Foobar's Rantpage
Intellectual diarrhoea by a fat penguin
Apr 25, 2024
Rants
- Overbalancing
- The Protagonist’s Family
- The failure of the Fallout 4 story
- A plea for systematic magic
- Thoughts on copy protection
- Myths about DRM
- A proposal for a better copy protection
- The Comfort Lie
- Why Depth Of Field Is Wrong
- SteamWorks = Closed Due To Wealth
- A glossary for younger gamers
What is...
Software
Search
A proposition for a new copy protection method
Motivation
Maybe you have read my documents foobar's thoughts on copy protection and Myths about DRM in which I state that copy protection (CP) does not really make any sense for protecting against software piracy and that DRM is only a way to take away the rights of gamers.
But I do not want just go of ranting about how bad all this is. Let me see if I can think of some copy protection that is better than what we currently have.
I do not really believe that CP can work but if we as gamers have to live with the delusions of some publishers then we perhaps we can find a solution that makes everybody happy. Well, except for the pirates, of course.
Requirements
The CP method must fulfill these requirements:
- anonymous (no personal information revealed)
- secure (not significantly worse than established CP methods)
- obstacle-free (game owners are not required to burden themselves with CP, like inserting DVDs or online activation)
- customer rights must not be curtailed (as in online activation, for example, where you effectively loose ownership of your game)
- rewards for paying customers (game owners should be rewarded for buying the game instead of being punished by burdensome CP mechanisms)
- image bonus (the publisher who uses this system shall be able to be proud of it and let the community celebrate him for it)
Components
This CP method does not introduce anything really new. Instead, we utilize methods that are already there but in a way that will hopefully rule out any problems of the other CP mechanisms.
Serial number
Serial numbers are a classic among the CP methods. Each individual game unit gets a unique number which you have to enter upon the start. To make sure that you cannot just enter anything, there is an algorithm which tells the game whether the serial is valid or not.
As long as this number is not verified online (which is a form of online activation that we don't want) the method is not very secure. A pirate only needs one working serial which can be easily distributed with the game in the internet. You can prevent that if later patches blacklist this number but crackers may create keygens that produce an almost infinite amount of valid serials. You can't blacklist those.
Hidden ingame checks
Some games not only do the CP check once at start but also within the game. For example, the game "Settlers III" uses such a CP. When the game thinks that you're a pirate it will seem to function normally at first. But during the play you stumble across technical problems. For example, iron smelters produce only pigs so you cannot forge any weapons. Or the game "Drakensang". There, quest relevant characters do not show up and you cannot leave some game areas.
These checks are used to make it more difficult for crackers. They make a crack that bypasses one check but the other will occur only later in the game. Then they have to crack that, too. And so on. They can't just release the crack because the game starts with it. They have to play through the game and look for blocks. That takes time.
In the form this is used nowadays, this is bad because the checks that the game performs are always ambiguous. They check the DVD in the drive. Now, a "DVD" isn't just a silverish disc with a diameter of 12cm. It is standardised. There is a specification and whatever fulfills this spec is a "DVD". Since any DVD fulfills the standard there is no way within this standard to recognise whether a DVD is a copy or an original. Hence, to check if the DVD in the drive is really the one that the publisher put in the box, the software must check for criteria outside the standard. But of course, DVD drives only guarantee defined behaviour within the standard. They cannot do things they were not built for. Therefore, there is no fail-safe way to check if a DVD (or CD for that matter) is an original. The drive may or may not give the software the answer it expects. But nonetheless, the software uses these undefined answers to determine if you're a pirate.
As you probably guessed by now, that means that there are a lot of false alerts. People with the original game DVD in the drive who are "detected" as pirates, play for hours and then get stuck in a "pirate-trap" in the game without knowing what is happing. That's a sure way to loose customers, if you ask me.
But we'll not have this problem in this approach. So you can just relax.
Concept
Ok, what is the idea? Simple:
- The publisher thinks of several algorithms for serial number verification. So we have the algorithms A[1], A[2], A[3], ..., A[n]. The algorithms must be independant from each other. So it must be guaranteed that knowing A[1] to A[i] does not allow you to correctly guess A[i+1].
- Each serial you put in a game's box passes all of these algorithms (an easy way to do this would be encryption against multiple keys). A serial S is valid if A[1](S) = A[2](S) = A[3](S) = ... = A[n](S) = true. Only valid serials are shipped with the game, of course.
- When the user starts the game he will be asked for the serial. Whatever he enters (let's call it s) is checked against A[1]. And only against A[1]. So if A[1](s) = true, the game continues. Otherwise, it prints an error message. This is important because it prevents the user from accidently typing the wrong number. If he makes a mistake, A[1] will notice and the game will tell him that the serial he entered was not correct.
- While the player plays the game, the serial he entered is checked against the other algorithms on several occasions. After the first hour, A[2] will check the serial. After two hours, it will be A[3], and so on. Every hour another algorithm. It does not has to be time-based you can also check on events within the game.
Whenever A[i](s) for 1 =< i =< n returns false, the game will activate a hidden trap and the player gets stuck. - Compromised serials (on the net) will be blacklisted via patches.
Explanation
And why is this better, you may ask? Think about it! The traps will almost never catch an innocent! Because you do not check something out of the standard, some "bad" software that can be used legally as well or some esoterical laser reflection guesses from the DVD drive. The only input for the algorithms is the serial you entered and that is unambiguous. It cannot be misinterpreted. The verification works with mathematical precision.
The legitimate owner will never run into a trap. Mistyped serials are catched at the beginning by A[1] and if that algorithm is chosen wisely it will be sufficient for such accidents. There is a theoretical possibility that a game owner mistypes the serial and coincidentally enters something that passes A[1] but fails later at some other A[i]. But if the algorithm A[1] is not selected poorly that will remain a theoretical possibility. With a probability bordering on certainty you can say that no legitimate customer will ever run into such a trap.
Because this CP is not linked with the original disc, you can easily create a backup (that is legal in Germany). It will work. No danger of loosing the original or the manual from which you will be asked something. Just write the serial right on the backup DVD and you have everything you need to play the game should you ever loose your original.
Security
Why is this any better than classical serial numbers? Well, when it comes to cracking all the benefits from such hidden check still apply. The cracker will still have to play through the entire game to look for block and that will still take him a lot of time.
If a serial is released on the net, the next patch will make it invalid and it won't work anymore. And you cannot simply adjust the crack or keygen until the game starts because that will not help with the other, hidden checks. Creating a keygen will be a lot of work because of these hidden checks.
Bonus
And now to really good part: This system allows the publisher to punish pirates and reward buyers at the very same time!
No one says that the publisher must include all these algorithms in the game right from the start. He can also put some of them aside and integrate them later with patches. So A[1] to A[j] are built into the release version. A[j+1] will be shipped with the first patch, A[j+2] with the second patch, and so on. These patches can also be used to update the serial blacklist. And if the patch provides some new content, too, almost anyone will want it.
For the buyer, this is perfectly safe and a reward (and no punishment like other CPs). He just gets bugfixes and also new content which enhances his game even more. For free and totally anonymous. His serial was designed to pass the additional checks (A[j+1]...A[n]) from the start so there is no danger of a false-positive for him. One satisfied customer there.
For the pirate, it's more difficult. Maybe he found a way to get the original game to work. For example:
- a keygen that creates serials which pass the checks
- a cracked game binary
- a working, correct serial from the internet
In case of 1, the game will not work with the patch anymore because the cracker who wrote the keygen never knew about the algorithms which were not included in the original game. The serials created by this keygen therefore will fail the test and the game stops working. The pirate is sad.
For the second case, you don't need to worry anyway. The game binary is overwritten with a new version. The old, cracked binary won't work with the new version of the game and the new binary must be cracked again, first. And because it contains checks that were not there before, the cracker can't just correct some offsets in his crack. He has to analyse the complete binary again. Meanwhile, the pirate is sad.
The third case is handled by the blacklist. All burned serials that can be found on the net will be blacklisted and the game won't work anymore. The pirate is sad.
The more patches with new content and new checks you churn out, the better. The content must not always be huge, maybe sometimes, just a cool Sword of Doom™ will suffice. The tactic is to demoralise the pirate because he either has to forfeit the bugfixes and cool new content or repeatedly spend a lot time looking for new cracks, keygens or serials.
Open door policy for pirates
Okay, now the pirate has a lot of work to do to play the game. He is frustrated. He wants to play the game and not search the net for cracks. Perhaps he thinks: "Damn, it will be a lot easier for me if I just buy the game." Now what? If he has to go to the next store in the morning or wait for the delivery of the online order, he'll have all night to find cracks. Bad.
But what if we pick him up at that frustrated point? How about we offer him an easy, safe and anonymous way back to light side? So why don't we provide a billable phone number? In Germany, we have a special 0900 dialing code for that. I think most countries have even if the prefix is different. So the pirate can just call 0900-555-4711, is charged with 30 euro on his phone bill and a computer voice (cheaper than real call-center agents) tells him a valid serial number to unlock the game. An easy, safe and anonymous way to get a serial. No reprovals, no questions asked. Just one customer more. According to the publishers, that's what they need, right?
So you should not only demoralise the pirates. That is only half of the rent and won't help much alone. You have to offer them alternatives that can compete with easy warez/crack downloading. People are lazy. Use that to your advantage. Offer the pirate a quick and easy (and safe) solution for his CP problems.
FAQ
Your system won't work! It will be cracked away like all the others!
True. But that does not seem to disturb the publishers when they use other CP methods. Anything can be cracked. I just wanted to propose a CP method that does not punish the customer for buying and which is not any worse than other CP methods in terms of security. It is not secure - but it is as secure as other CP methods. More was never intended or possible.
The pirate can just use a program that tries all possible serials until the game starts!
This is called a brute-force attack. And of course this is always possible. But does it make sense to try?
Keep in mind that the game checks the serial at start (which is necessary to handle mistyped serials by legitimate owners) but the fact that it accepts a serial at that point does not mean the number is correct. You have to generate numbers until the game starts with one. Then you have to play and at some time (let's say after 10 minutes) you reach a point where the next algorithm checks the serial. The number you generated will most likely not pass this test. Now you need to churn out numbers until the game starts and you don't get stuck at the 10-minute-mark. This repeats for the 20-minute-mark, the 40-minute-mark, and so on.
Let us assume that you have only 5 algorithms and use one every 20 minutes. Then you need at least 100 minutes to verify a serial. That will take a long, long time. And you cannot automatise the walk through the game. You really have to play yourself. Again and again and again...
But maybe you're a genius. Perhaps you discover a way to verify 10,000,000 serials per second. What then? Take a serial in the form XXXX-XXXX-XXXX-XXXX where every X represents an alphanumerical character. There are longer serials out there but this one will suffice to demonstrate what I want to show you. With this serial format, you have 36^16 possibilities (that's about an 8 followed by 24 zeros, a quadrillion in Germany, France and Britain, a septillion in the US).
If we postulate that there are 10 billion (british english: milliard, 10^9) correct serials equally spreaded among that 8 septillion possibilities (that's more than enough for every human being on the world) then you will have your first valid serial after averagely 800 trillion (10^12) tries. Even if you manage to make 10 mio. attempts per second you will still need 2.5 years to find just one valid serial. And in this time, your PC (even if it consumed only 50W of electrical power) would have wasted electricity worth well over 100 euro. It would have been cheaper for you if you simply had bought the game!
Bottom line: A brute-force attack is possible but not practical. It's easier to simply crack the CP (see the FAQ above this one for that).
Serials are difficult to input. That causes support costs for the publisher.
Other methods cause trouble, too. But if you think that a serial like X9Z7H-KR9H0A-VMQP0-R61F9 is difficult to enter because you cannot remember those weird digit-character-combinations then perhaps you need to make better numbers.
Use numbers where each group forms a word (even if it has no meaning) that can be spoken. If vowels and consonants are alternating then you have that. You loose entropy this way but that can be countered by using longer serials (which are still easier to remember).
For example: A simple approach to encode such a serial would be to pair vowels and consonants (where the letter Y is considered as vowel). So we have pairs like "AK", "LO", "YP" or "CI". Each pair has 240 possible combinations (20 consonants * 6 vowels and each combo can be used twice in each order). A serial which consists of 6 groups with 6 symbols (3 pairs) each would look like this: KUIKOV-BAABOK-KOROON-FYLOPA-AXERNA-UKOLOP. Note that each section in this serial is like a word that you can easily remember and type in. Such a number can encode 142 bit (if I calculated correctly). Discussion in the World of Risen forum (german) shows that this would be enough for a 128 bit ECDSA signature plus some additional stuff the publisher wants to put in there (like which distribution channels this serial was used for).
If I just give the serial to a friend of mine the publisher will never know and hence, never blacklist it!
Indeed. But you have to select very carefully to whom of your friends you give your serial to. Because if you give it to a friend who gives it to another friend who gives to yet another person, then you'll never know where the serial might end up. If only one of all those people puts the serial on the net it will be blacklisted and you will have a problem. You should be able to get a new serial from the publisher (see below) but that's some effort. Would you give the new serial away, again? And keep in mind that there is always the theoretical possibility that this serial is traced back you.
This means that each pirated copy does not get around so far anymore. It has to remain within a small group of close friends. And each of these groups needs at least one legal copy with a serial. That is one copy more than if they just downloaded it.
This CP method is not so much targetted against the casual pirates on the schoolyard and such. But it will be most effective against internet piracy. And I think that this is the biggest part of the whole piracy problem.
There is malware which scans the infected PCs for game serials and those will be used by crackers on the net!
For this reason, it should be possible for a legitimate customer to get a new serial provided he has a proof of purchase. That is effort and I know my system was supposed to be not bothersome for buyers. But an infection with malware does not come out of the blue. Usually, it happens because the PC owner did something stupid like using outdated and vulnerable software or executing dubious binaries (cracks, for example). So he is partly to blame, too. Having to ask the publisher for a new serial is reasonable under these circumstances, I think.
Your system does not protect the game until the first patches (with blacklists) are released. Anyone can play it with a serial from the net.
What's the difference to other CP methods? Instead of looking for a crack, the pirate simply has to look for a serial. Nothing lost and nothing gained. With cracks, the one who cracks a game he bought and then puts the crack on the net has no risk for himself. He can always use the CP method that came with the game to play. And the crack is anonymous. But the one who was stupid enough to put his serial on the net will probably not like it when he can't install the patches later on. And at least in theory, the serial can be traced back to him.
What if the pirate simply does not install the patches (and blacklists that come with them) and plays the original game with the serial from the net?
He can do that. With any other CP, he can also just use the crack for the original version and does not need to search for a cracked patch. I admit that my system does not protect against this. But no system does. And think about it. Who would want to play a game like this? With bugs and without the new and interesting content?
There are a lot of people out there who only play a game just once (maybe they do not even complete it) and then throw it away without giving it a second thought. You cannot catch these people with my system. But can you catch them with any system at all? Would they really buy a game that does not really interest them if they had no other way to get it? I do not think so. These people are not worth bothering. They just play because the game is "for free" when they pirate it. No CP whatsoever could ever convince them to buy.
But there are also pirates who really like the game. Who want to play the game. And play it again. Who are annoyed when the game does not change anymore. When they get no new content, always have to live with the same old bugs and never can join in and talk with others about the new stuff. They are left behind and their own boredom will motivate them to get a working serial. It's sooo quick and easy, just one phonecall without any questions or risks. Why not do it?
In a way, this is like the system that Stardock uses for their games. Yes, you can pirate them. But sooner or later you won't have any more fun with them because you don't get new content.
We "attack" the pirate from broadside: in the net, where all downloads are. There, we can capture the serials and blacklist them. And we concentrate on those pirates on which we have a chance to convince them to buy the game. And at the same time, we satisfy and reward the paying customers with new content. And they have no trouble whatsoever with the CP. That's three birds with one stone. This is an advantage of my system compared to any classical CP because those just bother the buyer.
But I have to enter the serial! That is work!
Ok, now. Don't get cocky! ;-)
Is it really too much to ask if you have to enter a single serial number once upon installation? Compared with the problems of internet activation or always having to insert the DVD? It's safe and anonymous, does not require registration, intrusive drivers, DVD checks or whatever. It costs less than 30 seconds and will never happen again for this installation. I cannot speak for others, of course. But I can live with that load.
Are there any problems with this system?
Well, I'm not working in the gaming industry so I do not know if my system is practical. I write from a gamers perspective and my system is based on the assumption that CP is really used against piracy and not for other reasons. If the publishers lie to us about why they use CP the system may not fulfill their requirements. And perhaps there are things I just have not thought of (comments are welcome, however).
Albeit, I know of one "problem" already. The patches. You need the patches to update the blacklist in order to make this system work. Of course, you cannot just sell games which are intentionally made buggy to have something to patch later on. But even with the best effort, bugs will remain and none of us would want to pay for a game that was polished until it's totally bugfree. So there will always be a need for patches and the extra content will be a stimulus to get the patches, too.
But that means you have to care for your games. You cannot just throw them on the market and then forget about them. My system probably won't work with EA games. You need a publisher who respects his customers. On the other hand, that fact can be used for marketing purposes as well. A good name in the community and positive word-of-mouth recommendation might pay off in the long run. At least many marketing people I spoke to told me that this kind of image can't be valued highly enough.
Won't the extra content be too costly? After all, you cannot sell it.
Not sure. I'm not working in the industry and don't know numbers. A (perhaps naive) calculation would be this: A programmer/intern/whoever costs the company 60 euro per hour. This page says that they used typical values for senior-level programmers and come to a effective hourly rate of 105$. That are about 75 euro (exchange rates from 2009-01-02). But you don't need a senior-level programmer for this kind of work. Any experienced intern should do the trick. Hence, 60 euro seems plausible and perhaps even too high.
If you let him work 10 days with 8 hours each on this content (creating new items, a few extra quests, whatever) it'll cost you 4,800 euro.
If you sell 200,000 copies of your game (that's not that much, PC bestsellers go into the million) you will need to pay less than 3 cent per unit. That is below the price of a CP license, as far as I know. So maybe it's not that expensive. But if those 3 cents plus the cost for my system itself are higher: Well, I wouldn't mind to pay that extra. If it's 49.95 or 49.98 - does not matter that much if I get a CP that does not trouble me.
How would the publishers know which serials to blacklist?
Well, the serials that are compromised are the one you can find on the net. I assume that the publishers have a watchful eye on the warez scene regardless of the CP method they use. It would be stupid of them not to. Other content providers are known to do this (the infamous RIAA, for instance) why should publishers be an excemption? And if they write down whatever serials they stumble across while monitoring the scene... well, it's not that much work, isn't it?
If average Joe R. User can find the serial it should not be too hard to the publisher to find it, too. And the serials that are hidden so well that no simple user can find them - well, they ain't a real problem.
Implementing this method is too expensive. It cannot compete with existing CP methods like SecuROM which only cost a few cents per unit.
Every CP required work once. SecuROM needed to be programmed, too. After that, they could license it to a lot of companies which made it so cheap for them. It can be the same with my system. Create it once and use it for all your games. You only need to change the algorithms respectively the cryptographic keys against which the serials are checked. Especially the latter one can be automated. And if you sell it in license to other publishers as well, it might even return revenue on its own. SecuROM appearently does, why else would Sony offer it?
Why should the publisher use your method instead of a well-known product like SecuROM?
Because, as shown above, it does not need to cost more money than SecuROM in the long run.
Furthermore, this system can be exploited by the publisher's marketing in a most superior way. You can be the publisher who does not punish his buyers but instead rewards them with regularly patches and additional content. You can be the hero in shining armor who distances himself from the others with their customer-hostile CP methods (like EA). Customer loyalty and image cultivation par excellence.
If your system is so great, then why did not anybody think of it before?
"Uga, uga! Me has big idea. Use fire from lightning to roast meat and make warm in cave."
- "Onga, bonga! If idea so great why not used before?"
Seriously, I do not know. I'm not even sure if I'm the first one who came up with this. But it took quite a long discussion in the forum for me to think of this. Maybe the design is flawed but I currently do not see where that might be. Maybe it will fail. But I think it's at least worth a try.
Your system is cool! Does it have a name?
Erm... not so much. How about FSNCP (foobar's serial number copy protection)?