Ending piracy on the PC, another thought experiment

Discussion in 'PC Gaming' started by MfA, Feb 15, 2010.

  1. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    Copy protection which actually works without bricking computers or being hacked on day one, is it possible? (I really appreciated being able to play ME2 over the weekend before release BTW.)

    I say yes, but not with software ... and not with TPM either, despite what Nolan Bushnell says. TPM is not universally implemented and often when implemented it's implemented as a separate module vulnerable to sandboxing attacks. Now by the time it gets integrated with the southbridge or processor it will be relatively secure, but before we have sufficient computers in the channel like that will take years yet (for instance the P45 didn't have the integrated TPM). Not to mention that to actually use the TPM to do curtained execution (ie. execute code invisible from say hackers, so they can't just hack out all the integrity tests) requires yet more non universal hardware support. TPM/TXT/AMD-V etc. have been an unholy mess for years, and will remain an unholy mess for years to come. Lots and lots of money wasted on a technology now only used for encryption for a couple of business customers, gg industry.

    Lets see if we can do better with a smaller investment and in a slightly smaller timeframe ... I propose dongles. Before you dump down my throat and tell me they all got hacked in the past understand how copy protection has evolved. As I said, curtained execution is a must. Just doing decryption of data on load and provides binary valid/invalid responses with a crypto based challenge/response are going to get broken (replay attacks, reversing jumps etc etc). This is the fundamental difference between the old style of dongles (HASP) and the new style of dongles (Senselock and Rockey6). The former are pure crypto dongles and the latter execution platforms (the same evolution has played out in the secure smartcard/RFID world, where systems are moving from read out only devices to active processing devices as well ... simply because the former is stupid). You also need online activation, so you can't simply do a full copy of the game media.

    So practically here is what I would propose the gaming industry should develop (minus Microsoft, they would only try to sabotage the effort) :
    - A standard USB dongle with a 32 bit 66 MHz smartcard processor (2$) and central CA to issue certs for them.
    - Development of a profiler which automatically finds suitable snippets of code to run on said dongle.
    - Some basic universal customer rights and abilities (for instance the ability to purchase a new dongle with new game activations if the original dongle is lost for a small fee, the ability to assign secondary dongles to an account and tag games as "online play only" which can then be played with any single one of those dongles similar to the way Steam works now etc).
    - A standard system for pre-order codes with games which can be redeemed for a dongle free of charge, once for any single account (you could also consider including them with a couple of popular games while launching the system).
    - A mechanism to transition to a new type of dongle if the old one gets hacked (no periodic reactivation though, transition to the new dongle should only be mandatory when activating new games).

    Now that second bit is the risky bit ... is there enough code in ye average game which you will be able to run on the dongle? (It has to be infrequent and require a relatively small amount of computation and data in/out.) A research topic, I would guess yes ... but maybe it would be impossible to automate this.

    So ... possible? Impossible? Stupid?

    PS. please don't bring up the truisms like "everything can be hacked" because yes it's true, but no it's not necessarily relevant ... if it takes a million dollar of lab equipment it's inherently more secure than if it takes a bored teenager.

    PPS. just to make it clear, you would only ever need a single dongle ... it gets tied to your account and you receive encrypted code meant to run on it during online activation.

    PPPS. obviously this makes resale very hard, just like Steam.
     
    #1 MfA, Feb 15, 2010
    Last edited by a moderator: Feb 15, 2010
  2. digitalwanderer

    digitalwanderer Dangerously Mirthful
    Legend

    Joined:
    Feb 19, 2002
    Messages:
    17,575
    Likes Received:
    2,018
    Location:
    Winfield, IN USA
    Dongles can be emulated just like CD/DVDs though.
     
  3. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    The XBOX-360 drive hack was caused by the use of a drive with unencrypted firmware, turning an ASIC gate level reverse engineering exercise into an exercise of reading out a FLASH chip. As I said don't bring out truisms like "everything can be hacked" because yes it's true, but no it's not necessarily relevant ... if it takes a million dollar of lab equipment it's inherently more secure than if it takes a bored teenager.

    If it lasts as long as the PS3 protection it's fine, that gives enough time to make money on the games and a dongle upgrade every 3 years should not inconvenience customers too much.
     
  4. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    i know you said no trusims but....

    I have been thinking about this also and tbh you cant ever stop the people who want to black market your stuff (its allways been there always will), the dongle wont stop that (in fact it would create a sub-black market for dongles like with old software) at the same time the steam/xbla/psn service or model works where most people buy or install via the service and are signed in to play.

    what i would like to see i think is an open source steam with standards decided by a board made up of retailers, publishers, developers, ihv and os providers which can be provided as a sdk or api set for free to devs in an open way or handed like the way mozilla is with development being open and free.

    the goal would be to have multiple store fronts, some kind of player profile system, full in game, private and group chat, in game video recording, tiwter, facebook, mp3 playback ect... which would add value to a game rather than feel like a drm.

    but at the same time you would need to be carefull of how you handle offline users as we dont want to victemise them in any way but i think that a copy check on every install (patches etc..) via a matser sever/s then once every 3 months should be ok with a full offline mode and guest passes avalable at a rate of 1per month per game purchesed every 3 months or at developer will (would be a per game setting), full local lan should be supported.

    i think that 3 months offline is fair.

    what do you think?
     
  5. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    And I mean it ... and I certainly don't care about online value added services.
    Yes it would.
    Don't derail my thread.
     
  6. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    im not trying to (not on purpose anyway) but i have a question would you ship the games on said dongle or would it just be a "hardware key"?
     
  7. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,174
    Location:
    La-la land
    Dongles is a stupid idea. It's just another way of calling your own paying customers thieves and showing you don't trust them. It's not the PAYING CUSTOMERS that are the problem for software vendors so STOP PUNISHING AND INCONVENIENCING THEM with these lamebrain ideas. You already come up with ways to circumnavigate the event of losing your dongle, which involve paying fees; paying even more money for that which you've already paid for once already (and being locked out of the software you've purchased with your own hard cash I might add.) What a stupid idea. It's the perfect way to make your own customers hate you. What happens if you go away on a trip and forget your dongle at home?

    I propose just lowering prices across the board to make your software more attractive to people, tying software to an online service like Steam, and accepting a certain amount of unavoidable piracy.

    Steam, with their irregular special offer drives, have undisputably shown that price is a major - perhaps THE major - deciding factor people use when considering wether or not to buy a game. As if this was some kind of rocket science, or not known already, I might add... Of course everybody's known this already.

    Without completely locking down the PC through "trusted" computing (meaning: you're actually not trusted...at all) it won't be possible to stop piracy anyway, so why even try. If you just price your games right, lots of people will buy them anyway if they feel it is good value - and automatic updates, the ability to download your games to multiple systems anywhere etc that services like Steam offers give extra value.

    Hardware locks like TPM and dongles is primarily advocated by those who want to nickle and dime users - microsoft's wet dream is to force you to subscribe to windows, and with TPM they could blackmail you to pay for the same piece of software over...and over...and OVER, or else your PC simply won't boot up and you can't do anything about it. You're fucked, with trusted computing and digital rights management you've GOT NO RIGHTS... It's mostly a measure to keep prices high, not piracy low.
     
  8. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    "PPS. just to make it clear, you would only ever need a single dongle ... it gets tied to your account and you receive encrypted code meant to run on it during online activation."

    So a very small part of the game would be tied to your specific dongle (physically it would be on your hard drive, but it would only be useful to your specific dongle because it's encrypted specifically for it).
     
  9. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    Meh, it's a better deal than you get if you lose install media.
    Same thing that happens if you forget your laptop.
    Which would still function with dongles and as I said, games tagged for online play could be activated for multiple dongles at a time (but only playable with one, similar to Steam).

    As for the pricing on Steam, I buy all my games from the UK (and because of their EULA I prefer to use Direct2Drive through a proxy rather than Steam, I wouldn't be surprised to see my Steam account get blocked if I gifted myself something from a proxy UK account). With the exception of the holiday sales (where all prices were computed according to exchange rates rather than their usual regional rates) they are bloody fucking expensive.

    BTW, there is one small upside for the customer ... your account could not get jacked by trojans, which is certainly possible with Steam.
     
  10. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    how big would you sell the dongles memory wise (would you consider usings a smartphone app), and would you offer free dongles once the software has been cracked?
     
  11. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    Oh come on, you're in the bloody UK ... could you run that by me again in English?
     
  12. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    :oops: i'll try again

    1. How big, in terms of memory would the dongle be?

    2. would you consider using a smartphone as a dongle?

    3. once the software on your dongle hase been broken would you send out free upgrades/new dongles?

    4. who pays for 3?

    5. what happens when the dongle fills?
     
  13. Davros

    Legend

    Joined:
    Jun 7, 2004
    Messages:
    15,706
    Likes Received:
    2,853
    what happens when usb is but just a memory
    and can you imagine the trouble you will have with a dongle holding game code for several thousand games
    imagine the conflicts
     
  14. Neb

    Neb Iron "BEAST" Man
    Legend

    Joined:
    Mar 16, 2007
    Messages:
    8,391
    Likes Received:
    3
    Location:
    NGC2264
    Might be a plausible solution to counter piracy. Though a bit bitterness we all have to endure what the criminal thieves (pirates) have created with their clown charades and smug attitudes.
     
  15. Silent_Buddha

    Legend

    Joined:
    Mar 13, 2007
    Messages:
    16,987
    Likes Received:
    6,236
    Won't work for the majority. I know some people in RL and online that used the Steam holiday sale as a list of games to queue up in Bittorent rather than pay 5-10 USD.

    Out of the people that pirate heavily that I know, I think only 1 actually signed up and bought something on Steam.

    Dongles may delay the pirating of games by X amount of time, and as noted that may be enough to deter some of the piracy, but I still think the only way it'll happen is with a fully locked down system (not going to happen), or with games having certain critical parts streamed online with none of those critical parts ever being saved on the PC.

    I'm assuming we mean single player games, of course, as multiplayer games it's significantly easier.

    Although, is there a way to have an encrypted key on a dongle that is never revealed to the PC in any way, shape or form. And then programs are encrypted and must be decrypted on the fly on the dongle while running?

    Similar to how the PS3 root key is never exposed to the hypervisor?

    Regards,
    SB
     
  16. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    Very small, a couple 100 KB probably. The functions would either have to stream data or consume/produce only a little (the USB bus limits how much data you can pump through to begin with).
    Too big, it would be a simple USB key.
    Sure, you could send one to anyone with an account which has activated a game in the last year.
    The industry, but at a couple of bucks per it wouldn't be a big deal.
    The dongle only holds decryption keys ... it won't fill.
     
  17. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    That's kind of the whole point of curtained execution, but as I said in the OP it's not going to work on the main CPU (not till all PCs have TPMs in the southbridge or CPU and have TXT/AMD-V instructions). So instead we put a processor on the dongle and let the dongle run encrypted code, it decrypts it, it runs it, the PC sees only the results.
     
  18. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    i dont think that you could stop pirates long term without having a console type envroment even then they (the pirates) will break your system (im sure the ps3 will be broken at some point), i seen people go as far as installing VM's just to play steam torrents.

    i mean you, as was said above delay the pirates with new a super dongles but sever side software locks and heavy software DRM (stuff like how iplayer work atm) seems to be the way forward, Unfortunately.
     
  19. MfA

    MfA
    Legend

    Joined:
    Feb 6, 2002
    Messages:
    7,009
    Likes Received:
    536
    If it takes as long to crack as the PS3 (that's assuming it really gets cracked any time soon, which remains to be seen ... there is a chink in the armour, but that's it) it has done it's job a couple times over.
     
  20. deeFive

    Newcomer

    Joined:
    Jun 17, 2007
    Messages:
    219
    Likes Received:
    0
    Location:
    Leeds, UK
    how much do you think your system would cost sell to a publisher:

    1. cost of the smartkey (you say a couple of bucks but how much do you think the actual cost to make the dongle inc R&D would be)?

    2. does it require the developer to add any software to run the key?

    3. why is your system better than steam/steamworks?

    4. are they any other markets where this type of approach has been sucessful?
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...