This week’s column is about how the Ubisoft copy protection could actually be made powerful enough to keep the pirates at bay for months. Their latest system lasted only six weeks or so, but a better designed system could have endured a lot longer.
Adding a bit to what I said in the column:
Typically a server responds to the client. You run your World of Warcraft client, connect to the server, and then your client will send a request, “Hey, I just showed up in the Goldshire and I need to know what characters are here.” The server then sends you this data. It’s a request / response system that’s fairly easy to reverse engineer. If you’re trying to write your own server, you look at what the client sends and see what the server sends back. Then you make your version of the server do the same thing.
But you could make the process really, really difficult to track by simply making the client a passive recipient of data. The client would just send actions about where the player is standing or what they’re doing, and the server sends the client data without prompting. The server sees you get near Goldshire, then waits several seconds, then sends you the info on the town. It’s pretty easy to figure out a situation like this one, but as the data becomes more crucial to the game and the responses become more obtuse, it becomes harder for the cracker to know what their copycat server should send, and when. Tracking something fast-paced and chaotic like combat would be a nightmare.
The mantra of security people is “obscurity is not security”, which is true only if you need your data to be safe “forever”. If you’re guarding against reverse-engineering a remote system and if you only care about the first few months, then it possible to make a very very safe system. Think of it this way: All of the scripting data of the game is on the server side. Dude A standing here, item B here, door C opens with key D, etc. Somebody – probably a small team of people – spent months setting up those scripts. You need them for the game to work. The cracker can either replicate all of the work done by the original artists, or he can play the game and every possible scenario in it to harvest the data from the server.
(Reading the above, I think I duplicated some of the points I made in the article. I apologize for that. This was a 2,000 word concept that I foolishly tried to cram into a 1,000 word column, and it think the clarity suffered for it. Looking back, I should have split this into a two parter. Fool!)
Anyway: DRM is bad. Boo hoo, pout pout. Etc.
Joker's Last Laugh
Did you anticipate the big plot twist of Batman: Arkham City? Here's all the ways the game hid that secret from you while also rubbing your nose in it.
Grand Theft Railroad
Grand Theft Auto is a lousy, cheating jerk of a game.
The Best of 2015
My picks for what was important, awesome, or worth talking about in 2015.
Gamers Aren’t Toxic
This is a horrible narrative that undermines the hobby through crass stereotypes. The hobby is vast, gamers come from all walks of life, and you shouldn't judge ANY group by its worst members.
Why Google sucks, and what made me switch to crowdfunding for this site.