DRM for online functions

[eRe4s3r]

It is not only possible, but it is easily possible, as in you can do it in 10 minutes if you got perl installed.*

1) Generate list of 5 to 10 billion serials with your base algo.
2) Produce formula based checks until you are left with your target serial amount, optimally 20 or 30 extra checks that narrow the serial field down to 100k or 200k valid serials which pass ALL checks.
3) For first release, you do not check the serial at all except whether it fits the base algorithm (without extra checks)
4) First patch introduces 1 new extra check to the serial (the same check you used in 2)
x) repeat until you used all checks
5) Profit (pirates positively annoyed)
Bonus points: You introduce degrading gameplay if a serial passed step 3 but not step 4, because there is no chance a typo could end up actually validating at all.

Your goal is not a protection that lasts for eternity, it only needs to last for the product cycle of highest patch rate and interest.

So you see, this is why I am kinda stumped as to the replies, even if you go not for the full length here, even marginal effort produces 90% secure serials. The 10% are when bought serials are spread, for that only blacklisting in the patcher works (which if you are pirate, means now you have to download cracked patches, which are a lot rarer). And yes, i don't give a damn (sorry) about people who got their serial stolen or gave it away. Those only got themselves to blame, but if they have legitimate proof of purchase you can give them a new serial, if it leaks again you know who leaks your game ;p

[KingIsaacLinksr]

So....if this is so great, why aren't more people/companies using it?

I'm expecting the other thing on your foot to drop is why I ask

[eRe4s3r]

If done right you would never know others are doing it. I can tell you most do not allow steam registrations of serials though so they don't need serials or use them just as a local annoyance ;p

But If I am evil and I'd say honestly, I'd say it's likely because developers don't think about this long enough to reach this point of thought. If you intend to make piracy mildly hard this is the easiest way there is. (And of course, it depends on whether you see a point in this or not to begin with). There is no real proof pirates that are annoyed by constant downloading patches have a trickle down to become a customer effect. But I would say any pirate who buys your game at some point, is a good pirate... you needn't make it so easy that they never think about it.

[doctorfrog]

I'd say it's because it started with only one developer, and he made a decision early on about not only the cycles that it would take to implement DRM, but also how he feels about DRM and how his customers probably feel about it. I'd say that he thought about DRM quite a bit, he just didn't get stuck on the implementation part of it.

[RCIX]

So you see, this is why I am kinda stumped as to the replies, even if you go not for the full length here, even marginal effort produces 90% secure serials. The 10% are when bought serials are spread, for that only blacklisting in the patcher works (which if you are pirate, means now you have to download cracked patches, which are a lot rarer). And yes, i don't give a damn (sorry) about people who got their serial stolen or gave it away. Those only got themselves to blame, but if they have legitimate proof of purchase you can give them a new serial, if it leaks again you know who leaks your game ;p

And then it's all pointless effort as someone just bypasses the key validation code...

[Hearteater]

The original context of his suggestion was to force pirates to do that, instead of just keygen codes.  Because 1) less people will download a hack to the executable that needs to be at minimum reapplied each patch, assuming it even works in the new patch, and 2) so keygen'd keys don't get created and registered on sites like Steam blocking the access of the customer who legitimately purchases that key at some later date.

[eRe4s3r]

Pretty much what Hearteater said. 

If they bypass the key code (which I have quite honestly, rarely seen done) then the system worked. They don't even go for legit serials but for bypassing them. And then, pirates can't register their serial, pirates can't get updates if it checks for serial AND Pirates don't drain your bandwidth..

Pirates still can get updates as warez, and this is not something we want to avoid. Because pirates who would go to that length are not gonna buy your game no matter what. I know for a fact that the only kind of release indy game patches get is very very delayed ALL-in-ONE installs (pre-patched and pre-cracked and all). But often weeks or months after the release of a patch

[Wingflier]

One of the things I respect the most about Arcen is that their games are DRM free.  I agree with Keith that Pirates are people who don't buy games regardless.

I mean look at Blizzard's recent policies as a great example.  Diablo 3 was the MOST pre-ordered single-player game EVER in Amazon.  There were already millions of people who were ready to buy the game even before launch.  Yet Blizzard thought it would be a good idea to make it online-only, have no support for modding, offline, or LAN play, and look how that turned out?  It became their most hated game ever - it forever tarnished the company's near-perfect reputation.  And 3 months later?  It's a ghost town.

Was it worth it?  They probably ended up losing more customers in the end.  Accounts got hacked, people were outraged, and Blizzard went through all that trouble for nothing.  What has it really accomplished?

The 5 CD-Keys required to play AI War are already a hassle enough.  I bought 4 copies of the game and all expansions so that my friends could always play with me, and everytime they install or reinstall the game, it's always a huge hassle giving them all the download links, then finding all the cd keys, then inputting them correctly into the boxes (if you copy-paste them twice, it says invalid key, but it looks like you just pasted it once), then making sure we're all on the same version etc. 

It doesn't sound like much, but when you've got 3 or 4 people playing with you, it can turn into an hour or more ordeal getting it all sorted out.  To put online DRM on top of that would probably make a lot of people just ignore the game completely, and rightly so.

[LaughingThesaurus]

I'm with Wingflier. DRM's not necessarily a dealbreaker for me, but it quickly becomes a huge pain. I don't want to have to sign in to the internet to play my games. In fact, as it stands, probably the only games I can play whenever I want to are Starcraft, AI War, AVWW, and Doom. Half of those are by Arcen and the other half are a million years old. So, if my internet's down for a day, you know who I'm going with, aye?
That does happen, as well. My internet's not the most reliable thing in the world... so when a game kicks me out because I was disconnected, or doesn't let me play when I can't get a fast enough connection, it just adds a little bit to the irritation factor. It also means I have to spend more time on console games which, at least for now, don't require me to be online to start em up.

It bugs me beyond belief when people (not people here) go and say "Well just get yourself better internet." We actually can't, and a lot of people can't. Online only stuff is inexcusable outside of the actual persistent-world MMO sorts of games.

...Basically what I'm saying is I don't want to lose half my library if Arcen went off the wall crazy with DRM. Any other alternative DRM is fine if it does not interfere with my playing of the game. If it means I have to verify even once a day, it's not worth it. Even Steam's annoying because of that.

[doctorfrog]

I mean look at Blizzard's recent policies as a great example.  Diablo 3 was the MOST pre-ordered single-player game EVER in Amazon.  There were already millions of people who were ready to buy the game even before launch.  Yet Blizzard thought it would be a good idea to make it online-only, have no support for modding, offline, or LAN play, and look how that turned out?  It became their most hated game ever - it forever tarnished the company's near-perfect reputation.  And 3 months later?  It's a ghost town.

Was it worth it?  They probably ended up losing more customers in the end.  Accounts got hacked, people were outraged, and Blizzard went through all that trouble for nothing.  What has it really accomplished?

I have no particular affection for Blizzard or their products, but I'm pretty sure you are greatly exaggerating the truth here.

- I don't know if there are any actual numbers to support whether D3 is their 'most hated game ever,' but I'd be willing to counter with an equally imaginary and probably equally true assertion that many of the 'haters' not only ponied up the cash for the game anyway, but also played the heck out of it and still do.

- With regard to their reputation, it probably only tarnished it in the eyes of the folks in the category described above, and these same folks probably also still bought and played the game, and probably will buy the next Blizzard game, grumbling all the way. When it comes to video games, loudmouthed naysayers will pretty often put their money where their mouth is... only long enough to preorder the game.

- I'll assume that the 'ghost town' you're referring to is the co-op form of play Because their actual 'dudes playing Diablo' metric is probably still really high.

- What has it accomplished? Alienating a few gamers, while confirming that locking down the controls Apple-style still rakes in the bucks.

Really, the polar opposite of the quiet, snickering pirate who never pays for anything is the bellowing franchise goon who always pays for everything.

My position: if it has DRM, I won't buy it unless it's super cheap and on Steam. If it's a really good game that I might want to play a second time, I'll just wait for a non-DRM version to come out. I'm a patient guy. I don't pay for subscriptions.

[KingIsaacLinksr]

@Doctorfrog. I raised quite a bit of hell over the game and yeah, it tarnished Blizzard's rep for me. I was thinking about getting Diablo 3, but when I heard about the DRM and Auction House, I decided other games deserved my time and money and never touched it. Diablo 3 is also making me reconsider getting Heart of the Swarm expansion when it comes out later. While I agree that those who were "hating" on it probably went and bought it, I'm sure the amount of people that didn't buy it isn't insignificant.

Blizzard also confirmed there are very few players playing the co-op experience compared to those playing by themselves.

While Diablo 3 certainly didn't mortally wound the company, if Blizzard continues to use these practices, they'll eventually find themselves without fans. Which seems like a strange tactic to use right now when WoW's population is falling at a rather rapid rate. You don't bring in new players by pissing them off.

Just saying.

[keith.lamothe]

I didn't buy D3 because of the DRM.

But I think they'll be able to stay viable and even growing even with those antics because most people don't care as long as they get their fun.  The shenanigans do get in the way of the fun, but not enough in the common case to jeopardize the business model.

[Minotaar]

While I can't deny that DRM, the auction house and everything those things imply made D3 much worse, I still feel like I've got my money's worth from that game, so I can't just put Blizzard in the same no-buy boat where EA and Ubisoft are hanging out for me  Though I'm probably not buying HotS anyway since I was only interested in multiplayer and I don't think I want to ladder anymore. It's been a fun 6 months with Wings of Liberty, though, for sure. 

I don't have as much of a problem with always-online personally, since I have pretty stable internet and there's always AI War to back me up , but if the DRM is actively annoying (ubi/EA) or makes the game itself worse (D3 got close, and I'm sure went over the line for many people, for this same reason I dislike F2P, since in both cases the company's concern for its wallet gets in the way of gameplay) then count me out. There's not enough time to play all the games anyway, might as well choose those that don't punish you for it 

[eRe4s3r]

Wow I give up on humanity in this forum.. at no point since page 1 are we talking about online DRM, or always on, or auction houses. In fact, if we take the topic literal neither is OP, he merely wanted to prevent patches to be downloaded by pirates and then used on an illegal game or for other online functions. Which costs Arcengames actual money.

This topic is about how Arcengames serials are insecure because a flat algorithm with no salt and no security added beyond that. How the patches and lobby doesn't check serial validity (or well, can't actually, because the serials do not allow it) and thus all warez copies can always update and how pirates have it even easier than customers because they have a keygen that patches their game and doesn't even require entering serials.

If the serials were even barely secure, we could unify expansion serials into 1 to make it not such a hassle. If you have all 5 expansions x4000 could even merge the 5 serials to make a unique "unlocks all up to this point" serial. But he can't. Because the serial system is not advanced enough for it.

So in a sense, the lack of proper serial security adds to our hassle (I am no fan of 4 serials to be entered either).

[RCIX]

at no point since page 1 are we talking about online DRM

Welcome to Arcen Games forum, and where the heck have you been for the last 3 years?

I was responding in general to why all this serial number generation mess was kinda pointless. In fact, I helped edit together a comprehensive list of why DRM on anything you install to a computer is flawed. The only way to implement effective DRM is to make core parts of your application function on remote servers so it's (mostly) pointless to try and crack the client. There's still an uphill battle figuring out which clients are hacked and not, but you limit the damage pirates can do. It's just kinda messy and not very achievable by anyone that's a small company.