This week’s column is about how the Ubisoft copy protection could actually be made powerful enough to keep the pirates at bay for months. Their latest system lasted only six weeks or so, but a better designed system could have endured a lot longer.
Adding a bit to what I said in the column:
Typically a server responds to the client. You run your World of Warcraft client, connect to the server, and then your client will send a request, “Hey, I just showed up in the Goldshire and I need to know what characters are here.” The server then sends you this data. It’s a request / response system that’s fairly easy to reverse engineer. If you’re trying to write your own server, you look at what the client sends and see what the server sends back. Then you make your version of the server do the same thing.
But you could make the process really, really difficult to track by simply making the client a passive recipient of data. The client would just send actions about where the player is standing or what they’re doing, and the server sends the client data without prompting. The server sees you get near Goldshire, then waits several seconds, then sends you the info on the town. It’s pretty easy to figure out a situation like this one, but as the data becomes more crucial to the game and the responses become more obtuse, it becomes harder for the cracker to know what their copycat server should send, and when. Tracking something fast-paced and chaotic like combat would be a nightmare.
The mantra of security people is “obscurity is not security”, which is true only if you need your data to be safe “forever”. If you’re guarding against reverse-engineering a remote system and if you only care about the first few months, then it possible to make a very very safe system. Think of it this way: All of the scripting data of the game is on the server side. Dude A standing here, item B here, door C opens with key D, etc. Somebody – probably a small team of people – spent months setting up those scripts. You need them for the game to work. The cracker can either replicate all of the work done by the original artists, or he can play the game and every possible scenario in it to harvest the data from the server.
(Reading the above, I think I duplicated some of the points I made in the article. I apologize for that. This was a 2,000 word concept that I foolishly tried to cram into a 1,000 word column, and it think the clarity suffered for it. Looking back, I should have split this into a two parter. Fool!)
Anyway: DRM is bad. Boo hoo, pout pout. Etc.
What is Piracy?
It seems like a simple question, but it turns out everyone has a different idea of right and wrong in the digital world.
How to Forum
Dear people of the internet: Please stop doing these horrible idiotic things when you talk to each other.
Quakecon 2012 Annotated
An interesting but technically dense talk about gaming technology. I translate it for the non-coders.
A screencap comic that poked fun at videogames and the industry. The comic has ended, but there's plenty of archives for you to binge on.
Resident Evil 4
Who is this imbecile and why is he wandering around Europe unsupervised?