This week’s column is about how the Ubisoft copy protection could actually be made powerful enough to keep the pirates at bay for months. Their latest system lasted only six weeks or so, but a better designed system could have endured a lot longer.
Adding a bit to what I said in the column:
Typically a server responds to the client. You run your World of Warcraft client, connect to the server, and then your client will send a request, “Hey, I just showed up in the Goldshire and I need to know what characters are here.” The server then sends you this data. It’s a request / response system that’s fairly easy to reverse engineer. If you’re trying to write your own server, you look at what the client sends and see what the server sends back. Then you make your version of the server do the same thing.
But you could make the process really, really difficult to track by simply making the client a passive recipient of data. The client would just send actions about where the player is standing or what they’re doing, and the server sends the client data without prompting. The server sees you get near Goldshire, then waits several seconds, then sends you the info on the town. It’s pretty easy to figure out a situation like this one, but as the data becomes more crucial to the game and the responses become more obtuse, it becomes harder for the cracker to know what their copycat server should send, and when. Tracking something fast-paced and chaotic like combat would be a nightmare.
The mantra of security people is “obscurity is not security”, which is true only if you need your data to be safe “forever”. If you’re guarding against reverse-engineering a remote system and if you only care about the first few months, then it possible to make a very very safe system. Think of it this way: All of the scripting data of the game is on the server side. Dude A standing here, item B here, door C opens with key D, etc. Somebody – probably a small team of people – spent months setting up those scripts. You need them for the game to work. The cracker can either replicate all of the work done by the original artists, or he can play the game and every possible scenario in it to harvest the data from the server.
(Reading the above, I think I duplicated some of the points I made in the article. I apologize for that. This was a 2,000 word concept that I foolishly tried to cram into a 1,000 word column, and it think the clarity suffered for it. Looking back, I should have split this into a two parter. Fool!)
Anyway: DRM is bad. Boo hoo, pout pout. Etc.
What is Piracy?
It seems like a simple question, but it turns out everyone has a different idea of right and wrong in the digital world.
Bad and Wrong Music Lessons
A music lesson for people who know nothing about music, from someone who barely knows anything about music.
Good to be the King?
Which would you rather be: A king in the middle ages, or a lower-income laborer in the 21st century?
Artless in Alderaan
People were so worried about the boring gameplay of The Old Republic they overlooked just how boring and amateur the art is.
Another PC Golden Age?
Is it real? Is PC gaming returning to its former glory? Sort of. It's complicated.