Pages

Thursday, January 13, 2011

Psychological Copy Protection

It's sad to see the constant scrambling to fight crackers and improve copy protection measures. The battle has been going on for decades and yet businesses have yet to learn that you can't stop illegal copying. With next-generation copy protection measures come next-generation cracking tools. It's a useless cycle and they're just wasting money trying to find "the next big thing." *cough* StarForce *cough*

Copy protection methods have always used the some old approaches: memory checksums, data/hardware checks, decrypting data after activation, dongles, obfuscated code, activation codes (serial/registration), etc.

But the problem with those approaches is that they're too obvious and right out in the open. Simply put, it's like hitting a brick wall - it's right in front of you, crackers know where it is, and they can start to work away at it. When debugging code, programmers need to know when a process occurs so that they can trace it. They're not going to trace the entire gaming code, it would simply take too much time.

But what if they (or the user) didn't know that there was any copy protection in place? Or when copy protection algorithms were "activated"?

I've always been interested in the more entertaining and creative forms of copy protection out there.

One of my favorites was MOTHER 2 / EarthBound. It had some standard stuff (e.g. data checksums, piracy warnings) of course, but the "pirated ROM" would allow players to play for several hours without the user ever knowing that copy protection schemes were actually still in place. =]

There were so many ROMs out there too, it was hard to tell if you had the "real" cracked version or not. The only way to tell is to play through the game and look for certain signs (if you knew what to look for) or wait for special events to occur during the game (at critical points, generic crash/freezes are caused and all saved games are deleted.)

That's just awesome. =]

This approach is a good example of what you want to take advantage of, but without the piracy warnings (as they stick out) and other obvious "signs" that exist during the beginning of the game. You don't want the cracker or player to know that there's copy protection in place, or what version they're even using.

Recently, Ubisoft incorporated an "amazing new copy protection approach" into the NDS version of "Michael Jackson: The Experience". Illegal copies would show no notes played, the game would freeze when paused, and vuvuzela's would be blasting over the music.

This is actually an old copy protection method, in fact, and it's just another "brick wall" that prevents you from playing right away, and thus making it easier for crackers to detect, trace and disable the copy protection measures.

In that same Wired article about Ubisoft's novel approach, there's a quote by Nintendo President Satoru Iwata: Battling pirates “has been like a game of cat-and-mouse"

If you want to seriously fix this problem, stop being the predictable mouse and stop trying to be the cat.

What you should be is a fucking ninja/pirate hybrid and engage in subtlety, confusion, obscurity, dirty tricks, and deception. Is this really a battle, or just a game?

So, here's my recommendation for developers/publishers (using a RPG as an example):

Part 1

- Announce that the game will not have an annoying DRM, no activation will be required, that it doesn't need to be online all the time to play, etc. There's no need to make a big deal about this either.
- Alteratively, you could put standard copy protection in place, announce that there's copy protection but ensure that you don't pay too much for it as it's really just a red herring so that crackers bypass it and release their pirated version. Going the copy protection route will come in handy later actually however, but this will make more sense in Part 3.
- You want players to be on your side, not supporting pirates.
- Realize that there's no point in DRM - it will just be broken on the first day. Instead, focus on making a great game since that's where the majority of your revenue will come from.
- Keep the retail cost of the game low.
- Talk to people who do pirate your game, work with them to make your game better, get them involved in your game and future games. If they're involved in the project, they'll support you and probably buy all of your future games. Especially if they know you personally.

Part 2

- Over half the battle is controlling information and perception.
- Release several different versions of the "pirated version" on torrent websites (and P2P/FTP/etc) under various real, independent or anonymous group names. Use a private VPN, get randomized source IPs going.
- Those pirated versions should be crippled out right, or simply stop functioning early in the game (freezing/crashes). These would be special pre-fabricated versions of the game (ie, not the full game.)
- Spread false information on forums/websites that you've heard reports of these pirated versions containing a new type of virus, can damage your PC, have keyloggers that target MMORPG's, etc. (Game publishers already send out these types of warnings for pirated games in general already anyways.)
- Keep in mind that most players who pirate aren't technically savvy, and they'll just download the first game/MP3 they see (or download multiple copies if they're not sure.) Help them waste their bandwidth, would be nice too if they're capped on a monthly basis.
- Fill up torrents and forum posts with so much misinformation (even good old "it's being tracked by the FBI"), that you'll discourage users from downloading the game or they'll want to wait.
- If the game is amazing and highly sought after, many will just go out and buy the game rather than taking the risk of downloading the "dangerous pirated copy" or wasting more bandwidth.
- Since you'll have a lot of time to prepare, your outsourced employees (ie, plants) can build up a trusted name for themselves on various forums or release websites.

Part 3

Okay, this is where things get interesting.

- The real game will be investigated/cracked by various groups, they will test play it (not a FULL play through mind you), and then release it quickly (they might be in competition with other cracking groups, sometimes the programmers are lazy, they believe that it was cracked successfully, etc.)
- You don't want your hidden DRM measures to take effect early in the game. Instead, wait until the player is nice and comfortable first before you hit them with it. When it happens, it won't be obvious either. (Much like EarthBound, players didn't even know that they were using the "bait" pirated ROM until it was too late.)
- After an hour or two of playing (or longer/keep it random), reward the player with an epic item drop for example, and then "crash" the game shortly afterwords. Save games should get corrupted in the process too.
- You don't want the player to be angry at your game or the developer, you want to instead redirect their rage to someone else. The game should be rewarding the player, but when things go wrong - blame the pirated copy.
- When the game crashes, it should be a standard Windows error page casting blame on "RZR1911.DLL" or "CRACK.DLL". That's an excellent way to convince players that the crack was responsible for the crash and their loss of time.. it wasn't poor coding in the game.
- Also incorporate other random crashes with unique error codes, so that when they (Google) search the message they're brought to a forum that explains that only pirated versions cause those crashes and that they don't occur with retail versions. Also explain the dangers to their PC from using this specific pirated game.
- You want to start causing doubt in the user's mind and these pirated copies should be scaring players.. "is this really safe to run on my PC?" Random exception faults, fake freezes, BSOD's, driver failures, corrupted save files, reinstalls required - this is all because by the cracking groups.. it can't possibly be something that's built into the software as a form of copy protection. =]
- Of course, cracking groups will start releasing "updates" to fix the issue. But you should be doing the same. Also, since they don't know where the copy protection begins and ends, they will be releasing crack-fix upon crack-fix upon crack-fix once they are discovered.
- There's going to be so much misinformation out there, players won't be able to tell whether they have the real version or not. The anticipation alone of having to play for 3 hours, then having a random crash (and lost saved games) is not worth the amount of stress. You want players to mistrust the pirate community, not the game developer. (Yes - I understand the irony of it all. But this is war, irony be damned.)
- These groups might also start making news announcements about this type of copy protection - but the damage will have been already done. Most of the downloaders rarely read these news items on their official pages anyways. As the game developer you can simply state that their "band aid solutions" and "poor skills" are responsible for the current state of the game and that it's ruining the experience for players (and hence should buy the real game and avoid the inferior or possible infected pirated versions). =]
- At later stages of the game (ie, points where it's been patched by cracking groups), you could start taking different approaches - like checks, changes to difficulty, invisible changes to player stats, random boss cheats (e.g sudden smack down), etc.

Basically, stop making it easy for crackers - make them seriously work for it using means that they're not used to. They've been spoiled for far too long.

While they're hard at work creating countermeasures, you'll be gathering more "converts".

And instead of trying to find the next "best" form of DRM, just start using a little conditioned response, some psychology, control of information, red herrings and confusion (keep the crackers busy), and putting your DRM out in the open. No one should even know if there's any copy protection in place. Let players get into the game after a couple hours first (consider it a demo) as that's where it will hurt them the most. But, make sure they blame someone else and not the game.

Just a thought.

* UPDATE (02/15/2011):

So, someone on Reddit just discovered those clever copy protection methods in EarthBound, which brought up a little conversation on other games doing the same.

I didn't even know about these, but they were pretty cool to read and confirmed just how effective this kind of DRM is.

Here's an interesting article on Spyro the Dragon 3. Get this: it took 2 months to crack fully. =]

The Spyro copy protection methods took place after playing for long periods of time, and the crackers kept assuming that they removed the DRM each time. However, the glitches and piracy warnings were made obvious to the user - so the crackers knew WHEN (well.. where) to remove the DRM. Imagine if they never knew when/where to remove the DRM though? (Like what I've been talking about.) =]

The trick is to make random and undetectable copy protection, and play with their heads a little bit.

Another cool (more recent) one is Batman: Arkham Asylum. When the main copy protection was removed, there was still a small tweak made - pirated copies would not allow Batman to fly/glide, making the game impossible to progress.

I'm surprised developers don't do this more often.