I’ve decided to sell out. After years of purple-faced railing against DRM, I’m switching sides. I’m going to sign up with the major publishers and help out the pro-DRM forces.
As a gesture of loyalty to my new corporate masters, let me help design the next generation of DRM. No, I don’t mean just sitting down and making more SecuROM. We’ve been doing that for years, and not getting much of a return on it. I’m talking about rolling out some devious stuff that will save us money and be a pain in the ass for pirates.
1. Don’t Do the Check at Startup
Crackers are in a hurry. They want to have their names on the hottest 0-day titles. They want to release their version of our game before the street date. They’re not in this for the game on the disc. They’re not trying to beat our game, they’re trying to beat us. (And rival cracker groups.)
As it stands, the process of cracking a game is “easy:” Just try to run the game, find the bit of code that stops the program from running, and disable it. Repeat until the game works. Okay, there are layers of obfuscation and trickery layered on top of that, and it gets pretty technical, but that’s the basic idea. Doing the check up-front just makes their job easier, since they can iterate faster. Trust me, as a programmer I would much rather try to crack a CD check that happens at startup as opposed to one that happens at some unknown point two-fifths of the way through the game. And hey, if the full version of the game works for a couple of hours and then fails, it acts kind of like a demo.
2. Be Sneaky
If the game detects they’re running the pirate version, then don’t just bring the game to a grinding halt and boot them out. That’s too obvious. Instead, have the game change subtly at some point. One small studio dabbled with this idea and had the game crash at a level change. That’s a decent idea, but in practice it’s probably a bad idea to have pirates clogging up our support system. Batman Arkham Asylum did one better by taking away a basic move, thus making a section of the game impossible to beat. That’s better than crashing, but I think we can really fix their little red wagon if we make the failure virtually undetectable.
Instead of taking away the ability to jump, just make the controls really unreliable. Have the jump button be responsive only half the time. A pirate will have no way of knowing that he’s not done cracking the game. He’ll just think the controls suck. It will make the game extremely difficult (a player will only have a 1 in 32 chance of making it through a sequence of 5 jumps), without giving away the trick. Make it so the check causes different failures at different points in the game. Maybe the Wizard can’t use spells on the final level, or the auto-save and checkpoints don’t work after level six if they’re playing as an “evil” character. Or maybe a door will claim to be “locked” and send them hunting for a key that doesn’t even exist. There is no way the cracker is going to play the game all the way through with all character classes and all endings if they are too busy analyzing every moment in the game,trying to figure out if they died because of a mistake or because the DRM is screwing them.
The beauty is this: Unlike our previous DRM schemes, pirates will suffer, paying customers won’t.
3. Poison the Pirate Well
We should tell gamers we’re doing this to the game, because we want everyone to know that the real game is better than the pirated version. We don’t have to reveal where the DRM kicks in or how it works, but we do want people to know that the pirated version of the game is broken and they should buy the real deal if they really want to enjoy it. Right now, people buy the game and then worry that perhaps they’re not getting the full experience because of the DRM. We want that line of thought to go in the opposite direction. We want the pirate to play the game with the nagging suspicion that he’s missing out.
4. Don’t Forget the Customers
No matter what sort of DRM we use, at some point we need a check to make sure the user is running the original game. I’m going to assume we don’t want to go back to the days of game manual or code-wheel protection. That stuff was cute, but expensive.
So we need to either make the user ask a server for permission to run the game, or make sure they have the disc in the drive. Some people don’t have always-on internet. Some people are on the road a lot and don’t like dragging discs around with them just so they can have access to their game library. The common approach is to screw one group in favor of the other. But why? Can’t we get money out of both groups? How about the game will only check for the disc until it’s been activated online? This means users need either the disc or the internet to run the game.
It also means we can take down the activation servers later without generating a bunch of negative publicity from people crying about their game no longer working.
5. Keep it Simple
SecuROM is the wrong way to go. It’s expensive and it doesn’t pay to have a system that will bypass system drivers, write secret or non-readable / removable data to the Windows registry, hide itself from the user, run in the background when the game isn’t running, attempt to interfere with basic system operations, or be interfacing with the operating system in unexpected ways. This sort of behavior is unethical, and it makes our DRM system less stable and less future-proof. We don’t want the bad publicity that comes from creating security holes and crashes, and we don’t want to deal with the support headaches. A lot of pirates cite this sort of thing as the reason they pirate in the first place. Some customers actually pay for the game, but then download the cracked version so they won’t have this stuff running on their computer. While not pirates themselves, that’s another big group of people helping out by seeding torrents. If we can encourage customers to play the game out of the box, the torrents will have less seeds and piracy will be a little slower, making the whole thing that much less attractive to people who have the means to legitimately buy our game.
So, dump SecuROM. The system I proposed should be way cheaper to develop and will take longer to crack.
It’s really great to be working with you folks on the pro-DRM side of things. I have a good feeling about this.
Incidentally, what kind of health plan do you offer?
Shamus Young is the guy behind this movie, this website, this book, these two webcomics, and this program. He’s also got an AWESOME idea for an FPS game starring a wisecracking space marine with regenerating health.
Published: Sep 11, 2009 09:00 pm