{"id":36,"date":"2008-01-11T13:06:04","date_gmt":"2008-01-11T21:06:04","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/11\/anti-piracy-security-mechanisms-in-pc-games\/"},"modified":"2008-01-11T13:10:24","modified_gmt":"2008-01-11T21:10:24","slug":"anti-piracy-security-mechanisms-in-pc-games","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/11\/anti-piracy-security-mechanisms-in-pc-games\/","title":{"rendered":"Anti-Piracy Security Mechanisms in PC Games"},"content":{"rendered":"<p><font face=\"Times New Roman\" size=\"3\">    Piracy  has long been a prominent issue in the software industry.  Software developers  and publishers earn their livelihood sellin<\/font><font face=\"Times New Roman\" size=\"3\">g their programs, but since  the products they create are digital in nature, they can often easily  (and illegally) be copied and redistributed with minimal effort.  This  problem applies to all digital media, but one interesting case study  in computer security specifically pertains to the PC videogame industry.   In response to the rampant PC game software piracy on the internet and  in foreign countries, many developers have opted to place security mechanisms  in their software or on the game discs themselves in an attempt to thwart  would-be pirates.  These security features are often effective, but can  have unintended consequences which end up hurting legitimate customers.   In this review, I examine the set of anti-piracy mechanisms on PC games  and single out a few examples when necessary.<\/font><!--more--><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">The  ultimate goal of all anti-piracy security measures is to prevent people  who didn&#8217;t buy a given game from installing or playing it on their PCs.   Walmart has security detectors by the exits of its stores to prevent  people from taking and using things without paying for them, and the  security mechanisms for software serve the same purpose.  The most obvious  asset being protected in this case is the videogame itself, which should  only be accessible to a legitimate owner.  The developers themselves  are also an asset, because the existence of anti-piracy measures theoretically  causes more people to actually pay for their product, rather than obtain  it for free.  Their hard work and investments are rewarded by the money  received from legitimate game sales, so the developers are definitely  protected by these mechanisms.  Many developers argue that these security  measures also protect the game owners in turn, since they can be rest  assured that they have a legitimate copy, and don&#8217;t have to be spited  by other less moral people who say they got the same product for free.   Thus, it is fair to say that the owner of the game is an asset as well.<\/font><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">The  adversaries to anti-piracy security include anyone who wants to illegally  play a retail game without paying for it.  These could be individual  gamers as well as larger coalitions of pirate crackers who release exploits  of a game&#8217;s security mechanisms to the public.  In many foreign countries,  pirated software is a large industry where people can actually go to  stores and buy illegitimate copies of programs.  Other adversaries include  websites and file sharing protocols which distribute cracks or serials,  as well as people among the development team creating the game who have  malicious intent.<\/font><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">The  weaknesses of piracy protection on PC games stem from the fact that  the mechanisms themselves are often present on the game or game disc  itself.  A clever programmer can examine exactly how the mechanisms work  at his leisure and find ways to trick the system into validating an  illegitimate copy.  This often involves some form of reverse engineering  where the programmer picks apart the program and removes or disables  the code which protects the software.  Some anti-piracy software utilizes  unique CD-keys or serials that are distributed with legitimate copies  of the game, and thwarting the protection is often as simple as sharing  the same CD-key or serial with multiple people, since one serial usually  works for multiple copies of a game.<\/font><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">Some  of the best defense strategies involve having the game communicate with  an online server to validate CD-key information.  This ensures that a  unique and legitimate CD-key is used, rather than allowing the same  key to work with multiple copies of a game.  However, even these systems  can be thwarted by modifying the program and removing that code that  makes it check with the server.  Another protection strategy involves  proactively checking for virtual CD drives or other software which would  allow one to bypass the protection, but the software crackers are usually  a step ahead of the developers and can escape detection.<\/font><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">There  are some notable risks that arise from using anti-piracy protection  on PC games.  The most glaring risk is that, in some cases, the protection  is so picky that it keeps legitimate users from playing the games they  buy.  One security mechanism called Starforce has been derided for installing  security software onto users&#8217; machines that persists even when they  are not playing the game.  Starforce has not only been known to keep  legitimate users from accessing their games, but in some extreme cases  it has even ruined CD\/DVD drives or rendered them inoperable.  Another  recent game, Bioshock, requires users to authenticate their copy with  an online server before being able to play.  The server went offline  shortly after the game&#8217;s release, leaving many people unable to play  the game for which they just paid $60.  There were large community uprisings  against both Starforce and Bioshock (separately), and many people said  they were boycotting them.  Ubisoft, a very prominent videogame publisher,  went as far as to say that they would not allow Starforce protection  to be used on any more of their games because it was detrimental to  customers.<\/font><\/p>\n<p><font face=\"Times New Roman\" size=\"3\">In  conclusion, anti-piracy systems are a complicated issue when it comes  to PC games.  On one hand, the developers need to ensure that they reap  the fruits of their labor, while on the other hand they need to make  sure that their legitimate customers are satisfied.  In addition, almost  every copy protection system gets thwarted in some way eventually, and  it&#8217;s hard for security professionals to keep up with the cracking community.   It is unlikely that there will ever be an unbreakable security mechanism  in the future, but the more robust systems which involve communicating  with an outside source over the internet do tend to hold out longer  than others.  In many cases, the delay before a crack for a new game  is released is long enough to make eager would-be pirates give up and  pay for the game instead of waiting, which is indeed the desired outcome.<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Piracy has long been a prominent issue in the software industry. Software developers and publishers earn their livelihood selling their programs, but since the products they create are digital in nature, they can often easily (and illegally) be copied and &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/11\/anti-piracy-security-mechanisms-in-pc-games\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[30,29,28,26,25,27],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-security-reviews","tag-copy-protection","tag-cracking","tag-pc-games","tag-piracy","tag-software","tag-videogames"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}