Hacker News new | past | comments | ask | show | jobs | submit login
The Awful Anti-Pirate System That Will Probably Work (jeff-vogel.blogspot.com)
121 points by jeff18 on Feb 26, 2010 | hide | past | favorite | 119 comments



1. Make your own, free saved game server and alter the application code to use it.

This means a lot of work and expense, both to duplicate Ubisoft's game saving code and to set up and maintain the servers. Won't happen.

I'm not even a very good game hacker, and I've done much more dramatic things. It's really not a huge deal. People have reverse-engineered entire online game protocols in order to have their own unofficial servers before the games were even out of beta. The client<->server model of protection is actually a good thing to cracking and the people who use cracks, since the original binary doesn't need to be modified in any way. You just run a little thing in your system tray that emulates whatever portion of the server protocol it needs to. And now you can also get the official updates from Ubisoft, re-activate with your own fake server any time, etc. It's not a "disable one line of code" type deal, but if you think that's even a simplification of how things have been for a while, that's pretty naive.


This is assuming the game is complete, what if the server is sending back parts of the game in response to state saving. For instance, perhaps some of the AI is running remotely. This could explain dropping out of the game: the game is unable to continue.


They could do that. Run some portions of the game on the server, which would remove some of the game logic from the client, making any sort of crack to require adding back in instead of simply stripping out logic.

They probably will not do anything non-trivial for this. It costs money to run servers, and they would have to run much more powerful servers in order to be running game logic for each player. That would eat into revenue, and this game is not even subscription-based.


They don't actually have to run portions of the game on the servers. They can just serve bits of logic code back to the client as certain milestones are met. You can easily cause 1000's of halting points in a program at the price of just a few kilobytes of data this way.

The point is not to make a game hack-proof. Just to make the time to crack long enough for your purposes. (In this case, it just has to last a few more weeks than ususal.) Safes are rated like this, partly by the worst-case time it takes to break into them. http://en.wikipedia.org/wiki/Safe

EDIT: I see from other posts that AC2 has been cracked since 2 weeks before release. In the case of safes, the laws of physics are on your side. In the case of general purpose Von Neumann architecture computers, the mathematical laws are on the side of the crackers.

In short, if you can execute it, you can read it, therefore you can crack it. To work perfectly, which is equivalent to working at all, DRM needs a "trusted" execution environment supported by hardware. Even a server environment is not going to cut it.


It's not settled computer science that the content protection problem always favors attackers, although it's clear that the state of the art does.

I'm only reacting to the "laws of physics" comment you're making. It's not true that "if you can execute it, you can read it", at least for important definitions of "read" (that include "understand" or "modify"). Take, for an example, white box cryptography.

Some problems clearly favor attackers (executing code on general purpose shared Von Neumann architectures with general purpose operating systems). Other problems favor defenders (the halting problem). It's also the case that, smart as (say) 'DarkShikari is, high-end performance graphics and systems coders are not necessarily expert practical compiler theory people.


What would be a summary of that part of "White Box Cryptography" which is new and distinct from the software obfuscation techniques that have been around for most of the history of programming? Is it more than just a bit of mathematical formalism applied to such? That's all I can tell at a first glance.


Within the context of this discussion: WBC on AES would mean that one would be able to execute a white-box AES software implementation, but would not be able to "read"/extract the secret key that is used.

Basically, WBC is a set of very dedicated obfuscation techniques to implement a cryptographic scheme in a "secure" way.

IMHO, The main disction with "usual" obfuscation is the following:

* Obfuscation is a computer science term that refers to hardening a given application, such that it is difficult to reverse engineer. That is, to make it difficult to understand what functionalities are implemented, and how.

* In white-box cryptography on the other hand, an adverary will know that a specific scheme (such as the AES) is implemented, and how it is implemented: the compiler and program specifications are public; the cryptographic key, and the randomness that is used at compilation-phase is private. This is similar to the Kerckhoffs-principle in cryptography, where the security of a scheme should not break down when the specifications of a scheme are known.

There have been some attempts to formalize white-box cryptography. See https://www.cosic.esat.kuleuven.be/publications/article-1260...

If you have any further questions, feel free to contact me. In the near future, I plan to setup a webpage on http://www.whiteboxcrypto.com where I will adress these issues, and explain how WBC works.

Best regards, Brecht Wyseur


That's a hand-wavy comment. AES is just a bit of mathematical formalism away from XOR.


It's a legitimate question by a curious onlooker who's was just introduced to the whole concept of "White Box Cryptography." Apparently there's not a whole lot of proofs, though I perhaps it's plausible to get something useful proved.

Hopefully for it, your (non) answer is not telling.


It costs money to run servers, and they would have to run much more powerful servers in order to be running game logic for each player.

Heh... This is assuming that they do not realize that the more players are connected, the bigger the distributed computing cluster they have available.


the original binary doesn't need to be modified in any way

It's easy for Ubisoft to also force the binary to be cracked: have the client request the server sign a random token with its private key, and verify it with a public key embedded into the client. This way a third party server could only be written if the client was also cracked to either change the key or remove the check.


True.

It's a loss for them either way -- if Ubisoft goes out of their way to add this feature, the effort required by the crackers is proportionally smaller.

I tend to think most of the draconian copyrape is actually internal political maneuvering at these large publishers. Ways for one department to counter another's with figures "look! After implementing xxx DRM scheme in order to prevent loss from copyright infringers in market yyy, total predicted sales volume was not met by zzz! In addition, piracy rates remained at or above zzz1! This proves that our console-focused sales track etc etc" Kind of like how the digital distribution from EA for Crysis actually did not work at all, probably on purpose, for various reasons pertaining to retail and corporate in-fighting (my theory, anyway.)


Isn't this the type of "check at startup" that the article mentions hackers can easily null out?


Maybe game designers should take lessons from Skype in making it as hard as possible to disassemble/hack the binary.


Something tells me both game developers and crackers have been at this a lot longer than Skype... I remember playing cracked Atari games as a young kid, but back then I didn't know what "cracked" meant. In case anyone wonders, I found the games in a huge box of 360K floppies that came with the Atari system when I got it.


Do you know why Skype is so keen on obfuscation?


3. Hack the game to not need to save games on a remote server.

This means a hacker has to figure out the saved game format, somehow jam into the application new code to write the saved data and new code to read it, TEST IT, and get it to work.

In most of the cases, there is no need to figure out the game format. Just read the binary data sent to the server and save it. Usually save game files are not that large and I suspect that most games read them at once to the memory.

Again you don't have to write a lot of code to do all these stuff. Just redirect whatever is sent to the Ubisoft server to a local server host in the same machine. This way the user can carry the save file anywhere. This is an added advantage for pirates while legitimate users should rely upon Ubisoft to save their game files for them. Heck, they can even play when the Ubisoft server is down, or even if there is no internet connection.


They could (probably have) limit that approach too by signing the data (as already suggested) or encrypting it with different keys for sending / receiving.


If you can hack the client binary you can change the keys it uses/expects.


There's ways of making it very difficult to find the keys. tptacek is in the business of doing just that, apparently.


" their own unofficial servers before the games were even out of beta."

Now here's a real challenge: Starcraft 2 beta server


There are people working on it... whether or not they will succeed, I can't say, but considering that fake WoW servers exist, I'm guessing they'll pull it off eventually.


"Probably work"?

It was already cracked two weeks before release! From a few days ago on Buzz:

Just saw a post on the Steam Forum for Assassin's Creed 2 that the impossible to beat, always online, can't save your game or even play the stupid thing without being connected to the internet DRM for it has already been cracked 2 weeks before its release. sigh Did Ubisoft really expect this to work any better than previous attempts to crack down on piracy? Now what they're left with is a piece of software which is being pirated just as much as any other game, except that it treats its legitimate buyers like they're suddenly going to turn into pirates after they've already bought the game.


precisely, the only people stuff like this hurts are the legit users who pay the money.

The hackers will rewrite the whole game if they have to, to make it free. It might take a little longer for them to release it...but can you honestly name a single game that hasn't been cracked?


From the article:

  Edit 2: One quick question for the "Anything can be cracked
  right away." crowd. Where do I get my cracked copy of World
  of Warcraft that can play the real game (not some cobbled
  together emulation server) without paying. Answer: You can't.


of course you can't play on Blizzard's servers...but you can still play on emulation servers.

And WoW is a web only game. Non-web games don't suffer from that.


A lot of things are said on the Steam forum.


That's a good point, and it does refute the post, but there are content protection schemes in major titles that haven't been broken; I imagine you pay more attention to games than I do, and I can't name anything I'm thinking of.

(I'm not sure I can name a title that is unplayable cracked because of content protection; I'd broaden my definition to other security objectives besides piracy).


other security objectives besides piracy

How about identifying someone who plays a cracked game, not immediately but a week or so later? There's all sorts of stuff you could do with that to discourage piracy. It would also be more easily hidden in code. Not sure if any of these strategies are really new, or if they've ever really worked.


Interesting then that I can't find the release anywhere.


Jeez guys, have none of you ever played a ROM on an emulator? You know how they save and resume? By taking a snapshot of the RAM and restoring it later on. Sure, its not great to have to take a snapshot of the 2gb+ of memory being used at runtime by a modern AAA game, but it wouldn't be hard to work out what is just content (textures, geometry, sound), and what are the variables (player location, progress, etc) and just save/load that. And that's only if its too much work to emulate the back-and-forth with the DRM server. And even that is only if its too hard to patch those functions out.

All these people talking about 'significant portions of the game running on the server'... are you serious? Do you realise how fast game engines run? People have enough trouble putting up with the lag on multiplayer games with relatively few actors/entities, running on dedicated servers. If this were truly the case, single player games would also be susceptible to lag, not to mention the amount of load of millions of players' AI routines running on Ubisoft's servers. Damn.

No, this will be cracked, patched or emulated, and the only people negatively effected will be legitimate customers. I'd say that would be the exact opposite of the system 'working'.


> it wouldn't be hard to work out what is just content (textures, geometry, sound), and what are the variables (player location, progress, etc) and just save/load that

As the saying goes - I'd love to see you try it!

In order to capture the state of a running application in such a way that it can later be restored, you need, not only the memory contents, but also the processor state. Imagine that the app is in the middle of modifying an in-memory data structure: the variables used while doing that (e.g. loop counters) will likely be stored on the stack and/or in processor registers. Just as an example!

Even assuming you could accurately pause an application and capture its state completely, how do you propose restarting it? You'd need to reinitialise all the external stuff (graphics device, sound, file handles, etc.), then start the application code at exactly the right instruction.

Maybe installing some sort of hypervisor underneath the OS would allow these things? Good luck :-)

Emulators can do all this with impunity because they're virtual machines - a computer running within a computer. The emulator always has complete control over the memory and (virtual) processor state, display, sound devices, etc., and saving/loading that state is therefore much easier.


It's not that outlandish of a proposal. The application does not need to be savable at all times; it just needs to be savable at some point, which could be a point when the game state is particularly easy to capture. For example, most applications can go into a minimized background state where almost no code is running and nothing is loaded in the graphics card.


Did you ever notice that a process running a single thread of execution can run multiple processes, apparently all at the same time?

Yeah, that. It's called a context switch. It works by "captur[ing] the state of a running application in such a way that it can later be restored". I personally have at least 20 friends who have implemented it, as I would assume most college students at strong CS school would.


FYI: You can just push the stack, and read the values below yours.


RAM snapshots will only work if all of game state is local, and the remote server is being used as a glorified backup system. However, if only a portion of the game state is local to the client, a snapshot of RAM will not be sufficient to progress through the game.


You missed Option 4, which is what will actually happen:

4. Make it easy to set up your own local game server and alter the hosts file on your machine to point to it.

That is dead easy to do. I actually did it for the game FantasticContraption, not to steal it (it's well worth ten bucks. go try it: http://www.fantasticcontraption.com/), but because their server is so hopelessly overloaded at peak times that the game is unplayable.

Sniff network traffic with Fiddler or similar, construct a simple webapp to mimic what's needed (which for this game would only involve storing what you're given and handing it back when asked for it), and run it on localhost. Sorted.

It'll end up the same as every other copy-protection scheme: An annoyance for paying customers, no sweat for pirates. I suspect legitimate paying customers will be running their own servers too.


While I agree that this is probably what will happen, it is probably not going be as easy as you make it seem. There is a very good chance that in this case the entire conversation with the server will be encrypted. In order to emulate this, the encryption will have to be broken. That's hard enough as it is, and you also don't really know what the plaintext is.


Many of the major game protocols are not only encrypted, but are extremely complex and irregular. They're absolutely no fun to reverse.


Though it's sad that the 'extremely complex and irregular' part is probably not by design, but due to haphazardly adding features just to push out a product.


In a couple cases, I know that to be the truth. You're basically looking at the results of getting PC LAN developers to implement Internet protocols, and getting Win32 systems programmers to implement encryption.


They're encrypted with keys that your computer knows, or your computer wouldn't be able to read it. It's not too difficult to find that key and decrypt the information. Once you do that, it's just a matter of figuring out the way the info is sent. This would be pretty easy once the key is taken out.


The solution to onerous DRM is: just don't buy any product using it. No-one needs to buy Assassin's Creed II; there are plenty of other computer games out there.


That's a valid point but it dodges the thrust of the post, which is that piracy is pushing the industry in this direction --- this is a mainstream title from a mainstream vendor that is making a clear and visible usability concession to protect the new release window from pirates.

Most users probably won't care (remember that we're a disproportionately vocal minority --- or, you are; my job is to make these titles worse for you, and I don't ever play video games), and vendors are going to get users to adapt to concessions like this.


You're right, many users won't care about the DRM. What they will care about is a game freezing up and crashing. They won't even realize it's from DRM issues.

I also wouldn't underestimate the tech chops of gamers. These are the guys who overclock hardware, do case mods... just because they're not hardcore hackers doesn't mean they don't understand or care about these issues.


There's going to be someone with the knowledge and ties to the gaming world who's going to try and win acclaim by applying that knowledge.


Agreed - I don't care at all and would buy this game if it was my style. Am I going to give up on having an internet connection at my place, ever? No. So how would this negatively affect me? A little bit of downtime? We all need bathroom breaks.

I understand the resentment at these anti-hacking measures given that this is a hacker community but not all companies choose to make their products in the open-source tradition, and that's a perfectly valid choice for them to make.


You'd put up with the game crashing and losing your save data when your internet gets a little bit wonky? I have fiber to my house within the city, and my connection still gets flaky at times.

And you're right, it is a valid choice. Doesn't mean their choice won't be criticized. This also has nothing to do with open source, and everything to do with treating your paying users like criminals. This pic from the other day is perfect: http://t1.xavimg.com/2010/02/piratelegal.jpg


I think that criticism is just too easy to make, and suggests a lack of empathy for the realities of the gaming marketplace.

Everyone thinks pirates are fun and romantic until it's their stuff that gets robbed.


What's funny is that they're making it more convenient to play the pirated version than the legit version. The more invasive DRM you force on your legit users, the more they're going to look for workarounds online and fuel piracy.


Titles can offload more and more of their game content into code paths that depend on the Internet, and if those titles generate more revenue (because they're harder to pirate effectively), it's not unlikely that the market will move that way.


Why is more pervasive DRM necessarily more of an inconvenience for the user? It will be an inconvenience for an unfortunate minority, but a well designed and executed system could well be unnoticed by most.

I only notice Apple's DRM in iTunes when I have to de-authorize an old computer or authorize a new one, which is only once or twice a year at most.


It depends on how common the minority is, yeah. In the days where DRM required you to insert the original game disc to verify it, a lot of legitimate purchasers of games got cracked copies too just to avoid the hassle of having to swap CDs. With the internet-based DRM, I think it depends on how many gamers have flaky internet connections, or play on laptops at places where there's no internet (e.g. on most trains, buses, and planes).


A lot of that can be addressed by making the connection a bit more "robust." A lot of people who play on trains and buses can could be accommodated by having 24 hours to authenticate.


Piracy isn't pushing anyone anywhere.

Publishers have it in their head that piracy equals lost sales. It's this belief, that DRM can recapture those sales, that is pushing them in this direction.


Sales of PC games, which are dead-easy to steal, dropped off sharply at right around the dawn of the Internet. Meanwhile, the market for console games, which have a much higher barrier to entry to pirate, is booming:

http://origin.arstechnica.com/news.media/video-game-sales-1....

Rightly or not, PC game makers have it in their heads that piracy is killing their business. I can see it both ways: On one hand, I find it hard to believe that not even a small fraction of computer game pirates would purchase more games if they couldn't easily steal them. But I also wonder if declining PC sales aren't just a byproduct of the "serious" gamers' shift towards preferring console games.

Regardless, the market for PC game sales has flatlined, and Ubisoft is trying desperately to jumpstart it by enacting a system that makes piracy significantly more difficult, at least for a little while. I'm sure they'll use the 3-4 months of nearly-zero piracy rates as a yardstick with which to measure the potential of the industry sans piracy. It will be interesting to see if you're right.


> a byproduct of the "serious" gamers' shift towards preferring console games.

Or maybe the complete opposite: Casual gamer's are a much bigger audience than serious gamers. And PC games tend to be more serious. So the shift could be explained in this way, too.

(Just a hypothesis. Your argument has more going for it.)


There are plenty of other data points besides 'dawn of the internet'. Complexity of PC games shot up. Prices shot up. Consoles began to get titles in genres that were traditionally 'PC only'. Also, PC games have always been dead-easy to pirate. It's thoroughly unconvincing to wave your hand at an aggregate sales graph and note a single data point.

And, frankly, none of that matters. All that matters is that publishers believe DRM can turn would-be pirates into customers. It's a belief that's never been borne out by the data. But still they try.

Whether their cause is noble, or reasonable, or justified is irrelevant. It's their belief that DRM is worth-while that causes DRM. Not piracy. Not sales.


That's hardly a solution. There is no way, short of a massive letter-writing campaign, for a software publisher to look at flagging sales and know that it was due to onerous DRM. More likely, they'd blame it on piracy and go looking for even more restrictive DRM.


And so the cycle would continue until sales fall enough that the company goes under. At the same time, assuming people will stop buying DRM'd products, the companies not using DRM on their games will see their sales rise.

This seems like a great solution.


And if it doesn't work that way, would you concede that this model of the world needs to be amended?

(I would prefer that reality works this way. I am a big fan of 2D Boy for one.)


How about the DRM on the Xbox and PS 3 version of the game? 'Same' game, but it is instead a vote for locked-down 'computing'. For those who do need to buy ACII.


Alternatively stop stealing games and pay the game companies for their product and they wouldn't need to go to such great lengths to save their IP.


I do. It somehow doesn't save me from dealing with the DRM and jumping through the hoops that people who don't just bypass.

As the restrictions get more onerous and the hoops get higher, smaller, and set aflame, piracy will not go down.


Sadly, this is true. I ran into this recently with the DVD for the movie Transformers 2. I normally rip all of my movies onto my Boxee system (NOTE: I do this after I purchase the legitimate physical DVD copy of the movie, which I then keep!) It's not only more convenient to pick the movies from a menu, but more importantly for me, with two pre-teen kids in the house DVD's get scratched up fast if don't.

Normally, this is a pretty easy process, but Tranformers 2 apparently has a rather aggressive copy prevention scheme that seems to defeat most DVD rippers. I finally found a ripper that would rip it successfully, but not until after I came very close to returning the damn DVD to the store after a friend at work showed me that the Pirates Bay had not only the full DVD version of Transformers 2 available for download, but the god damn Blue Ray version as well! It would have been easier for me to pirate the damn movie than to format-shift my legitimately purchased copy.


This is why Hulu, NetFlix, and such have an opportunity - they make it at least as easy to watch a streamed movie as to pirate it.

Many people seem to want to use legitimate channels; the industry needs to realize that discouraging them is not the answer.


What about dropping the price of games? Perhaps if they weren't as expensive people wouldn't feel so inclined to pirate them. After all I assume that's why people pirate. No one wants to pay.

However, even if it did cost less, I guess most people would still rather try to get it for free, rather than having to pay anything at all.


The premise is inaccurate - the game allows you to save games locally. You still have to be online but local storage of the save games is a selectable option.


Or you could just disable the save game feature and then run it inside a virtual windows machine where you just save the state of the machine. =)


It's a 'checkpoint' system. Save game or not, the game is constantly checking with Ubisoft's servers - if it can't talk to them it just boots you out. The save thing is a bit of a red herring.


How does that work though? Can't the points where that check is called just be hex-edited to NOOP in the binary? The point of the article was that taking non-trivial portions of the game logic out of the game and pushing them to the server makes it harder to crack the system. Unless the game is constantly getting information from Ubisoft's servers that it needs to function (i.e. save-game logic, AI logic, etc), then the "verify with the server" code can just be ignored in a hacked binary.


I'm not sure if a virtual machine (VM ware player) allows you to have direct access to your graphics hardware. I think VMware workstation allows you to use the hosts video card. But is only supports acceleration for OpenGL.

Besides, this makes justifying PC gaming and the PC as a games platform even more difficult. Especially considering that the xbox 360 and Playstation 3 have already had this game for a while and don't have this DRM system.

Shame, seems like a good game.


I believe that the article is overestimating how hard it will be to reverse engineer the save game code and is fallaciously assuming that crackers will need to maintain a public facing internet server for people to use.

a) You don't need to maintain a public facing save game server -- you simply need to have a local server running at localhost:31337. A successful crack will have this running transparently as you run the game.

b) Many companies entire purpose is to provide "uncrackable" DRM. AFAIK, all of these companies' solutions have failed. Often before the games even publicly ship.

I mean, at the very least, a script kiddie will naively crack the protocol and manually generate save files from each of the levels, so that you can play the game one area at a time. I am confident that it will be properly cracked though. Or as someone else on HN mentioned: you could ship the crack with a light virtual machine and just save states of the entire VM.

There is a huge incentive to crack the game, both monetarily for pirates who will be reselling the game, as well as for the huge prestige for cracking groups. I am not aware of any high-profile game that has not been cracked within a week of release, if not days.


Here's a solution no one seems to consider: make video games cheaper. $50-$60 is an outrageously high price for a game, especially when most of them are of forgettable quality. The people over at Valve/Steam have been saying the same thing, and they would know, they see the sales numbers; cutting prices for their weekend deals greatly increase sales. If companies brought game prices down to a reasonable level, say $20-$30, I bet a significant amount of piraters would start buying games. The music industry is struggling to learn the same lesson, but iTunes and streaming services have shown that making content accessible and cheap means people stop pirating.


Maybe, but on the other hand, on the app store where games are really inexpensive there is still a lot of piracy and a lot of developers can't make end meet because their price is too low...

So, I'm not convinced that making video games cheaper is the answer...


Well obviously pricing them too low won't make you any money. There is a big difference between 25 dollars and 99 cents.


Yes, but that's not my only point, the other problem is that piracy is as widespread it seems for 3$ iphone games than for 50$ games... So the argument that lowering prices reduces the number of pirates seems a little bit optimistic to me.

OT: For rick888, below: it seems that all your comments are marked as dead... which is a pity because from reading your past comments I can't figure why you'd be banned... You should try to contact pg over that.


Somehow I think if they dropped it to $25 the same people will argue that $25 is too much and $10 is the most anyone should be reasonably expected to pay.

People still argue that $1 is too much for music, like somehow in teh internets that dollar is worth 100x more than the real world where it gets you close to nothing.


The question is though would they make up the difference on the volume, it really depends on the game. Games with the latest graphics and massive game worlds that take years to make do need to sell at a certain price to turn a decent profit.

Selling everything around $30 would probably mean games would have to make do with smaller development budgets.


Steam said that when companies cut prices in half sales went up hundreds to thousands of percent. That's in dollars, not volume either. Sure some of the increased sales come from people who don't want to pass up the deal, but still, the numbers are compelling.


X3 Terran Conflict had an annoying, disruptive DRM that only allowed you to install the game 5 times and would count any significant change in hardware config as a new machine. When I got more memory and had to return them, plus reinstalled my OS, I used up 4/5 in the first two weeks.

Normally, I wouldn't touch this with a five-foot pole, given that it puts me at the mercy of them having their servers up to give me a new license just to play my own game. But they did something really reasonable:

After 9 months or so, they released a patch to remove the DRM.

That seems like a reasonable compromise to me.


From the comments on the article:

"Also, you don't hold onto your saved games anymore. They do."

I'm surprised at how many people are making this mistake. Straight from the FAQ: "Will all my saved games be stored online? Yes! They will be stored both online and on your PC." -- http://support.uk.ubi.com/online-services-platform/

That, right there, is why the system will fail. The DRM will be cracked within a week of release.


Everyone hates DRM but I feel like we're not giving the pirates enough blame here. My unscientific conclusion judging from BT sites is PC game piracy is really off the charts these days. A new PC game release often blows away popular TV shows and movies in seeders/leechers. I have some sympathy for the game makers here. If you're already facing declining PC sales and you're releasing a console port months after the initial console release the piracy factor could make a huge difference. I feel like anyone who doesn't like this DRM scheme needs to talk to their friends/family who pirate PC games and explain to them how much they're screwing up the industry for everyone. DRM isn't effective and just ends up punishing honest customers but those honest customers may have to face the reality that they just won't be getting nearly as many PC games in the future if this trend of massive piracy continues. DRM and PC pirates are the enemies here.


Somewhat informative article, but I disagree with the conclusion. Assassins Creed 2 isn't going to be the best game ever, it's not even an original game, just another sequel. So it's not like people are going to buy it no matter what kind of crazy DRM they must suffer through. I imagine that Ubisoft will loose a lot customers because of this decision.


This is a test on Ubisoft's part. They're testing how the crackers, pirates and market react. I'm sure if they make significantly less money than expected they'll scrap the idea. On the other hand if they make more money, they'll roll it out to future releases.

My guess is that they'll make less money. Even if a some people buy the game instead of pirating it, the abysmal reviews on Amazon will have a stronger effect.


> I'm sure if they make significantly less money than expected they'll scrap the idea.

OR they'll still blame piracy and try to make it even harder. until it's nothing more than a streaming webcam pointed at a TV playing it on an xbox.


Those days are probably just around the corner. At least one company is trying to make 1080p streamed games playable. They could install beefy compute servers with 8 video cards per machine in ISP local offices to deal with latency issues.


> just another sequel

Somewhat off-topic but: AC2 is pretty much the game AC1 promised but never delivered.


I've been playing it on my 360 and if you could forgive some of the seemingly simple things that Ezio can't do, it's a pretty good game. I like the fact that money isn't hard to come by if you focus on upgrading the villa early.


What would probably work best is just allowing 200 installs per key (any more requires calling and pleading). Also, every 5 minutes the game sends something to the server and uses SSL to ensure it's communicating with the right server. This seems like an overly simple problem that isn't being approached right.


The author seems to assume that being hard to crack will be a discouragement. The people cracking games are hackers. For a significant chunk of them, the game being difficult gives the draw of being an interesting challenge, as well as a way of getting street cred in the cracking community.


Does anybody have any idea how long it took for pirate WOW servers to be running ?

IMO, most game will go towards becoming MMOG or be played online anyway, people will just get craftier at having pirate servers running.


People were running private WoW servers as early as beta, but it really took off after the game went live.


In Assassin's 2 save games aren't exclusively online. They're synced to Ubisoft's servers but they're not exclusively online. You can even opt out of syncing them so that they're always local to your PC. The net connection is still required though.

However Jeff vogel's conclusion is still valid:

"But they are engaged in a grand experiment. They are seeing if an adequately pirate-proof game can make money. Will keeping cracked copies off the Torrents for a month make extra sales? And enough extra sales to make writing PC games worthwhile?"


The people behind DRM don't seem to get what they are dealing with. The people who pirate/steal their products are not making a choice between buying the product or stealing it, they are choosing between stealing it or not having it at all. DRM, specially of this invasive variety punishes the valid customers who pay good money for the product, while trying to combat the folks whose money the company will never see.


Nice article overall, however... "2. Trick the Ubisoft servers into believing you have a legit copy, so that they will let you save your game." I haven't got a clue what exactly their mechanism is, but I believe that this is a solved problem in cryptography which should be intractably hard to solve if implemented properly.


This would be one example where the DRY coding principle would backfire on them, at least for their purposes. If all of the Game Saving code funnels to one function, then the hackers may be able to relatively easily find and break just that function, and consequently the entire DRM.


  1. Make your own, free saved game server and alter the application code to use it.

  This means a lot of work and expense, both to duplicate Ubisoft's game saving code and to set up and maintain the servers. Won't happen.
Ragnarok Online private servers anyone?


This will "probably work" just like MMORPG's "probably don't get pirated".

But have you seen how many 3rd-party hosts there are for many MMORPGs, some built by hand to mimic the original servers? Requiring a server connection does not stop piracy, it just annoys people.


Honestly, I believe people shouldn't be pirating videogames at all. And most gamers actually don't. So nobody's going to hate them. On the other hand, I think no one's planning to do the same thing for MS Office in the nearest future, that would be insane.


No, the hate will come from 2 directions: One is the pirate crowd that are mostly angry that they can't get the game for free. The other is the people that bought the game and now the damn thing doesn't work because the servers are down or there's a connection issue or they're trying to play the game they paid for on their laptop somewhere where there's no internet.


Don't forget my direction - a guy who always buys his games, but has been deeply disillusioned by the way games have been "consolified" of late, hence has spent less and less on games, and has built up a level of resentment of publishers who think that reduced game sales is owing to piracy, rather than crappy ports.


Just give in a buy a console; that's what I did. If the developers are going to develop console-style games, there's no point in playing them on the PC. And since the PS3 hasn't been cracked, there's no ridiculous DRM.


I don't have a TV to attach a console to, and I really couldn't be bothered with having to manage with multiple physical tokens for each game - I don't pirate, but I do use nodvd cracks and the like. And the games I enjoy, primarily first person shooters, work best with keyboard and mouse.


I think you miss a point in your thoughts: People will hate it because they've payed for the game. First they invest money and then they find out that due to an draconian protection scheme they are unable to play the game at their discretion. And after that happens - and now they will hate Ubisoft - a significant portion of them will probably find out that there is a pirated version out there which does not have this problems. A version which can simply be played. And then Ubisoft has lost many customers. Maybe forever.

One would think the software industry / computer games industry has learned something from the fates of the music and film industries. When their sales declined they put DRM into their products. When that didn't help they made the DRM systems more draconian. And, unsurprisingly, the customers hated it and their sales declined faster. But the software industry / computer games industry seems to be unable to understand this lesson.


Agreed. DRM in music becomes annoying eventually - when you want to copy your files or use them in a different player.

But DRM that makes your game suck whenever your internet connection is flakey - that's going to make paying customers very angry, very quickly. It's a terrible idea.


The reason they will be hated is aptly summarized in this (though that's for DVDs, but same principle): http://www.geek.com/wp-content/uploads/2010/02/piratedvd.jpg


I had to use a pirated copy of SF4 to be able to legitimately play online using the key that came with the copy I purchased due to an install error.


RE: MS Office...

Office, and plenty of other desktop software will nag you relentlessly until you "Activate your copy online".

This is especially annoying for people like me, who spend months at a time off in the sticks where there may be occasional generator power but there certainly is no internet.

Just a few weeks ago, I "activated" my copy of CodeSmith with 5 days to spare (out of 30). If I had had to make a special trip to a city just to do it (which from the pacific coast of Colombia would have required a flight), I would have been pretty upset with that company.


Do you have anything to back up that statement? The article says that 90% of all copies of popular games are pirated, but he also doesn't back it up.

However, it's important to always remember that a pirated copy doesn't equal a lost sale. Many people download a game, but never install it or play it. Others download and play it, but if they couldn't have downloaded it, they would never have played it. And finally, there's a percentage of downloaders that would have bought it if they hadn't gotten a pirated version first.

It will be interesting if this experiment by Ubisoft can determine how large that percentage is. It's definitely not 100%, and it's definitely not 0%. I would guess that it's a single-digit percentage of the people that would normally pirate a game that could go and buy it instead.

However, this new DRM is so vile, that they will also lose sales on it, and I wonder if the sales they gain from delaying the pirating of it is larger than the sales they lose from having a horrible DRM.


The 90% figure is based on the scant amount of information released by a few indie studios.

http://www.joystiq.com/2008/11/13/world-of-goo-has-90-piracy...


There's also a (likely small) percentage of people who pirate games they have already bought in order to "simply play it." I can't tell you how many NoCD hacks I've used, which while different from outright piracy, is very similar in concept and likely prone to inflating piracy figures.

Lastly, there is also the (likely small) category of those who pirate and later buy the game once the price comes down. Many games drop to $5-$10 on Steam after a year or two, which is rather enticing even to a pirate.


I wonder if they turn off, or downgrade to the point of unusable, the servers the day that Assasin's Creed III is launched?

They wouldn't do that would they?


Some game companies have already turned off servers for their older games. It's not a question of whether this will happen but when, especially when the service is provided for free.


For free ?

I paid $80 for a game and they turn it off when they have a more profitable replacement.


You want an anti-pirate system that will work? That's easy, we've had a working system for centuries!

You hang 'em from the yardarm as a warning to others, and then you burn their ships to the water line.

Pardon? Oh, you mean the OTHER kind of piracy.


Hanging by the yardarm also had loopholes. (Ann Bonny and Mary Read both realized this.)


So, out of curiosity, down-voted because it wasn't funny, or because jokes aren't encouraged?


Probably a little of both.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: