Software Licensing (Part 1)

I read an interesting article today at gamepro about PC game piracy. The article quoted from Call of Duty 4’s game blog:

“On another PC related note, we pulled some disturbing numbers this past week about the amount of PC players currently playing multi-player (which was fantastic). What wasn’t fantastic was the percentage of those numbers who were playing on stolen copies of the game on stolen / cracked CD keys of pirated copies (and that was only people playing online).” – Robert Bowling

It was not the fact that PC game piracy was rampant that surprised me but the fact that the pirates with stolen copies of the game are permitted to play online. To me, this seems utterly ridiculous. To understand why this is ridiculous, it is necessary to understand how online gaming works. A typical multi-player PC game allows users to do two basic things, host games for other people to join and join a game hosted by someone else. This service is sort of like a directory listing for games that are being played. Since the listing is controlled by the software publisher’s service and not the game itself, it can validate users and only allow users who purchased the game to use the service.

I believe that no matter how difficult we make the software protection process, pirates will always find a way to break the simple protections put in place over software. When you ship a piece of software, it contains the complete working product. Even if we had 1024 bit encryption keys with 256 character long CD keys for users to enter, when it comes right down to things, the software product knows how to validate that key. All a hacker needs to do is figure out how the program does that validation.

The only way to protect this is by having the key validation done by something other than the software product given to the user. This way they could not modify the product to get around the problem. Games like the Orange Box from Valve Software do this very well. When you purchase the game (either physically or electronically), the game is linked to an account on the Steam service that Valve provides. This service authenticates users and only allows them to play the game if logged into the service. Essentially it provides both the authentication of the user and the game listing services for users.

When you move the validation to a third party system, a pirate would be required to simulate the entire third party system. If a user had a pirated copy of Orange box and a service that “emulated” the steam service, they would still not have access to the game listings that valve provides through the legitimate steam service.

Essentially what this gives is an incentive to users to purchase the game instead of pirating it. Pirating games is simply too easy today. A 12 year old kid can more easily download a cracked copy of a game than to go through the process of acquiring 60$ from their parents and a round trip ticket to the mall. Now, if suddenly you told that 12 year old kid that they will not be able to play the game online with the pirated version, it may provide them with an incentive to go with the more difficult process.

In part 2, I look into the piracy issue with Microsoft Windows.