I am finally close to release my puzzle game :p
I have in mind to try a different strategy instead of keygens.
I'll first have the user download the demo (about 2mb), then when he buy the fullversion, he get a "upgrade installer" to update the game to fullversion.
The advantages:
1) installing a upgrade is even more easier than copy&paste a serial number
2) while pirates can alwasy spread the whole package, at least they can't just post a serial or keygen in some site, so they need some bandwidth :)
3) I split the game in two part: the demo won't have the background music, which is an ogg of about 1,5mb, so I'll have a smaller demo and less bandwidth usage (not that is so big anyway!!)

The only problem now is to implement a similar thing for mac, as far as I know isn't easy to make a "upgrade installer" for mac os... :(

How about you simply make your program (the demo the customers can download) detect the presense of a "fullversion.dat" file. The data file can contain all the extra data that make your game the full version. And you still get slight protection from pirates in the fact that they, as you said, can't just post a tiny serial.

Just make an installer that finds where your game is installed and puts your datafile there. I can't imagine that is more difficult on a mac.

Although AF is protected flimsily by only a serial number, it can't be keygenned, on account of the ludicrously strong crytpo used to generate the keys and the fact that you can only register the game by contacting my server which checks it's valid anyway. The registration file then generated can easily be copied to a machine that isn't online but only within a few days of creation, so there's no harm in it being spread onto the internet as it'll soon be invalid. So the only option the crackers have with AF is to crack the checks out and distribute a patch and it costs them a bit of bandwidth :D Maybe you could implement serverside registration checking?

(Still can't find AF on any warez sites for some reason - but then, I don't know where to look really)

Cas :)

Good suggestion Karukef :)
Apparently is difficult for a mac (not impossible, but difficult!) to replace an exe, while you can add/replace things like gfx or snd or levels data :p
After all for this games I've decided to make a fullversion download for mac, since it's only 3.5mb anyway :)
In my future games (working on a RPG next) I need to try the other ways... I suspect they'll be more than 10mb :P

Another problem is cracks. These days it's not serial postings that are the problem, it's cracks. Someone black ices your program and removes the trial version checks.

There is a solution, though not a perfect one, but a reasonable one...

Silent date checks. The main way to tell a crack has been applied is the date that the new exe file was created. If during your install process you record the date of install you can compare that to the date/time the main exe has. If there is more than say 3 minutes discrepency then someone is being a naughty boy. Alternatively, instead of storing the date, you could compare the date to multiple other files that are required for play (the bigger the files the better).

The real trick though comes in silent action - don't just out and out say "warning - you're a cracking scumbag!", instead you gradually deteriorate the game. If in the demo you can go up to level 5, then from level 6 onwards, things very slowly get funny - unnoticeable at first, but by level 10 or more the game has many problems. The hard part is making it clear it's not a bug in the game but something deliberate. So if you have a repetitive action and consequence in the game, you could gradually change the consequence until the game is unplayable/unbeatable. You may decide to give the dirty cracker scumbag warning at around level 15 - somewhere late enough your average cracker won't bother going far enough to see yet early enough to leave the player wanting more.

Also, liberally spread multiple trial version checks around your code. Don't just have one statement like:

if (bTrial) EndGame();

Have multiple lines. And try and code them differently using function pointers, secondary functions that do the same job, have some in dll's and some in the main executable, etc.

The original deus ex did this very well. You couldn't finish the first level if you cracked it. As I recall it was a long time before crackers realised their mistakes and found a way around it.

You can never stop crackers, but you can deter them enough to not bother. They are more likely to give up on a shareware title because there's no glory in it. They prefer to crack the big titles so they can compare their penis size to other hackers.

The main way to tell a crack has been applied is the date that the new exe file was created.
Sounds to me like this would be easy to workaround - you just need to change the creation date on the crack, I don't think that's very hard to do. It would be more effective to do a CRC or MD5 check on the file - perhaps you might like to check the date as well as this.

CRC checks are also good, but also very commonplace. Most hackers will know what to look for with CRC checks. The date check is not the sort of thing your average user would know how to bypass though and it's not the sort of thing your average hacker would look for. And it's a lot easier and faster to spread liberal copies and variations of the date check code around your program in silent checks.

It depends how much you want to proect your software - there are many other methods of deterring hackers that can be deployed alongide CRC and date checking. However, if you go ahead and use a serial number system, you may as well not bother with them. Serial numbers are too easy to spread/bypass.

Cool, thanks for explaining that Damocles. Great advice!

hopefully some helpful tips in this thread as well:
http://www.dexterity.com/forums/showthread.php?s=&threadid=2275

I have a crazy/stupid scheme in mind for my game that is similar to yours and might work:

My game uses Python. I'm not particularly worried about anyone looking at the source and RE'ing it; indeed, the game's going to be pretty moddable the way I've planned it.

So what I'll do is have it test for not only data files at startup, but also CODE in the form of additional Python modules. These will contain all the "goodies" of the full game, like the map editor and additional scenarios, including graphics etc.. If they aren't there, it runs as a demo version. If some oh-so-clever h3x0r writes fake files or changes the code to make it look like a full version, then guess what, all those features won't work, and he might as well be running a demo :D He'd have to end up rewriting all those parts himself, and then provide the graphics etc.

So the only viable solution is to provide a full download, which of course as previously mentioned is a hassle for the pirates and will reduce the overall rate of piracy, which is the most important thing here. While warez types will go ape over "0-days" of the latest AAA titles, I sincerely doubt they'll do so over my little game.

While warez types will go ape over "0-days" of the latest AAA titles, I sincerely doubt they'll do so over my little game.

That's what I thought once. When I made Sliders, being my first game, a small game and generally not a big impact on any scene, anywhere :) I figured a simple serial key check would be enough. Sliders was cracked within hours of my uploading it to public download sites. Alas, hackers don't do it to prove they can, they do it because they are bored or "stickin' it to da man". Ever since Sliders I've spent a lot of time looking into hack prevention. One lesson learnt, only another billion or so to go :)

Keep in mind that you're primary goal is *not* "trying to beat hackers."

You're trying to convince a valid prospect to purchase your game.

It is simply not cost-effective to spin your wheels trying to think up some bizarre, complicated "hacker proof" system. While it may bug you to be told that "you can't beat the hackers", you'll get a lot more done if you just accept it and move on to other things. Find a simple mechanism that works to keep most people honest (of which there are several available), and get on with life.

-David

If you use a keygen, it'll get cracked instantly because it's leet to do so, wheras if you require a download, it will be much harder to find. That's minimizing the effects of piracy by design ;)