This week’s column is about how the Ubisoft copy protection could actually be made powerful enough to keep the pirates at bay for months. Their latest system lasted only six weeks or so, but a better designed system could have endured a lot longer.
Adding a bit to what I said in the column:
Typically a server responds to the client. You run your World of Warcraft client, connect to the server, and then your client will send a request, “Hey, I just showed up in the Goldshire and I need to know what characters are here.” The server then sends you this data. It’s a request / response system that’s fairly easy to reverse engineer. If you’re trying to write your own server, you look at what the client sends and see what the server sends back. Then you make your version of the server do the same thing.
But you could make the process really, really difficult to track by simply making the client a passive recipient of data. The client would just send actions about where the player is standing or what they’re doing, and the server sends the client data without prompting. The server sees you get near Goldshire, then waits several seconds, then sends you the info on the town. It’s pretty easy to figure out a situation like this one, but as the data becomes more crucial to the game and the responses become more obtuse, it becomes harder for the cracker to know what their copycat server should send, and when. Tracking something fast-paced and chaotic like combat would be a nightmare.
The mantra of security people is “obscurity is not security”, which is true only if you need your data to be safe “forever”. If you’re guarding against reverse-engineering a remote system and if you only care about the first few months, then it possible to make a very very safe system. Think of it this way: All of the scripting data of the game is on the server side. Dude A standing here, item B here, door C opens with key D, etc. Somebody – probably a small team of people – spent months setting up those scripts. You need them for the game to work. The cracker can either replicate all of the work done by the original artists, or he can play the game and every possible scenario in it to harvest the data from the server.
(Reading the above, I think I duplicated some of the points I made in the article. I apologize for that. This was a 2,000 word concept that I foolishly tried to cram into a 1,000 word column, and it think the clarity suffered for it. Looking back, I should have split this into a two parter. Fool!)
Anyway: DRM is bad. Boo hoo, pout pout. Etc.
The Gradient of Plot Holes
Most stories have plot holes. The failure isn't that they exist, it's when you notice them while immersed in the story.
Marvel's Civil War
Team Cap or Team Iron Man? More importantly, what basis would you use for making that decision?
The story of me. If you're looking for a picture of what it was like growing up in the seventies, then this is for you.
Crash Dot Com
Back in 1999, I rode the dot-com bubble. Got rich. Worked hard. Went crazy. Turned poor. It was fun.
The Best of 2014
My picks for what was important, awesome, or worth talking about in 2014.