Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubisoft's New DRM Cracked In One Day

Posted by timothy on from the next-time-gadget-next-time dept.

Colonel Korn writes "Ubisoft's recent announcement that upcoming games would require a constant internet connection in order to play has been discussed at length on Slashdot ('The Awful Anti-Pirate System That Will Probably Work'). Many were of the opinion that this new, more demanding DRM would have effectiveness to match its inconvenience, at least financially justifying its use. Others assumed that it would be immediately cracked, as is usually the case, leaving the inconvenience for paying customers and resulting in a superior product for pirates. As usual, the latter group was right. Though Ubisoft won't yet admit it, Skid-Row managed to crack the new DRM less than a day after it was first released."

6 of 678 comments (clear)

  1. Re:Well, what a surprise by Bios_Hakr · · Score: 5, Interesting

    I'm a big fan of Silent Hunter. But I won't buy or play the new one until they release it sans DRM. It's really funny; watching the videos from Subsim, you constantly see messages about "no internet" and then, a few seconds later, "internet reconnected". That sure helps you to remain immersed in a faithful WW2 sub sim. After all, Adolph would have won if not for his shitty broadband connection.

    http://www.youtube.com/user/Subsim

    --
    I'd rather you do it wrong, than for me to have to do it at all.
  2. Re:Well, what a surprise by Anonymous Coward · · Score: 5, Interesting

    I'm a fan of Silent Hunter as well. And I work for Ubisoft, so I can get it for really cheap from the company store. However, they would have to pay ME to play that shit. As a result, I'll be downloading it via bittorrent, just like the rest of you. Kudos to the clever hacker.

  3. Re:Is DRM socially irresponsible? by Andorin · · Score: 5, Interesting

    Speaking of "socially irresponsible," DRM doesn't expire with a copyright, meaning that once a protected work falls into the public domain, people won't be able to use the work according to their rights under copyright law. Unless someone can point me to a clause in the DMCA that allows the circumvention of public domain works, that is. But people shouldn't have to crack public domain works to exercise their rights, whether it's legal to do so or not. (Plus, with anti-circumvention tools blanket-banned by the DMCA... well, I guess it doesn't matter whether it's legal, does it?)

    --
    That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
  4. Re:Priceless by fuzzyfuzzyfungus · · Score: 5, Interesting

    The thing is, "requiring a constant internet connection" isn't something that you can just tack on in an unhackable way.

    You can use the various DRMed binary obfuscation tricks to slow them down; but the hackers will eventually manage to neuter the internet checking stuff, producing a tame version that always returns what the program wants to hear, or a version of the program that doesn't even care.

    The only way to really force the issue is to actually move large chunks of vital game code to the server, and only provide the output of that code to the client. For instance, they could hypothetically ship the game with absolutely no AI code, and have every NPC in the game controlled by AI code on their server, just as if it were a multiplayer game. The trouble with doing that sort of thing is twofold: One is latency. There are only certain parts of a game's code that can reasonably be moved 100+milliseconds away from the user. AI would be doable, if suboptimal, because of our experience with providing adequate multiplayer FPS results. It'd be worse than doing it locally; but DRM shows a willingness to hurt paying customers, so so what? Second is cost: the more code you move to your server, the more computational capacity you need to maintain for the supported lifespan of the game. The more data you need to transfer back and forth, the higher your bandwidth bills, and the more customers with marginal connections you lose out on.

    The problem is, if the internet presence check is purely artificial, hackers will strip it out, just as they stripped out CD presence checks and offline serial key verification checks. If the internet component is vital, the hackers won't be able to simply strip the checks; because they'll be left missing whatever pieces are server side; but you run into new issues. If the vital component is static(certain textures or models or something aren't shipped; but are downloaded when needed) it'll be extracted and posted on bittorrent inside a week. If the vital component is dynamic(as in the AI example, where the client sends player location data and gets back a series of movement commands for NPCs) it cannot be usefully extracted; but you will take on substantial server load over the lifetime of the game, and whatever that dynamic component is will suffer from latency.

    This is where another problem comes in. Since your servers cost money, you want to make the server-side dynamic component as computationally cheap as possible. The simpler it is, though, the easier it will be for hackers to simply write an equivalent version of whatever it is, and make that version, running locally, available in their cracked copies. Unless you can find something that is, simultaneously, computationally cheap to run, very hard to rewrite, and fairly insensitive to latency, you are screwed.

    There may, in fact, at least for some games, be an aspect of the game that fulfills these criteria. In that case, anybody who wants to crack the game will, indeed, have to spend weeks or months doing real software engineering to re-implement whatever it was that you left off the disk and on your server(assuming a copy of that doesn't leak on day two, which would be embarassing) in addition to doing the basic cracking work required to defeat the artificial checks and any SSL style verification of the server the game binary is talking to.

  5. It only takes one. by KingSkippus · · Score: 5, Interesting

    The only thing that I'm surprised about is that companies remain so obstinately stupid in trying to implement Digital Rights Restrictions.

    Anyone who has ever been involved in software development knows that even when it comes to relatively simple systems, all it takes is one minor SNAFU, one little bug, for the whole thing to be laid bare before skilled hackers. And it doesn't even have to be a problem with your code; it can be in anything from firmware to the operating system to libraries you've linked to to the compiler you used. Add to this the fact that Digital Rights Restriction systems are hardly anything but relatively simple; they typically encompass very complex encryption, heavy duty mathematics, picky dependencies on very specialized hardware and/or software and/or connectivity requirements, etc.

    Also, how many people did it take to write your Digital Rights Restrictions system, and how smart were they? Let me tell you, it's not like there's just one guy holed up in a basement somewhere working on cracking the Digital Rights Restrictions of a popular game. There are thousands, maybe tens of thousands. And they all want that reputation boost (or sometimes even financial gain) of being The One Who Cracked [insert game title here]. Oh, and maybe your people are smart, but these people are frickin' brilliant.

    Yet still, these companies are under the delusion that after decades of abject failure after abject failure by companies much bigger and more motivated than they are to stop software theft, they're going to be the ones that come up with the magic bullet, that special recipe that will keep their software locked. So sure of it, in fact, that they're continually willing to invest a lot of time, money, and effort into their futile pursuit. The reality of the situation is that all it takes is one. One hacker, one flaw, and every cent you poured into your Digital Rights Restrictions system is *poof!* gone.

    I'd like them to hire me to create the Digital Rights Restrictions system they use for their next game. I'll charge them a few thousand dollars and put a text file on the root of the installation media that says, "It would really mean a lot to us if you would not copy this game illegally, so please don't. Thanks!" Now, I know you're probably thinking, "But Skippus, people would be able to copy the game from day one!" My contention is that I've saved them tens to hundreds of thousands of dollars and my Digital Rights Restrictions system lasted just one day less than the one they would have otherwise spent so much money on.

  6. Re:Well, what a surprise by Anonymous Coward · · Score: 5, Interesting

    We get paid a salary. But we also get some residuals based upon the sales of our game. In this case, Silent Hunter and any other PC exclusive Ubisoft game are going to sell like shit for the next little while until this madness is stopped. The execs don't care, because they get to tell the shareholders that they are doing everything in their power to stop the evil pirates. So the execs get to keep their jobs and make tonnes of money. Everyone's happy, unless they are the developer, the consumer, or (ironically) the shareholder.

    So, yes. Pirating the game does take a few coins from the pockets of the developers of this game. But it's but a small fraction of the sales anyway, so it really doesn't matter. The point is that if the piracy rate actually INCREASES, then the execs might actually have to answer for this nonsense at some point. They'll no doubt spin it to look like angels, but I'm sure that if the piracy rate is really high, then this might end at some point.

    So, I say raise the jolly roger, but keep buying Indie games. That's where our future (hopefully) lies.