Slashdot Mirror
Ubisoft's New DRM Cracked In One Day
Colonel Korn writes "Ubisoft's recent announcement that upcoming games would require a constant internet connection in order to play has been discussed at length on Slashdot ('The Awful Anti-Pirate System That Will Probably Work'). Many were of the opinion that this new, more demanding DRM would have effectiveness to match its inconvenience, at least financially justifying its use. Others assumed that it would be immediately cracked, as is usually the case, leaving the inconvenience for paying customers and resulting in a superior product for pirates. As usual, the latter group was right. Though Ubisoft won't yet admit it, Skid-Row managed to crack the new DRM less than a day after it was first released."
Ubisoft can always blame "those damn pirates" and claim the DRM development as a failed project tax write off.
And the pirates can still play the game for free with no issues.
And paying customers still get to take it in the ass, now AND when Ubisoft decides to can the online service.
Win, Win, Weeeeee
Mod me down, my New Earth Global Warmingist friends!
The really sad thing about this DRM being cracked is as much a win to the consumer as to the pirate. The pirate gets a game that functions under more circumstances than the consumer, which I imagine will lead to more consumers being pissed off at Ubisoft and resulting to pirate a game they've already paid for just so they can fucking play it without having a connection to the internet 24/7.
Good job Ubisoft, alienating customers will surely lower piracy rates and raise your stock prices.
Disagree != mod troll.
I propose that, by shipping games with DRM, software vendors are promoting the dissemination of malware. This means that DRM is a direct contributor to spam, botnets, and all the other nasties that infest our Internet.
And others with limited connectivity. I hope this DRM fails and fails hard, if only to scare other publishers away from something that is truly anti-customer (not consumer).
Shh.
Normally I actually pay for my games. In most cases, I do it the old school way - I buy physical discs from physical stores. Lately though, companies like Ubisoft seem like they're treating me like a criminal for giving them my money. At this point, they're really making it more convenient for me to prove them right.
Exactly, what *when* they go out of business? Because on the scale of what gets done when a company is bankrupt customers are dead last. There are no more customers: the company is gone. What matters at that point is creditors and the more your owed the higher you are on the list. If there is no non-restricted version held in escrow with a lawyer who has explicit instructions to release when the company goes insolvent then FACT: Your purchase is gone.
Shh.
instead of focusing on selling goods, they should suck it up and realise they are selling a service and model themselfs around the hospitality industry where customer satisfaction is king.
If you mod me down, I will become more powerful than you can imagine....
Funny? Try Insightful.
Oh, and:
Discovering you just spent a ton of money to make the pirated version more attractive: Doubly Priceless.
How can I believe you when you tell me what I don't want to hear?
So if they release a game with nasty DRM and sales tank, they blame the sales on "piracy" and justify that as an excuse to toughen up the DRM.
If they release a game with nasty DRM and sales soar, or even remain steadyish, they assume that the DRM magically converted pirated copies into actual sales, and toughen up the DRM in the hopes that this trend continues.
In other words, we're boned either way.
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
Imagine a person, in a casino, sitting at a slot machine. They're pumping coin into it and steadi;y losing everything. They know that they should walk away, but they can't. Walking away means admitting to themself and others that they lost. And so they keeping telling themself that if they keep playing long enough, they will win back enough to at least break even.
The same is true of Ubisoft, Microsoft and all the other companies who keep pumping money into the DRM slot machine. Year after year they keep coming up with new DRM schemes to replace all the previous ones that have failed (ie, all of them). They can't stop. To stop would be an admisison of failure. An admission that even if they created uncrackable DRM, the extra sales revenue wouldn't even come close to covering the cost of creating and maintainging new DRM schemes.
It would be funny, it it wasn't so stupid.
Developers: Lets not put DRM in our software so that everyone can play the game without problems!
Management: I don't know about this...
Pirates: Awesome! We can steal the game and play it for free with no problems!
Customers... Oh, too bad there are no customers because everyone stole the game.
Management: Developers, I'm sorry, but our last game didn't make any ROI so you're all fired.
Developers: We should have used DRM...
I love how everyone bashes DRM without thinking of the consequences of not using any. Pirating is far too widespread. For every person who pirates a game, less games are made for the PC for this very reason. Pirates blame the developers for using DRM, the quality of the game is reduced for actual customers, yet the pirates are the one to blame.
Stop trying to spin the argument, pirates. You're the very reason that this shit happens.
I didn't see that anywhere in TFA. The only place that mentions that is a single, anonymously left comment. Not exactly the most credible source.
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
I didn't get that from the article at all. What the article said is that Ubisoft said, "In the event that all servers are turned off we could patch the game to not require a server connection." That's a long way from "Ubisoft included a feature that allowed games to be played without an internet connection."
Or to use a car analogy, it's like saying that Honda includes a feature that allows their cars to be easily stolen and that by hotwiring a car, the thieves are just enabling that feature.
When information is power, privacy is freedom.
you haven't played online games much have you. a lot of the people on there are childish dicks.
If you mod me down, I will become more powerful than you can imagine....
Actually, Hondas can't be simply hotwired, they have a chip in the key that... oh... um... carry on
I think we've reached a point where pirates are not just a fringe group of people who just don't want to pay for games, but are actually the competition. They are releasing a similar product to yours(in fact, it is your product) only it's better.
Sharing software freely is not piracy. If Skid Row was selling games, as some do, then you can call them pirates. For now, they are Robin Hoods.
The problem with the way DRM is inserted into a game is the way DRM is inserted into a game.
DRM cannot be programmed in from the word go as this would severely hamper the development team, they'd spend as much time fighting their own DRM programming as fixing bugs and writing new code. With EA/Ubi/Take2 working their dev's like slaves with ridiculous and unmovable deadlines this is considered impossible. So DRM is tacked on after a games completion, it's developed by a third party (Thales, Sony DADC and so forth), purchased and then tacked onto the exe or other binaries. If it weren't for this fact DRM would be extremely difficult to crack as it would be rooted so deep. DRM also accounts for at least 15% of a games cost at retail as it's covered by a per unit license, A$20 with the difference between Civ IV retail and Gal Civ II retail.
So it is as you said, as long as the exe hears what it wants to hear from what sounds like the DRM it will run.
News like this makes me happy, Ubisoft spend millions on this DRM, talks it up and it gets broken on the first day. I can believe that there is some justice in the universe, Karmic retribution at work.
Calling someone a "hater" only means you can not rationally rebut their argument.
Another downside to shifting that dynamic content to the server side, as a result of the increased infrastructure costs in the way of hardware, labor, bandwidth, etc. is that you're not going to run the servers for nearly as long as they currently run authorisation or simple match-making services. Now I REALLY don't want to buy your product, because you're going to render it useless in a few years.
I can still play Space Quest.
Or they own the server, grab the server based code and stuff it into the client.
Well if that happens then they blame the pirates for lost sales, which is the current way game companies deal with poor sales.
Piracy rates are can be tracked. They'll know, to within a moderately narrow margin of error, how many copies were pirated, and they'll know exactly how many were sold. Both numbers will have been estimated prior to launch by the bean counters.
If the game fails to reach its sales quota, but is pirated more extensively than anticipated, what that tells them is that even more extreme anti-piracy measures are needed. The difference between sales figures and sales projections will be treated as "lost sales", with the blame placed on the rising piracy figures.
If the game tanks, and the piracy rates are no higher than expected, that sends a different message. It tells them that the piracy rates aren't to blame for the "lost sales" - customer boycotts are.
The only way to kill DRM in the long run is to convince the people making the decisions that it's costing them more money than it's worth. Don't buy or pirate Ubisoft's crap. Don't give them money or mindshare. Write them off as a loss, and buy games from publishers who don't treat their paying customers this way. Either they'll learn to do better, or the publishers who don't saddle their games with this crap will out-compete the ones who do in the long haul.
Erotic is when you use a feather. Exotic is when you use the whole chicken.
How about they just stick with Steam's DRM and call it a day?
Hail Eris, full of mischief...
E pluribus sanguinem
Youd get someone who would crack it simply to troll everyone else and ruin it for the cancer researchers.
(I realize that replying to yourself is sort of narcissistic; but I didn't think of this until just now...)
It strikes me that the challenges of server-based DRM techniques are actually strongly analogous, in many respects, with the challenges of hardware dongle based DRM techniques.
With both dongle and server setups you have a client(untrusted, presumably a nest of filthy pirate scum) where most or all of your binary is running. You also have a dongle or server which is computationally constrained but strongly trusted(at least compared to the client, no trust is perfect). You finally have a channel between them, either the internet or the USB bus.
In both cases, you face the problem of the dongle/server being an artificial requirement. You can build your binary to demand it and freak out if it isn't there; but the binary lives on the untrusted client, and so that can be stripped.
In both cases you have the option of getting around this artificiality problem by omitting vital parts of the program from the client and building them into the dongle or the server. In both cases, though, you are limited by the fact that computational power on the dongle or server is far more expensive, from your perspective, than computational power on the client(server computing power is cheap, per unit; but taking on the obligation to provide it on demand 24/7 for the next five years to everybody who bought a $60 box at retail, plus paying for bandwidth, isn't cheap. As for dongles, computational power, per unit, is way more expensive from a custom embedded chip fabbed and packaged to be tamper resistant and run from bus power than it is from the latest intel core whatever.).
In both cases, there are two basic ways that hackers can get around you. Either they re-implement whatever you have moved off the client, and modify the client binary to talk to their implementation, or they illicitly obtain a copy of your implementation(dongle clone or server own/leak).
There are some differences, though: The major advantage of the server approach is Global Knowledge. If every client talks to the server, and every client has a unique serial number, it is trivial to detect and reject cloned serial numbers(less trivial to know whether you are rejecting the cloner or the customer who legitimately purchased the retail box that the cloner targeted; but DRM isn't about customer satisfaction, so who cares?) With dongles, cloning is harder; but if some shady operation on the pacific rim decides to stamp out a million copies of one of your dongles, your client binaries will all happily accept them.
The major disadvantage of the server approach is bandwidth and ongoing cost. USB2 is a 480Mb/s bus. Even in the real world, it is pretty damn fast compared to virtually any residential internet connection. The latency picture is even better. The "ping" to a USB device is virtually nothing, while client/server ping across the internet will always be nontrivial. Further, there are plenty of places(travelling, military, etc.) where an internet connection is either uneconomic or unavailable and, even when it is, tends to have lousy speed or latency or both. Hardware is much more portable, and the speed of the local bus will always be the same. Plus, with local hardware, you face no further bandwidth bills or server upkeep expenses.
This is why I buy games, don't open them but instead download them because of the stupid DRM that plagues legitimate copies. No I don't wish to always have the disc in the drive. No I don't need an internet connection for single player games. No I don't want to install copy protection software. Make a good game and I will buy it.
I would have bought your game, but its DRM system made it a pain to play. Naturally, I could buy the game and get the crack after a day or a week, but then you would not have learned your lesson. Therefore, I abstain from buying (and playing) your game.
6. Santa Claus
future games released without the said feature and the gamers screwed even more.
You are seriously underestimating the cleverness of the crackers. There used to be an activation crack for zMUD that was essentially a proxy that accepted connections from zMUD that ran on the same machine. I'm sure something very similar could be done with these online activations.
To be honest, I don't think you get it. How many regular, normal users are going to google/torrent the hack? Then scan it for trojans? (Believe me most copies will have one.) And then install it from the cryptic readme text file? I'm talking non-geeks. People who send their PCs to the geek squad. People who've got no idea how a byte is different from a bit. You know, the other 99.7% of the user base. Well, I'll tell you: very few. They use DRM because DRM works on the majority of consumers. You are thinking from the perspective of a consumer--not of an executive on the board. If DRM causes the company to lose 10% of their base but pickup a new 11%, they don't care.
Camping on quad since 1996.
I can't believe someone modded me off topic for saying this was going to happen in the last Slashdot story....
So what you're saying is that it's ok for companies to dick 99.7% of their customer base, who would never pirate the game in the first place, just to delay downloaders from getting it by a day?
I love that kind of rationale.
See, it's not about the 99.7% of people. They buy the game, whether it's easy to crack or not. To me, fucking them over isn't a good thing at all, you lose 99.7% of your revenue. Look at what happened with EA. They screwed consumers with Spore, they saw the outrage from the people who don't download, and changed tactics. I even recall an article a little while ago where EA were contemplating not locking pirates out of buying DLC.
Unfortunately it seems that the company gamers love to hate, EA, is learning from their mistakes. Unfortunately companies like Ubisoft, Activision and the likes aren't. This isn't about boycotts, this is about people getting burnt and not buying from a publisher again.
Personally I feel that this move toward DRM isn't to ensure people pay for product, it's to ensure people pay for the next version of the product. You can't play a game that requires an internet connection if the DRM servers no longer exist for that game.This has happened in the past (one game that comes to mind is the last FIFA World Cup game, no servers, no online play). It really disheartens me that there's such stupid comments flowing about such a serious issue.
Without pirates no DRM would be needed. Your line of reasoning still proves exactly what I said: pirates are the original problem, not the companies.
Yeah, pay no attention to those dirty, thieving bastards who are buying the games secondhand, 100% legally. Because the publishers certainly aren't. Nope. Not a bit.
Idiot.
Would you have told them that it would be a waste of time?
Or to give a more simple reason why DRM doesn't generally work, PCs are open systems, the content has to become available to the system at some point whether it's encrypted, or sent across the network. It still has to end up on a system whose memory and executable code at run time can be peeked and poked at will.
The only real workaround is to process some game logic and such server side, but that is going to cost the company a lot in terms of processing power, a lot in terms of bandwidth, a lot in terms of additional development effort, but perhaps, a lot of embarassment when said servers fail and the game keels over for a few days.
DRM is pretty much a lost cause from the off, it's not that it requires too high a degree of developer skill to implement properly, it's simply that it really can't be implemented properly, at least, not without massive extra cost to the company that would likely outweigh any profits the game will make, and not without severe detriment to the game experience.
Really, it doesn't matter if you had some god like developer that could implement a DRM scheme without making a single mistake, it'd still be a DRM system designed to run on an open system at the end of the day and would hence still be inherently vulnerable. DRM basically tries to say "You can't do this", except it's saying it on a system where you can anyway, and where that can overrides the can't because the user gets priority over control of the system, not the DRM.
You, sir, are a moron.
How many regular, normal users are going to google/torrent the hack?
None, they'll just get it with the game itself.
Then scan it for trojans? (Believe me most copies will have one.)
Look for the comments attached to the release, it'll tell you everything you need to know.
And then install it from the cryptic readme text file? I'm talking non-geeks.
People are not retards. By their second game, they'll know what "copy cracked exe over the original one" means.
I'm talking non-geeks. People who send their PCs to the geek squad. People who've got no idea how a byte is different from a bit. You know, the other 99.7% of the user base.
Irrelevant, they'll have geek friends. Sure, I have friends I'd rather trust with a house plant than a computer, but who the fuck are you to tell them they can't play with games they've already downloaded? (Mind you, in this country, it's legit for personal use.)
They use DRM because DRM works on the majority of consumers.
No, it works on the majority of their customers. Everyone else just gets it already cracked.
If DRM causes the company to lose 10% of their base but pickup a new 11%, they don't care.
DRM won't ever get you new sales. The game will, if it's good and/or marketed enough.
In which case, why come up with these hugely elaborate schemes? If a simple check for the game media in the drive will defeat normal users, why bother wasting the time to make DRM more sophisticated than this?
Oolite: Elite-like game. For Mac, Linux and Windows
How many regular, normal users are going to google/torrent the hack?
Exactly the same number who would have gone with the torrent if this DRM system hadn't been used. So they haven't gained anything. However, they will irritate customers who don't connect to the internet when playing games - for example, people who take their laptops on flights for entertainment.
I think there are possibly two tiers of copying though.
When I was a kid, the (ZX Spectrum) games were on audio tapes. Almost every kid I knew who was into games had a twin tape deck. This produced an imperfect analogue copy of the game and obvious wasn't much good for more than one or two generations.
A smaller subset had a Multiface, which was basically a hardware non-maskable interrupt generator - it would halt your machine and swap a few kilobytes of the RAM for a debugger - which just happened to have a facility to dump the running state to tape - who'd a thunk that this would get used for piracy! This produced a copy that was as good as your tape hardware. You could even use an audio encoding that was much faster than the original game media (with somewhat mixed results on bad hardware).
We didn't have the internet, or things would have been much easier - most of the difficulty of piracy back then was finding a kid that a) had the game you wanted and b) liked you enough to let you copy it. Some years later, I found myself immensely pleased with how easy it was to download archived Spectrum games from Norwegian FTP sites - largely because a game that used to take 4 minutes to load into the computer was taking around 4 seconds to download.
In the modern world... a game with zero DRM can be copied just by shoving in a flash drive. This is the same "playground" level of piracy - easy, social, no consequences, and essentially free of cost. People thought no more about doing it than they thought about making mix tapes for friends.
For DRM ,the cracking groups will remove it anyway. But to get their product, you have to search online, download large amounts of data, take the risk that someone shoved a trojan into the installer, take the risk that it's actually 4GB of Estonian donkey porn, etc. Which is a fixed cost regardless of how expensive the DRM was.
And it's a higher cost than saying "Hey Chuck, I hear you got Estonian Donkey Smasher II, mind if I copy that?" and copying it onto your USB drive, which will be faster and have lower risk. I know people who trade NDS ROMS like this 16GB at a time (you need a special device to take advantage of this, but unlike the Multiface, it doesn't cost about 4 times what the games cost).
When I was a kid and pirated games like crazy, I couldn't afford to buy them. Back then, the cost getting a pirate copy was low compared to the £10 or £20 (in 80s money) that I just didn't have.
These days, I buy my games, because the price of the game is low compared to the hassle of finding a copy from a reputable cracking crew, working out who's a reputable cracking crew in the first place, downloading it, etc, etc etc. And because I think artists deserve to be compensated. The glaring exception is NDS games... I'll pirate them first in general ; and I don't feel guilty because most of them are utter trash, and no way am I taking the £20 hit of buying them, playing them for 20 minutes, finding out they're crap, and selling them back to the game store so they can do the same thing to some other poor sucker. Things I actually enjoy like Zelda and Professor Layton get bought, new and not pre-owned. The DS has a "demo" facility where you use the WiFi link to try things out in stores, but none of the UK stores run demos.
When I was a kid, I didn't have anything to offer them, so I feel no guilt about my years of piracy - I was too young to have a job and there's no way in hell that my parents would have paid for my games habit.
I find a small amount of DRM acceptible (just enough to make it difficult to "casually" copy is fine by me), but it gets too much when the game won't run reliably because of the extremely edgy disk checks or whatever. I liked Assassins Creed, but there's no way I'm buying the sequel.
So I agree - there's no point in them shelling out top dollar for the latest most heinous DRM. They should put on something basic, reliable and cheap, just to prevent "playground" piracy. And they should make games that 30-something professionals want to buy, rather than snot-nosed kids, because they are the guys who have i) enough money to buy games ii) not enough time to screw around securing a pirate copy.
How many regular, normal users are going to google/torrent the hack? Then scan it for trojans?
Google/torrent the hack? Not many. Google/torrent the entire hacked game? Many more, perhaps just as many as who torrent brand new movies.
Scan it for trojans? Not very many, they'll just install the trojan as well. That's your regular user: why think intelligently when there's no apparent need? Another reason for game publishers to not go that way: do not feed the bot nets...
The interesting thing is that for crimes that are easy to do and get away with, like uploading files (I realize that's not a crime, but bear with me) and shoplifting chocolate bars is that psychology is the best defense. Shaming potential thieves by putting up a "please don't do it" sign actually works. Putting in technological defenses does nothing and also attracts the kind of people who are interested in a challenge.
No, I'm not. When you are talking about copying bit's around, the equation is not "Increasing complexity => decreasing pool of users capable of getting the hacked version". It's "Increasing complexity => decreasing pool of users capable of getting the first hacked version". Once that's done the barrier to piracy is reduced to "using a search engine" or perhaps "hanging out on the right forum". After that first hacked version is produced, all DRM schemes are equivalent.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
You're IMHO seeing the wrong problem, or rather just one half of the problem.
While a system like this won't and didn't stop piracy, it might just achieve what other systems have failed, and that the publishers have been whining for for a decade: it might just revoke a lot of honest customers' consumer rights.
Let's face it, one of the things they _have_ before whined about, and occasionally even tried to prevent, is that you can buy a second hand copy on eBay instead of paying them for it. You know, just for like any other product out there. You can buy a second hand car, a second hand lawnmower, even a second hand gun, but God forbid that you might buy a computer game second hand.
Tying your right to play to an account on their servers, well, pretty much means you can't sell the game without selling the account. If you registered more than one game on one account (I dunno this one, but for example EA's accounts are tied to an email address, and Joe Average only has one email address), it means you have to give someone access to them _all_ when you wanted to sell one game, and might also mean they get to use your DLC points, post in your name, see your details, and depending on how it's implemented it might lock you out while they play on that account. Heck, some of these might apply even without selling it, but even when just letting your kid play the game after you're done with it or viceversa.
It just added a layer of pain in the ass for every Joe Average out there who isn't even considering piracy at all, but just tries to exercises what passes for consumer rights in any other domain.
A polar bear is a cartesian bear after a coordinate transform.
But if you're one of the 99.7% and you neither know nor care that you're being dicked, does it matter?
To have a right to do a thing is not at all the same as to be right in doing it
I am thinking exactly like a board member.
"Wait now, we spent how much licensing/writing this scheme to restrict digital rights for people? And it was cracked when!!?"
My line of thought would be: How much profit would we make selling a game without Digital Rights Restrictions versus how much would we make selling a game with Digital Rights Restrictions? Well, let's see, there's the obvious direct cost of licensing/creating the system that we would save. Plus, it doesn't do any good anyway, because the so-called "pirates" are going to crack the system anyway and the vast majority of people who were going to buy the game before are still going to buy the game. Also, we don't risk the PR nightmare of the Digital Rights Restrictions having a bug that could negatively affect their gameplay. Oh, and we can actually use it as a marketing point in selling the game.
Not imposing Digital Rights Restrictions is win-win proposition for both the company and the consumer. The only people who lose out are the people who write Digital Rights Restrictions systems, and as a board member of a company that now has nothing to do with them, I couldn't care less.
And "the scene" is also extremely insular and elitist and the last thing they want is to actually provide anything to normal people.
So the vast majority of people will not be getting their warez from any scene, but from some dodgy second-, third- or fourth-hand supplier down the chain who might have done lord knows what to the software in the meantime.
Not really fundamental to the discussion. It's like asking 'if a cheap consumer-grade CPU could execute NP-complete algorithms in a few seconds on any input data, would you still recommend RSA?' The DRM system that you propose is not just difficult, it is not even theoretically possible. In logic, this kind of argument is called ex falsio quodlibet, meaning that if you start with a false axiom you can derive any statement as true.
So, to answer your question, if there were a herd of unicorns grazing in the churchyard across the road, then yes I would be in favour of DRM.
I am TheRaven on Soylent News