Commercial VB games...

[git]

Hiyas,

I'm writing a game in VB with Direct X/Draw, and it's nearing completion... I'm highly considering making it availible to buy online. I was thinking I'd probably make the full version availible to download, but have it so you need to enter a serial number to 'unlock' it.

My question is, what commercial VB games are availible to buy, what genres are they (action, strategy, arcade, etc.), and how much do they generally cost? Any URLs?

I'm just trying to get an idea of how to plan this, how much to charge, etc....

Thanks,

-Git

[Arbiter]

I'm not aware of any VB games sold commercially, but I'm sure there must be one or two.

Having the game unlocked by a serial code is bad. Far too easy to crack (or just find published serial codes). Better to have a demo to download and then purchase the game.

PlenderJ has made some money out of software sales - but they weren't games, so the method he used may not really be applicable. Harass him to find out what he did.

I'd be interested in what you find as it's possible Sentience may be released commercially one day.

PS - if you want someone to test it (or a demo version) then post a link here. The feedback we've had for Sentience has been invaluable...

[Dreamlax]

I agree, it's better to have a non-fully-functional demo than a serial number. Astalavista alone searches over 1000 pages each containing 1000 (or more) serial number generators or registration form removers.

Make a demo, you'll make more money then.

[git]

Hiyas,

I was planning on releasing a demo which displays most of the features, and also having a downloadable full-version + serial no.. The reason being, that I was thinking if I sold 'physical' copies, then the price would increase (add the price of a CD, and shipping on top), which would make people disinterested...

The reason why I wanted to use a serial is because it wouldn't get pirated as easily. I was thinking if I'd got the person to submit specific details (maybe comp. specs, personal details, something...), and made that into a serial number (and really mess with the 'encryption' so it's VERY hard to generate one), I could track and deter piracy.

So, any ideas how I can distribute it, preferably without resorting to sending it on a CD?

-Git

[Dreamlax]

There will always be ways of generating serials. People disassemble the program and find out how it makes serials (not decompiling). The only way it would make it harder is if the serial number turned out to be a kilobyte. That way, console programs can't display it all at once (especially if it is more than just alphanumeric characters).

It's almost impossible to make software unpiratable, even dongles don't work.

[Dreamlax]

Actually, it's not really encryption which counts (though it herlps a fair deal), if you find a place on the hard drive where nobody will ever look, you could hide the serial number there (and encrypt it some more so they can't just search for the serial number in all files). Only hardcore crackers will use HDD loggers to find out which files the program is accessing...

Many people confuse hackers with crackers... and I'm one of them.

[Zaei]

Build in an online keyword checker, and go ahead with the original serial plan, with one modification. When the game starts, check for "On-line-ness" and check the serial number, from some server, somewhere. If 2 games with the same serial are online at once, disable both copies.

Z.

[edit]
You could also log the IP address, and time of day, for the FBI.

[PsychoMark]

Then just deny the access to the server for the game

I honoustly think that serials and protections are just a waste of time; there's always a way to bypass it...

The demo and full version idea is better, but then again, the full version could be spread easily once bought for the first time...

[HarryW]

Ask yourself how likely it is that anyone is going to spend hours scouring the net for a copy of this game rather than just buying it. Then consider the amount of time it would take to make some kind of protectoin and how much money it would save. Is it worth the time?

[Dreamlax]

I can't believe commercial programs still use serials. It is just as safe to have one serial number, than to have one generated from certain information. Well maybe not as safe, but there isn't much difference. It will get cracked / hacked either way.

[git]

Interesting ideas, particularily about how to disable if two copies are detected at once.

I think it is worth it, especially since I could enforce it... If I put in a legal disclaimer (basically saying 'If you pirate this your info may be used against you', hehe), would it be possible to use that information to contact the FBI (or feds, since I'm in Australia) and get the people busted?

Since each person will have a personalised key, which contains information about them and their PC, I could easily trace piracy. I would know who has what key, because once I get payment from a person I'd send the key file matching that home address and the PC specs or whatever. If that person pirates a game, I trace it back via the key, find the source and bust them (or pass on the information to the cops or whatever)...

EA's approach to combating piracy in B&W works, mainly by using scare tactics - from what I've heard, if your copy is pirated, EA is contacted... Couldn't this work, even better, if you can trace the person back through the serial no.?

I guess then instead of there being a keygen, someone could just crack the game, but maybe it's possible to safeguard against this by having checks throughout the game? (if the serial isn't valid half way through, exit, or whatever)

-Git

[Dreamlax]

People who pirate software deserve to have trouble. Erase all the necessary files (io.sys, win.com, explorer.exe etc...) off ALL computers which use the same serial. That'll teach those people......

[git]

Hehehe. =P

"Disclaimer: By pirating this game you accept that the creator has the right to erase critical system files, break your legs, take your car, burn your house down, and yell at you."

Sadly, I don't think it'd work........

[Dreamlax]

No no no no, you've got it wrong! You have to raid the fridge before burning the house!

Seriously though, saying something like:

"By pirating this software, you give the author permission to delete all critical system files from your hard drive. Anybody owning a pirated copy also runs this risk.

Pirating must stop!"
[Accept] [Decline]

Therefore they can't take legal action if they pirate the game and have all their files deleted, because they agreed to give you permission to do so.

[Breax]

what if the pirated key user do not online?

i think piracy happens more here in asia, while
not much percentage go online

i'd like to know as well, as i'm now in need of a way to
keep my software from piracy

[PsychoMark]

Like I said, you can just crack the program to stop connecting to a server, so it won't detect anything. In my case it's even easier: I'm sharing the internet, and my computer is the client. The Wingate Control applet allows me to set whether a program has access to the internet or not...

And deleting system files is a dumb solution, I totally disagree with it, what if you bought an original copy of the game, with a valid serial number, and someone else got the same number, but generated by a keygen or something, then your files will be deleted! Furthermore, if you delete system files, it can also mean a loss of valuable data (since not everyone will be able to restore their computer), which I think is just as bad as shooting a person on the middle of the street in daylight, and should not be allowed even if the disclaimer says the game will (that would mean that all trojans are legal, as long as you notify the user that their hard drive is going to be formatted, right )...


My opinion: use as much security as possible (if you think it's worth it), but DO NOT remove anything from a user's drive which is not part of the game....

[plenderj]

My app used to use serial numbers to enable the full feature set.
It was craked in about 40 nanoseconds.

Now the people get a demo, and then if they buy, an email it sent to my server, it then hardcodes the person's name, address and company name into the application, compiles a copy, and sends to the person.
This approach has not yet been cracked in the half year or so I've been using it.

[Dreamlax]

I suppose it is pretty dumb but that was the first thing that came into my head and it seemed a good idea at the time.

But what are the chances of generating a serial number exactly the same as someone elses if they use their comptuer models, names, addresses etc in just one serial? Quite low, but I suppose there is still a chance.

The chance of finding a matching DNA is 1 in 300,000,000,000, unless you are a twin / triplet.....

[git]

After reading that, the best possible solution could be just to compile a custom copy for each buyer, and have the person's name and details written all throughout the program (and if someone manages to hack that out, I could maybe hide it in a few places)... I think I'll take quite a few measures to protect it.

I really doubt someone would pirate a game around the place if they're details are in it.

-Git

[plenderj]

Well I simply just have three lines in a module :

Code:

Public Const RegisteredName As String = "Someone"
Public Const RegisteredCompany As String = "Some Company"
Public Const RegisteredAddress As String = "Some House" & vbCrLf & "Some Address" & vbCrLf & "Some State"

Another app changes the above values in the .bas module, and then shells out to vb6 to compile it.
If I can just get my hands on a quick Base64 encoder I'll have the app automatically mailed to the customer too

[PsychoMark]

Wouldn't those Public Const's be easy to change afterwards? You'll probably have to encrypt them a little to hide them as much as possible...

[plenderj]

Yeah they probably are easy to change, except you have to give me $30 first to get the app.
And the sort of people who would go to the effort of changing the values arent going to lash out $30

[Sastraxi]

A company called VBDesigns (I think they went bankrupt ) made 3 games:

Mordor
Mordor II
Infinite Worlds

Actually Mordor II got a name change to Inf. Worlds but its design and coding is very different.

[Breax]

may be this will work
there is something called hard disk serial no, from the manufacturer.

put the program as demo
to purchase fullversion, the demo program will get the hdd no, and send it. send a program that will only work on that hd.

[PsychoMark]

So you have to buy the game again when you change hd?

[Zaei]

Kinda like MP3 fingerprinting. People are going to SCREAM when those mp3s they bought stop working on that brand spanking new computer >=).

Actually i was working on a remote vb project compiler a while back, and its EASY to do. Just look around MSDN to find some info on VB command line options. You can figure it out from there.

The method that I suggested isnt actually designed to cach people who are like "Hey friend Bob, this is a cool game, let me copy it for you". It is much more likly to work against "Hey, Im a mad cracker guy, im gonna post this SN on the web!". Besides, even if you were to block internet access, then you couldnt play multiplayer (and not many people are smart enough to do that anyway). And yes, people are VERY likely to scour the web for hours(days) to find a copy of that new game, as opposed to shelling out 30 bucks (trust me >=).

Z.

[Dreamlax]

Encrypting your HDD's serial number is one option, but crackers can just fraud a serial number and send that to the program. That's how they cracked the dongle.

[git]

I was just thinking...

Is it even possible to make custom copies? I mean, if I had two versions of a program, one where a msgbox says "Hey!" and another "YoYo", couldn't a cracker find the difference between the two programs, and erase it, thus removing the individual fingerprint?

-Git

[plenderj]

I can only think of one nearly 100% bulletproof way of protecting your app.

You take the entire source code of your app, and RSA encrypt it a number of times over. Then you take that entire string, and base 64 encode it. Then, you put the entire encrypted+encoded source code into an app along with the windows scripting control.

At runtime, it Base64Decodes the encrypted data, then asks the user for a password, or set of passwords to decrypt the data.
You RSA decrypt the data with the password they provide. If the result is source code thats ok, then you pass it to the windows scripting host.

There's nothing (viable) that could be done against that.

[Dreamlax]

That would be an idea. Anyone who spends long enough trying to crack it would probably be on his 78th coffee. Plus you don't want to spend as long writing a pirating protection system than it did to write the game itself...

[plenderj]

Well "brute-forcing" RSA happens to take a few hundred years at least So unless he's drinking those coffess mighty damn slow ...

[Dreamlax]

Oh, well in that case he wouldn't be drinking coffee.



He'd give up once it says "Time remaining 102yrs, 56days, 5hrs, 2min".

[plenderj]

http://www.rsasecurity.com/rsalabs/faq/3-1.html

[Arbiter]

Software pirating is like car theft.

If a thief is out for you car, he's going to have regardless of what security you've got on it. All you can do is provide enough security to deter anyone but the most expert thief and hope an expert thief never comes along. If you're spending as much on security as you are on the car, it makes the whole thing rather pointless.

[git]

plenderj, very cool idea... I've seen a TV doco about RSA I think, it sounds complicated but quite powerful!

I don't know what Base-64 is, but I'll look into it. Btw what did you mean by scripting - put the source code in a VB Script file, encrypt it, and have it so the user has the provide a password to decrypt and run it? Would there be some way for someone to see the source code?

-Git

[PsychoMark]

You want to use the Windows Scripting host? You want to write a game in VBScript? Any idea how slow that is?

Btw, Base64 is mostly used by email programs to convert binary data into readable ASCII characters and back, since that's the only way mail servers will accept them...

Encrypting using RSA might be a good idea (only heard of it a little, don't know much about it), but you should not use VBScript that way. Maybe create an EXE, encrypt and secure it, then pack it with a secondary EXE which unpacks the whole thing and runs it (sort of like how EXE compressors work)... this way it works similar to the way plenderj described, but not using the source code, but the compiled EXE, which is even harder to decompile...

[plenderj]

Im not talking about using the scripting control to have the game running as a script. With it you can add code to your app at runtime, and it does a kind of pseudo-compile in memory (afaik), and then you've just changed how your app runs.

Also in relation to RSA, its an extremely secure method of encryption, but its also very easy.

[PsychoMark]

The Script Control does not compile anything, nor does it accept VB code, only VBScript, which makes it very hard to do stuff like API or DirectX or even Forms. But the principle of the two solutions are the same: you have an EXE which runs a second EXE / code which is heavily protected... I think that would be a pretty good idea actually...

[plenderj]

I suppose yeah if you had an exe with the encrypted + base64 encoded compiled executable you'd be set !

[Zaei]

Just put all of the actual runtime into a class module, compile to a DLL, and stick it somewhere in the windows\system\ directory. name it something like "MSTRX53.DLL" and no one will ever find it =).

Z.