Developer's Update

Pages

AuthorTopic: Developer's Update
Warrior
Member # 246
Profile #75
quote:
Originally written by MiridiMordonis:

I would have said the best method of ensuring maximum income would have been to use a demo version that is capped and has no activation keys system and use a secure server( or just part of a server) with SSL for people to download the full version when they have paid, would require some overheads setting up the server to handle it and would also require orders received by post to be manually added to the system but overall when impletmented would offer the best compromise.
Heh. You bet it would. Stardock uses such a method and as far as I can tell it's almost entirely foolproof.

The only thing about capping it is you'd have to do more than insert a single command to stop the demo otherwise somebody would simply hack that out.
Posts: 117 | Registered: Friday, November 2 2001 08:00
...b10010b...
Member # 869
Profile Homepage #76
People can still get around that by distributing the full version to others once they've purchased and downloaded it. Some kind of online registration process allowing a purchased copy to be installed only once isn't a solution as it unfairly impacts on legitimate customers; people do transfer to different computers.

--------------------
The Empire Always Loses: This Time For Sure!
Posts: 9973 | Registered: Saturday, March 30 2002 08:00
Apprentice
Member # 4067
Profile #77
its possible to lock programs to a single computer, while i am no great fan of DRM it does have merits in some situations and since this is an executable it is quite easy , the best method would be to have a p in the asm version of the code overwritten NOP with a key say the hard disk serial no when the program first runs. or the download system could do it so someone could download as many times as needed (but you might want to cap it to one per whatever to save on band width) but have the system write the key in using a java program that has to be running for it to download. (but dont hold me to that being possible i program C++ not java)

And i meant that it should be distributed as a demo version not in the key based method so the ability to load scernarios should simply not be there.

[ Saturday, March 06, 2004 02:40: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Post Navel Trauma ^_^
Member # 67
Profile Homepage #78
If you just have to replace something with a NOP to make it run, why do you think people would not do so without your permission?

I have no idea what you mean about the Java program and so on, but as Thuryl pointed out it is not a good idea to limit the program to one computer.

--------------------
Barcoorah: I even did it to a big dorset ram.

New Mac BoE
Posts: 1798 | Registered: Thursday, October 4 2001 07:00
Apprentice
Member # 4067
Profile #79
no you replace a NOP with the hard disk serial no, and how many people do you know that know how to dissable something? this code is stored in the program not outside its not easy to change to get round this they would first have to get a downloaded version off someone or somewhere and since most piracy is commited by (l)users we then have to wait until someone cracks it and releases a program that modifeis the games ASM code.

and Thuryl said it is not a good idea to allow it to be donwloaded only once which this system deosnt it only allows one computer to downloa and run it.

the java program (assuming its possible ) would run from the site and lookup your HD serial write this over the designated NOP (no operation is ASM used for extenibility if the programs written in ASM or for self modifing programs) at download time this would stop ready to run versions being traded.

[ Saturday, March 06, 2004 03:23: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
...b10010b...
Member # 869
Profile Homepage #80
So if a legitimate purchaser of the game gets a new computer, they'll just be able to redownload it and get it re-keyed to their new computer? I guess I can see how this might work; it'd require a confirmation email or something to be sent to make sure people didn't give out whatever details were necessary to download the software. Unfortunately, I suspect people could get around the confirmation email system by setting up an email address which automatically gives an appropriate response.

Realistically, though, anti-piracy measures are more about discouragement than prevention anyway, and a sufficiently solid registration system is going to discourage practically everyone (hopefully not including legitimate customers!)

--------------------
The Empire Always Loses: This Time For Sure!
Posts: 9973 | Registered: Saturday, March 30 2002 08:00
Apprentice
Member # 4067
Profile #81
natuarlly, with shareware it is always possible to pirate it, but the aim is to make it disporportionaly hard to. yse theyed have a username password, the database would know what they are allowed to download and would do a DNS lookup on there IP this means that only the net connection matters the DNS is static even if the IP isnt so the problem only arises if they CHANGE ISP and possibly upgrade connection.

[ Saturday, March 06, 2004 03:50: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Post Navel Trauma ^_^
Member # 67
Profile Homepage #82
I think the current system is that the program generates a serial number from some property of the hardware, and you need the corresponding registration code, generated by some secret algorithm, to register it. I imagine that if you change computer, you have to ask for a new registration code.

I think this achieves everything you could do by mucking about with Java.

Incidentally, people on dialup often have a different IP address each time, resolving to different things on DNS. (Often they end up with names along the lines of modemXXX.isp.com ). It's probably less relevant now than it used to be, but shareware is often distributed on magazine CDs, and requiring a download would stop that happening (and also annoy people like me who want to download it on a fast connection then transfer it over a LAN to a different computer)

--------------------
Barcoorah: I even did it to a big dorset ram.

New Mac BoE
Posts: 1798 | Registered: Thursday, October 4 2001 07:00
Apprentice
Member # 4067
Profile #83
Koth whether or not your IP changes your DNS doesnt it is data assinged by your ISP about your account every time you redial you still have the same DNS lookup.

the java program is meant to change the noperation and load your serial no there at download time so you cant download and have a copy that wont fix it self to your machine until you run it thus being freely distribuatable until it is run.

also im pretty certain the current system just uses rand(); srand(); (possibly just using the normal varible of time()) to generate the key that has to put through the algorithm

[ Saturday, March 06, 2004 08:00: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Post Navel Trauma ^_^
Member # 67
Profile Homepage #84
I still don't understand what you mean by checking DNS. How could Spiderweb tell what DNS server(s) I am using? Anyway, I can use whatever I want for DNS. If I wanted, I could use a public DNS, or set up my own.

As for the Java, I think for security reasons Java running on a web page can't change things on disk.

--------------------
Barcoorah: I even did it to a big dorset ram.

New Mac BoE
Posts: 1798 | Registered: Thursday, October 4 2001 07:00
Infiltrator
Member # 3040
Profile #85
MiridiMordonis, you can't interchange a NOP with any kind of serial number/key/whatever. ASM commands, at least in PowerPCs, which are what Macs use, are each in the form of a 4-byte block. If you tried to have a serial number in the program's code, it would simply be seen by the processor as an unknown command, and the program would crash: You can't store anything in a program's executable code except code, unless there are commands to always branch past that section — which would render your method useless anyway.

--------------------
5.0.1.0.0.0.0.1.0...
Posts: 508 | Registered: Thursday, May 29 2003 07:00
Apprentice
Member # 4067
Profile #86
the nop should be placed so that the code jumps them the processor never reads it as an instruction by jmp or goto (cant remeber all forms of asm). and you can still get the code to access it by loading it to memory without executing it. from where you could read it as a value. if in the powerpc ASM you cant load the code to memory without executing it then aim not sure of the best place to put it since i dont use a mac.

and koth thats java script java is fully capable of changing thisngs on disk the only virus ive ever picked up was written in java.

also by DNS they do a DNS lookup on you this give the details of what your ISP has assigned to your customer no (usallyy through you MAC But that doesnt show) they save the result in a database and compare to what ever your current one is to determine whether you are allowed to acess the account or nor.

[ Saturday, March 06, 2004 11:21: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Infiltrator
Member # 3040
Profile #87
I think I know what you mean. You want the registration info stored in the file itself, rather than in a separate preferences file. That doesn't really solve anything, because there will always be someone who can hack any registration method. There is no way to balance complete security with ease of use for paying customers, and the registration code is a good compromise. The BoE system of not having a complete demo and getting a CD in the mail was probably the most secure, but, as has already been said (I forget where or by who), it is impractical for cost reasons.

--------------------
5.0.1.0.0.0.0.1.0...
Posts: 508 | Registered: Thursday, May 29 2003 07:00
Apprentice
Member # 4067
Profile #88
the way this works to pirate it, it requires you to get the full version which someone has paid for it and then diasemble,hex edit or debug(softice style) and put your HDD serial in the place of the old one, as it was mentionered earlier people will hand out the full thing but if you look for copys of nether gate and BoE compared to methods of breaking key based methods and there are far fewer instances. this does not have the same distribution costs of a CD is slightly harder to pirate(because someone could not just upload a ISO). but does have higher bandwidth costs and would require overheads.

also its not a case of balancing complete security because complete security is by definition impossible. its a case of making piracy suffiently inconvieant so that they buy it instead.

[ Saturday, March 06, 2004 14:05: Message edited by: MiridiMordonis ]

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Post Navel Trauma ^_^
Member # 67
Profile Homepage #89
People on broadband generally have vaguely static IPs. People on dialup don't (and on dialup MAC addresses are not used). If the IP address changes, so will the name it resolves to with DNS.

Anyway, suppose I have an IP address that doesn't resolve to anything by DNS?

Java run locally might be able to change the hard disk contents. Java that a web browser downloads and runs cannot, unless its security model is completely broken. No decent web browser allows it. And if you're going to run it just locally, why use Java instead of a language that can't be trivially decompiled?

--------------------
Barcoorah: I even did it to a big dorset ram.

New Mac BoE
Posts: 1798 | Registered: Thursday, October 4 2001 07:00
Apprentice
Member # 4067
Profile #90
nope proper java can change disk contents run from a browser, whether by user acknoldge ment or security break down you just make it so if the java is not run properly the download deosnt take place. and java is compiled and decompliling something from machine code to anything higher than ASM is anything BUT trivial its a nightmare that for anything of any significant size hits impossible (a handful of KB is enough to be significant)

and a change in IP does not have to mean a change in DNS if i reset my modem i still have the same reverse DNS its details about my account with my ISP. also ive yet to find an ISP that doesnt give each IP a DNS entrie.

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Infiltrator
Member # 3040
Profile #91
What you don't understand is that any half-decent hacker won't be fazed by a hard drive serial number: Anything which requires a simple condition to run can easily be edited so that the condition is no longer necessary.

A secure method would be to encrypt a necessary block of code with the hard drive serial number as the key, and then have the program automatically decrypt itself when it was used. That would be very impractical, however, because Jeff would then need to, a) figure out a method of encryption that worked within the program, and b) create a personalized copy of the program for each customer after receiving their individual hard drive serial numbers.
Then, people would have to wait for Jeff to send an entire program, as opposed to just a simple registration number, and they would have to do that each time they wanted to use it on a different computer.

p.s. A statement can be true but not provable, so your conjecture is false.

--------------------
5.0.1.0.0.0.0.1.0...
Posts: 508 | Registered: Thursday, May 29 2003 07:00
Post Navel Trauma ^_^
Member # 67
Profile Homepage #92
Java from the browser - if you have to rely on a security hole in a web browser to copy protect your software, you are going the wrong way.

Java is compiled to bytecode, and variable names are often left intact. A decompiler like JAD can produce very readable code.

I have been on an ISP with dialup. My IP changed. So did the DNS. One day I would have 121.289.23.34 which resolved to modem34.isp.com, another day I might have 121.289.23.13 which resolved to modem13.isp.com in DNS. These things to change for many people, even if they don't change for you.

--------------------
Barcoorah: I even did it to a big dorset ram.

New Mac BoE
Posts: 1798 | Registered: Thursday, October 4 2001 07:00
Shock Trooper
Member # 1207
Profile #93
My philosophy is: Why bother?
Why not just be an honest person and buy the game?
And MiridiMordonis: can you please punctuate properly with capitals and stuff? This ain't a chatroom.
Posts: 316 | Registered: Saturday, May 25 2002 07:00
Apprentice
Member # 4067
Profile #94
You would not rely on a security flaw, you would have the applet signed, so that it can request for disk access if it does not get disk access it does not allow the download.

Methods like burneye and other encryptors are overkill and are reversible because the attacker always wins, also trying to protect it from hackers and crackers is as meaningless as it is futile, the bulk of piracy is commited by users. Yes it would be editable, but to edit it you would need a full copy as oposed to the demo, this is equivable to getting a full copy of BoE. It is just meant to be a method of distribution that does not incur the expense of CD based distribution and is slightly more secure than key based.

Hmm I will check that thing with dial up , It would appear then that the email method someone else suggested would be better.

And in mathes if you cant prove something it may or may not be true, but if you cant prove it you cant use it.

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
Triad Mage
Member # 7
Profile Homepage #95
That's not true - axioms are a notable exception.

--------------------
"At times discretion should be thrown aside, and with the foolish we should play the fool." - Menander
====
Drakefyre's Demesne - Happy Happy Joy Joy
Encyclopedia Ermariana - Trapped in the Closet
====
You can take my Mac when you pry my cold, dead fingers off the mouse!
Posts: 9436 | Registered: Wednesday, September 19 2001 07:00
Apprentice
Member # 4067
Profile #96
They are regarded as self evident and there are only 7 of them, there ave been a number of attempts to prove ending with godels work and erdos's comment to it "God exists because mathes is consistent, and the devil exists because we can not prove it". And given the existence of hallucinations I doubt it is possible to regard somethings existance as self evident.

--------------------
conjecture ~ you can not prove you exist, thus you do not exist.
Posts: 11 | Registered: Friday, March 5 2004 08:00
...b10010b...
Member # 869
Profile Homepage #97
The number of axioms depends on what system you're working in, actually. Non-Euclidean geometry has 4 axioms and Peano arithmetic has 5. I'm not sure what has 7 axioms: set theory? Although it's my understanding that set theory has a number of "optional" axioms, like the axiom of choice.

--------------------
The Empire Always Loses: This Time For Sure!
Posts: 9973 | Registered: Saturday, March 30 2002 08:00
Triad Mage
Member # 7
Profile Homepage #98
There are more axioms for general arithmetic, like the distributive property, commutativity, transitivity, 1 != 0, although I'm sure that some of these fall under the Peano axioms.

--------------------
"At times discretion should be thrown aside, and with the foolish we should play the fool." - Menander
====
Drakefyre's Demesne - Happy Happy Joy Joy
Encyclopedia Ermariana - Trapped in the Closet
====
You can take my Mac when you pry my cold, dead fingers off the mouse!
Posts: 9436 | Registered: Wednesday, September 19 2001 07:00
Apprentice
Member # 3920
Profile Homepage #99
heh. Well, I dont want to be a nagging person or anything, but I've recently decided I might either have a problem, or be TOTALLY impatient...either way, I'll just ask this once and be happy either way :D

I submitted my tester form in jan. and recieved the NDA. I then sent that NDA back to jeff, signed and all. Problem is that I still am not testing :| . Did I do something wrong? Or does Jeff send the NDA and THEN pick who he wants? If he picks after you submit, I understand why nothing has happened :D . I just thought I'd ask so I don't have to keep hounding the inbox every other day lol. (...though I still will if its a "be more patient" thing...)

Then again...the thought occurs to me that beta might not even be ready for tester teams yet...but I keep hearing people act like they test it constantly, so I am lead to believe that it is indeed being tested. Hmm..well, anyway, just thought I'd ask...

Hope I'm not ticking Jeff off by asking this...lol. Just thought this is the most relevant point to post it ;)

--------------------
"I am not stubborn, your just stupid."
Posts: 40 | Registered: Saturday, January 24 2004 08:00

Pages