Creating my own registration key

#1 i think your should rather say "key have been use x ammount of times during Y duration. users get cranky when after reinstalling after a few computer resets, they can't play what they have paid for.

#2 You need to worry about the core of the game first. Get something working. I wouldn't get caught up in marketing just yet.

#3 @Michael, beyond the 5 installs a legit owner would still be able to reinstall the game but they'd have to email first.

@Shane, trust me, I know that I'm way far from the big leagues, but I'm following this approach that is working for me. I create a simple game/shell from start to finish and then iteratively improve it.

This being my first game, it's been a major confidence booster to make a playable, albeit simple, game that has a beginning a middle and an end. Now I need this last part to complete the game.

#4 @John:

It's not that tricky to do. Plimus, an e-commerce site, can read keys from your own custom key generation page. So that will handle generating keys and emailing to the user. The other half is you store those keys in a database and track how many times a user uses that key to activate the game.

To do the latter, put in some HTTP-based request functions in your script. Have them access a page that checks the key against the database. Your script can read what that page returns to determine if the game should be unlocked.

#5 Thanks, Chris, I will look into Plimus.

#6 If i was you i would stick to basic 'key to enter on install' and/or check if disk is present, anything else is literally spitting in your customer's face and begging for him to hack your game.

#7 One of those (imho) "notorious" places that use that concept of
purchasing an "unlock" code, but also track the usage of the # of
game starts is Wild Tangent.
When you purchase an unlock code, it sets a "cookie" that keeps track
between you and the server from where you received your code.
You start up a game and the web driver connects to the server.
The server then updates the expiration date of the unlock code. (more
specifically, the game "key").
Unfortunately, at any time you have to perform a system recovery,
all that data is lost and you lose the key. That forces you to
repurchase the key.
The drawback to all this is, that you can only purchase the "key"
a set number of times before you can no longer purchase a key.
To me, it's programmed sabotage and extorsion. But, it also contributes
to that phenomenon called the "life cycle" of a game and forces
a person to look elsewhere for entertainment...namely, other games
that you must purchase a key to play. (It becomes expensive...
and pads their pockets with my money. Something I'm not thrilled about)

For example, The first game I really enjoyed enough to purchase
an unlock key was "Dark Orbit".
During my early days of learning about pc ownership, around 2001,
I went through several system recoveries.
(Thanks for that Recovery Partition).
I learned the hard way, after purchasing the unlock code a third time
that the game was no longer supported. It's a real shame, because I
can't even buy the game much less, the license for it.

Now, I'm digging into the Java scripts and learning a few things.
First thing I noticed is the implementation of the cookie functions
to keep track of game starts. I also notice stuff written in C...
(I'm not sure which version of C it is though)(update: it could be
written in visual basic).
The way I feel about it, I own the game as though I had purchased
a CD for it, but dislike the thought that I'm not able to play it
until I can figure out a way to bypass the scripting or fool the
program into summing up that the game key I have is still good.

The windows security system refuses to allow any active-x controls
to be downloaded for the web driver, but that's a moot point since
the game itself is no longer supported....although you can still
download it.
The point I'm driving at is this: If you intend to promote other games
you create and "drive" your customer population (like cattle or sheep)
using a life cycle policy, you want to make sure that you have other
games that will be equally "enjoyable" for them to play. Wether it's
an updated version of your game or a new game altogether.
EVE online is one of those genres that charge a fee every three months but they continue updating their materials to keep their customer base.

#8 That's the most horrible take i ever saw in videogame protection -_-

If you want an example of a thriving company that use no protection schemes look at Stardock.

#9 I spend a bit of money on Stardock games. They are hassle-free when it comes to installing and moving between my own systems.

Their system now requires an account to be tied to game purchases if you want updates, and they could theoretically track who spread an update to pirates (see GOO). I think this is a better solution than serials. Take away their accounts if they help pirates :)

#10 I agree that a legitimate owner should be able to reinstall their game as many times as they need to.

I plan on providing additional keys (free up to a reasonable number) to a user who emails with a maxed out activation code. In the event that I stop supporting the game, I will provide instructions on how to disable the security code, or simply provide a version that does not require a key.

#11 Use conditional builds to plan for your death. No, I'm serious. Include a completely unprotected build in your project, and leave instructions for friends and family. Developers seemingly drop off the face of the earth all the time.

#12 That can easily be cracked in order to work. What you can do is have sign-ins instead of keys. When a user purchases the game, they will pick username and password for a forum account. They can only play the game if they login from the game (it will use the forum database). Good thing is that the forum will log IPs. You can then make a system which only allows 1 IP. And only that IP will work.

Also, disable signups on the forums. And make everything hidden to guest visitors. That way, paid subscribers/purchasers can chat on the forum and you can be happy about pirating.

Another thing you can do to eliminate pirating, is be devoted to the game your studio makes or assign one member of your team to do that while they are free. What you can do is have contests and give away 5 free copies of the game each month. That way, people would rather participate in contests then downloading a 5 gig pirated copy of the game. ;)

#13 I don't like the idea of a user having to log in every time they want to play. I want to keep it as simple as possible: activate at install and forget about it.

Obviously any security system can be cracked, and probably will. But if the game is priced at $10, most people would rather buy than get a pirated copy and risk all kinds of malware.

#14 Who cares about cracks? Just make updates harder to get for pirates. Avoid them overloading your servers. People will steal even if it costs $1 (see iPhone piracy).

#15 $10. is a modest price to pay and most "honest" folks will pay that for the game unlock key.
The deciding factor on what to do with your product is how well it grabs and holds a customer's attention.
Purchase the key then after so many "logged" completions of the game have been recorded, I'd consider offering the game to them for free or a one time reduced price.
Not a bad idea to test out how well your game draws attention.
I'm certain there are ways to encrypt the data that would make it practically impossible for anybody to "crack" without the appropriate
authentication decode sequence. (especially if you can create your own customized encryption code). (without the proper sequence, the penalty would be completely uninteligible rubbish or a complete erasure of the primary executable..not to mention other possible terrible consequences depending on the code type)

#16 I agree with Dennis. Creating your own encryption would be the best thing to do. Make sure you get it done by some one trust worthy though. Or they can leak the method. This happens specially when game studios' games get popular.

I still suggest that you give away 5-10 copies each month via contests. This will atleast make less piracy and more contribution to your community. Remember, contests usually make you lose an item, but they get you more than double the hype. Which means more customers as your game will get famous.

#17 This actually is my area of expertise. Many people may disagree with what I have to say but since you're asking this question I'm going to reach out and be honest here.

The primary focus of your application should be on the experience of the end user.

Don't spend too much additional effort on attempting to avert piracy. Piracy happens in anything that is either easy to crack (for tutorial purposes in the RE community) or popular and thus worthwhile to crack for recognition (pirate groups don't do work for free either).

First you need to determine revenue. A game that is distributed for free is not worth protecting.

If you've determined you're going to make enough revenue to be worth investing any amount of time in protecting your application then at that point you need to determine the nature of that protection.

There are several methods in play today, but the most common one in this day and age, is User Authentication. User Authentication is the act of tying a users purchase to a web based account. This account creates a personal connection between you and the user, which allows you to better analyze that relationship and expand upon it.

As mentioned previously this is the method Stardock uses. They claim they don't use digital rights management. Well, to be honest they do they just don't use that definition because they feel it has bad vibes associated with it. Restricting, tracking, analyzing the use of software by consumers is the responsibility of DRM and it is DRM if any of these things occur. Don't lie to your consumers.

User Authentication requires several things, first and foremost it requires an encryption upon your executable that prevents a user from easily bypassing any code you create to connect to your server.

The keyword there is easily. Anything you create will typically be bypassed. The structure of a Windows PE file can only go so far and most people with any experience know the limits.

Your goal is divert casual piracy. User A exchanging the file with User B, their friend. In the event this in any way becomes an inconvenience or troublesome it deters a user from performing this action. Above average crackers are going to bypass any mechanism you put in the way because that is their goal and purpose and they have the know how to do so. Your goal in that situation should be to promote a purchase. Provide an option for the user to buy the software. This a common mistake, and often leads to additional work in pirating the software. If it's easy and convenient to buy something, and it's cheap, why not?

In the event you create this server for the purposes of authentication, and create an interface to allow users to connect to it. The only thing limiting users to using this service is either A) Multiplayer Lobby connectivity, or B) upgrades to the software.

In most cases upgrades to the software will also be cracked and released in the typical distribution fashion. There isn't much you can do about that, Multiplayer lobbies can also be bypassed but often times requires more work by the end user.

One of the more common ways is creating a VPN over the internet in which a form of LAN is created. This allows users to play LAN games without authenticating over the internet. How this behaves would depend upon the nature of your application.

Your goal as a developer should be to understand that piracy exists. Understand you cannot stop it completely. Many customers will want to purchase your software or donate to a cause. Those users should be given an easy and respectable route to do so, regardless of the origins of their software. Some users will pirate your software regardless, for the most part those are a lost cause. You could spend effort and time developing solutions to divert them, but in the long run you're spending more of your time on those you don't care about.

If you're looking to encrypt your executable and provide an unlock via a serial key of any kind, there are many kinds of software out there to perform this for you and save you the time. Such as SoftwarePassport by Silicon Realms. These don't provide 100% solutions but provide a piece of what many people are looking for in diverting the casual market from exchanging their software. While not free, tools such as this are provided at a cost available to most indie or shareware developers and if this is something your interested in, is available.

Please don't think poorly of people for having an interest in protecting their assets, and please don't think poorly of me for supporting users as such. Technology exists to provide these features and no one should be to blame.

Good Luck.

#18 Valve also have a protection SDK available to indies upon request. You distribute the game, but Valve deliver the protected binary. It uses Steam without selling it on Steam.

#19 If you want to piss off your customers and make em sure they never buy a game from you anymore, use get a StarForce or a Tages license.

I speak from personal experience, those two will cause you more harm than good considering how intrusive they are on the user's system and how cranky they can get on some hardware and OS.

Steam, i don't know about the security of their system but from the end user's point of view it's pretty convenient. I would say it's a right balance between annoyance and security.

#20 I've used Steam and I really like it, its not annoying and I don't think that its easy to crack those games.