Hi all,

The game I'm working in is proceeding, and within some months I want to release it.
But now the (classic) question comes up to me:

What is a good copy protection-level for my game?

I mean, making good protection from a technical viewpoint is not the problem. I know how to make good protection (by basing the serial number on the hardware of the pc so it will only work on that pc). And of course, there are more good ways (activating software etc.)

But I was wondering, would end users find such a protection too agressive/irritating? (an because of that not buying)

A 'normal' serial number (not based on someone's hardware) is easier for an end-user, but people can spread valid serial numbers (over the internet or just via friends). So the risk over the game being copied without paying is pretty big I think (although I have no experience in this, somebody else does?).

Anyone has experience/hints in this?

best regards,
Martin
--------

Basing serial numbers on hardware is very irritating and would definitely put me off. I would suggest just having the full version a seperate download rather than keycode-unlockable.

I HATE so-called Digital Rights Management. Windows XP has it, Windows Media Player 7 and above has it, and now Half-Life 2 has it. As such, I will not be purchasing/using/playing any of these products. I use Gnu/Linux as my main OS because I know that when I want my computer to do something, I don't have to worry about it doing something else without my knowledge. I don't have to worry that the EULA says that I gave up my right to privacy or that some software company has the right to change how MY computer works without necessarily asking me first.

As such, I don't like games that try to lock onto my computer. I reformat and install new hardware all the time. My computer has morphed into something completely different in the years that I have had it. I don't like the hassle of being told that I might have pirated something just because I reinstalled.

That said, I wonder what the common methods are. You don't want to be too aggressive because that is just wrong. And you can't be too light because people out there don't have too much trouble getting a copy protected version illegally.

Having a separate download is nice, but how do you protect against THAT being redistributed illegally?

One approach is to make the game just difficult enough to copy so that it discourages casual copying by Joe User. Of course, Dynamix once said that Tribes 2's success was, in part, due to the fact that Tribes 1 had no copy protection whatsoever.

UBI-Soft did a terrible thing with Rainbow Six 3, where there were 2-3 layers of protection, (including a key server that's not always up, and a serial number that must be entered several times). Very annoying.

Go with key based that has the ability to edit stolen keys lists.

Armadillo (www.siliconrealms.com) has amazing encryption, easy to use, and allows you to edit a stolen keys list so if codes do leak out, your latest build wont allow it to be entered.

Standard cost is $99

Alex

Thanks guys for all the hints and tips.
I know that it will never be 100% secure, maybe not even 90%.
Personally I also dont like software based on hardware keys,
although it is very secure.

I think I will do a mix of things mentioned.

Martin
---------

Hi Martin,

Before you went off to do whatever you feel is right, I wanted to put in my two cents. I guess I should also put a disclaimer here saying that what I am going to tell you is based on my own research, and you should in no way accept everything as I am presenting them to you, and do your own reserach before you reach a decision on your end.

I have been looking for ways to protect my software too. I looked at many forums, read many articles written by people with many different backgrounds. My conclusion is that as long as you are giving a binary away to people to run on their computers, there is no bulletproof, 100% guaranteed way to protect your binary's integrity. Yup.. You heard it right. Absolutely none.

Let me try to explain why things are so gloomy. First of all, you have to think like a cracker/pirate to defeat them at their own game (which is very hard). As far as crackers go, you have to understand that these people are equipped with VERY powerful debuggers, tracers, disassemblers, and they are very proficient in machine language, OS system calls, etc... The tools they use are used by "decent" programers to debug problems. These tools also happen to be very efficient cracking tools. As I said before, as long as your binary is in a cracker's hands, there is nothing that can stop him/her from removing your protection. It is a matter of time and patience. In order to understand the depth of the problem, you need to be able to look at your own binary using some of the available "free" debugging tools, and see if you can make sense out of it. Until you can dig that deep into the code, you have no chance of fighting the crackers. Remember that the crackers do not see your source code, and as a programmer you almost never have to see your binary. Hence the illusion that you think you came up with a rock solid protection scheme, but in the machine code world, it is a very lame one indeed. So, if you want to stop crackers, you almost have to become one and try cracking your own program, find its flaws and try fixing it perhaps by sprinkling some inline assembly into your beautful C# code (or whatever it is you are using). I am going to have to disagree with Cypher from Matrix and say that "Ignorance is NOT a bliss!"

It is a good idea to keep the demo version separate from the full version. If the demo is not supposed to save to a file, then remove the code that saves to a file. This is a good way of keep pirates at bay since the code itself is missing elements. They can't and won't add functionality to your code.

As others have pointed out, this still doesn't stop people from buying a single full version of your software, and distriuting that illegally either on websites, or Kazaa, or whatever.. How do you battle with that? I am afraid you will face the same answer as before. If you have protection in your code for checking a security code, or reading the registry or whatever, crackers will buy the full version, crack the protection and distribute it freely to all.

So you still have to know what your binary looks like, be able to read it and undstand it, figure out how it ties in with your source code. Kinda like a bottom to top approach. You should read up on reverse engineering software (plenty of free information online), figure out how newbie crackers deal with removing very extremely simple protections, and not make these silly mistakes. As far as devicing a "complicated protection scheme" goes, I'd say don't bother. It really is a waste of time. If it was possible, multi-billion dollar companies would have figured it out and implemented it successfully by now! ;) Unless you are losing millions and billions in sale, save your energy for other improvements.

Your main goal should be to please paying honest customers and making it more than just trivial to disengage your software's basic protection by lamer crackers, and then crossing your fingers that your software is actually good enough to be wanted by potential customers.

Good luck with your project!