Hacker News new | past | comments | ask | show | jobs | submit login
Keeping the Pirates at Bay (gamasutra.com)
44 points by ssp on Feb 28, 2010 | hide | past | favorite | 48 comments



More recently, the developers of the iPhone game BloodnGuns built an anti-piracy level that would only be seen by those playing a cracked version. It placed the player in an arena with a never-ending wave of killer chickens armed only with the weakest weapon and no way to advance.

The forum posts went like: "Hi I can’t seem to get past the first level. I’m too slow. Only a pistol. Too many chickens. Any help with that? Suggestions?" It was great.


Well, a few people probably bothered with the forums. Everyone else just figured that the game sucked, and made a mental note to never buy (or pirate) your games again. And they told their friends.


They probably aren't very inclined to buy games in the first place, though I do think they should be made aware they are using a crippled or demo version.


And that's great - the less demand there is from the illegitimate users the less compelled the cracker are to crack.


They should have made it a pirate level where pirates with eyepatches steal your points.


The thing that struck me was that there was not a word about sales figures in this article. Yes, it seems they gave the pirates a hard time with their DRM. However, I think it is fairly obvious that those pirates had little to no interest in actually playing the game. They just like breaking DRM, that part is the fun for them.

I think it is also obvious that people who got the game from these DRM-crackers, and actually did want to play it, would not have ever paid for it. Even if the DRM was perfect, would sales have gone up? In all that time people were waiting for a successful crack, how many people gave up on pirating and bought the game? I'm betting the numbers were ludicrously small.

The developers would have been better off not spending any money whatsoever developing this copy protection. Unless they can provide evidence of a large increase in sales, I call BS. All they did was spend money developing a free game of "crack the DRM" to a bunch of nerds.


"I think it is also obvious that people who got the game from these DRM-crackers, and actually did want to play it, would not have ever paid for it."

You expect sales figures yet you say it's "obvious" that people that got the game from DRM crackers would never pay for it? Where are your facts to back this up? Do you really have any proof beyond a blanket statement?

"The developers would have been better off not spending any money whatsoever developing this copy protection. Unless they can provide evidence of a large increase in sales, I call BS. All they did was spend money developing a free game of "crack the DRM" to a bunch of nerds."

Right. We see how well that works. You seem to forget that DRM was created only recently, in response to mass piracy.

You would think that people would take the hint and stop pirating games. If this happened, schemes like DRM would start to disappear because companies would not want to waste the effort or the money.

The next step for game developers is software as a service, which has already started to happen.


Right. We see how well that works.

You need to research Eclipse Phase, the RPG.

Scratch that, your ignorance is startling.


"You need to research Eclipse Phase, the RPG.

Scratch that, your ignorance is startling."

How so? Because you don't agree with me and the only thing you can attempt to do to silence me is to call me ignorant?

DRM did not exist during the Napster days. This is a fact. Piracy was rampant during this time. The industry didn't make the right decision by trying to sue everyone that shared a song, but people have no right to complain when companies smarten up and start adding more and more protection.

you have given me one example of one game that may or may not even add anything to our discussion.

Think of it this way: Do you actually think game companies want to add more protection to their games? It adds more complications, costs more money, and many times increases development time.

I don't believe that piracy is stealing. It's counterfeiting, which is much worse than theft. If Toshiba starts getting televisions stolen, their product value isn't really effected by that one product that is stolen (they can always sell more at the original price and people won't expect it to pay less). However, if a company's product is shared on the Internet, It can eventually destroy the product line. Not only that, if it has a virus or the crack doesn't work properly it can and will make the original developers look bad. Also, people start to expect that the software will be free in the future.

Everything digital is only worth what people are willing to pay. If most people can do a simple Google search and find your product for $0, less people will be willing to actually pay for it, devaluing your product over time. It's funny how so many people say piracy has no direct relation to sales yet when I disable a crack that I found for any app I am selling, my sales increases by 15-20% (and sales decrease over time when more and more cracks are available). I have heard this from other software developers.


> Do you actually think game companies want to add more protection to their games?

Depends. DRM allows companies to do things like region-coding (i.e. market segregation) and also to do things like make a product obsolete, forcing the user to buy an upgrade to continue to use the product (i.e. combat 'abandonware' or 'emulator' movements that try to keep old games around; b/c then you can sell back the same product to people multiple times).


But how do you reconcile the fact that DRM only affects paying customers, such as AC2's need for a constant internet connection or Spore's original maximum installations, where pirates can easily just install the crack and not worry about the DRM?


"But how do you reconcile the fact that DRM only affects paying customers, such as AC2's need for a constant internet connection or Spore's original maximum installations, where pirates can easily just install the crack and not worry about the DRM?"

Criminals can get guns illegally. Would you say that because it's so difficult for the average, law-abiding citizen to get a gun, that we should remove all the restrictions?

Yes, it affects paying customers, but it's a result of the actions of the pirates. It's a vicious cycle that's not going to stop until:

1) The pirates stop sharing and cracking illegal software 2) The company finds a way to completely protect their software

AC2 is on the right track. They are releasing it as a service/app hybrid. Eventually, all games will be this way.


I know nothing of this field. What is the story with Eclipse Phase?


Eclipse Phase is a roleplaying game that is the first (AFAIK) to come under the Creative Commons license.

They seed their own torrent for the PDF.

They still sell well at $50 dollars, when the average cost of a RPG book is 20-40.


Eclipse Phase is a roleplaying game that is the first (AFAIK) to come under the Creative Commons license.

They seed their own torrent for the PDF.

They still sell well at $50 dollars, when the average cost of a RPG book is 20-40."

Eclipse Phase is a pen and paper RPG. Although they do torrent the PDF, I would think that using a PDF is tedious for most people, which is why they sell the hard copy for $59.99. I'm the same way with computer books. I would rather have a hard copy.

How can you even compare this to an actual game, which would not be able to sell a book?

I also see a comment where you said they are making money. How do you know? The books say "sold out". But this doesn't actually tell us how much money this company made from these books.


A sales manager told me once that you can see the day a game got cracked in the sales charts because sales drop afterward that much. But well, purely anecdotal, I've not seen the charts myself and that was also 10 years ago.


Sales figures are a closely guarded secret. Today, rough (monthly) console sales figures in the US are published, but not PC games, digital downloads etc.

I don't think that there should be any obligation for the publisher to release sales figures. However, without some hard figures it's really difficult to make any sort of judgement about whether DRM (and a crack) actually affects sales or not.


Note: This is a PlayStation game!

It's a key fact which you have to keep in mind when reading this article and considering it for use on PCs. Console copy protection is today important, but not critical as PC copy protection is. Chances are, this protection would have been instantly defeated on a reasonably high-profile PC game.


That's quite an assertion - care to back it up with your reasons?

FWIW I've written similar "time bomb" crack prevention techniques that were used in a couple of reasonably high-profile PC games (e.g. 500k to several million copies sold).

Some of the strategies were inspired by this article when it was originally published in gdmag, others were based on certain benefits of being a PC title. What helped a lot was that we had a surprisingly sensible publisher who acknowledged that safe disc prevention was (at the time, I'm not sure about now) virtually worthless and allowed us to ship without it. This gave us the benefit of knowing ahead of time the hashes for various areas of our binary and being able to use and layer those into different checks.

While non of these were crack-proof (or even close to it!) they did serve their purpose and prevent any zero-day or launch window warez releases - which as the author states in this article is about the best you can really hope for.


I always wanted to ask this to someone who makes the games/protections: do you take into consideration the sales lost because of the protection? I know about games from friends mostly - if I can see it, I may be inclined to buy it. That's the only reason for me to buy the game really, as I don't follow the gaming news at all. Naturally they have illegal copies sometimes - that means if the protection is good, they cannot show me the game, or show me only something that suddenly breaks down (because of protection). That means I'm not going to be impressed by the game and will never want to have it myself.

Example: I never bought Settlers (2? 3? - the one that exchanged production of pigs and gold when you were playing a copy) - I've seen it and thought it's just so buggy it's not worth getting. Learnt about the copy protection a lot later.

I know many people who buy games this way - mostly grownups who want to have some fun once in a while but aren't interested in gaming every day. They also earn and spend their own money, so usually they're more ok with buying a good game than teens who need to request it from parents / buy for allowance / ....

I've always seen advanced copy protection as games producers shooting themselves in the foot. But maybe I'm just not part of the market that makes a difference for producers. Do you remember if this was an issue at all?


To be honest no.

While there may be people who buy the game after being able to sample it, there are far more who would happily pirate a game and never look back. Of course, it's foolish to equate every pirated copy as lost sale (as the RIAA/MPAA do), but I do believe many titles lose a respectable number of sales through piracy.

It is important to ensure that any anti-piracy measure that affect gameplay can be identified as such and not as bugs. This can be difficult to do in the game since providing messages/warnings gives crackers a place to begin backtracking, so at least on my games we would carefully seed FAQs message/boards with questions/answers that if X occurred it was because you were running a pirated copy.

As a developer my bigger concern, both at the time and ongoing, is ensuring that any demo we release is produced in a manner that's both expedient and forward looking. If you go back 5+ years it was fairly standard for developers to release demos way in advance of a retail release - infact far enough in advance that it was possible to make changes to the final game based on feedback/metrics from the demo version.

This practice now seems to have all but died. Many games never release a demo, and games that do have a demo version often wait until after the retail version hits the shops to release it. I think that's a real shame and driven largely by fear of possibly bad press for games that need to recoup multi-million dollar investments.


The crack protection described in the article was based on the game code being modified... most PC games these days don't need to be modified to be pirated, they are just duplicated accurately enough to appear identical to the original media (usually through drive emulation, ie. daemon-tools). Additionally, modern copy protection also usually incorporates a black list of drive emulation utilities, but these have always been circumvented by pirates. When a new copy-protection tech comes out it often takes a few months to be overcome (eg. starforce) but it is not feasible to bring out new copy protection tech for every game, so if its 'off-the-shelf' chances are its as good as cracked.


Perhaps approaching gaming as a streamed service in the manner proposed by OnLIVE (http://www.onlive.com/) could be a viable means of reducing piracy. It seems possible for a sizeable games publisher to move to a subscription based business model.


Except games can't and will never be run off-site as a service - the technical capabilities for OnLIVE are not and will never be available in the US.

More and more games will be moved to models that require a persistent internet connection though - the article does a good job of pointing out that winning the battle for just two months is nearly "good enough".


It's very do-able today. The key is just having the server located close enough for latency to not be a problem. ISP partnering would be their best bet. Run the service and let ISPs resell it -- locate the servers in their headends/datacenters. If you traceroute something and look at your first few hops it's easy to see how it would work. <10-20MS should be fine.


I don't think there are technical limitations holding this back. You can already get the necessary low-latency video encoding as open-source software, even: http://x264dev.multimedia.cx/?p=249

Gaikai seems to have pretty good business model to make it happen, too - better than OnLive anyway.


It's difficult to look at the computer world, the rise of the internet, and onlive itself and not see that games are really no different than other aspects of computing, which have already migrated to the cloud...

How many "nevers" have been obliterated by advancements in technology?


I saw Steve Perlman give a pretty impressive demo at MIT this fall.

In the computer world, never say never.


For a more recent example of this technique, see Batman: Arkham Asylum

http://www.neowin.net/news/deliberate-glitch-foils-batman-ar...

"It's not a bug in the game's code, it's a bug in your moral code."


Interesting despite its age, but the title needs (2001).


Methods used by Skype to protect its integrity is described in presentation by Philippe Biondi and Fabrice Desclaux: http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-...

Definitely worth reading - actually the integrity tests consume more CPU than VoIP itself.


This reminds me of Cubase 3 (software for music production). In 2005 the scene group H2O needed 1500 manhours for cracking it, from their NFO (iNFO notice from the scene group about the release) for Steinberg.Cubase.SX.v3.0.2.623:

   H2O does it again.........!!!

   Although everybody thought that Syncrosoft and Steinberg
   had found the ultimate protection, we prove otherwise.

   We admit that it's getting harder and harder to do and
   this one may possibly be the last one we do.

   Due to the complex nature of the protection we thought
   of approaching it from another direction.

   The Emulation is now done on driver-level, which means
   that the Emu essentially mimics a dongle, look in the
   License Control Center to view the applications the Emu
   supports. By writing the Emu at driver-level we probably
   went beyond cracking an application. The amount of
   effort invested in this project is staggering, estimated
   at over 1500 manhours during cracking, developing &
   testing, and probably will never be done again.

   (...)

   Note to protection coders:
   Unbelievable way you transform an application. We
   estimate that between 30% & 40% of the application are
   wrapped in the script protection. Protection is one
   thing but this surely effects an application
   performance. You probably could get a performance gain
   of 50% without the protection!!
NFO for Steinberg.Cubase.SX.v3.1.1.944 has more details on the way the protection works and its impact on performance:

   Note to Steinberg/End-Users:
   It seems that our prior Release Note stirred something
   in the Audio Community (Yes, we can read). To get some
   of the facts straight we're going to reveal some
   secrets about the copy protection itself, and why we
   stated that it severely impacts performance.

   Info from Syncrosoft website:
   [QUOTE] "Syncrosoft's protection solution is different
   from mainstream software copy protection methods. It is
   based on a secure executer, the eLicenser, and the
   patented MCFACT technology"
   "At runtime, the transformed program code does not
   reveal its semantics. The eLicenser's crypto-services
   are called from time to time by the transformed program
   code."
   "The transformed program code is represented as tables
   in the computers memory. An adversary can not reverse-
   engineer or debug the tables, because a reverse
   transformation from the tables to original program code
   is not feasible. If the tables are manipulated, the
   transformed program code will crash or produce invalid
   results."[ENDQUOTE]

   So it's not crackable?...

   Now here is the explanation for what really goes on:
   Transformation is based on replacing ordinary machine
   code into tables representing results from calculations

   Example: Adding 2 numbers.

   Normal machine-code would look something like:

   Add eax, ebx

   This will take 1 CPU cycle to execute.

   Now comes MCFACT:

   1) Transform the first number into a table
   2) Transform the second number into a table
   3) Do allot of manipulation of these tables
   4) More manipulation
   5) Transform the Tables back to the numbers
   6) Add the 2 numbers

   This entire piece takes up hundreds of machine code
   lines and a lot of loops inside this code...estimated
   CPU-cycles <insert number greater than 1 here> No
   performance loss? We don't think so..........

   And this code runs all the time!!......The dongle in
   fact is only called 1 out of 10 times inside these
   scripts.........

   A good example is the protection build in the midi-
   part. This is entirely wrapped in the script-crap. Try
   moving a note and swirl it around.....you should notice
   a sluggishness in the movement.

   In fact u will notice an improvement in version 3.1
   prior to the 3.0 release. This is not due to
   improvements made by Steinberg (the midi-engine is
   still the same) but improvements made by Syncrosoft!
   (They optimized the script engine)!!!!!!!

   To give the end user some peace of mind: the scripts
   aren't built into the real-time audio-engine.....this
   is impossible because of the performance loss u would
   have from the MCFACT.


Are there any research that indicates that presence or absence of copy protection has any effect on sales?


All the major games publishers do it but they don't make the results public.


How can you measure that? You can't make a grand premiere of the same game with and without protection.


"If YOTD follows the same trend, as it almost certainly will, those two to three months when pirated versions were unavailable must have reduced the overall level and impact of piracy"

Don't they know for sure? What a wasted opportunity.


How would you do the experiment?


I guess it's impossible to create a real test, but at least they should have some numbers? I don't know enough about the gaming industry. Maybe if it sells well, it could either be because it is one of the rare hit items, or because of the reduced piracy. Or maybe they could see some obvious deviation from the sales of "normal" games.


Is "keeping the pirates at bay" really really worth the effort, heartache, and whatever you didn't go (opportunity cost) because you were working on "protection" from something that will happen anyway?

If so, does the rest of society agree with having this cost imposed on them? I personally never play these games anyway, so I don't care about the problems with the games that arise from you guys spending your best effort on copy-protection, but I do care if you want me to finance your idiocy via draconian copyright laws.


It is ironic that so much development time went into features designed for people that didn't pay for it. If they used the time (and skill) to make their game better, maybe more people would have bought it?

(The computing landscape has also changed significantly since 2001. With hardware support for virtualization, techniques like debugger detection just don't work. The attacker can make his computer behave however he wants, at a level far beyond your control.)

It's probably best to just ignore piracy, because your game is going to be pirated no matter how advanced you think your protection is. Remember, people take their xboxes into expensive microprocessor fabs and use electron microscopes to figure out how to bypass the piracy detection. And, there is only one of you, but millions of people with plenty of time to spare that want to break your copy protection just to spite you. You are going to lose, so why even waste your time? The only people hurt by piracy protection are you and your users -- and that's a pretty silly demographic to try and hurt.

If your game is good, plenty of people will pay for it. Don't worry about the pirates; they wouldn't have bought your game anyway.


Uh, they addressed that in the article, they didn't use much development time on this. One guy for three weeks to develop it, and extra testing time (unspecified) for making sure it worked, and some extra debugging time for everyone until they learned how to work with it.

To me, that sounds perfectly reasonable. They didn't cripple the game for legitimate customers, and they managed to slow down the cracking of the game by two months, and it only cost a tiny fraction of the total budget.

If they used the time (and skill) to make their game better, maybe more people would have bought it?

I doubt it. First off, the work used for their protection wouldn't have added much to the game, because it was so little work compared to the whole. Second, the type of people that sometimes pirate games and sometimes buy games wouldn't be swayed by the quality of the game. If you already pirated the game, well, you have it. Even if you thought it was excellent, going out and buying it after you completed it to reward the developers is too much trouble.

But, if everyone says the game is great, and it's not easily available in a pirated version, then those same people might go buy it instead.

And I think the group of people that would buy it if they couldn't pirate it is larger than the group of people who would buy it if it was good even though they pirated it.

But all of this is speculation anyway, it's so hard to actually know how well copy protection works, because there are a million factors that influence the sales of a particular game.


He said their goal was to slow them down, not stop them. Also their piracy protection didn't really hurt paying customers, while it massively decreased value to pirates (2 month delay).

There will be times if you go out of your way to screw pirates and it will be worth it, and other times it won't.


Also their piracy protection didn't really hurt paying customers

Except for the CPU and programmer resources that could be used for something else.


That doesn't hurt customers. If anything that just doesn't give customers as much as they could have. But if you read my (short) post you'd know about the cost/benefit aspect too.


I'm sure making your game suck if it detects a crack is annoying for the pirates, but it also means that most of the people who play crack versions of your game will just assume it sucks. That can't be good for its word of mouth.


You have to make it really obvious.

>Some people even thought it was funny when the fairy character, who normally offers players helpful advice, instead told them they were playing a modified game.

I found that hilarious.


Looks like the computer game of the future will be played by both gamers and developers: DRM.


So how long did it take for crack to come out? He mentions 2-3 months but he never says the actual time, or have I missed it?

Because he says they bypassed in a different way maybe it was only 2 weeks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: