next »

[quadisys]

Hello everyone,

I work for a company called Quadisys, we're a startup. What we have basically is a new kind of copy protection technology.

I read a blog where an indie developer claims that 95% of copies of his game were stolen/pirated! I guess we can help you with that. We will be happy to help you and to spread our technology.

Now you probably ask how come we have something different, there's been tens of companies which claimed the same, right?

I'm not sure if it makes sense to post all technical details on how it works, so only briefly.

Basic features:
- Windows only, both 32-bit and 64-bit
- no java, .net, flash, web stuff
- one time internet activation (user enters a serial number, receives protected file(s) from our server)
- we don't need your source code, only the final build (exe, dll, ...)
- if somebody breaks the protection, all the other (present and future) products wont get automatically crackable! It's something as AES/RSA and similar stuff -- if you break one password with brute force, it doesn't mean you can read everyone's emails
- one dialog on your side, server running on our side (scalable, ready for thousands of activations per minute)

Would something like this be interesting for you? As we are looking for references (and real world usage), we'd do it completely for free, servers, customer support -- everything paid by us.

[Muz]

How much would this inconvenience the user? Does it disable things? Do they need an internet connection to register it? Do they need to copy stuff and need their hand held through the process?

Also, what are the fine technical details? If it's good enough, you've probably patented it, and the details should be up there somewhere?

[quadisys]

You're right, it's patented in the U.S.

So what is it about? Let me explain.

Typical protection is just kind of wrapper. You remove the wrapper, you've got a clean, spreadable copy which can be used by anyone. So what are current 'protectors' trying to achieve is to hide this check, this comparison, to obfuscate it as someone has mentioned. But as soon as you find it (it can take hours, weeks, even months, take a look at Starforce for example -- 424 days), the product is finished and in mercy of legal (voluntary) buyers. Apropo Starforce... there's then another element and that's the way how the protection abuses your system... you can read it on wikipedia, what exactly it does, don't know about you but for me it was really scary reading.

These were the starting points for us, the things we wanted to avoid. So... what we have come with?

0. Publisher uploads (clean, unprotected) files he wishes to protect (it might be one .dll, it might be two .exe's + 10 .dlls ...) to our server
- this is of course secure, agreement-based operation, nothing for public

1. Every publisher gets a loader which he executes as the last step in his installation process
- this loader does a hardware check of your computer (looking for unique elements -- serial numbers, IDs, names, ...)
- it sends this information, along with the entered serial key to our server
- as you can see, nothing confident is sent (you can mangle the hw info but then you'll receive a file for another computer registered on your serial key)
- our response will be a file (files) tight to your computer hardware, i.e. it will run on your computer but not on your friend's one
- again, as you see, nothing hackable in this process

2. Customer runs this executable(s), if hardware matches, ok, if not, an error appears

This is how it works from user point of view. Now typical Q&A:

Q: what if I change my HW?
A: you, as publisher, can choose what hardware you expect / allow your customers to change. Plus, how many reactivations do you allow. So in practice: I think my customers are gamers, so I allow them to change video card (video card wont be included in that hardware collect operation) plus since they are crazy upgraders so I allow them to change hdd/mother board/etc three times. That also implies, that you can give your serial number to your 3 friends (or family members or computers in your weekend house), if you are sure you'll never change your hardware, yes, it's ok, I as publisher agree with it. (it's up to me to change these numbers). Plus bear in mind the number of concurrent (already activated) users are always in full control of the publisher -- thanks to the serial key + activation + database on our server.

Q: For every (re)activation I need an internet connection?
A: Yes, you do. You can alternatively sign up in an internet cafe or at your friend's place and download the file there (we'll provide web activation, too -- you bring your hw info file on an usb stick and we'll give you the protected files for your computer)

Q: What about updates?
A: You can upload the update in the same way as in the step 0, i.e. the next time user runs the activation process, new files will be downloaded. No trouble at all.

Q: OK, so how come it's uncrackable?
A: First, we do not claim it's unbreakable. We are only saying we can hold your game long enough on the game market to make some money back. We can debate how effective it is but bear in mind -- if today only 1 player of 20 pays for the product, improvement to 2 of 20 means double revenue!

Q: Cool cool, so how does it work then?
A: As I said, it's similar to cryptography. We inject your executable(s) on random places with thousands of 'crypto points'. There's huge technological background (ring0 stuff, drivers, protected memory etc) but in the nutshell it just asks about your HDD s/n, combines it with some data in the executable and generate some new code on some random place. This 'crypto points' are indistinguishable from regular code so the only way how to recognize them is to debug the app, check the result in memory, store it, patch it and.. move to another one. In a way it's similar to a series of ciphered blocks -- you can eventually crack them with brute force and combine into one but it takes time.

Q: TL;DR. What's the point?
A: The point is that if there's 6000 of these 'crypto points', you have to remove one after each another, you can't automatize it and you can't apply knowledge of one cracked product to another (because each copy is unique, each product has different code, i.e. this 'instruction mixing' happens always differently). So eventually, every game gets cracked but it will happen only after huge dedication from cracker's side and after the main sales are done (typical AAA game makes money in the first 3 weeks)

Super TL;DR version: no permanent Internet access, invisible to user, broad field of options for publisher.

I'm sorry for such a long post I just want to be sure you'll get the idea. Feel free to ask, if you haven't understood something.

[ஒழுக்கின்மை (Paul Eres)]

this sounds like it prevents "cracks" but doesn't actually prevent full uploads? e.g. if someone could get a copy of the game and completely clean it (clearing those 6000 points so that it's free of all drm), they could then upload that individual copy of the game for others to download, right?

[quadisys]

this sounds like it prevents "cracks" but doesn't actually prevent full uploads? e.g. if someone could get a copy of the game and completely clean it (clearing those 6000 points so that it's free of all drm), they could then upload that individual copy of the game for others to download, right?

Right. The point is that we claim it would happen only after few months (hard to estimate exact numbers), i.e. far beyond the point the most revenue is generated.

[ஒழுக்கின்மை (Paul Eres)]

i think that's more true of AAA games than for indie games. for instance, my last game, immortal defense, made about $20,000 over 5 years. but the sales of the first three months was only about $2000 combined. so 90% of the money the game made happened *after* the first three months. so on a small scale often what matters is the long tail rather than the first three months

still, your system sounds better than most systems, but i'd have to see it in actual practice of course. it sounds better than typical wrapping programs anyway (like softwrap, which game maker used, which is horrible; every time you change even a single component of your system you need to email them to re-activate your key code)

[PompiPompi]

Yea, indie is really small scale.
There are thousands of indie games out there, the pirate can simply look for an "easier target".
Not to mention pay what you want bundles where people can pay a cent for a few weeks\months worth of entertainment.

[quadisys]

i think that's more true of AAA games than for indie games. for instance, my last game, immortal defense, made about $20,000 over 5 years. but the sales of the first three months was only about $2000 combined. so 90% of the money the game made happened *after* the first three months. so on a small scale often what matters is the long tail rather than the first three months

To be honest Paul, we have really no idea about indie games. It only occurred to us that maybe it would be a nice way how to get some references, if we offer it for free to people who are happy for every bought copy. It all depends on motivation. Most motivated crackers are of course crackers of the AAA titles. So if you get lucky, maybe your game is out of sight of the best crackers and our technology will stand, well, literally for years.

still, your system sounds better than most systems, but i'd have to see it in actual practice of course. it sounds better than typical wrapping programs anyway (like softwrap, which game maker used, which is horrible; every time you change even a single component of your system you need to email them to re-activate your key code)

Thank you for nice words. If you or any of your friends are developing a game, we'd be more than happy to show you how good it is. It will be 100% free for you, with a legal agreement, all that lawyer stuff, the bill's on us

[Klaim]

I agree with Paul that this might be an interesting solution for some, as it is a bit less a problem than other protections (I don't like the hardware tight thing but I understand the point).

this sounds like it prevents "cracks" but doesn't actually prevent full uploads? e.g. if someone could get a copy of the game and completely clean it (clearing those 6000 points so that it's free of all drm), they could then upload that individual copy of the game for others to download, right?

Right. The point is that we claim it would happen only after few months (hard to estimate exact numbers), i.e. far beyond the point the most revenue is generated.

This might be wrong for most games actually. Industry games need immediate money so they profit from the most immediate burst of sells. However it appears that tons of games have a long life which in long term is more higher revenue than the initial sells. I'm talking only about digital download games on home computers, not boxed games for consoles, obviously, where the limited space makes your statement true. Here you're targeting digital download distribution so I think it's far more correct to say that your solution give protection of the game for the initial period of selling.


What are your plans about other platforms?

[quadisys]

long life which in long term is more higher revenue than the initial sells. I'm talking only about digital download games on home computers, not boxed games for consoles, obviously, where the limited space makes your statement true. Here you're targeting digital download distribution so I think it's far more correct to say that your solution give protection of the game for the initial period of selling.

Of course, it depends on market. I'm pretty confident (and you can find numbers on Internet) that Mass Effect, Max Payne, Diablo, ... series have done the most of revenues in the first weeks. For digital download (indie, shareware, ...) it's different, no doubt.

What are your plans about other platforms?

Mac and mobile phones, that's clear. But for now it's sound of the future, we don't have manpower to develop everything at once (startup, remember )

[Maud'Dib Atreides]

software piracy is impossible to stop

people are becoming more sedentary by the day

...

this gives them more time to practice their trade of cracking games

I don't believe theres a single game that doesn't have a cracked/pirated version

...

correct me if im wrong by posting a link to aforementioned game and I will promptly engage in a pirate shanty  

i hate to be "that person" but with any kind of digital data, a strong level of fatalism calls for acceptance that piracy of your IP is possible, will happen, and ergo, should not be a problem for you because it is a definite YES.

that being said im off to obfuscate my game with a snazzy new program I've purchased.

who wants a nice fresh cup of ad-based revenue for a free game?

[Evilmincer]

I will admit, I was one of those ASSHOLES who took the perfect world, Aion, World of Warcraft codes and gave it to my team. We reversed engineered it and was able to create our own private servers.

We did this for about 4 years.

Until we found a way to make clients that lock in with hardware on your computer
. To prevent people from opening Assembly Code to reverse engineer.

Software can be secured but not made 100% safe. Some jackass will always find a way around it like we did.

We even offered the client src files to Blizzard. but they didn't see it worth while, because of the massive group out there. Like Ragezone.com.

Smartest thing anyone can do. Is  find active people who still do this crap, and report them to their IPS. And the send a note to the companies informing them of the infringement.

[Muz]

For me, the downside is the whole hardware thing. I don't really like any downside with DRM, because that gives the crackers an edge. Everything gets cracked, of course, and ironically, the harder it is to crack, the more people will race for it.

Overall sounds like a decent system, but not for me.

Smartest thing anyone can do. Is  find active people who still do this crap, and report them to their IPS. And the send a note to the companies informing them of the infringement.

Doesn't really work. The IPs in modern countries just tell them that "hey, you have to cut this out and delete it or someone will be angry". The ones in China or Russia or Sri Lanka will just lol at you.

[RudyTheDev]

This is just my opinion, but I prefer the indie scene to remain DRM free. Doing what the "big games" are doing is kind of missing the point. If you don't have that indie spirit, you don't have that target audience. I buy indie games because they are DRM free. Pay, install, play, no bull. I buy games to support the dev.

[Richard Kain]

The reason why systems like Steam are able to implement a form of DRM is because they offer more features for their games than would be possible with a pirated copy. They are able to offer a version of the game that features DRM, but is recognizably superior to pirated copies. (with the added voice-chat, friends lists, achievements, cross-game interface, etc...) People want the best version of a game possible. A major advantage that crackers and software pirates used to have was that they could provide an arguably superior version.

The obvious solution is to either go with an on-line system like Steam, or to take the free-to-play approach. The majority of casual "pirates" don't download games because they are evil. They do it because they are lazy, and just want their games now, without having to pay for them. Software crackers are an extreme minority, and aren't really a major concern. It's the widespread distribution to sedentary software leeches that can effect a game's sales. Free-to-play titles deftly sidestep this concern. No one is going to bother hunting down a pirate torrent if there is an immediately accessible version available from the official website. And Steam makes its money by providing extra features and centralized convenience.

Personally, I found the Serious Sam 3 approach to be both entertaining and effective. I'm a little curious why more developers haven't played around with that strategy.

[quadisys]

Thank you for your opinions, it's always interesting to listen to the community.

Of course, Steam, indie, freemium, ... these are very smart business models and it's very well possible one day they will prevail. But the truth is that currently most of the SW distribution is either done "old school" or pisses off regular users.

By the way, we hear a lot of negative talks about Steam from game communities, too.

[zalzane]

most of the negative talk I hear about steam is from the steamworks DRM not allowing people to play their games while offline. Normally I would agree with this dispute, if it weren't for the fact that steamworks DRM is completely optional and the offline lockout is a decision that was made by the publisher/developer, not valve.

[Klaim]

Also, there is a way, explained in the online Steam faq, to play your games offline.
The only thing is that if a game implementation forces you to play online, Steam can't do anything about it.

[zalzane]

Also, there is a way, explained in the online Steam faq, to play your games offline.

There's also an option to publishers to not allow games to be played if they aren't connected to the steam network, regardless of whether or not the game requires an internet connection to function. I know for a fact that a handful of bethesda games will not allow you to play without being connected to the steam network, for example.

[Klaim]

Yes that's what I meant in the next sentence. So it goes beyond Steam control for some games.