I was wondering, how would you go about making copy protection for a shareware game? I thought about registering IP addresses with an online server, but that wouldn't work with dynamic IP addresses. So, for example how would it be done for something like Neon Wars? Thanks in advance.

There is no effective way to do copy protection for Shareware games. The best method is to use a server / client system where a company server runs the crucial game logic and sends the output to a registered client's machine.

Hmmm... well, I would ask you how you did yours, but I think that would be considered a security risk of sorts.

I know it isn't the answer you're looking for, but the best copy protection strategy is none at all. None of them work and the more hoops you make the user jump through the more they resent it.

Some of the more draconian ones I've come across over the years are based on the MAC address on things like your NIC, or dongles that contain critical portions of code that don't reside anywhere else.

Infocom used feelies (in part) for copy protection. They were extra props which came with the game and often contained information necessary to complete the game. Since they weren't only for copy protection and tended to be rather clever, most people didn't see them as intrusive. Of course that wouldn't work if the game isn't distributed physically, nor I imagine outside of adventure games / RPGs (well it could, but it would start being annoying again which defeats the purpose). Plus they cut into your margin.

Wait until we have the trusted computing platform. Until then, there's nothing you can do in software that can't be broken by software.

Depends on the game.
Just do a key system (A9WP-5KJ9-L3K2-TT6Y). If that seems like too much bother for the customer, then try a silent key system. They buy your game, the server records their IP address, they run the game and click "Register". The computer connects to the server, which matches their IP address and sends them a registration key over the network, the key algorithm is applied to it on the local system and once it passes the game is now registered permanently.

Not sure how to handle users who want to register on multiple computers or on the same computer multiple times with dynamic IP's, but I'm sure I could think of something.

Or people using one computer to place the order and another one to do the download.

Something simple will keep Joe from hacking it, which is really the best one can hope for.

I fiddled with the MilkShape 30 day trial for maybe 2 hours trying to get around the time limit, it puts so many different in the windows registry it's impossible to untangle. Even if you search all strings for MS3D. (I did eventually pay the $25, an error in retrospect). The registration process entails sending a name and email address, and you get back some sort of key that only works with the exact name & address you sent. They recommend using copy and paste to fill in the dialog box. I assume that the motivation to keep you from giving out your key is to hope you don't mind giving out your name and address. If they use a fake name with a throwaway email account you might be out of luck unless the ISP is unusually cooperative.

There's also a requirement that you let MS3D run for 2 minutes before starting the registration dialog, apparently to keep some automatic brute force thing from getting a key by chance.

Ok but, what about people who do not have access to the internet?

Possibly, but you'd have to be a right bastard to ask him for programming assistance and then use the knowledge he's just passed on to you to cheat him out of a sale.

IMHO, it's better to have some basic copy protection than none at all. Liken it to having a car and leaving it unlocked - it'll be a more likely target for theft than if you locked it, only because the opportunist thieves. By locking the car, you reduce the chance of theft because you take out the opportunists. By having some sort of copy protection, you are eliminating those who straight out copy a game without knowing how to crack or hack it. It won't stop those more determined, but it should reduce the overall number.

Couldn't agree more. The only way I've seen a program not be pirated is if the program came with some sort of hardware.

For shareware? Not economically viable.

Use a registration code/file that causes the user's name, address, phone, email, etc. to be displayed when the game starts. People won't want to register and then copy this to their friends to freely distribute around.

Yes, there will be crack serials. The above method simply deters the average Joe from making copies, which will be 90% of people.

I also won't want to register.

If you want a decent copy protection system, make your game primarily online. Then regular cd-keys will do the trick. (Sure they can pass them around, but only one person can play on "official" servers at a time. If you detect too many changes in IP and or registered copies you can always disable that account.)

You can also try to distribute your game online with steam.

I live 20 meters from a business that uses a program with the dongle check hacked out.

Yes, dongles have been hacked since the days of the amiga. Hardly an effective form of copy protection, and serve to be an annoyance more then anything else to the legitamite customers.

You know, if it actually worked you'd figure it would be used a lot more no?

But actaully thinking about it, dongles themselves are useless, but if you shipped a peice of hardware neccessary to play, then you could have a valid method of copy protection.

For example, the game is played using drums. Sure you could use your gamepad to play, but what fun is that? The DS does it nicely as well with the touch screen. You;ll need a tablet pc to get the full experience(Although cracked carts are easy to get now).

When it comes to copy protection there is only one thing to say.
The harder you try, the dumber you look.

Copy protection only causes trouble for those who have legit copies. Pirated / legit user trouble ratio goes down as protection gets harsher.

I'd rather pay for a pirated copy of a starforce protected game than go through the trouble of making it run on my own.

It's true to a certain extent.

Did you know that despite being one of the most popular games of it's time, Tribes had next to no sales? It had to do with the fact that the game had no piracy protection at all.

So no, thats not always true, theres a balance between how hard to pirate a game should be.

Correlation and causation and all that.

It has also something to do with the price of the game.

That's disappointing you say that - it's one philosophy I don't subscribe to at all. I resent pirates. They make money from other people's work, and don't contribute anything themselves. There is no justification in the illegal profiting from other people's work.

And shame on all those who pay for pirated programs. As programmers, we're all be aware of the effort and time put into making a program. It'd be a kick in the guts if someone then made money out of your work, without passing any of that back to you

I'd definately not pay for a pirated copy. But if it would be easy to cope with it, instead of struggling with the legal copy, I'd undoubtely obtain an illegal copy. But then I'd probably buy a legal one, to make them happy.

this debate has been going on for years and years.... back before the internet, when there were nothing but BBSes, the debate was going on. and before that. The thing about shareware is, as a general rule, the game has to be absolutely remarkable, groundshaking, to make any money anyway. Nag screens and all of the methods people use to try to get people to register in general turn people off. The problem isn't in the games, or the programmers, or anything else like that. The problem is that in general, if people can get by without paying for something, they will. That's in general. Most people want $20 for a sharweware game that doesn't even compete with games that people can buy complete in the stores for the same price or less, and then wonder why they don't get a lot of buyers. This isn't meant to be an insult to the people like Phipps, who make shareware games, it's just the facts. Sure there are the honest people out there, or the hobbyist programmers who actually appreciate the work it takes to make a game, who will come up with the money. But there are also the people out there who just can't afford the game. So they play the games that are out there for free, and they might like the demo games that are floating around, but they'll never pay for them. The truth is, if you're going to go into the shareware market, you have to realize that the people who like the game enough will buy it, and the rest won't, and that's just how it is. You have to spend more time working on things that will make the game more enjoyable and better for the people who will buy it than detracting from it by trying to keep people from stealing it. Even though a car with a 200 key combination lock on the doors would be harder to steal, I'd buy the car that just had a simple key lock because it would be easier on me to drive.

I've been around a long time, before there ever was a shareware market, and in the end, it's not about who's going to steal it, it's about who's going to enjoy it.

[EDIT]

I guess there is a limit to how soon you can post another reply to a thread? Anyway, I wanted to respond to what someone asked about a decent price for shareware stuff. To be honest, I would say $5 is the high end for anything that isn't 3D, or can't compete with anything in the stores. If you're going to go with a shareware option, I think the best thing to do would perhaps be a group of games under one license, like those CDs taht have 1000 games or whatever. It's not that a game might not be good enough to be worth 20 dollars or what have you, but people immediately look at something anymore that is "shareware" and associate it with something less than perfect. It's almost like "If this were good enough to pay that much for, I could get it on the shelf at WalMart"

I only say this kind of stuff because I was programming back when Shareware and crippleware first came out, and I have seen how it's gone over the years. If you want to sell your game, I would suggest somehow finding a way to sell it in a local store or something like that....rather than going the shareware route. No offense to Phipps or anyone else who works with shareware, and I'm not saying that you can't be successful either. It's just not the most lucrative route normally.

Do you have any idea what StarForce is? Trust me, OICW's reasoning is sound.

They do?

Oh, and copyright infringement != stealing.

I'd think a good idea to way to keep the hackers away is to calculate a checksum for the exe, and if it fails, remove a cruicial item from the game which can only been encountered later in the game. The hacker thinks that he got it broken, but when the poor pirates run the game, they can never complete it...

Here is a quick introduction to them. And then there was this incident. They also have a history of accusing legitimate game owners who need to request StarForce removal sotware in order to get their legal copies running of being pirates/hackers.

Starforce stank majorly. Rootkits == bad. Oh, and copright infringement == stealing in my opinion

Okay just to clarify this:

The so called "destruction" of these drives isn't technically Starforce's fault.

Any programs that make extensive use of the cd burner, be it nero, alcohol, or other tools are able to cause the exact same problems. Not only that but you can fix it without uninstalling or formatting your computer despite what some people will tell you.

Secondly the whole rootkit crap is blown out of proportion. Daemon tools also installs ring 0 drivers and is vulnerable to the same trojans and viruses. Why aren't you bitching about them too? Oh wait, that lets you pirate you games... so it's okay then.(Yes I know it lets people play valid backups, but Starforce has a valid purpose too. It works both ways.).

Someone said its that Starforce and sneaky but people know that daemon tools installs the "rootkit"(If you can really call it that). That's crap. Very few people know that, and those that do are just more computer literate. People just like to repeat what they hear.

Now I'm not defending Starforce, heck I even order games overseas or locally if the edition doesn't contain Starforce, and if there is no Starforce free edition(craked ones don't count) then I just wont play the game, simple as that. But please don't repeat everything you hear if you have no bloody clue what you are talking about.

The people who run Starforce are dicks no doubt about that however.

I was referring to the act of paying for a pirated copy, not the StarForce 'virus'.

Like how?

As to WiseGuy's comments, is the shareware industry overpriced? I always thought $5 for a shareware game (unless it's really something special) would be more a realistic price.

I don't like Daemon Tools either. It kills Windows XP.

Did you know that despite having no copy protection at all (aside from a simple DVD check that was immediately cracked), Oblivion is one of the best selling PC games of all time?

'Cause most people probably don't know about that.

Well if that's the reason, then how come when in Tribes 2 they added copy protection, they game went on to sell over a million copies?

In any case you admit there is a DVD check. So it did have copy protection. So what is your point? Tribes didn't even have that.

Also I had another look. Xbox 360 Sales outsold their PC counterpart of Oblivion 2:1. The Xbox 360 has fairly efficient copy protection I'd say wouldn't you? So basically what you've managed to prove is the copy protected game sells better, excellent job. I couldn't have found a better example :p

Perhaps the game was ahead of its time? Who knows.

And as I said, which was easilly broken. A DVD check can hardly be considered copy protection since a DVD copy will pass the check.

The game was also majorly targetted for the XB360 over the PC One of the reasons the game has the flaws it does is because Bethesda was forced to push it out the door for the XB360. I'm sure the lesser PC sales has nothing to do with the fact that it requires a high-end system (systems with integrated graphics, which most people have, will not play it). As well, it wasn't until the 1.1 patch that the game would work on anything less than a Geforce 6 (and even now, it'll only work on select FX series cards in "Ultra low quality" mode, which basically is not worth playing in).

Er.. right. Ok.

Copy protection only protects against the casual user. The hard core pirate nerd will bypass anything. So something simple to you may be as complex as it needs to be.

Regarding this particular example, keep in mind that most people don't have DVD burners and a lot of discs (CDs at least) are designed to not easily be copied by standard programs.

Can I ask exactly what you have been smoking? Becase I want a couple of hectograms of it.
One is a goddamned rootkit that installs itself behind the user's back, with no option to uninstall it (the uninstaller that exists now (which doesn't ship with the "product", BTW) wasn't there from the beginning - and even it doesn't remove all traces of it. Not to mention that it can't restore a drive fucked by Starforce). The other is a legitimate driver that's completely upfront on what it does, and can be happily uninstalled or deactivated.

Strange. Because it sounded just like you just spent two straw menny paragraphs doing just that.

Oh, and three words: Galactic Civilizations II. Did quite well. Shipped with absolutely no copy protection whatsoever - a fact that was announced ahead of time.

One thing about all these examples... games that are more likely to appeal to nerds are less likely to benefit from copy protection.

Really, so when you buy a copy protected game it doesn't say anywhere on the box "this game has copy protection that may interfere with some cd/dvd software" or the like? I'm sure it does, hardly behind you back.

And no it's not a "rootkit" what does it do that's so "rootkit"? It installs ring 0 drivers just as daemon tools, admittedly you might not like it's behavior as much as the latter, but it doesn't appear out of nowhere. And you also admit there is a removal tool, if it was available at launch or not is a moot point, you can remove it.

Also if it's so behind your back how come I've never had it installed on my machine? Second question, have you installed Starforce on your machine and had it break something?

Also yes you can fix a drive thats been so called "fucked by" it doesn't break the drive, windows does. I've had alcohol actually do the same effect that Starforce does, interestingly enough. Admittedly it's not easy for the average user, but keep in mind Windows XP changes the drives settings, not Starforce.

I've had identical behavior from my DVD drive and I can fix it easily as I've had it revert to non DMA access numerous times, and I don't have Starforce on my machine.

Well if you've been following the thread the game had been linked to several posts back, and the relation between them and Starforce.

Do you know how most of those people heard of the game? Starforce by pointing a link to their torrent gave them better promotion then any amount of marketing they could have done. In fact the day AFTER the torrent link was posted they announced that there was a sudden increase in demand.

I know some people who played it for a week or two, but really just bought it to piss off Starforce. And it was hardly a top selling game,

Starforce should go into marketing, offer to point to a torrent of a companies choice for a million. It would be very profitable for both sides.

You sure you don't have some copy protection software like Starforce still installed on your system?

I need to run Rootkit revealer on my system. I do have a game with copy protection installed on my system.

I didn't say I'd pay the pirate for the game itself. I'd pay for the work done cracking the game.
I may then buy the game itself once the copy protection has ben removed from the legal version.

As for the tribes game, I don't think lack of copy protection is the reason it didn't sell well. They just blame it because they sucked at marketing, and maybe the game wasn't worth the money?

Who the fuck do you think the money goes to? Amnesty International? Of course the pirates and their mates pocket the money. And you think paying people to act illegally is justifiable? You're having a laugh, right? "But your honour, I didn't buy the stolen car, I just paid the guys for their effort in nicking it."

Go post your thoughts in this forum and see what type of a reaction you get.

What makes it a "rootkit" and what makes it different from the Daemon Tools driver is that Starforce is designed to do copyright protection, which is achieved by allowing ring 3 (user) code to get ring 0 (kernel) privileges through SF. Which means that code using the Starforce interface can do anything it likes to the system.

First question: perhaps you didn't install any non-pirated game that was copy-protected with Starforce? Ain't rocket science.

Second question: I have. It was Freedom Force vs The Third Reich which I have won in a contest. After installing it, two things happenned: my virtual DVD drives stopped working at all, and if that wasn't annoying enough, my DVD started recognizing some DVD discs as CD-RW. Not fun. After uninstalling the game and removing Starforce, the latter problem subsided, while the former stayed. Reinstalling Daemon Tools made everything work again. The game was fun though, so I played a pirated version despite owning a perfectly legal one.

That's not what I said.
If I buy a car and can't open its door because the lock is too secure then I pay someone to crack it open and install a lock that I can use.

Which is very different from buying a cracked game. With a cracked game, removing the copy protection from your copy wouldn't be as much of an issue, if you don't distribute it.

Nope, it doesn't. And is sure as hell doesn't say "THIS SOFTWARE CONTAINS ROOTKITS".

It installs drivers that ASSUMES CONTROL over existing functions, and attempts to hide from the system. Also, you can't remove it completely, last I checked.
Many rootkits have removal tools. Does that not make them rootkits?

... because you've never accidentally bought a game with Starforce?
I think if you really try you can produce a more far-fetched argument! Go for the gold!

Yes, and the only way to fix it was a complete reinstall. I really shouldn't have to crack games I OWN, but with Starforce - you have to.

If they sucked at marketing why was everyone playing it? If the game wasn't worth the money why was everyone playing it?

The game was extremely popular. This is rampant piracy, more people playing the game online then there were copies sold. Marketing had nothing to do with is since everyone was playing, and why would the game not be worth paying for if you are playing it all the time?

Second, the sequel was more or less the same game sold extremely well. It just added better graphics and copy protection. Since the graphics more or less had to do with the time it was released, I highly doubt that was the reason for the drastic jump in sales.

So basically Starforce is a rootkit because you don't like what it does. Great argument. (The ring 0 from 3 seems to be more of an expliot then an intentional feature. So the coders who write the software suck. There have been viruses that have taken advantage of Nortan Antivirus to do the same I'm sure, is Norton a Rootkit? Let's sue them too!)

I know for a fact all Ubisoft games here (Rainbow 6, Splinter Cell) tell you on the box that it's going to interfere with your virtual drives or what not and may not run on some cd/dvd drives.

As does daemon tools. Heck it even hides from Rootkit Detector.

So what did it break?

Actually I like to argue. Debates are no fun when everyone is on the same side

If you'd like, can some give me the name of a cheap game($5) that comes with high level Starforce protection? I'll install it on my machine and post a log of the results. We'll see what happens.

You know what's weird? I think I understand why Starforce used a Rootkit (I'm not saying I agree). A simple form of copy protection could be done by just logging a serial number and registry in a file. However, this file could simply be copied to break the protection. With a rootkit, you could hide the file, so people couldn't copy it. The problem is, rootkits cause other problems (like an open door for hackers), and the Starforce tried to do other things too.

I'd have to say a major factor in classifying Daemon Tools and Starforce is that you get to install Daemon tools yourself, whereas Starforce is installed without asking, and without any sort of notification.

For the record, after playing Breed, which is a shitty game that uses Starforce, my copy of 98SE definitely went bonkers, and my optical drives started malfunctioning.

See, there is the one thing you shouldn't do if you want to have a civilised discussion instead of building strawmen. You didn't even take a single sentence out of context, you chose to cut away the actual reason from the very same sentence, well done.

The point was the ring 3 to ring 0 privilege transfer, which was only possible because it was allowing running arbitrary code through its interface, which was part of the way their copy-protection works.

I don't have any beefs with copy-protection. However, I'm not fond of programs that silently install themselves in place of the drivers I used previously, and gloriously fuck up things so that I had to take half a day to bring things back to normal. Oh, and on top of that, leave my system wide open to all kinds of tampering. Woohoo.

I don't think I can clarify my opinion any more than that, so that will probably be my last post in the topic, unless some new points are brought up.

I'm getting tired of arguing with Mr Fallacy, so I'll just post this and retire from this "discussion".

Do tell us exactly where that's stated here:

{"name":"590416","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/9\/e\/9e8d3604dcb6e0559be45c6016b136ed.jpg","w":480,"h":640,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/9\/e\/9e8d3604dcb6e0559be45c6016b136ed"}
{"name":"590417","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/1\/d\/1d94a894d86e559b75965def850832bb.jpg","w":480,"h":640,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/1\/d\/1d94a894d86e559b75965def850832bb"}

Bonus points if you can find where it says it will INSTALL A GODDAMNED ROOTKIT.

[EDIT]
The A.cc line-eating bug is getting quite annoying.

Hmm, you seem to have the beta version of the box. The actual retail one looks like this:

{"name":"590418","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/b\/a\/ba6be96bcb53c7c0de5cbf7bbc9b9cc0.jpg","w":480,"h":640,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/b\/a\/ba6be96bcb53c7c0de5cbf7bbc9b9cc0"}

Ok, I didn't read all the posts, but my opinion is that shareware is dead and I think that this is good thing.

I know a case where the legit software (can't remeber the name, it was somewhere in 1993 or 1994) got so many twisted copy protection things that the user who had a legit copy prefered to obtain a pirated-cracked copy and use the pirated-cracked one because the copy protection were really annoying shit.

There were a case that the copy protection fucked with the operation system and caused malfunction in other programs too. So, original copy = virus, cracked copy = runs nice.

Why I would pay a lot of money in a legit copy of the game if i could pay almost nothing for a pirated copy of that? And why would i pay for a pirated copy if i could get one for free in P2P nets?

So where is the exit?
Be creative. Don't try to fuck your users with copy protection bullcrap. Give a personal compiled version to everyone who buys the game (and copy protect the customization, not the program). In case of MMO, you may distribute it freely and charge for playing on-line. Or sell magic items or whatever in that virtual world.
For not-net games, you may distribute it via e-mail to everyone who buys it (no need to ship the game nor burn CD's).

Because it's the decent thing to do to pay the people who spend time and energy in making the game?

The law doesn't agree. And I tend to share that opinion. I'm not saying that copyright infringement is OK and stealing is not. Far from that. The difference is that when you steal something, the legit owner has no way whatsoever to use the stolen item, while when you copy something, the legit copyright bearer still has his own copy - only that you have another copy. It is all but the same.
Both are wrong, though - but they're definitely two different things.
On the rootkit issue: Controlling what goes into a filesystem and back out of it is the sole business of the OS. Anything tampering with that is evil, unless I explicitly do it myself (by installing daemon tools for example). If I take my car to a garage, asking them to check the engine, and they f*** with the brakes, I'll go sue them.
On the original topic: Best choice IMO is no protection at all. Distribute a "light" version (with reduced features), and sell the full version at a reasonable price. With some luck, someone who has paid for the game won't spread copies, and less so if the price is actually "reasonable" - far below commercial titles, that is.
Other than that; a hardware-hash system with on-line registration seems to work OK; it can be cracked, but the effort is probably too much for a cheap game. Maybe take a look at the marketing scheme taleworlds (www.taleworlds.com) use for their game Mount & Blade. Their copy protection is a "passive" one, that is, it doesn't change much in your system, but rather only stores a serial number, which it checks against the hardware configuration at startup.

Back on topic of the shareware: a long time ago passed the days of games like Commander Keen or Doom, which I consider real shareware. Those were really the times of shareware.

But since then it died. Shareware is mostly used (when even) in normal applications and not games. The only game which could be considered shareware nowdays (as far as I know) is Defcon - though it's not shareware in the full meaning - you download a demo, pay a fee, get a key and voila you have full version.

Edit:
Tobias: and if somebody does it, you can still get your money, when somebody want's to put it to a CD collection.

In your example here, you own the car. You purchased the car and they made alterations to it. You didn't buy the car with an easier locking system from the guys who cracked and installed the locks. Which is what you are doing in the case of buying pirated games.

You pay the pirates for a cracked and still working copy of the game. If your analogy with the car is to hold, you'd only pay the pirates for the progette that bypasses the legitimate version of the game you have. You wouldn't receive a cracked working copy of the game from them.

Like I said earlier, the pirates are leeches who profiteer from the hard work and long hours put in by others.

So if ever a pirated copy, only for free.

In your example here, you own the car. You purchased the car and they made alterations to it. You didn't buy the car with an easier locking system from the guys who cracked and installed the locks. Which is what you are doing in the case of buying pirated games.
</quote>
It's analoguous to the situation where you have purchased the game legally and obtain a crack that bypasses it's copy protection.

As per my second paragraph

Oh yeah, I missed that.

Exactly. I acquired a free copy of Oblivion, after hearing it had no copy protection. I wanted to try it out, see if it'd even run on any of the systems here, and see if I enjoyed it. And you know what? It ran, I enjoyed it, and now I own a legit copy.

So in fact, they gained a sale by not using copy protection.

Kitty Cat: the only problem is, that there are not so many people like you out there.
I'm going tommorow to buy a copy of Homeworld 2, it's now cheap and I finaly have a hardware to run it. To this very day I have it only on a CD-R and I'm not happy about it - Relic really deserve money for what they put into this game.

Everyone here is talking about the rootkits. What about the original question?

I have one idea that someone mentioned earlier but that I just wanted to re-emphasize:

1) Create a disabling feature on your full-feature game.
2) Prompt for the registration code
3) Don't test the registration code while the program is currently running! (A debugger could step through the memory and figure out the "check the given code against the correct hash" routines)
4) When they restart the program, do a check sometime in here that doesn't seem obvious (like, ask for user-input for mouse, keyboard, etc. and do the registration-check during that time)
5) If the code passes the hash BUT is considered a fake, delete a "needed" file in the game's current directory, or randomize its data so it can't be read. That guarantees that the program can't run.

You could do several of these "small, crippling" over a period of 3-4 "game restarts", so it's not completely obvious what's going on.

Anyway, my 2 cents...;D

Hmmm... sounds pretty good actually. I like a lot of these ideas. Lets go back to the point of the thread, maybe?

Personally, I'm going the online route if I ever get a game worth buying out there. You need to login to play, can't login without a user name and password, can't get a user name and password without buying a subscription.

Remember that legitimate users can make mistakes. You should test the md5 hash of the executable files and disrupt their play if they do not match, don't test against their registration code.

If someone wouldn't buy the game even though they liked it after trying it, did the company lose anything? They didn't lose any money since the person wouldn't have bought it anyway, and it cost the company nothing for him to get that copy.

For me and you maybe. But normally the users simply don't care about who make the game and how. They just want to run the game and screw up the rest of the world. So if they go choose if they will pay a expensive legit copy or if they will get a very cheap or even free pirated copy AND the pirated runs so well as the original does (or even better), so they will get the pirated, because no one really cares about the work the developers spent making it, they just want to get the software for the cheapiest price as they can (possibly for free).

This is why copy protection were implemented: to prevent that the pirated copy runs as well or better than the original one (or possibly simply did not run).

**********************************************************************************

There are also a geographic question in selling software. If the software is "US only" or "US/Canada only" or "north america and europe only" or "japan only" or "any non-worldwide region only", people outside these areas hardly will get a legit copies, and they probably will need to pirate these.

The places where geographic factors make piracy go high are places as:

1. North Korea and Cuba, due to being highly isolated politically and commercially, their software is 100% pirate.

2. Vietnam, Taiwan, China, Russia and arabian countries. International copyright laws don't have effect in those countries (and they benefit from that), so the piracy is high. There is no or very few support from developers, so they almost couldn't get legit copies even if they want.

3. Some african countries, latin-american countries. Although the inernational copyright affect these places, they are weak. The main cause of their weakness is the lack of support from the producers or inviability to sell legit software in these places (due to commercial protecionist barries, high taxes, economical instability, defective laws, etc.) Without (or with very few) support and with no chance or few chance to get legit copies, they tend to go in pirated ones.

Like Spyro?

Yes. But you have still violated the copyright.

The car analogy doesn't hold, though. If I "pirate" a car, the legit owner cannot use it any more. If I "pirate" software, the legit owner can use it just the same.
Pirating software is likely to hurt sales, while stealing cars may even have the opposite effect.

Not saying I didn't. But the point was that they still got what I believed they deserved to get.

I just want to say that there are still many people who will actually buy a game. So even if there will be pirated copies the company will still profit if the game is good enough (just waiting till somebody tells me that I'd speak different if running my own game company). But if you obtain a pirated copy from a friend nobody loses nothing as Kitty said, the only issue is that you violate a copyright and you have to live with that that you're using somebody's work without giving him reward for it.

That's why I have today bought Homeworld 2, I had a pirated copy, found out that it works so I bought it. I found on the box that it is not 100% compatible with integrated cards and notebooks, so I'm glad I had a full version to test. The only thing I hate about that copy is that it has been translated to czech. I wish you could see how they translated destroyer - not in the alternate meaning of a ship but in the meaning of 'destructor'. And they proudly call it "Professional Czech version", ahem...

Wow, this thread is still going... this became more of a discussion than answering my question.

Anyway, I am looking at how I should go about making copy protection, not the morality of breaking it. If anyone has anything else to add about making it, please state it.

So back on topic: how much do you want that game not to be pirated.

(I still wonder about our natural ability to turn every discussion off the original topic)

I need it to at least stop the average, as well as slightly advanced, pirates.

I think it would be safe to use some kind of on-line database, and if it can't find it, just run in offline(slightly crippled) mode.

And do you want to achieve it using an internet access or not?

Yes. Wait, what if I stored save files on a server? Then, you would get an account to access the server.

That's not bad. Though I must admit that I have aversion to games that need internet access - I have a notebook and ussually travel without internet. I have it only at home or at school. But in the coutry not.

Hmmm... I see what you mean. Any ideas on how that could be made to work offline? Maybe something like Steam, but the problem is that one Steam account can be used by a lot of people at once, as long as only one is online.

I think that simple md5 checksum would do the job. If it fails, just eihter remove something crucial from a game, or implement something like easteregg which would cause the game end in a funny way - like a police catching a character for some crime, etc.

How, if it's possible, would you implement the MD5 hash if the program was on a CD, rather than over the internet? Could you prevent multiple installations on different PCs? Or would it only be useful for an internet released product?

What is md5?

MD5 hash

Surely you've been here long enough now to know what google is?

I have a question about cryptography (it's related to this post, which is why I'm asking):

I have a private key on my computer. When I want to send out an encrypted (or digitally-signed) email or whatever, I give the world my 'public key', which can be used to verify that the email was sent by me.

As I understand it, a 3rd party couldn't just create an email themselves and 'reverse engineer' my public key so the message looks like it came from me.

If this is the case, could my EDIT: Private key be used to generate hundreds of 'public keys' which, basically, would be the registration codes that they enter into the program?

As I understand keygens, most programs ask for the registration code. Once the user enters it, the program hashes it against some 'check' to make sure it's valid. If it's valid, it does something. If it's not valid, it does something else. To get around this, a hacker steps through the program, searches for and rips out the 'check' algorithm, and can use that to create the encryption/decryption routine. Then they take that routine, create their keygen, and now anyone can use it to create their own registration codes.

Is this correct so far?

Okay, assume I'm correct up to this point (if not, someone will, no doubt, correct me).

You have multiple files in your game. Before you release the game to the general public, you encrypt several files using your Private Key. When the user enters their personal registration code, that code is used as the 'decryption key' to decrypt the data.

Once the data is decrypted, it can be used to play the game. If the data is NOT correctly decrypted, the program asking for its data will not be able to return any correct values, and will fail. If it fails, you know that either:

1) The user didn't yet enter a registration code
2) The user entered a wrong registration code
3) Something else is the matter (like a bad hard drive)

So, if a hacker steps through the logic, they won't find any 'check' algorithms, since you don't really 'check' anything except that you validate that the information being returned from the encrypted file is actually usable.

Now, all that being said, this whole idea is based on the assumption that 1 Private Key can create more than 1 Public Keys. If it can't, then most of this won't work.

But at least it's an idea...

(Then all you do is make sure that 1 Registration Code isn't being registered on several computers, and that part is done server-side.)

What would be the point of the encryption if everyone was able to intercept and decrypt your emails? I would have thought the purpose of the private and public keys is that anyone can encrypt the message using your public key, but only you can decrypt it.

As for your suggested encryption & decryption process, it will only work only if the files and the public key aren't passed around.

[edit]
The last paragraphs assumes internet connection isn't needed and the distribution method is via some other medium (CD?)
[/edit]

Sorry, I'm lazy... anyway, thanks for the article. How would that help though if there wasn't an internet connection?

Is this how it works? Well, maybe my idea won't work then

That's when you would have to use the server-side check to make sure that people aren't just passing a registered copy around:

Yeah, I read that line after I posted, hence I edited my post - you were probably too fast for me and picked up the response before I finished editing

if you're making a game that you want to make money on, and you plan on having it use some kind of internet access for part of the game, the best thing would be to charge for access to the internet site rather than charging for the game itself, IMO. The more time you spend on making "copy protection" the less time you're spending on the game. If the only thing you're worried about is some type of online high score database.... the maybe some of these other things would work... you could implement both methods depending on what mode the game is running...

Both are valid. A public/private key encryption can be used either to generate a signature (the message is public, and the signature is used to verify it hasn't been modified by anyone other than the author: the public key can be used to verify it, the private key is needed to generate the signature), or to encrypt a message (the public key is used to encrypt it, the private key is needed to decrypt it).

But will public keys be able to decrypt a file that has been encrypted with the private key?

If public keys could be used in that fashion, and multiple public keys could be generated to decrypt the data, then those public keys could be given out as Registration Codes and used in this manner.

This certainly wouldn't prevent several people from copying one person's Registration Codes, but nothing short of server-side verification would really be efficient against that, as I see it.

I hope this is a valid/working idea. But if there is no way for public keys to decrypt an encrypted message, my idea may have just been a waste of time

Yes.
Encrypt with public key -> Decrypt with private key.
Encrypt with private key -> Decrypt with public key.

The public key is generated from the private key (but the private key can't be generated from the public key, if so, it would be very easy to recover the private key). So if we have n private keys so we have exaclty n public keys.

However, theorectically is possible to have some other random key able to decrypt what was encrypted with the private key. Is posible too that a double step encrypt with very different keys results in the original text. Fortunatelly any reasonable assymetric key algorithm are randomized enough to minimize the probability of that happening, so there would be no profit of these over brute-force private key searching.

Yes.

Indeed it is. However there is a weakness in this (possibly fixable). An hacker may debug your decrypt algorithm and see it decrypting the data, so he will be able to see the raw data. At this point he may save the data in plain format and replace the decrypt algorithm with a "does nothing" algorithm.

Victor, isn't this the point, though?

1) The only way the hacker could see the correct 'raw data' is to have someone's valid Registration Code, else the decryption would fail because of a bad decryption key.

2) Once a valid Reg Code is entered, then it's absolutely possible for them to step through with a debugger and do what you suggested (the "does nothing" routine). At that point, you've been hacked and there's not much you can do on the client-side.

3) The hacker wouldn't be able to recreate the Private Key from that Public Key, which he would need to create a working keygen: even if he reverse-engineered the decryption algorithm.

The hacker would be watching the file(s) as they are being decrypted, but there would never be any 'check' to ensure that the files were valid until the calling routine(s) couldn't parse the decrypted file: if it was decrypted incorrectly, it's as if it weren't decrypted at all.

Or did I not understand something about your post?

EDIT: Oh, and if the Registration Code were passed around, then the server-side check for reused Registration Codes would come into play. But you can only prevent one thing at a time, right?

as far as i see the best way is to supply lots of update/ad-ons /goodies only available by have a real cd-key "version check". by doing this you can have hakers try your game, to see if they want to by it to get the add-ons this is the aproch Blizzard takes with Warcraft ROC and FT.

[edit]

i like this.;D so simple yet so complex to hack. though it can be hack all you do is find the pattern of the ones that get accepted.

Not really. The idea is that there's a one private key for each public key (and vice versa). So you use the private key to encrypt. Even though you might know the algorithm to how it was coded, you don't know the key, and so cannot decode it.

So you're saying that Victor is incorrect: you CAN'T have 1 Private Key create 1000 Public Keys?

so your say the software has the private key in-side of it and uses it to make public key then we decrepit the public key with our private key. Is that right?
if thats right that means we wound have to have the same private key in every software package. if that is the case then we can find out the private key and make hacked public keys. wait if the all private keys are the same then all public keys will be the same as well.:-/

The way that I proposed it:

1) You get the game on CD or by downloading it from some website.
2) When you register the game, you get a Registration Code. If you buy the game, that registration code is on the CD sleeve or whatever
3) You are prompted, when you play the game, to enter the registration code. If the code you provide doesn't decrypt some of the game files, then the game knows that it was an invalid code.

The Private Key is never given to anyone: the programmer himself (or herself, in my case) would keep it. Then when someone registers, I would use my Private Key to generate a Public Key. This 'public key' that I send back to them is their Registration Code that unlocks the game.

It is possible that one person will try to distribute his or her Registration Code to others. As long as there's no internet connection which tells the programmer's server that the Registration Code is being used in several different locations at the same time (read: pirated), then there is really no way to tell that the Registration Code is being passed around. But as soon as someone registers, then we know that that code was used, and deal with pirates however we will.

So everyone gets a different Registration Code. Player 1 gets code Y4X7T, while Player 2's code is 55F5C, etc.

Did that help clarify, piccolo?

No, the private key is used to encrypt the data. We hold onto that key. The encrypted data (which doesn't contain the private key) is then sent out, along with the public key. It's a bit like encryping a .zip file - the password isn't included in the file, but will decrypt the file when used.

Yes, it does mean either you have a file that is encrypted once and sent out multiple times, you risk the public key getting into the hands of those who shouldn't have it (much like older versions of Windows).

Alternatively you could encrypt each release with a unique key, and thus only have one public key that'll work for it. The benefit being if people have to purchase the key, and it gets passed around, you know who is responsible (assuming they use a legit and tracable method of purchasing, and their name or address is real). The downside of this is that there's a processing overhead for each program before it gets sent out.

[edit]
Beaten by TT
[/edit]

yes i c where your getting at. there have been many methods to crack both of those examples. as far as i c nothing cant be cracked. but that will stop me from cracking your software because it a pain to do. but if i was payed thats a different story. if a group of people that wanted to play me to crack in for there group it will be cracked on put on the internet for free downloading so in the end it make no sense. if people want to crack it it will be cracked.

[edit]
take what money you get. don't try and get every penny.

Don't expect any offers soon - it'd be cheaper to buy a game than to pay someone to crack it. Especially if it's shareware

Some installers have nagscreens but they have a KEY Function where U make the codes randomizem and deal with the Nagscreens of shareware (timer)

Piccolo, is that your twin?

Do you mean there are KeyGen apps out there to deal with the Nagscreen? Those only work on a registration name and key, and the combination of these that an algorithm uses to decrypt. Not much good if you only need the one key to decrypt, and not a registration name to go with it.

Here is a thought I had: What if each copy of the game got a new randomly generated code every time it accessed the registration check server? Then, it would only allow the copy of the game with the correct code. Then, after each successful connection/verification with the passcode, it would get a new one. Would this work?

I wouldn't play it if it needs to connect to the internet everytime I run the game (online multiplayer games being the obvious exception, but I don't play those either).

actually program a nagscreen... Look at Sunnny ball and Pixel ships retro.. installers may have a keygen app! these may cost 20 or more Dollars...

Or make a grabber file Password protect anything and everything

Parlez-vous l'anglais ?

Read what you have written before you hit the Add Reply button. You're writing the way a one year old speaks - gibberish!

So you're saying that Victor is incorrect: you CAN'T have 1 Private Key create 1000 Public Keys?
</quote>

Well, i did not write it clearly.
Anyway, for practical purposes and for simplicity, cosider that exists just one public key and just one private key.

Well, I guess I have a method for an online registry check. Thanks for all of the help/discussion!