Plan for Tim Gift
by Tim Gift · 07/31/2002 (11:40 am) · 7 comments
Plan update! Been a while :) I'm going to be out of town a few days, but I thought I'd update the community on my current project "game copy protection" before heading out. For the past few weeks I've been working on a key registration and authentication system which will be used to copy protect games published by GarageGames. I'm producing a library that developers will be able to link into their products to perform basic copy protection. The library uses "CD-keys" to register products with a server which in turn issues RSA encrypted tickets. When validating a product, the ticket is decrypted with the GG public key and its contents validated.
CD-keys are product specific and are normally generated when the consumer purchases the product, but they can also be generated before hand, stuck on CD's, emailed out for betas, etc. The key's are emailed out to consumers as part of the purchase confirmation, and are also recorded with the purchase order so that consumers can always lookup keys for product they own.
Once a game is downloaded, it has to be registered using a valid key. The registration process involves validation with the GG registration server, which means that the user must be online to register a game. If the key is valid, the user is issued an encrypted ticket which is stored in the local registry. As long as a consumer has a valid ticket, he/she does not have to re-register the game and they can play off-line. Tickets are RSA encoded and include the purchaser's name, an expiration date, and a machine id. The user must register the product on each machine that they install the game on and the expiration date can be used to issue timed betas, demos, free-trials, etc.
That's the basic overview. The library API is pretty small and easy to use. We'll do some internal obfuscation to deter hackers, but there's not a whole lot we can do and still provide a narrow API. The burden here will be on the individual products. We'll provide a list of tips for those who want to invest time into anti-hacking obfuscation.
I'll respond to comments & question when I get back next Tuesday.
(I'm back!)
CD-keys are product specific and are normally generated when the consumer purchases the product, but they can also be generated before hand, stuck on CD's, emailed out for betas, etc. The key's are emailed out to consumers as part of the purchase confirmation, and are also recorded with the purchase order so that consumers can always lookup keys for product they own.
Once a game is downloaded, it has to be registered using a valid key. The registration process involves validation with the GG registration server, which means that the user must be online to register a game. If the key is valid, the user is issued an encrypted ticket which is stored in the local registry. As long as a consumer has a valid ticket, he/she does not have to re-register the game and they can play off-line. Tickets are RSA encoded and include the purchaser's name, an expiration date, and a machine id. The user must register the product on each machine that they install the game on and the expiration date can be used to issue timed betas, demos, free-trials, etc.
That's the basic overview. The library API is pretty small and easy to use. We'll do some internal obfuscation to deter hackers, but there's not a whole lot we can do and still provide a narrow API. The burden here will be on the individual products. We'll provide a list of tips for those who want to invest time into anti-hacking obfuscation.
I'll respond to comments & question when I get back next Tuesday.
(I'm back!)
About the author
Recent Blogs
• Plan for Tim Gift• Plan for Tim Gift
• Eclipse Project for Torque
• Scene Lighting Patch
• Plan for Tim Gift
#2
- LightWave Dave
07/31/2002 (12:17 pm)
This is great! I have been pondering how I would do a beta test, especially for an offline game. This is a great help for both offline and online endeavors.- LightWave Dave
#3
E.g Mac/Linux
Other than that, it sounds great =)
07/31/2002 (3:00 pm)
What about cross platform issues?E.g Mac/Linux
Other than that, it sounds great =)
#4
07/31/2002 (3:25 pm)
This is great, thanks Tim & GG ...
#5
--KallDrexx
08/01/2002 (10:42 am)
Sounds great but if you allow registration for more than one computer, then how do you know if someone's just giving it out to their friends (the cd-key) and registering at their own house?--KallDrexx
#6
08/01/2002 (5:41 pm)
Sounds cool. Are you going to allow us to generate keys that will unlock some features of the program (e.g. if you wanted to unlock only some game levels/episodes/whatever) or is only going to be a one key deal?
#7
Matthew: We will allow multiple machine registration, we're going to maintain a count of how many times a key is used and have restrictions on the number of times it can be used. We haven't settled on how often you can register a key, we're bouncing around ideas from simple straight maximums to rolling max per week/month, etc.
Adam: Keys will be able to include product specific info which could be used to create keys that activate selected parts of a product. There can currently only be one key active at a time though.
08/06/2002 (10:10 am)
Stuart: There will be mac/linux ports of the library.Matthew: We will allow multiple machine registration, we're going to maintain a count of how many times a key is used and have restrictions on the number of times it can be used. We haven't settled on how often you can register a key, we're bouncing around ideas from simple straight maximums to rolling max per week/month, etc.
Adam: Keys will be able to include product specific info which could be used to create keys that activate selected parts of a product. There can currently only be one key active at a time though.
Torque Owner Yacine Salmi
This sounds like it will be quite useful. So this library will only be available to developers once we publish? Or can we play around with it before?