The End of Piracy!

  By Shamus   Aug 8, 2008   84 comments

EDIT: Some people have pointed out this is a lot more than it seemed in the article I linked. “Trusted computing” is more than just a unique ID on a chip – it’s a system that operates on both the hardware and software level. Read the comments below for the insidious details.

My original post:

Atari founder Nolan Bushnell says a new chip puts computer piracy on the verge of being eradicated. Now, I’m about to make fun of this guy, but seriously: If I could get a job that paid millions of dollars for saying outrageous things borne of lazy ignorance? Man, where do I sign up?

It is sort of alarming to see that some people – highly paid people – simply fail to grasp the basic mechanics of piracy, even after all these years. Particularly when it’s, you know, their job.

If I’m reading this right, this system isn’t even anything that new. Right now the games that require online activation build a unique ID based on what hardware is connected to the machine. This system would replace that system with a new one that is unique to the motherboard / CPU. That’s sort of nice, I guess. It means you’ll be able to install a new graphics card without needing to re-activate the game. But it’s still a check that can be disabled by any half-decent hacker.

If I may be allowed to commit the self-indulgent crime of quoting myself:

In the original Monkey Island, at one point you are captured by natives who lock you in a simple bamboo hut. There is a trap door in the floor through which you may escape. If you’re dumb you can walk over to the natives once you’re out, and they will grab you and throw you back into the hut. The second time they throw you in, they add chains to the door. The next time the door is made of metal. This keeps going until eventually (if you keep going back) they have a bamboo shack with a massive steel vault door on the front, a timed lock with an alarm system on it. It looks like the front of Fort Knox.

How he keeps getting out is almost as mysterious as why he keeps coming back.

In a lot of ways these DRM schemes are a bamboo hut with a vault door on the front. The keep using a bigger and bigger lock and a more complex system of authentication, but it still has to run on a machine where you can edit the executable, and all the hacker has to do is go in and disable the part that says, “Do the security check.” It doesn’t matter how secure or complex or devious the security check is, if the machine’s not doing it, it’s not doing it.

This new scheme is just a newer, bigger padlock on the door of a bamboo hut with a hole in the floor.

Note to Nolan: It has a unique id? Great. But your software has no way of knowing if that number is being reported correctly. There can be layers of emulation happening above, below, and alongside your software that can tell your game whatever it needs to hear in order to get on with the fun. You don’t control the machine.

My prediction: Not only will this not “end” piracy – this won’t even put a measurable dent in it. The very first game to use this system might enjoy a few extra days before it hits the torrents, and after that the process will become routine and it will be back to business as usual: Games cracked more or less on release day, paying customers are irritated, pirates get to play the game hassle-free, and you piss away a bunch of your shareholders’ money on another bad idea.

But what do I know? I’m not some fancy multimillionaire… president… guy. I’m just a consumer who’s been on the receiving end of this irritating nonsense since the beginning.


202020204There are now 84 comments. Almost a hundred!


1 2

  1. Strangeite says:

    Excuse me while I adjust my tin foil hat.

    Ok, this is the first I have ever heard of the Trusted Platform Module. Granted I have just done a cursory review but the privacy concerns are frightening. I love that the Trusted Computing Groups response to privacy concerns is by stating that the chip has to be activated by an actual human via a prompt at the BIOS level and not software alone. Yeah right, a backdoor can’t be built into that system.

  2. Jeremiah says:

    Sometimes I wish, when I’m having a really bad day, that I could be as oblivious to reality as some of these people; where I can dream of being misinformed and be blissfully unaware of how stupid I sound when make outlandish claims.

    Whatever drug these people are taking must be good stuff indeed.

  3. scarbunny says:

    Oh this guy is to much! Plus this whole chip thing adds a whole new upgrade requirement for legit customers.

    Ah yes Mr Bunny your computer is top of the line, but lovly as she is you bought your motherboard last week, and well you see we have released TPM version 3.456.44 the day after, and unfourtunatly if you dont have it then you cant play the new game. But this time we have deffinatly sorted out the piracy, youll never need to upgrade again!

  4. Daosus says:

    Huh, so THAT’s what that little tab on my motherboard is……..

    PS – just out of curiosity, the article mentions Asia (and India, apparently not part of Asia). The pirate market there is pretty big, as I understand, and many people have modded consoles so they can play pirated games. If bypassing this protection is as easy as putting in a modded TPM chip, how will this stop piracy? Heck, it’s easier than modding an XBox…

  5. Nathon says:

    What I want to know is this: Are these people stupid, crooks, or both?

    Case 1: They have half a clue about security and what they’re doing. They know that no system design is perfect and that even if it were, no implementation is perfect. They know that as soon as a single crack is found in this plan, the floodwaters come rushing through. They know all this, but decided that the shareholders (I’m assuming that was a typo and they were supposed to be plural, Shamus) are easily hoodwinked. The shareholders want them to try, and it’s worth money to them individually if they try. Even though they know they’re doomed to failure, they spend large amounts of money so they can say “See? We’re trying.”

    Case 2: These people are complete and utter morons. They haven’t done any research into past failures and they don’t have the slightest clue about how computers work. This notwithstanding, they think they can come up with an unbreakable system.

    Which is worse? Which is more likely? I don’t know.

  6. Carra says:

    Right, it’ll just take a while but it’ll get cracked. It’s a race between a handful of developers and a world of hackers. Not a fair fight for the first guys…

    But stopping a game from having zero day privacy is a huge benefit. Nothing harms your game more then it being avaiable on the net days before it’s in the shops. The seduction to just download it gets really high then. It’s what Valve did by forcing you to download the last piece of software before you could run your game.

    Postponing the crack by a month is thus a great way to lower the amount of cracked copies. People get impatient of waiting for a cracked game and just go and buy it anyway.

    The very first game to use this system might enjoy a few extra days before it hits the torrents.

    Yes and that mean that the developers won!

  7. Tachevert says:

    It’s a good thing that nobody’s invented a technology that can insert a layer between software and a machine. Hey, maybe we should do that. We could call it a Virtual Machine or something.

  8. TehShrike says:

    Indeed, this just seems like another blip on the anti-piracy radar. Like Strangeite said, the scariest thing to me is that I wasn’t aware that a unique identifier was being placed onto my motherboard.

  9. Daath says:

    I can understand perfectly well the wish to delay the entry of cracked copies into torrents, but not why the cumbersome and potentially problematic copy protections are kept in place long after the cracked versions have made their entry. It seems to me that one could eat the cake and keep it, by shipping the game with copy protection, and after couple of weeks (or longer if the protection still holds, but that’s highly unlikely to happen), dropping it. You have to issue some patches anyway, so it’s not even much extra work.

  10. Factoid says:

    I’m sure in a few years we’ll be playing all of our games streaming off of a server somewhere, so that none of the code executes locally.

    That’s pretty much where all of this is heading.

  11. John Lopez says:

    Unlike prior attempts at access control, the Trusted Platform Module actually has some teeth. I’m not saying it will be bulletproof or that early use will reach its potential, but there are several features not found on traditional protection devices.

    1. When used properly, the operating system boots with the TPM verifying the cryptographic signatures of the operating system components. That makes the operating system itself “trusted” because changes would invalidate the signatures.

    2. These trusted operating components can likewise check the signatures of each program loaded, and permit/deny based on a whitelist.

    3. Pieces of code can execute on the TPM itself, which means they are signed and encrypted to be resistant to modification.

    How is this different from traditional systems?

    1. Traditionally, no checks are made during boot, making shims and debuggers easy to hook in.

    2. Traditionally there was no strong cryptography involved in program loads, meaning modified programs were easy to launch.

    3. Traditionally all the code had to *eventually* run “in the clear” on the chip. The TPM sidesteps this by loading encrypted snippets directly.

    I would compare this more closely to SSL used to protect web transactions than to more traditional protection schemes. We trust SSL every day to make bank transaction online, remotely administer servers and otherwise do high risk activities. SSL encryption has *not* been directly broken to date (although parts have been retired due to weakness).

  12. Steve C says:

    Ah good old Monkey Island. There is another scene that relates to DRM…
    You are after an idol. Eventually you are caught by the bad guys who tie you to the idol and throw you into the sea to drown. As a pirate haven the bottom is covered with old knives, rusty swords and sharp scissors. But oh noes! They are all just out of reach since it’s a short tether.

    You can pick up the idol and simply walk onto land. That puzzle is solved in less time than it takes to look at the entire screen. You want the idol. You’ve been after it for most of the game at this point. It’s natural to go “ooo I want that” and pick it up.

    Like DRM, chaining someone to something they have complete control over is not effective. You end up having complete control over the chain. DRM will always fail because no matter how complicated the lock, they have to give you the keys too.

  13. elias says:

    I’m wondering what will happen when they do realize they just can’t fight off piracy the way they’ve been trying to. I don’t believe your five ways to fight piracy will be enough.

    And the only workable solution that I can think of is that PC gaming will all go to ad-based, WildTangent-like, gaming channel services. With ads paying for the games, the publishers and developers will get some money no matter how much you pay for the game. The store-bought copies will even have the ads, because they can’t tell if you really bought it from the store. Then maybe they will have premium ad-free subscription rates.

    I’m not saying this is what I want, but it’s the only think I can think of that might work.

  14. Nathon says:

    John, the problem with trusting the OS is that the OS is not trustworthy? What’s to stop me from compiling Linux with a TPM driver that sends data destined for the TPM to a character device? Or, aside from the extra effort involved, from cracking Windows to do the same? Then there’s the question of the keys on the TPM. We obviously can’t have a universally shared key between all the TPMs, so why should I believe that the signature I’m looking at comes from a TPM and not some code a cracker cooked up?

    The difference with SSL is that there’s a third party, the CA, who says “Yes, that’s Visa. You can trust them.” I haven’t seen anything to suggest that there will be a universal CA for TPMs.

    Incidentally, SSL back in the early ’90s used 40 bit keys in non-us browsers. I got curious a while ago and wrote a script to crack 40 bit RSA keys. It takes under .1 second on an Athlon T-bird 1.4 and it’s written in Python. Holy cow, talk about insecurity.

  15. Paramnesia says:

    I loved that sequence from Monkey Island, so I dug up my screenshots for everyone’s enjoyment.

  16. Luke Maciak says:

    You have to issue some patches anyway, so it’s not even much extra work.

    Actually patches are expensive since you have to pay developers to make them after the game was released. They could be working on another crappy title instead, so most patches are the stuff that didn’t make it into production due to a rushed launch date. ;)

    I’m sure in a few years we’ll be playing all of our games streaming off of a server somewhere, so that none of the code executes locally.

    Yeah, it will be pay-per-play, with extra charges whenever you want to save your game.

    Unlike prior attempts at access control, the Trusted Platform Module actually has some teeth. I’m not saying it will be bulletproof or that early use will reach its potential, but there are several features not found on traditional protection devices.

    Yeah, it does. It also does have very disturbing privacy and interoperability implications. It could be used to track documents, or even lock them so that they could only be viewed in TPM compatible OS.

    Here is RMS’s rant on the subject: http://www.gnu.org/philosophy/can-you-trust.html

    Granted, it’s RMS so you need to take it with a grain of salt, but he does point out all the possibilities of abuse of this system.

  17. Steve C says:

    I’ve known about TPM for a while. I shopped for a computer that didn’t have it and was unable to find one.Treacherous Computing (as it’s known by it’s critics) would be great if you could trust manufacturers not to abuse it. However hardware and software manufacturers can’t be trusted so it’s a huge security hole. (Remember Sony’s rootkit?)
    Short animated movie about the issue.

  18. I wrote my own entry looking at this announcement at TeleRead. (And provided linkback.)

  19. Kevin says:

    Shamus, please please please keep track of this and let us know when this thing comes out… and how long it takes for this to get cracked. I also am very interested to know how our man Nolan takes the news. (Though I can’t imagine that his statements are really based on ignorance as much as perfidy.)

  20. Daemian Lucifer says:

    You know,this may actually be a good thing.Sure,it wont stop piracy,but at least it may decrease the number of various copy protections a single game has.

    @Carra

    Not really.The games are being cracked so fast because the team involved in the whole process of making/shipping/selling/advertising the game is corruptable.

    Oh,and there is a game that wasnt pirated for months after release:GalCiv2 Twilight of the arnor.And Im quite sure stardocks games will take longer and longer to crack each time,simply because no one wants to.

  21. Derek K says:

    Holy Monkey Jesus.

    So, to be clear, one group is in charge of this module, on my computer? A group I’m not even told about, and a group that has no responsibilities to me, and one I have no recourse towards?

    Great.

    Anyone know how to check to see if my computer has a TPM?

  22. Inquisitor says:

    Give it a week; A month, at most, before there is software that bypasses this for all games entirely. It’d be simple, since they’d all have to use the same chip, therefore the same procedure to perform the check. You fiddle with that, and the doors are wide open.

  23. Dave says:

    If you want to know if you have a TPM: Look in Control Panel/System/Hardware/Device Manager/System Devices and see if you have a Trusted Platform Module. Most of them are supplied to OEMs by Infineon.

    TPMs were designed to solve the problem of hacking the executable. If the executable’s hash is not trusted by the OS, it won’t run.

  24. ThaneofFife says:

    I’m in the crowd that just heard of this. But, after reading the original article, the wikipedia article (http://en.wikipedia.org/wiki/Trusted_Platform_Module), the Richard Stallman rant, and watching the video Steve C linked, I’m genuinely concerned that the clueless Atari guy may have had a point.

    Specifically, it sounds like this system will require some kind of hardware hack to get around, once its implemented. While obnoxious, that isn’t itself too bad. The real problems will arise if copyright owners (game developers, music and movie studios, etc.) start requiring this system in conjunction with continuous internet activation to access their content.

    For games, this wouldn’t be that big of a change, though it would be a lot harder to circumvent (and could easily lead to the person circumventing it being charged as a criminal hacker; it would also lead to me boycotting all games that have this, just as I boycott the current DRM regime).

    On the movie/music side, however, this would lead to a system where you owned nothing more than a license to access content “on demand.” That means no more backup copies, no more loaning a DVD to your friend (whose computer has the same DRM restrictions yours does, or whose computer won’t play your DVD because it doesn’t have the necessary DRM hardware), no more legal “fair use” of content as you see fit.

    This would be a serious change in the way intellectual property is distributed. There would be no right of first sale (i.e., right to re-sell DVDs and CDs you legitimately purchased). Instead you would own a software-type license to your content. The content would cease to be a “good” and instead become a “service,” easily allowing for further restrictions on your ability to access things you have paid for thinking you were buying a tangible good, not a “right to use.” That’s where this is heading.

    Maybe I’m repeating what others have said before. Maybe I’m completely paranoid. Maybe I drank the copy-left koolaid, and am now crazy, but I believe this represents a serious threat to consumers, and needs to be fought (and not via mere piracy). We need to tell everyone who doesn’t already know about this what’s happening and what it means. We need to contact our lawmakers and representatives, and tell them that we expect our rights as consumers to be protected. We need to contact developers of both hardware and content and tell them that we will not buy products that use this system. Finally, those of us who have been duped into buying into these systems and have been harmed by them need to challenge the companies that duped them in the courts. If we want a fair system, then we must act.

    Who’s with me?

  25. Strangeite says:

    Thanks Shamus. I have been doing more and more reading about TPM and my day is now ruined.

  26. Ian B. says:

    I remember them talking about this TPM garbage several years ago.

    It seems like OEMs have been jumping on them lately. I know that Dell has been offering systems with TPM modules since around 2005-2006 (my mom’s Dell laptop, purchased in 2006, has one while my Dell lappy, purchased in 2004, doesn’t). I believe all Intel-based Macs have them as well. I seem to remember seeing HP/Compaq systems with them. I know for a fact that you can disable them on Dells (the last new Dell I set up had the TPM module off by default)…not sure about the others.

    As for independent motherboard vendors, it doesn’t seem like they’ve jumped on it. Considering most of the people that I’ve seen who are serious PC gamers have a custom build, the thriving Taiwanese motherboard market is probably going to prove to be an annoyance to the Treacherous Computing Group.

    The whole TPM thing is one of the only things that I almost completely agree with RMS on (it’s been a while since I’ve read his write-up on it and I’m sure there are a few points that are kind of wacky…it is RMS, after all).

    I honestly think that TPM taking off would be the thing that gets me to switch to Linux permanently. I don’t feel that I, a paying customer, should be under scrutiny. If companies want to treat me like a thief, I’m not going to buy their crap. It’s as simple as that.

  27. Rich says:

    Shamus,

    You do know who Nolan Bushnell is, right?

    I mean, the scheme may be whacked but he’s not just some guy

  28. Pete Zaitcev says:

    Shamus, I hate to break it to you, but properly implemented Trusted Computing is virtually unbreakable. A lot is made out of vulnerabilities which are guaranteed to exist somewhere. This is addressed by placing a sound basic design at the core of the system and mandating upgrades. I think the efforts to run Linux on Xbox and Xbox 360 are most instructive and show clearly how the future will unfold.

  29. Heph says:

    Unfortunately, I agree with some previous posters: we are heading straight for a future where any and all software you use or buy is streamed off a server. Microsoft tried it already, Sun had the whole idea cooked up but failed because of the then-too-slow internet connections, and with MMORPGS and the like, we’re slowly getting used to it. In many companies, office programs are already run off of their own servers – for them, there’s not reall that big a step to just use a Word or Excel based on a Microsoft server.
    For MMO’s, same thing – you’re already playing a game with lots of the content stored serverside. It’s far from impossible to play wit the whoel game on their side, and your box only supplying input (keyboard/mouse) and output (the screen). Local storage can be completely unnecessary.
    Single-player games with on line activation (why do I need internet to play this local game?!) are yet another proof that it’s heading in that direction. See also: all kinds of download services.

    Yes, I really look forward to start hiring/renting games to play :-(

  30. NobleBear says:

    I’m willing to buy the “placating the shareholders” theory.

    As someone who knows barely enough about computers to turn mine on, it sounds like a reasonable and innovative form of protection. (Of course *I* know better if for no other reason, I follow the posts and comments in this blog.[/kissass])I imagine at least some of the SHs might be in the similar boat.

    *shrug* Just a thought.

  31. July says:

    I’m not sure if I understand this correctly, but wouldn’t that make it LITERALLY impossible to play new games on older computers without the identification?

    I read this at the original Escapist article, but it’s a good quote;

    “Do you hear that sound? That’s the sound of pirates all over the world laughing their collective asses off.”

  32. Steve C says:

    @ThaneofFife: “I believe this represents a serious threat to consumers, and needs to be fought (and not via mere piracy).”

    Dude! I’m right there with you. You have caught onto the true threat piracy creates: erosion of real property rights of honest consumers. The current means of fighting the war on piracy is guaranteed to screw over a real property rights and why I’m so passionate about fighting against it.

    And yes it’s the first copy protection that has a hope in hell of working. It has the potential to work because control of your physical property (hardware) is denied to the owner and it is instead kept by Intel after the sale.

    And no you can’t contact manufacturers to protest, nor can you find products that do not ALREADY have it. The time for that has come and gone. If you see anything with “Vista Optimized” on it then it has the TCP chip already in it. (As far as I can tell, that logo requires a TCP chip as part of the qualification to get the logo.)

    It’s clear the industry is waiting on full market penetration as people retire their old hardware that lacks the chip. Once users have no choice because they threw out their old computers, they will switch the TPC chips on. Expect it to happen in 2010 as in 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip, according to IDC.

    And the saddest thing is that the content creators (movie, music, game companies) that WANT this don’t realize what they have done. They are going to sign over all their power to Intel and Microsoft and just like how they signed over power to Apple and have to live with Apple dictating terms, Intel and MS will be dictating prices in a few years.

  33. GamerCow says:

    Feel free to laugh at Nolan Bushnell. He’s definitely a “throw 100 ideas at the wall, and see what sticks” guy. That said, he did found Atari, Chuck E Cheese, and many other ventures, both successful and not.

  34. krellen says:

    I’ve always found it rather amusing that developers really, really want us to return to models of the pre-80s, where everything on the desk was a dumb input machine and all the crunching was done on a remote server.

  35. Jeff says:

    I’m sure in a few years we’ll be playing all of our games streaming off of a server somewhere, so that none of the code executes locally.

    I’d hardly use the word “few”, given the uneven access and coverage of broadband in the G8 nations, nevermind the world.

    Eventually, but it’d be something in a generation or two, not ours.

    Not to mention that could still be easily cracked.

  36. Strangeite says:

    Steve C: You have come the exact same conclusion I have. It really is a smart move on their part. As far as I can tell there are very few, if any, applications that are utilizing the TPM chip. This way they can slide them into almost everyone’s computer without much of a fuss. If almost no applications are using it, almost no one will notice. And their plan is working. Notice how many people on this site were unaware that their computer housed such a chip, until it was pointed out by Shamus. And Shamus didn’t original write the post because of the chip, but because of the games that would use it. Smart.

  37. Daemian Lucifer says:

    @Pete Zaitcev

    Pirated hardware is nothing new.Especially in those countries that were mentioned as the prime reason for TPM.So believe me,it wont be the death of piracy.It wont even scratch the pirates.

    There is only one sure way(now,not sure about the future)to protect your virtual product(wheter its a book,movie,music or a game),and thats online streaming.And Im all for it.At least theres no lying.But Im sure that once majority of cotent becomes available only online,people will find a way to rip that one as well.

  38. Nathon says:

    Streaming content doesn’t keep it out of the hands of the pirates. One person buys a copy (assuming that’s the model we’re using) and instead of running it through a player, pipes it into a file. Simple, effective. Barring that, you could always record it by replacing your sound card (or whatever output device) driver with a pipe to a file. If I can hear the media, I can make copies of it.

  39. Eltanin says:

    Strangeite: If almost no applications are using it, almost no one will notice…Smart

    Don’t you mean “evil”?

    Ok, I take the point. I certainly hadn’t heard of this before, and I have been in a funk all day after learning of it. But an idea just occurred to me which I’d like to throw out there for consideration. I’m going to ignore the repercussions of potential abuse of this chip by the companies and instead consider what many of us seem to feel rather bleak about: online content only. Meaning that we’re only paying to “rent” the opportunity to use software. Cloud computing and all that.

    I mean part of the problem is that you don’t have anything physical which your cash has purchased, right? You only have “rights” to it, but if the company goes belly up or decides to shut you out: tough luck. As I considered this concept I realized that there could be some historical precedent. I’m thinking of the gold standard. I’m sure that when we as a country unhooked the dollar from the gold standard there were similar feelings of angst, even doom. I mean what is the piece of paper worth if you can’t trade it in for an equivalent amount of gold? Suddenly money was no longer a physical thing, but just an idea. Nowadays money is just a serious of 1’s and 0’s. If someone fries the bank’s computers you might not have any more cash.

    But we’re pretty used to the idea, and in many ways it’s extremely convenient.

    I’m curious to hear your (y’all) thoughts about my analogy and why this is different/worse. One thing comes to mind immediately of course: Intel and Microsoft are not the government…yet.

  40. R4byde says:

    Sometime In the Not So Distant Future.
    A depressing short story by
    Thomas *R4byde* Taylor

    And lo! the ignorant masses awoke as one. For their XBox 360x25s no longer functioned, but only displayed a single line of unspoken text. A learned elder, one of the last practitioners of the ancient lost art of intelligent thought, was summoned that he might decipher this omen.

    Utilizing his arcane reading skills the decrepit Wise One explained the message. It said, “Insert Token”. As the Wiseman explained the meaning of these words, the Ignorant recoiled in horror!

    “But we already(some of us anyway) paid for the games and console.” they said. “Why can’t we use what we’ve bought?”

    The Old One explained that they were now under the collective heel of The Corporations, and there was much weeping and gnashing of teeth. But then a comforting face lit up their view screens and SHE the mighty Corporate Entity said, “Do not be afraid for we are benevolent, and will allow you -for a modest monthly subscription fee- to resume the use of that which you have already purchased.” And then there was much rejoicing and feasting as the people turned as one to once again partake of this new bounty of entertainment.

    The Old Man just sighed, as he always did when the foolish signed away their rights in the names of convenience and security, and watched as the world descended into a second dark age a dark age of willful ignorance.

    THE END

    Edit: Aagh! My beautiful formating!

  41. MintSkittle says:

    Reading this post and the comments has me envisioning a future in which storage media is a highly regulated product, sold only to large corporations, and on which all media is recorded. Us normal people would use some form of dummy terminal to access anything, paying some form of hourly rate for this privilege.

    Movies, music, games, everything.

    It scares me…

    EDIT: R4Byde beat me to it, and his post is much better than mine.

  42. strangeite says:

    R4byde: Is this the same Tom Taylor from Bethel?

  43. R4byde says:

    R4byde: Is this the same Tom Taylor from Bethel?

    Nope, I live in a crappy little town in southern Washington state, and nobody calls me Tom. NOBODY! :D

  44. Delve says:

    This is idea much older than many of you realize.
    I first heard about it here:
    http://www.theregister.co.uk/2002/06/24/ms_drm_os_retagged_secure/

    I’m not paranoid. I’m right.

  45. Mari says:

    I read about it from the same link as Delve. My first thought on reading the article is that the guys at The Register were being entertainingly paranoid again (see “The Rise of the Machines” over there if you don’t know what I’m talking about) but after thinking about it some and doing some research I found out that just because they’re paranoid doesn’t mean this technology isn’t out to get you. The ways in which this system can be BROKEN is staggeringly terrifying and that doesn’t even factor in the system working right but bad people cracking it (because, yeah, like there’s any computer security that hasn’t been cracked at some point or another). And, of course, the potential for abuse at the hands of the very companies who have a solid reputation for sodomizing customers sans lubricant is incomprehensible (I believe the Sony rootkit has already been mentioned in these comments). I don’t want to be that guy hording guns, canned food, and gold in a boxcar buried in his backyard, but these guys are making that seem like a sane alternative to handing over the keys to not only my computer but all of my information stored on it (including my OWN intellectual property, thank you, which Microsoft COULD deny me access to since it’s typed primarily in Word documents) and all of my applications and saying, “Don’t put too many miles on it, try to bring it back in one piece, and there’s a tip in it if you’ll top off the tank.”

  46. Shamus says:

    Paramnesia: Thanks so much for those screen shots. You have no idea how long I Googled for just ONE of those. I actually put them together and put them in the original post:

    http://www.shamusyoung.com/twentysidedtale/?p=1651

    Thanks again.

  47. folo4 says:

    yay, for many predictions that electronic services will become stream-only.

    on the other hand, my country’s internet connection can’t even stream videos right, lags like hell in online play, and to top it all off, stability comparable to a late-stage cancer patient.

    In the future, I will lose it all due to my increasingly abysmal connection.

    …Should I get out of my country to better internet-connected countries?

  48. David V.S. says:

    Replying to Carra #6:

    >But stopping a game from having zero day privacy
    >is a huge benefit.

    If that is truly a sufficient goal, why not try a simple scheme like the following:

    (a) For the first month the game requires a unique, paid online account, as with a MMORPG. Customers without an internet connection will simply have to wait.

    (b) After that month is done the game runs without any verification. The paid accounts switch to a secondary purpose: some special “extra” content or levels only accessible to account users, and the game legally running without a CD in the drive.

    With that kind of routine people would still have a game they could play in five years even if the company went out of business. The pirates would also be as helpless for a month as they are for MMORPGS, leading to the company getting the sales it needs.

    P.S. – Speaking of Nolan Bushnell, veryone has seen this 46 minute history of video games, right?

  49. Dirty Dan says:

    I manage to remain optimistic. Once the mainstream computer industry becomes appropriately dystopic, I maintain hope that some with the ability to replicate the old (at the time) technology will break off from the big companies and start marketing old-fashioned machines for which practical usage is not materially equivalent to internet connection and storage subscription. They will appeal to the thinking public the way Linux and other open-source undertakings do now, and as a result they will flourish. Once they become successful enough to be well-known by the general public, a sort of revolution may begin in which people forswear their old masters and reclaim their liberty. By buying computers. Media producers who had since converted to the completely proprietary system will eventually follow suit once they realize that the old, honest market still exists.

    *crosses fingers*

  50. Veylon says:

    I wonder whether internet access will depend on having a valid TPM chip.

    Also, from what I’ve been reading on the internet about this TPM thing, you won’t be able to boot up if your software or hardware changes unexpectedly, or be able to read off data from a hard drive in the “wrong” machine. Better not have a power surge, or have your computer die, because then you’re screwed.

  51. R4byde says:

    Dirty Dan, Abandon all hope now, no one will be able to resist The Corporations because they’ll be watching, always. Through him. -> http://img520.imageshack.us/img520/6080/bigbrotherbillee5.jpg

  52. RL says:

    Maybe I’m wrong, but doesn’t the 360 already do this with its DLC? I know that there is problem with Mass Effect DLC where, following a hardware replacement, you can no longer play any saved games that use the DLC – because your machine’s hardware profile no longer matches the profile that originally downloaded the DLC. Happens with Oblivion as well, I’m told. I’ve been very, very lucky with 360 and have yet to experience any hardware failures (knock on wood), so I don’t know from personal experience.

  53. AndrewNZachsDad says:

    First off, forgive me for not quoting sources directly, here. I read the comments quickly, and don’t stop to take notes. If I go back to find where I read such-and-such, I’ll forget what I was trying to say.

    That said, someone mentioned Dell, above. I worked for them (tech support) for 4 years here in Edmonton. In fact, I first came across Shamus and DMotR when I should have been working. :) I recall when they announced machines with a TPM (Trusted Platform Module) chip. There was much wailing and tooth-gnashing when we learned that it could encrypt the data on your hard drive to be readable only by your computer. We knew we would have to deal with calls from users because their hard drive was now unreadable and they couldn’t access Pogo (that f-ing site would have been the death of me). We were assured that the powers-that-be recognized the innate stup…er, naivety of most users. TPM is off by default and requires a two-step process in the BIOS to be enabled. Now, data encryption is not the only feature of TPM (in fact, it is not directly attributed to TPM, but a feature within another app which does utilize TPM).

    Others above have suggested that TPM will be nigh unbreakable. This is partly true, as it is hardware-based, but it ignores the fact that no one will try to break TPM. They will simply crack the software to bypass TPM – once again, the trap door in the islanders’ hut comes into play. One potential point of entry for crackers is the fact that, as someone else eloquently put, the key must be provided. If I can find where the hand off takes place I can put my own receiver in there (a pipe to a file, as yet another commenter mentioned). Once I have the key, I can pass it to the intended receiver. The originator and the receiver both assume I am the other and I have access to the material.

    I agree with Shamus, here. Something must change. The publishers will clue in that none of their anti-piracy schemes are working and focus all that attention on making games people actually want to play, or a new business model will come into play whereby it is more convenient to buy the material than to steal it, or the current crop of developers will throw up their hands in disgust, take up macrame and leave the field open to mid- and low-range developers who will just be happy to have someone playing their games!

    Sorry for filling up your server space, Shamus. You do make me think, though. And laugh, too. Keep it up,

    Richard

    EDIT: RL, this would mean that your saved games are unusable, but not the game itself. Admittedly, being mere minutes away from killing the major baddie and getting jiggy with the booty-licious hottie and having to start again would suck, but at least you could start again.

  54. ThaneofFife says:

    First, I reiterate my earlier point, and agree with Mari and Steve C: we need to make as much noise about this as possible so that people know. We also need to write our congressional representatives.

    Next, a practical question: I’m looking to buy a new system later this year (probably building it myself or possibly buying from Maingear, Vigor, or the like), so how do I tell if the motherboard or other components integrate the TPM?

    Ian B. had mentioned that the high-end Taiwanese manufacturers weren’t integrating it. I’m not sure where he found that info, though, because perusing the Trusted Computing Group’s website (https://www.trustedcomputinggroup.org/groups/tpm/) I came up with nothing about components manufacturers.

    So, is the TPM in all X48 or 790Sli motherboards? Is it only in certain chipsets, or is it at the manufacturer’s discretion, or is it not in any high-end components yet? Or, is this completely unknown right now? As someone looking to buy in the coming months, I definitely want to figure this out, lest I buy into this ridiculous system, Orwellian system.

    Then again, maybe I’m overreacting…

    EDIT: Pretty sure I’m not.

  55. guy says:

    People who say TPM is unbreakable:

    it can almost certainly be broken by the following four-step proccess
    1. decompile the software
    2. find the segment of code that checks for TPM
    3. highlight it
    4. press the delete key

  56. Dys says:

    A few references to mmos as unpirateable / unpirated there, it’s simply not true. There are ways to set up private servers, so long as the code is out there somewhere it will be gotten to by someone. You’re dealing here with software code, it’ll execute on any compatible hardware and can be modified, at will, by anyone smart enough to do it.

    I have little knowledge of the actual processes involved, but it seems to me as a logic exercise, there is no way of preventing ANY software being copied and executed without permission. So long as the person doing it has full control of all the factors involved all it takes is time and skill.

    Out of interest is anyone aware if it is possible, with this technology, to manufacture a motherboard with a TPM chip which simply verifies anything as trusted regardless. It would then be possible to just buy this instead of a hostile board? Unless the tech is patented to the point where it couldn’t be reproduced (in which case the hardware would be pirate as well as the software, oh noes!) that wouldn’t be illegal as far as I can see.

  57. Veylon says:

    Is it illegal to replace/remove a V-Chip? I know it’s mandatory in TVs now.

    A law to make TPM chip tampering illegal will surely follow hard on the heels of one to make them mandatory, as there’s no point in having them if they can be bypassed.

    Probably around IPv8 or so, a TPM list will be attached to every internet message and logged so that hackers can be tracked down much more easily.

  58. mockware says:

    >Probably around IPv8 or so, a TPM list will be attached to >every internet message and logged so that hackers can be >tracked down much more easily.

    um. you do realize that every packet actually has a unique mac address associated with your interface card that can be used right? Just because you can identify the individual doesn’t mean you can find them.

    Apparently what they plan to do is to encrypt some key files with the TPM on the local motherboard during install. This would prevent a straight copy of software from one box to another. The pirate will have to crack the install rather than the installed software by spoofing a TPM for install and then modify the executable to “get the same key” everytime it checks by redirecting the system call to another object that they would include in their hacked version.

    It takes me back to the “undefeatable” copy-protection when they would scramble a section of the play disk and the program would look for a read error at that sector. Hacking was always the most interesting and rewarding of puzzle games.

  59. Susie says:

    just one question – what are they going to do about the millions of people who live in rural areas and do not have access to high speed internet? The phone companies are not interested in giving it to them, it would cost them more than they would earn. In my town, even people as close as 5 miles out of town do not yet have anything but dial-up. Can a company like microsoft REALLY insist that you stream their product when that is impossible for many of their customers? Will a charity organization have to step in to give these people high-speed internet?

    #54 -> my MSI motherboard (K9N4 SLI) that I bought last year is TPM-free, if that is any help at all.

  60. Delve says:

    As far as rural or otherwise slow internet connections are concerned, do you honestly think Microsoft gives 10 cents for that market segment? Eventually they’ll be forced to get satellite internet of some description or they’ll become so marginalized that even they won’t care anymore.

    As for cracking TPM, the way I understood the process (from back when it was called Palladium) the processor itself will refuse to execute anything that can’t be verified through the TPM chip. So your man in the middle attacks become much more complicated. You have to figure out how to present yourself as being ‘secured software’ before TPM will allow you to execute or access certain parts of the computer. Of course my understanding is like 5 years out of date now and probably wrong to begin with. Either way, it’s a sure-fire scheme to turn about 90% of us into ‘pirates’ just to be able to use the physical hardware product we paid for in a fashion we choose. Even if it is as simple to circumvent as soldering a custom hack chip onto your motherboard, it won’t be 6 months before that’s illegal (assuming DMCA doesn’t already cover that, which I suspect it does).

  61. R4byde says:

    just one question – what are they going to do about the millions of people who live in rural areas and do not have access to high speed internet?

    Flip us the bird when we complain and then assume that since we’re unwilling or unable to pay the arm and leg it takes to get high speed internet connections out in the middle of nowhere that we wouldn’t be contributing much toward their profit margins anyway. Heck they’ll probably assume that we’re evil pirates just trying to stall the brilliant new scheme they just thought up.

  62. David says:

    I’m not quite as worried about this, mainly because the software industry has been trying to do this for at least a decade now, and they still haven’t managed even to come close. Remember ‘thin clients’? Supposedly they were going to get all the businesses in the world to buy stripped down PC’s as terminals, with the software running on the network as a subscription plan. This was going to be how Microsoft assured themselves a permanent revenue stream, and didn’t have to worry about competing with obsolete versions of Office, and so on. One problem – no one wanted to buy it. So with the option of selling people permanent licenses or selling them nothing, well…they went back to selling permanent licenses.

    Same thing is going to happen with TPM if they try to do anything intrusive with it. You’re fine with them giving you this extra chip for free, but if they start trying to charge you rent for your computer, you’ll stop dealing with them – and someone out there will be willing to take their place.

  63. Pat says:

    If you can modify the TPM driver so that software is always trusted, can you also modify it so that the software is never trusted? That would make one hell of a virus payload. If you could get that into the wild, anybody affected wouldn’t be able to boot their computer, play any of their games or read any of their word documents even the backups.

    I can’t decide which would generate worse publicity -if it hit a large corporation and disabled all their systems, or if it just kept killing off all the Aunt Tillies’ PCs.

  64. Steve C says:

    @Pat: Theoretically using TPM as a virus payload should be EASIER than getting TPM to function as intended.

    All you would need to do is corrupt the cryptographic algorithm. Then if TPM is ever turned on or forced on by the same virus it would nuke the system. If TPM needs 2 2=4 and a hacker can make it 2 2=5 (fail the check) then TPM should do it’s job by saying “hey, that’s not right, so the system is compromised. Therefore stop all programs from running that need TPM confirmation.” Since Vista has TPM support built in, I would imagine such a virus would stop Vista from running. Likely that’s the only OS that would cause a complete system failure on the next reboot. Individual programs that support it (like Atari’s) would also fail.

    If a such a virus was implemented correctly, it might spell the doom of TPM entirely by creating public backlash against TPM. TPM is not about you trusting your software/hardware. It’s all about software manufacturers trusting your software/hardware because they sure don’t trust you.

1 2

One Trackback

  1. […] computer programs may not even need a crack. As Shamus Young points out in a post on his blog, Twenty-Sided Tales, the most frequent way that computer games are cracked is simply by […]

Leave a Reply

Comments are moderated and may not be posted immediately. Required fields are marked *

*
*

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun.

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!