Slashdot Mirror
Ubisoft's New DRM Cracked In One Day
Colonel Korn writes "Ubisoft's recent announcement that upcoming games would require a constant internet connection in order to play has been discussed at length on Slashdot ('The Awful Anti-Pirate System That Will Probably Work'). Many were of the opinion that this new, more demanding DRM would have effectiveness to match its inconvenience, at least financially justifying its use. Others assumed that it would be immediately cracked, as is usually the case, leaving the inconvenience for paying customers and resulting in a superior product for pirates. As usual, the latter group was right. Though Ubisoft won't yet admit it, Skid-Row managed to crack the new DRM less than a day after it was first released."
Ubisoft can always blame "those damn pirates" and claim the DRM development as a failed project tax write off.
And the pirates can still play the game for free with no issues.
And paying customers still get to take it in the ass, now AND when Ubisoft decides to can the online service.
Win, Win, Weeeeee
Mod me down, my New Earth Global Warmingist friends!
The really sad thing about this DRM being cracked is as much a win to the consumer as to the pirate. The pirate gets a game that functions under more circumstances than the consumer, which I imagine will lead to more consumers being pissed off at Ubisoft and resulting to pirate a game they've already paid for just so they can fucking play it without having a connection to the internet 24/7.
Good job Ubisoft, alienating customers will surely lower piracy rates and raise your stock prices.
Disagree != mod troll.
I propose that, by shipping games with DRM, software vendors are promoting the dissemination of malware. This means that DRM is a direct contributor to spam, botnets, and all the other nasties that infest our Internet.
And others with limited connectivity. I hope this DRM fails and fails hard, if only to scare other publishers away from something that is truly anti-customer (not consumer).
Shh.
Normally I actually pay for my games. In most cases, I do it the old school way - I buy physical discs from physical stores. Lately though, companies like Ubisoft seem like they're treating me like a criminal for giving them my money. At this point, they're really making it more convenient for me to prove them right.
Exactly, what *when* they go out of business? Because on the scale of what gets done when a company is bankrupt customers are dead last. There are no more customers: the company is gone. What matters at that point is creditors and the more your owed the higher you are on the list. If there is no non-restricted version held in escrow with a lawyer who has explicit instructions to release when the company goes insolvent then FACT: Your purchase is gone.
Shh.
instead of focusing on selling goods, they should suck it up and realise they are selling a service and model themselfs around the hospitality industry where customer satisfaction is king.
If you mod me down, I will become more powerful than you can imagine....
Funny? Try Insightful.
Oh, and:
Discovering you just spent a ton of money to make the pirated version more attractive: Doubly Priceless.
How can I believe you when you tell me what I don't want to hear?
So if they release a game with nasty DRM and sales tank, they blame the sales on "piracy" and justify that as an excuse to toughen up the DRM.
If they release a game with nasty DRM and sales soar, or even remain steadyish, they assume that the DRM magically converted pirated copies into actual sales, and toughen up the DRM in the hopes that this trend continues.
In other words, we're boned either way.
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
Imagine a person, in a casino, sitting at a slot machine. They're pumping coin into it and steadi;y losing everything. They know that they should walk away, but they can't. Walking away means admitting to themself and others that they lost. And so they keeping telling themself that if they keep playing long enough, they will win back enough to at least break even.
The same is true of Ubisoft, Microsoft and all the other companies who keep pumping money into the DRM slot machine. Year after year they keep coming up with new DRM schemes to replace all the previous ones that have failed (ie, all of them). They can't stop. To stop would be an admisison of failure. An admission that even if they created uncrackable DRM, the extra sales revenue wouldn't even come close to covering the cost of creating and maintainging new DRM schemes.
It would be funny, it it wasn't so stupid.
I didn't see that anywhere in TFA. The only place that mentions that is a single, anonymously left comment. Not exactly the most credible source.
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
I'm feeding the troll, but... prove that a downloaded copy is a lost sale and I'll concede your point.
(you might also consider the hypothesis that DRM exists not to stop piracy, which it doesn't, but to lock customers to specific devices and/or to get them to re-buy the same content over and over, which it does.)
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
I didn't get that from the article at all. What the article said is that Ubisoft said, "In the event that all servers are turned off we could patch the game to not require a server connection." That's a long way from "Ubisoft included a feature that allowed games to be played without an internet connection."
Or to use a car analogy, it's like saying that Honda includes a feature that allows their cars to be easily stolen and that by hotwiring a car, the thieves are just enabling that feature.
When information is power, privacy is freedom.
Actually, Hondas can't be simply hotwired, they have a chip in the key that... oh... um... carry on
Your post is called "You're all dicks."
Make-believe lost sales to piracy make up the entire point of your post. "Customers... Oh, too bad there are no customers because everyone stole the game."
That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
I love how everyone bashes DRM without thinking of the consequences of not using any.
The consequences? The consequences are we go back to the 1980's-90's software culture, and I'd actually pay money for a computer game again. Sure, there might be annoying wheel-spinners or license keys, but the companies might be able to afford cloth maps again, or wishbringer stones, or paper manuals with associated fluff. As things stand now, I play my old games, and only buy occasional used ones for my Wii and Xbox. The kids who copy computer games from their friends when they have $0 grow up to be adults who buy games when they have $$$$, unless those games don't work. I stopped buying PC games right after Mechwarrior4, because the DRM on that piece of crap wouldn't work in any of the 3 CDROM drives I owned, and MS's tech support said: "go buy another drive; hope it works" I gave it to a friend. Back then I still believed it was anti-piracy copy protection. Now I know it was the beginning of the PC software industry's war on end-users (not customers; their customers are the middle-men like COMPUSA who get stuck with gamebox overstock and sell it at a loss until they go out of business).
Management: Let's put this DRM to guarantee that the game isn't pirated. ...a day later...
Developers: Great! Let's do it!
Crackers: Let's crack the DRM.
Pirates: Let's wait for the crack.
Crackers: Done!
Pirates: Great!
Customer: This stupid game doesn't work on my computer. Maybe my friend can help me make it work...
Friend: Oh that's because of the DRM, just go to site x and download the cracked copy.
Customer: Thanks! Oh, there are more games there and they all are available for free, nice!
The bottom line is that pirates still get the game for free whether it has DRM or not. The only difference is that putting the DRM in costs the company some money.
Your argument would be valid if the DRM worked. It doesn't, so, for the pirates, it's the same, just the paying customers are inconvenienced.
The problem with the way DRM is inserted into a game is the way DRM is inserted into a game.
DRM cannot be programmed in from the word go as this would severely hamper the development team, they'd spend as much time fighting their own DRM programming as fixing bugs and writing new code. With EA/Ubi/Take2 working their dev's like slaves with ridiculous and unmovable deadlines this is considered impossible. So DRM is tacked on after a games completion, it's developed by a third party (Thales, Sony DADC and so forth), purchased and then tacked onto the exe or other binaries. If it weren't for this fact DRM would be extremely difficult to crack as it would be rooted so deep. DRM also accounts for at least 15% of a games cost at retail as it's covered by a per unit license, A$20 with the difference between Civ IV retail and Gal Civ II retail.
So it is as you said, as long as the exe hears what it wants to hear from what sounds like the DRM it will run.
News like this makes me happy, Ubisoft spend millions on this DRM, talks it up and it gets broken on the first day. I can believe that there is some justice in the universe, Karmic retribution at work.
Calling someone a "hater" only means you can not rationally rebut their argument.
Another downside to shifting that dynamic content to the server side, as a result of the increased infrastructure costs in the way of hardware, labor, bandwidth, etc. is that you're not going to run the servers for nearly as long as they currently run authorisation or simple match-making services. Now I REALLY don't want to buy your product, because you're going to render it useless in a few years.
I can still play Space Quest.
Well if that happens then they blame the pirates for lost sales, which is the current way game companies deal with poor sales.
Piracy rates are can be tracked. They'll know, to within a moderately narrow margin of error, how many copies were pirated, and they'll know exactly how many were sold. Both numbers will have been estimated prior to launch by the bean counters.
If the game fails to reach its sales quota, but is pirated more extensively than anticipated, what that tells them is that even more extreme anti-piracy measures are needed. The difference between sales figures and sales projections will be treated as "lost sales", with the blame placed on the rising piracy figures.
If the game tanks, and the piracy rates are no higher than expected, that sends a different message. It tells them that the piracy rates aren't to blame for the "lost sales" - customer boycotts are.
The only way to kill DRM in the long run is to convince the people making the decisions that it's costing them more money than it's worth. Don't buy or pirate Ubisoft's crap. Don't give them money or mindshare. Write them off as a loss, and buy games from publishers who don't treat their paying customers this way. Either they'll learn to do better, or the publishers who don't saddle their games with this crap will out-compete the ones who do in the long haul.
Erotic is when you use a feather. Exotic is when you use the whole chicken.
Youd get someone who would crack it simply to troll everyone else and ruin it for the cancer researchers.
(I realize that replying to yourself is sort of narcissistic; but I didn't think of this until just now...)
It strikes me that the challenges of server-based DRM techniques are actually strongly analogous, in many respects, with the challenges of hardware dongle based DRM techniques.
With both dongle and server setups you have a client(untrusted, presumably a nest of filthy pirate scum) where most or all of your binary is running. You also have a dongle or server which is computationally constrained but strongly trusted(at least compared to the client, no trust is perfect). You finally have a channel between them, either the internet or the USB bus.
In both cases, you face the problem of the dongle/server being an artificial requirement. You can build your binary to demand it and freak out if it isn't there; but the binary lives on the untrusted client, and so that can be stripped.
In both cases you have the option of getting around this artificiality problem by omitting vital parts of the program from the client and building them into the dongle or the server. In both cases, though, you are limited by the fact that computational power on the dongle or server is far more expensive, from your perspective, than computational power on the client(server computing power is cheap, per unit; but taking on the obligation to provide it on demand 24/7 for the next five years to everybody who bought a $60 box at retail, plus paying for bandwidth, isn't cheap. As for dongles, computational power, per unit, is way more expensive from a custom embedded chip fabbed and packaged to be tamper resistant and run from bus power than it is from the latest intel core whatever.).
In both cases, there are two basic ways that hackers can get around you. Either they re-implement whatever you have moved off the client, and modify the client binary to talk to their implementation, or they illicitly obtain a copy of your implementation(dongle clone or server own/leak).
There are some differences, though: The major advantage of the server approach is Global Knowledge. If every client talks to the server, and every client has a unique serial number, it is trivial to detect and reject cloned serial numbers(less trivial to know whether you are rejecting the cloner or the customer who legitimately purchased the retail box that the cloner targeted; but DRM isn't about customer satisfaction, so who cares?) With dongles, cloning is harder; but if some shady operation on the pacific rim decides to stamp out a million copies of one of your dongles, your client binaries will all happily accept them.
The major disadvantage of the server approach is bandwidth and ongoing cost. USB2 is a 480Mb/s bus. Even in the real world, it is pretty damn fast compared to virtually any residential internet connection. The latency picture is even better. The "ping" to a USB device is virtually nothing, while client/server ping across the internet will always be nontrivial. Further, there are plenty of places(travelling, military, etc.) where an internet connection is either uneconomic or unavailable and, even when it is, tends to have lousy speed or latency or both. Hardware is much more portable, and the speed of the local bus will always be the same. Plus, with local hardware, you face no further bandwidth bills or server upkeep expenses.
I would have bought your game, but its DRM system made it a pain to play. Naturally, I could buy the game and get the crack after a day or a week, but then you would not have learned your lesson. Therefore, I abstain from buying (and playing) your game.
Would you have told them that it would be a waste of time?
You, sir, are a moron.
How many regular, normal users are going to google/torrent the hack?
None, they'll just get it with the game itself.
Then scan it for trojans? (Believe me most copies will have one.)
Look for the comments attached to the release, it'll tell you everything you need to know.
And then install it from the cryptic readme text file? I'm talking non-geeks.
People are not retards. By their second game, they'll know what "copy cracked exe over the original one" means.
I'm talking non-geeks. People who send their PCs to the geek squad. People who've got no idea how a byte is different from a bit. You know, the other 99.7% of the user base.
Irrelevant, they'll have geek friends. Sure, I have friends I'd rather trust with a house plant than a computer, but who the fuck are you to tell them they can't play with games they've already downloaded? (Mind you, in this country, it's legit for personal use.)
They use DRM because DRM works on the majority of consumers.
No, it works on the majority of their customers. Everyone else just gets it already cracked.
If DRM causes the company to lose 10% of their base but pickup a new 11%, they don't care.
DRM won't ever get you new sales. The game will, if it's good and/or marketed enough.
In which case, why come up with these hugely elaborate schemes? If a simple check for the game media in the drive will defeat normal users, why bother wasting the time to make DRM more sophisticated than this?
Oolite: Elite-like game. For Mac, Linux and Windows
How many regular, normal users are going to google/torrent the hack?
Exactly the same number who would have gone with the torrent if this DRM system hadn't been used. So they haven't gained anything. However, they will irritate customers who don't connect to the internet when playing games - for example, people who take their laptops on flights for entertainment.
No, I'm not. When you are talking about copying bit's around, the equation is not "Increasing complexity => decreasing pool of users capable of getting the hacked version". It's "Increasing complexity => decreasing pool of users capable of getting the first hacked version". Once that's done the barrier to piracy is reduced to "using a search engine" or perhaps "hanging out on the right forum". After that first hacked version is produced, all DRM schemes are equivalent.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
But if you're one of the 99.7% and you neither know nor care that you're being dicked, does it matter?
To have a right to do a thing is not at all the same as to be right in doing it
I am thinking exactly like a board member.
"Wait now, we spent how much licensing/writing this scheme to restrict digital rights for people? And it was cracked when!!?"
My line of thought would be: How much profit would we make selling a game without Digital Rights Restrictions versus how much would we make selling a game with Digital Rights Restrictions? Well, let's see, there's the obvious direct cost of licensing/creating the system that we would save. Plus, it doesn't do any good anyway, because the so-called "pirates" are going to crack the system anyway and the vast majority of people who were going to buy the game before are still going to buy the game. Also, we don't risk the PR nightmare of the Digital Rights Restrictions having a bug that could negatively affect their gameplay. Oh, and we can actually use it as a marketing point in selling the game.
Not imposing Digital Rights Restrictions is win-win proposition for both the company and the consumer. The only people who lose out are the people who write Digital Rights Restrictions systems, and as a board member of a company that now has nothing to do with them, I couldn't care less.