next »

[Derek]

Hey, guys!  Alec and I are looking into DRM for Aquaria and we wanted to ask you guys what you thought.  Figured we might as well aggregate our combined knowledge, like we did for our ECommerce thread!

Matthew Wegner, in his "indie bootstrap" talk at GDC, suggested SoftwarePassport (aka Armadillo).  This seems to be the most well-known DRM solution, certainly.  It offers several methods of protection.

SoftwarePassport (Armadillo)

Website: http://www.siliconrealms.com

Cost: $399

Used by: Flashbang Studios, more?


Apparently, eSellerate and Plimus both offer DRM solutions, as well.  I found this quote on the Indiegamer forums, about Plimus:

Plimus actually has several options for DRM, in order of increasing sophistication:

1) You can supply a batch of license keys to be consumed one per order or one per item on an order.

2) You can use Armadillo. This is a wrapper solution, and thus more subject to cracking than 3-5 below.

3) You can supply your own license generator program, to be called by Plimus on each new order (or each item within an order).

4) You can use, at no additional charge, Plimus' own Piracy Protection. This is a server-based license key generation, activation and validation mechanism. It offers very tight protection, and requires you to embed some basic web calls in your game code for activation and validation.

5) For a small fee (3% after the first $50K/year in product revenues, which is fee-free), you can use the new Plimloc (a Plimus and Uniloc solution). This solution incorporates Plimus' fraud protection along with Uniloc's software protection and code protection. Uniloc is the seminal patent holder in device fingerprinting, with a "tolerance" feature that can recognize a previously activated computer even when multiple components (e.g., video card, NIC, hard drive, sound card, etc.) have been swapped out. In addition, Uniloc provides a strong code protection mechanism that can prevent undesired cracking or reverse engineering of your game. This solution is fully hosted by Plimus. You can read more about this solution at http://www.plimus.com/marketing/Plimloc/.

Best regards,
Guy Wilnai
Senior VP, Worldwide Sales & Marketing
Plimus, Inc.

The other alternatives are, of course, rolling your own protection scheme, or simply keeping the demo and full versions of your game separate.  Some people seem to think that's enough.  Although with a "hardcore" and therefore more tech-savvy audience, it seems like that would put you at a very real risk for casual piracy.

Thoughts?  Considerations?  Experiences?

[Golds]

I already showed these links to Alec, but I think they are good links for anyone looking into rolling their own license scheme

http://www.sentientfood.com/display_story.php?articleid=3

The author of this guide also provides his own license generating service: http://www.sentientfood.com/services/license_services/

I've had a good experience with eSellerate personally.  They provide their own serial SDK and handle orders and serial generation, issuing e-mails on their end, and you get a check each month.  You can also work with them, and a host of other software registration middlemen such as BMT Micro, to provide your own license generation system.

Ambrosia has a system where they send out serials encoded with a timestamp that expires, to prevent the proliferation of pirate serials on the net.  They did a good write-up of this system, along with some piracy statistics here.

I think the key is preventing casual piracy.  If your product is popular, it will inevitably get cracked, and there's not much you can do about that.  You can always invest more time to make your registration system more complex, but you also don't want to make your system a hassle for paying customers, and it's always better to spend your time working on features that add value than wasting too much time trying to battle piracy.

I'd say a good, simple system would be to protect a full game download with a serial hashed to the name on the credit card of the buyer, and update the downloadable with a blacklist periodically as pirated serials start popping up on the net... and hopefully have a serial system that is hard to make a keygen for....

Oh and another cool thing is to provide your users a printable certificate with their name and registration info.  It'll hopefully lessen issues with lost serials and also provides people nice,  tangible evidence that they've gotten something for their money.

[Derek]

Wow, thanks, Golds!  That's some great info there.  I like the idea of a printable certificate, as well.

[Kornel Kisielewicz]

Okay, I know some of you may hate me for what I will write but I have a strong opinion on this one...

Restrict your "protection" to just providing the user with a key. Every program will be cracked. Hell, even the worst indy games have cracks available on russian serverz available. Because it's not the popularity or demand that drives crackers to crack a game -- it's just the plain fun (hence a custom licencing solution actually draws more attention of the crackers xP).

Now if one adds complicated protection the only people that will suffer from it are the legitimate users. The illegitimate will have a easy to use crack instead. Probably the worst example of that that I've seen is the license management system on 3ds max, which actually made many people that bought the original download the cracked version afterwards because it's a lot easier to set up -_-.

I had even a similar situation myself -- after 10 minutes of frustration when trying to find my StarCraft box with the key on it, I gave up and googled one in under a minute -_-.

At the current technology there is no way to prevent copying unless you force something realy ugly on the user (like needing a dingbat in the USB port to run the program -- yet even that was quickly cracked in the case of some older version of 3ds max).

Of course, this is all opinion from a players perspective, for a developer that hasn't done any real buisness can't talk from experience .

[mjau]

Yeah, there's no question of whether your game will get cracked.  It will.  There's the casual pirates to consider though, people who will give their full version of the game to all their family and friends, who again give it to their friends, and so on, not because they desperately want to break the law or anything, but perhaps just because they like the game and want others to experience playing it too, and it's just a couple friends, right ..  So, people who never would've visited a crack site end up playing the full version of the game for free anyway.  On the other hand though, the game does get some extra exposure this way and people who perhaps never would've seen the game otherwise might actually end up buying it.  How much this matters though, I don't know.  It's been argued to death.

Anyway, the point is, for casual pirates you don't need an uncrackable game (which is probably impossible in any case), although some protection would probably help a bit.  A serial should do the trick, or even separating the game into demo/full versions and telling people they can share the demo version freely but keep the full version to themselves seems to work fine (in my admittedly very limited experience), specially if you thank people for buying the game in the full version .  More "hardcore" pirates on the other hand will get a crack/torrent/etc for the full version of the game no matter what you do.  In either case, I can't see any need for the more invasive DRM solutions, except perhaps for annoying your legitimate paying customers.

One other point to consider, if you're still planning to do a Linux version of Aquaria (I hope so ), is that there's no standard DRM for Linux that I know of at least (except for the Direct Rendering Manager, but that's probably not what you want ), so you'll most likely have to roll your own there anyway.

[Derek]

Good points!  A Linux version would probably have no DRM.  It seems pointless.  And generally, I think Linux users would be more inclined to support software.

I'm starting to think at least a little protection is a good thing, as you stated.  It's mostly psychological.  Many decent people might not even consider it to be "wrong" if there is nothing in the way.

[frosty]

Copy Protection and Crack Protection should be considered two different things.  Crack Protection is more useful to AAA developers, mainly to  delay (not stop) cracks until their peak sales period has passed (first month or so). 

Copy Protection is more about putting barriers in the way of normal users, who will share it if it's easy enough (e.g. serials, copying installed files, sharing installers, file upload sites.) This is what I concentrated on for my own game. 

I rolled my own DRM, which only took a couple of days.  My biggest reason was user experience.  Most commercial DRM solutions relying on serials are ugly and clunky, negatively affecting the experience for both trial and full version players.  I think this is the main reason people are against DRM -- it's usually a PITA and it adds no value.

Here are the main things I did:

Separate Demo/Full versions
It forces pirates to distribute the full thing, instead of just a serial.  It also lets you distribute a smaller demo file, potentially increasing your trial download rate. 

E-Mail Verification
Instead of a serial, users just enter the e-mail address they used to buy the game.  It pings the server, gets the player's name, unlocks the game, and then writes out the license file.  It's a small popup with very friendly text.  Your e-mail is harder to forget/lose, and easier to type than a 16 character serial (e.g. is that an "O" or a zero?)

Tagged Installer
Each Full installer contains an ID that is appended by the server when they download it.  If it starts spreading, I'll know who started it when someone tries to unlock it or use any of the online features.  If it's obvious that a ton of people are using it, I can lock it down.  Also, I use the same code to tag the trial so I  can track where players got the demo from.

Name in the Game
The buyer's first and last name appear in the Options screen.

So far, 100% of my players have unlocked it without complaining and I even got one compliment on it!

And yes, strictly speaking, I would have *more* players if I just let people pirate it.  But I would rather have a smaller fan base that is actively supporting what I do,  versus a larger one that will just look out for a free copy every time I release a new game.  And I only need sell about 8 more copies to make up for the time I spent developing it.

If anyone is thinking of rolling their own DRM, I'm willing to share more details in private.

[ravuya]

I think that two-factor keys are probably a good way to go... Make them put in both the name and serial. That way, unless your key gen is subverted, it discourages redistribution to 'crackz' sites.

[CountZero]

just throwing an idea

but wouldnt a OTP key pair pretty much defeat any cracking effort?

[ravuya]

just throwing an idea

but wouldnt a OTP key pair pretty much defeat any cracking effort?

Implementation matters -- if I can hit your game into a debugger and attack the particular chunks of code which check the key, it's less than useless.

Then I can just distribute the patched binary (a "crack").

Inevitably, someone will figure out how to do this with any copy protection method, which is why my system won't work either. Perhaps one of the better ways is to download "part of" the game from a central server -- Steam does this -- but people have cracked Steam anyway.

[CountZero]

that can be fixed by the slightlyy annoying serverside checking

and your right the keychecking code would be the main weak spot, since i doubt that they could attack the crypto directly

[mjau]

that can be fixed by the slightlyy annoying serverside checking

No, it can't.  Crackers just disable the serverside checking then, see.

and your right the keychecking code would be the main weak spot, since i doubt that they could attack the crypto directly

Well, the problem with encryption is that a game has to be able to decrypt itself to be playable by the players.  You could have an unbreakable encryption (one-time pad), but it's useless if noone can play the game, right?  The only way to get around this is to do the whole thing in hardware on a system designed to only allow running officially approved software.  This is what's known as "Trusted Computing" though, which is a truly horrible idea for a number of reasons.

[frosty]

One of the axioms of computer security is that there are no 100% secure systems.  It's always about how far you're willing to go versus how far *they're* willing to go.  Unless you want to spend your entire life in that arms race, you have to make judgment call on where to stop. 

That's why my attitude is "if you can crack it by modifying the executable, you can have it."  Same for anyone willing to risk a download on a crack site.  My focus is on preventing the easy stuff like copying the files after they've unlocked it, or modifying the license file.

[ஒழுக்கின்மை (Paul Eres)]

I just did the "simply keeping the demo and full versions of your game separate" route because I thought the work wasn't really worth the hypothetical increase in sales I'd see. I have seen reports that copy protection increases sales of independent games by about 35%, but to me even a 35% increase at the cost of weeks of figuring these types of questions out and installing protection wasn't worth the time. Plus I think my sales/popularity are low enough (like 130 sales or something now) for this not to matter. I haven't seen a download of the full version on p2p networks yet, but with a game like Aquaria you probably would.

I think the best way to prevent piracy is shaming people out of it. Chris Crawford once posted a picture of him and his wife in one of his games, with the caption "we put our live savings into this game, please don't pirate it". Of course, some people are too heartless even for that, but I think most people are good at heart, they just need to be reminded that they are.

[Arne]

C64 Exile is the only game I know of which hasn't been cracked. I suppose it used a honey-pot of sorts. The cracker thought they had cracked the game since they got it to work. However, Exile is a very difficult game, and the crackers never took time to play it though... maybe they were too eager to get the crack out and brag about it with a flashy sinus scroll.

Exile somehow sensed the break in and stealthily removed items a bit into the game in a random fashion. This allowed a copyright infringer to play the game, but he wouldn't be able to get very far.

This is what I've heard anyways. I've tried maybe 3 cracked versions, and none is working properly. The original (uncracked) works fine.

The method is clever since it exploits the cracker's eagerness to rush out the crack. If the mechanism for items, inventories and pickups is coded in a way that makes it tricky to disassemble (encrypted/compressed?) it could work quite well.

It doesn't have to be just items that disappear, it could be enemies and enemy projectiles getting stronger, the heroine becoming more fragile, a stream that becomes slightly stronger pushing the heroine back. Really subtle, random stuff which is hard to notice but eventually render the game unplayable. Then when people whine about it on a forum you know why too.

[Ivan]

I believe Operation Flashpoint did a similar thing. When it detected that it was being illegaly ran, it started degrading the gameplay. Your guns malfunctioned and all kinds of graphical bugs would start to pop up.

[Radnom]

Problem with that method is that if the person is downloading it as a 'try-before-you-buy' sorta thing then they won't buy it later. Also, they might tell their friends not to buy it, because they 'downloaded it yesterday and it was buggy as hell...'

[Arne]

Yeah that's true if you introduce annoying bugs on purpose, but that's different from just making the game harder or whatever, maybe with the first level/area running normally. You could also add stuff that makes the player feel like he'd need a manual . Since he knows he copied the game he's less likely to blame the game for issues that could be solved with a manual. Like, the game could sprout nonsense such as "Configure your HKS Inventory with the HKS bind key to proceed" or "To open this door, use the Merge button on the 4 guardian keys"... then the player will sit there looking for buttons and functions which doesn't exist, wishing he had a manual.

[frosty]

"Configure your HKS Inventory with the HKS bind key to proceed"

 :D  I like that, actually.  Probably not worth the effort, but it'd be funny to see someone ask about it on a forum and see the responses (e.g. "what are YOU smoking?")

Or how about an entire game that is 90% BS like that... basically, if you don't tear all your hair out, you win.

[sergiocornaga]

Demo and full version being separate is definitely something to do. Other measures will probably be necessary, but that's a really good place to start.