Anti-Piracy Security Mechanisms in PC Games
Piracy has long been a prominent issue in the software industry. Software developers and publishers earn their livelihood selling their programs, but since the products they create are digital in nature, they can often easily (and illegally) be copied and redistributed with minimal effort. This problem applies to all digital media, but one interesting case study in computer security specifically pertains to the PC videogame industry. In response to the rampant PC game software piracy on the internet and in foreign countries, many developers have opted to place security mechanisms in their software or on the game discs themselves in an attempt to thwart would-be pirates. These security features are often effective, but can have unintended consequences which end up hurting legitimate customers. In this review, I examine the set of anti-piracy mechanisms on PC games and single out a few examples when necessary.
The ultimate goal of all anti-piracy security measures is to prevent people who didn’t buy a given game from installing or playing it on their PCs. Walmart has security detectors by the exits of its stores to prevent people from taking and using things without paying for them, and the security mechanisms for software serve the same purpose. The most obvious asset being protected in this case is the videogame itself, which should only be accessible to a legitimate owner. The developers themselves are also an asset, because the existence of anti-piracy measures theoretically causes more people to actually pay for their product, rather than obtain it for free. Their hard work and investments are rewarded by the money received from legitimate game sales, so the developers are definitely protected by these mechanisms. Many developers argue that these security measures also protect the game owners in turn, since they can be rest assured that they have a legitimate copy, and don’t have to be spited by other less moral people who say they got the same product for free. Thus, it is fair to say that the owner of the game is an asset as well.
The adversaries to anti-piracy security include anyone who wants to illegally play a retail game without paying for it. These could be individual gamers as well as larger coalitions of pirate crackers who release exploits of a game’s security mechanisms to the public. In many foreign countries, pirated software is a large industry where people can actually go to stores and buy illegitimate copies of programs. Other adversaries include websites and file sharing protocols which distribute cracks or serials, as well as people among the development team creating the game who have malicious intent.
The weaknesses of piracy protection on PC games stem from the fact that the mechanisms themselves are often present on the game or game disc itself. A clever programmer can examine exactly how the mechanisms work at his leisure and find ways to trick the system into validating an illegitimate copy. This often involves some form of reverse engineering where the programmer picks apart the program and removes or disables the code which protects the software. Some anti-piracy software utilizes unique CD-keys or serials that are distributed with legitimate copies of the game, and thwarting the protection is often as simple as sharing the same CD-key or serial with multiple people, since one serial usually works for multiple copies of a game.
Some of the best defense strategies involve having the game communicate with an online server to validate CD-key information. This ensures that a unique and legitimate CD-key is used, rather than allowing the same key to work with multiple copies of a game. However, even these systems can be thwarted by modifying the program and removing that code that makes it check with the server. Another protection strategy involves proactively checking for virtual CD drives or other software which would allow one to bypass the protection, but the software crackers are usually a step ahead of the developers and can escape detection.
There are some notable risks that arise from using anti-piracy protection on PC games. The most glaring risk is that, in some cases, the protection is so picky that it keeps legitimate users from playing the games they buy. One security mechanism called Starforce has been derided for installing security software onto users’ machines that persists even when they are not playing the game. Starforce has not only been known to keep legitimate users from accessing their games, but in some extreme cases it has even ruined CD/DVD drives or rendered them inoperable. Another recent game, Bioshock, requires users to authenticate their copy with an online server before being able to play. The server went offline shortly after the game’s release, leaving many people unable to play the game for which they just paid $60. There were large community uprisings against both Starforce and Bioshock (separately), and many people said they were boycotting them. Ubisoft, a very prominent videogame publisher, went as far as to say that they would not allow Starforce protection to be used on any more of their games because it was detrimental to customers.
In conclusion, anti-piracy systems are a complicated issue when it comes to PC games. On one hand, the developers need to ensure that they reap the fruits of their labor, while on the other hand they need to make sure that their legitimate customers are satisfied. In addition, almost every copy protection system gets thwarted in some way eventually, and it’s hard for security professionals to keep up with the cracking community. It is unlikely that there will ever be an unbreakable security mechanism in the future, but the more robust systems which involve communicating with an outside source over the internet do tend to hold out longer than others. In many cases, the delay before a crack for a new game is released is long enough to make eager would-be pirates give up and pay for the game instead of waiting, which is indeed the desired outcome.
Comment by chrt00
January 12, 2008 @ 9:17 pm
I think that the authenticating party of the anti-piracy software can also be an adversary. The process could send information of the computer and user to the authenticating server and compromise the user’s privacy.
StarForce uses a device driver in Windows, going thru other drives at a kernel level. This could compromise the user’s system if it had a vulnerability.
Comment by gbc3
January 13, 2008 @ 10:28 am
Very Interesting. Its too bad that they cannot follow the same behavior as activating windows XP to authenticate their legitimate game copy. Where, depending on how you setup the installation, you have up to 30 days to ‘activate’ your copy. However, you could probably get all the enjoyment you would want by playing a game without activating in that time frame. Sadly this response has very little to do with computer security, and more about building off existing ideas of authentication.
Comment by Dustin Chang
January 13, 2008 @ 1:02 pm
Commenting on the issue of anti-piracy, I think most of the current anti-piracy measure have little effect on preventing piracy, while greatly lower the overall gaming quality of legit users. Lets take the most common measure, serial number, for example. I believe most people have the same experience of wanting to replay some old games you purchased a while ago, but you could not find the serial number no matter where you look. At the end, most people will end up looking for a crack or serial number online from illegal sources.
Other then the issue of anti-piracy, there are definitely other assets that need to be considered for a PC-game that was not discussed in the post. For example, game producers will want to protect game related data such as user info, source code and etc. from potential adversaries such as competitors or malicious users(especially in multi-player games).
Comment by zaxim
January 16, 2008 @ 7:19 pm
This is a good summary of our current game copyright “protection” landscape. I was wondering what people thought would be more effective deterrents against game piracy?
One example I can think of is for making special content, or even main game content, only available to users with an internet connection to a main server. For example Spore (http://www.spore.com) is going to be an offline game, but new game content will be developed by players and uploaded and downloaded automatically to a server. Because of this frequent connection to the server, illegitimate programs (e.g. duplicate serials, or other forms of identification) could be blocked from accessing this content, minimizing the user’s enjoyment of the program.
I know that for other games most servers block illegitimately acquired software from playing multiplayer on official servers, which I think is an effective deterrent. Although there are work-arounds against this, like unofficial servers, or spoofing the server.
Comment by ironman36
January 31, 2008 @ 6:54 pm
So I guess it all explains why pc games such as Brother’s in Arms:Hell’s highway and asassin’s creed are being ridiculously delayed numerous times for some strange reason. well iam not a pirater but I will say this….It’s never gonna stop.
the game industry can try to pull out the best strategy out of the Sun Tzu war manuel, somebody is gonna crack the games regardless. and PC is not only the victim, consoles are catching it too. just look up any popular game in any torrent site. its availiable in raw file. all you have to do is snag it. thats right, snag it! and if you are a true computer whiz and know a thing or two about files and imaging, its cake.
but you still got those other millions who don’t use torrents and the games still generate mad revenue and its not fair to make stuff too complicated for the “honest consumer”. so what are these greedy game industries complaining about? more money for a private jet? if they think these delays are an effort to say “confuse” these Jedi piraters waiting for the release date like vultures in the Mahabi desert, they are stupid. they are only hurting themselves. and its simple, release the games, stop complaining make money.
Comment by K.Ganapathy
July 21, 2008 @ 8:35 pm
The problem is no software manufacturers want to pay for a non crackable anti piracy mechanism. I have developed such a mechanism which cannot be cracked. A big software company wants it for free!
To develop such a mechanism, one need not have to be a whiz kid. There is a simple solution. Any one prepared to pay for this? No one will even acknowledge that such a thing is possible.
K.Ganapathy
Comment by Nick Erkert
August 4, 2008 @ 8:41 am
K.Ganapathy,
I’m also one of your skeptics in that an uncrackable method to protect games from piracy exists. So prove us all wrong and release a sample of your system to the world. If no one can break it, you’ll be more credible and companies will be willing to buy your software/idea. Until then saying you have an uncrackable mechanism is nothing more than vaporware.
Comment by K.Ganapathy
September 2, 2008 @ 10:06 pm
Nick Erkert,
My anti piracy mechanism not only stops a program (no music/movie and O/S)from loading on even a second PC, but also displays a message while attempting to load, that this CD has been loaded on one PC and will not load on this PC.It can also be configured to display in whose PC it has been loaded. Additionally this can also be configured to send an email/legal warning notice next time when connected to the internet.
To test this, I need a program along with its programmer. This mechanism is to be written in the program itself. My mechanism is not a seperate program by itself.
I am in no hurry to sell this now. I have gone thru all patents on this subject. Nothing comes close to this. I am not a computer man. I work in a pharmaceutical company in-charge of distribution,production planning and related services. Our task force is about 700 people and we are growing at 50% annually.I don’t get any time to update my anti-virus also.
But I will appreciate if you send me your opinion at kgiyer@hotmail.com
K.Ganapathy