet (e.g. on most trains, buses, and planes).

~~~
stcredzero
A lot of that can be addressed by making the connection a bit more "robust." A
lot of people who play on trains and buses can could be accommodated by having
24 hours to authenticate.

------
pvg
The premise is inaccurate - the game allows you to save games locally. You
still have to be online but local storage of the save games is a selectable
option.

------
JeffL
Or you could just disable the save game feature and then run it inside a
virtual windows machine where you just save the state of the machine. =)

~~~
pvg
It's a 'checkpoint' system. Save game or not, the game is constantly checking
with Ubisoft's servers - if it can't talk to them it just boots you out. The
save thing is a bit of a red herring.

~~~
pyre
How does that work though? Can't the points where that check is called just be
hex-edited to NOOP in the binary? The point of the article was that taking
non-trivial portions of the game logic out of the game and pushing them to the
server makes it harder to crack the system. Unless the game is constantly
getting information from Ubisoft's servers that it needs to function (i.e.
save-game logic, AI logic, etc), then the "verify with the server" code can
just be ignored in a hacked binary.

------
jeff18
I believe that the article is overestimating how hard it will be to reverse
engineer the save game code and is fallaciously assuming that crackers will
need to maintain a public facing internet server for people to use.

a) You don't need to maintain a public facing save game server -- you simply
need to have a local server running at localhost:31337. A successful crack
will have this running transparently as you run the game.

b) Many companies entire purpose is to provide "uncrackable" DRM. AFAIK, all
of these companies' solutions have failed. Often before the games even
publicly ship.

I mean, at the very least, a script kiddie will naively crack the protocol and
manually generate save files from each of the levels, so that you can play the
game one area at a time. I am confident that it will be properly cracked
though. Or as someone else on HN mentioned: you could ship the crack with a
light virtual machine and just save states of the entire VM.

There is a huge incentive to crack the game, both monetarily for pirates who
will be reselling the game, as well as for the huge prestige for cracking
groups. I am not aware of any high-profile game that has not been cracked
within a week of release, if not days.

------
samd
Here's a solution no one seems to consider: make video games cheaper. $50-$60
is an outrageously high price for a game, especially when most of them are of
forgettable quality. The people over at Valve/Steam have been saying the same
thing, and they would know, they see the sales numbers; cutting prices for
their weekend deals greatly increase sales. If companies brought game prices
down to a reasonable level, say $20-$30, I bet a significant amount of
piraters would start buying games. The music industry is struggling to learn
the same lesson, but iTunes and streaming services have shown that making
content accessible and cheap means people stop pirating.

~~~
gommm
Maybe, but on the other hand, on the app store where games are really
inexpensive there is still a lot of piracy and a lot of developers can't make
end meet because their price is too low...

So, I'm not convinced that making video games cheaper is the answer...

~~~
samd
Well obviously pricing them too low won't make you any money. There is a big
difference between 25 dollars and 99 cents.

~~~
gommm
Yes, but that's not my only point, the other problem is that piracy is as
widespread it seems for 3$ iphone games than for 50$ games... So the argument
that lowering prices reduces the number of pirates seems a little bit
optimistic to me.

OT: For rick888, below: it seems that all your comments are marked as dead...
which is a pity because from reading your past comments I can't figure why
you'd be banned... You should try to contact pg over that.

------
lutorm
X3 Terran Conflict had an annoying, disruptive DRM that only allowed you to
install the game 5 times _and_ would count any significant change in hardware
config as a new machine. When I got more memory and had to return them, plus
reinstalled my OS, I used up 4/5 in the first two weeks.

Normally, I wouldn't touch this with a five-foot pole, given that it puts me
at the mercy of them having their servers up to give me a new license just to
play my own game. But they did something really reasonable:

After 9 months or so, they released a patch to remove the DRM.

That seems like a reasonable compromise to me.

------
NathanKP
From the comments on the article:

 _"Also, you don't hold onto your saved games anymore. They do."

I'm surprised at how many people are making this mistake. Straight from the
FAQ: "Will all my saved games be stored online? Yes! They will be stored both
online and on your PC." \-- <http://support.uk.ubi.com/online-services-
platform/>

That, right there, is why the system will fail. The DRM will be cracked within
a week of release._

------
jsz0
Everyone hates DRM but I feel like we're not giving the pirates enough blame
here. My unscientific conclusion judging from BT sites is PC game piracy is
really off the charts these days. A new PC game release often blows away
popular TV shows and movies in seeders/leechers. I have some sympathy for the
game makers here. If you're already facing declining PC sales and you're
releasing a console port months after the initial console release the piracy
factor could make a huge difference. I feel like anyone who doesn't like this
DRM scheme needs to talk to their friends/family who pirate PC games and
explain to them how much they're screwing up the industry for everyone. DRM
isn't effective and just ends up punishing honest customers but those honest
customers may have to face the reality that they just won't be getting nearly
as many PC games in the future if this trend of massive piracy continues. DRM
_and_ PC pirates are the enemies here.

------
martinp
Somewhat informative article, but I disagree with the conclusion. Assassins
Creed 2 isn't going to be the best game ever, it's not even an original game,
just another sequel. So it's not like people are going to buy it no matter
what kind of crazy DRM they must suffer through. I imagine that Ubisoft will
loose a lot customers because of this decision.

~~~
alextgordon
This is a test on Ubisoft's part. They're testing how the crackers, pirates
and market react. I'm sure if they make significantly less money than expected
they'll scrap the idea. On the other hand if they make _more_ money, they'll
roll it out to future releases.

My guess is that they'll make less money. Even if a some people buy the game
instead of pirating it, the abysmal reviews on Amazon will have a stronger
effect.

~~~
Avshalom
> I'm sure if they make significantly less money than expected they'll scrap
> the idea.

OR they'll still blame piracy and try to make it even harder. until it's
nothing more than a streaming webcam pointed at a TV playing it on an xbox.

~~~
nitrogen
Those days are probably just around the corner. At least one company is trying
to make 1080p streamed games playable. They could install beefy compute
servers with 8 video cards per machine in ISP local offices to deal with
latency issues.

------
invisible
What would probably work best is just allowing 200 installs per key (any more
requires calling and pleading). Also, every 5 minutes the game sends something
to the server and uses SSL to ensure it's communicating with the right server.
This seems like an overly simple problem that isn't being approached right.

------
lmkg
The author seems to assume that being hard to crack will be a discouragement.
The people cracking games are _hackers_. For a significant chunk of them, the
game being difficult gives the draw of being an interesting challenge, as well
as a way of getting street cred in the cracking community.

------
fbu
Does anybody have any idea how long it took for pirate WOW servers to be
running ?

IMO, most game will go towards becoming MMOG or be played online anyway,
people will just get craftier at having pirate servers running.

~~~
noarchy
People were running private WoW servers as early as beta, but it really took
off after the game went live.

------
teamonkey
In Assassin's 2 save games aren't exclusively online. They're synced to
Ubisoft's servers but they're not exclusively online. You can even opt out of
syncing them so that they're always local to your PC. The net connection is
still required though.

However Jeff vogel's conclusion is still valid:

"But they are engaged in a grand experiment. They are seeing if an adequately
pirate-proof game can make money. Will keeping cracked copies off the Torrents
for a month make extra sales? And enough extra sales to make writing PC games
worthwhile?"

------
marilyn
The people behind DRM don't seem to get what they are dealing with. The people
who pirate/steal their products are not making a choice between buying the
product or stealing it, they are choosing between stealing it or not having it
at all. DRM, specially of this invasive variety punishes the valid customers
who pay good money for the product, while trying to combat the folks whose
money the company will never see.

------
keefe
Nice article overall, however... "2. Trick the Ubisoft servers into believing
you have a legit copy, so that they will let you save your game." I haven't
got a clue what exactly their mechanism is, but I believe that this is a
solved problem in cryptography which should be intractably hard to solve if
implemented properly.

------
rmorrison
This would be one example where the DRY coding principle would backfire on
them, at least for their purposes. If all of the Game Saving code funnels to
one function, then the hackers may be able to relatively easily find and break
just that function, and consequently the entire DRM.

------
lhorie

      1. Make your own, free saved game server and alter the application code to use it.
    
      This means a lot of work and expense, both to duplicate Ubisoft's game saving code and to set up and maintain the servers. Won't happen.
    

Ragnarok Online private servers anyone?

------
Groxx
This will "probably work" just like MMORPG's "probably don't get pirated".

But have you _seen_ how many 3rd-party hosts there are for many MMORPGs, some
built by hand to mimic the original servers? Requiring a server connection
does not stop piracy, it just annoys people.

------
snitko
Honestly, I believe people shouldn't be pirating videogames at all. And most
gamers actually don't. So nobody's going to hate them. On the other hand, I
think no one's planning to do the same thing for MS Office in the nearest
future, that would be insane.

~~~
henrikschroder
Do you have anything to back up that statement? The article says that 90% of
all copies of popular games are pirated, but he also doesn't back it up.

However, it's important to always remember that a pirated copy doesn't equal a
lost sale. Many people download a game, but never install it or play it.
Others download and play it, but if they couldn't have downloaded it, they
would never have played it. And finally, there's a percentage of downloaders
that would have bought it if they hadn't gotten a pirated version first.

It will be interesting if this experiment by Ubisoft can determine how large
that percentage is. It's definitely not 100%, and it's definitely not 0%. I
would guess that it's a single-digit percentage of the people that would
normally pirate a game that could go and buy it instead.

However, this new DRM is so vile, that they will also lose sales on it, and I
wonder if the sales they gain from delaying the pirating of it is larger than
the sales they lose from having a horrible DRM.

~~~
teamonkey
The 90% figure is based on the scant amount of information released by a few
indie studios.

[http://www.joystiq.com/2008/11/13/world-of-goo-
has-90-piracy...](http://www.joystiq.com/2008/11/13/world-of-goo-
has-90-piracy-rate/)

------
sdfghbvc
I wonder if they turn off, or downgrade to the point of unusable, the servers
the day that Assasin's Creed III is launched?

They wouldn't do that would they?

~~~
wmf
Some game companies have already turned off servers for their older games.
It's not a question of whether this will happen but when, especially when the
service is provided for free.

~~~
sdfghbvc
For free ?

I paid $80 for a game and they turn it off when they have a more profitable
replacement.

------
TheTarquin
You want an anti-pirate system that will work? That's easy, we've had a
working system for centuries!

You hang 'em from the yardarm as a warning to others, and then you burn their
ships to the water line.

Pardon? Oh, you mean the OTHER kind of piracy.

~~~
TheTarquin
So, out of curiosity, down-voted because it wasn't funny, or because jokes
aren't encouraged?

~~~
wmf
Probably a little of both.

