How Effective is Computer Game Copy Protection?

Computer game piracy offers lessons for the rest of us on data leakage protection. BY RICHARD HYAMS AND PETER WILD

Produced by the Information Security Group at Royal Holloway, University of London in conjunction with TechTarget. Copyright © 2008 TechTarget. All rights reserved. Royal Holloway series Computer game copy protection

How Effective is Computer Game Copy Protection? Richard Hyams Today’s video games industry generates second hand one. The development of the Information Security Manager, SCI Entertainment PLC huge profits. A popular computer game such secondary games market has added a new as Microsoft’s Halo 3 can earn as much as a twist and may possibly require the game to Professor top box office release in a weekend. be protected longer to delay it being resold. Peter Wild US computer game sales in 2006 reached Information Security Group, Royal $7.4 billion, but it is estimated that the indus- BULLETIN BOARD SYSTEMS Holloway, University of London, try lost more than $1.9 billion to global piracy, Computer games have always been ille- Egham, Surrey, U.K. and piracy is on the increase. The games is gally copied. The first community Bulletin actively seeking mechanisms for preventing Board Systems (BBS) made it possible to unauthorised copying and distribution. exchange pirated copies of games with lots Protecting a game from being copied is of people, and although not all BBSes were most effective during the first 6-9 weeks setup solely to exchange pirated games, a from its release date as this is when the significant underground “scene” emerged majority of sales occur. Any illegal copying where groups of people would exchange This article was prepared by students and after this period will have a lesser impact. electronic files between them. BBSes cost staff involved with the award-winning M.Sc. in Information Security offered by the The second-hand market for computer money to run and so special “paid for” Information Security Group at Royal Holloway, games has developed in which pre-played accounts were setup for people not in the University of London. The student was judged to have produced an outstanding M.Sc. thesis games are “recycled”. Many computer game hacker community to have access to the on a business-related topic. The full thesis retail stores have set up facilities to buy cracked software. BBS operators however is available as a technical report on the back games to resell them. Game develop- were running a big risk. Unlike websites, the Royal Holloway website http://www.ma.rhul.ac.uk/tech. ers and publishers do not generally receive computers running the BBS were based at any sales revenue from this market but it has the system operator’s home and could be For more information about the Information Security Group at Royal Holloway or on the the effect of reducing sales of full-priced traced by the police. For this reason the M.Sc. in Information Security, please visit games, as gamers will buy the cheaper “scene” was very secretive, with phone http://www.isg.rhul.ac.uk.

• BULLETIN BOARD SYSTEMS • ENCRYPTION • DIGITAL RIGHTS MANAGEMENT • ONLINE ACCOUNTS 2 Royal Holloway series Computer game copy protection

numbers and names traded between people the game CD from being physically copied that knew each other and new members by a CD recorder and secondly preventing even being voting on by existing members the game code from being transferred from of a BBS. the CD to the hard disk. Many methods have Microsoft, Novell and other large corpora- been tried in the past. These range from tions became so concerned that they altering the physical structure of a CD which A game of cat worked with the FBI to try and close the prevented the use of early CD-copiers, to and mouse began BBSes down. In 1997, “Operation Cyber- random words from an instruction manual between the strike,” run by FBI’s international computer having to be entered during the game start developers and crime department in San Francisco, shut- up requiring the manual to be copied. down five major pirate BBSes in one week the hacker groups and caused many others to shutdown in ENCRYPTION as more and more fear. New anonymous methods of distribu- Most of these methods were either too sophisticated tion over the internet began to be used by expensive, incompatible with existing mechanisms the hacker community. IRC channels were computers, or were broken by the hacker based on the originally used, which then evolved into groups. The main method that emerged over encryption idea using Peer to Peer networks (P2P) such as time was encryption. The game code is BitTorrent, Emule and kazaa. With the emer- encrypted on disk and has to be unencrypt- were developed gence of the large search engines it became ed before the game can be played. It may and subsequently very easy for far more people to find pirated seem at first sight, that the hacker would cracked. games than by the old secretive bulletin have to attack the encryption to make a boards. A search (for example, on Google) copy, but as the game has to be unencrypt- will find almost any pirated version of the ed to be played the hacker can wait until it latest video games. Some dedicated “torrent is unencrypted in the computer memory and search” sites have sprung up to help users attempt to copy it from there. A game of cat locate pirated torrent files more easily, such and mouse began between the developers as Sweden’s “Pirate Bay”. and the hacker groups as more and more The computer games industry has tried to sophisticated mechanisms based on the prevent illegal copying by firstly preventing encryption idea were developed and subse-

• BULLETIN BOARD SYSTEMS • ENCRYPTION • DIGITAL RIGHTS MANAGEMENT • ONLINE ACCOUNTS 3 Royal Holloway series Computer game copy protection

quently cracked. purchaser of a computer game to validate Computer games are still mainly distrib- the game via an online platform. The DRM uted on physical media such as CDs and tries to prevent a user registering and using DVDs but the general availability of broad- a pirated copy of the game. Thus, the user band connections makes it possible to may have the software but be unable to download entire computer games. Although run it. This type of DRM is less focused on Online distribution the number of sales are small compared encryption and more on the monitoring and of games, just like to traditional retail, they are beginning to identification of a game with its associated digital music, has increase as more game consoles are now online account. The best examples are introduced the able to connect to the internet. It should be Steam, which was developed by Valve Cor- noted that increased bandwidth has also poration the developers of the popular Half use of digital helped the hacker community who can now Life 2 game, and Microsoft XBox-Live, which rights management distribute entire pirated games rather than connects Xbox 360 consoles to a managed (DRM) as a new just the program to crack the copy protection. multiplayer platform. method of copy Unlike digital music or films, computer prevention. DIGITAL RIGHTS MANAGEMENT games have the potential to be upgraded Online distribution of games, just like digi- with new levels, maps and additional tal music, has introduced the use of digital weapons, and this creates an incentive for a rights management (DRM) as a new method user to continue an online relationship with of copy prevention. DRM originally focused the games developer or publisher. Success on security and encryption, and tried to lock stories, such as the hugely successful online content down to just the user that originally universe “World of Warcraft,” have proven bought the computer game. As the online that subscriptions models work. Game acti- computer game market evolved, a second vation and linking to an online account can generation of DRM was developed which, be repeatedly performed over a given period instead of preventing direct copying, or every time the game is played. This gives stopped the game from being played with- the DRM an ongoing control system to iden- out some form of registration. This is done tify illegal licences and delete the accounts by an “online” account which forces the instantly. Although a user may have success-

• BULLETIN BOARD SYSTEMS • ENCRYPTION • DIGITAL RIGHTS MANAGEMENT • ONLINE ACCOUNTS 4 Royal Holloway series Computer game copy protection

fully registered an unlicensed copy of a Steam, validated a user’s licence before game when they first installed it, at any time allowing access. A group of hackers the illegal licence may be detected and the reverse-engineered the protocol language account disabled. used for communicating between the game Just cracking a game’s copy protection and the online platform. This meant they Copy protection code is not sufficient any more. This is in could set-up their own online Battle.net linked with online contrast with retail games played offline environment with the account disable accounts may which, once cracked and distributed on the functions turned off and allow users with seem to be a internet, allow many users to play the pirated pirated copies to play. software. Copy protection linked with online formidable step accounts may seem to be a formidable step ONLINE ACCOUNTS against the hacker against the hacker groups but they really In future, games developers will almost groups but they work best when the game has a multiplayer always include multiplayer options in their really work best option. The incentive to keep the consumer games, thus enforcing a connection when the game legal is the threat of being banned from a between the consumer and the developer. multiplayer platform. The developer now has many more options has a multiplayer Single player games will probably still be then ever before to control who plays and option. cracked, as shown by Half-Life 2 which was on which device. As Microsoft Xbox Live cracked but only worked in single player and Steam have shown, it will become much mode. The potential problem is that if an harder to bypass the control mechanisms online account is stolen then the legitimate and involve much more effort from the hackers user’s game copy as well as the pirate one such as producing their own rival online plat- could be banned, so there needs to be a forms. In the long term the home computer process to allow the legitimate user back will evolve into the media centre of the living on but stop the pirate copy from returning. room. Buying games may be like watching Another avenue of attack is to target the an on-demand movie with the same type multiplayer platform itself. An example of this of rental business model. Games will no is the online platform called Battle.net devel- longer be for sale on physical media and as oped by Blizzard Entertainment, which like online technology develops, it may be that

• BULLETIN BOARD SYSTEMS • ENCRYPTION • DIGITAL RIGHTS MANAGEMENT • ONLINE ACCOUNTS 5 Royal Holloway series Computer game copy protection

only the part of the game being played will race between the games developers and the Ron Condon be available on the device at any one time. hacker groups, and it is usually only a ques- UK bureau chief Will there ever be a perfect copy prevention tion of time and motivation before the protec- searchsecurity.co.UK m solution for games? Online accounts look the tion is broken or bypassed. Ron Condon most promising, but there will always be a has been writing about develop- ments in the IT industry for more than 30 years. In that time, he has charted the evolution from big main- frames, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. In recent years he has specialized in information security. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the U.S.

• BULLETIN BOARD SYSTEMS • ENCRYPTION • DIGITAL RIGHTS MANAGEMENT • ONLINE ACCOUNTS 6