with windows vista and directx 10 games coming out do you think there will be far more advanced ways to protect media? Songs downloaded from Napster can't be converted - they have to be recorded using software like tunebite. Prince of Persia 3 uses starforce protection that leaves downloaders unable to play unless they disconnect the IDE cables for the disc drives. It seems like sophisticated media protection is the wave of the future.
I'll be honost, the only reason why I pirate is because its a)pathetically easy b)readily available from multiple sources on the internet c)saves me money d) lets me try just about anything digital (games I'm curious about, programs that I wonder are any good, etc. etc.)
If protection measures eventually make piracy obsolete I pray that at least companies provide demos of their products (as many do) so I at least can spend my money only on the things worthwhile.
thoughts? comments? yo-ho ho and a bottle of rum?
> Prince of Persia 3 uses starforce protection that leaves downloaders unable to play unless they disconnect the IDE cables for the disc drives.
Incorrect. Starforce usually causes problems for people who legitimately buy the game. Downloaders get the version where the pirates already removed the protection, and that thus works with less hassle.
> Prince of Persia 3
It seems that this game, like many others, many people in the know who go out and pay for a legal copy of the game end up having to slap on a no-cd crack anyway, just because it saves them having to fuck around and deal with copy protection.
>>3
That's what I do. I download demo copies, then I buy legit then I download the cracked iso and install that. If there is no demo, then I will not look at the game/software.
It is far easier to install, use and backup the cracked copy rather than the legit one. I often don't even touch the legit cd and I wouldn't even open the box if I didn't need the manual.
Piracy becoming "obsolete" is impossible unless everything became free. Just as in any security technology it's an arms race between the developers and the crackers. Yes, the developers have the monetary motivation, but the crackers are numerous and often more skilled, if less motivated.
I'd imagine organized crime is involved in cracking too. I bet that a lot of games and videos sold in Asia, esp. China and Russia, are illegal.
If it can be viewed, listened too or played, it can be copied. There is no one hundred percent safe way to protect anything from being copied.
As an example, though not for software, take the new HD protection scheme, HDCP. There are already devices which can easily remove protection from a HDCP stream, and the technology isn't even really rolled out yet. True, the key could be revocated, but how likeley is it that anyone will really push the big red "NO DVDS FOR YOU!" button.
Software copy protection can be more efficient obviously, but even the super ultra highest level of copy protection can and will be broken. (See starforce)
So here's a question: Why even bother? Why do big companies try to copy protect their games? It only costs money and doesn't help anyways, so they might as well stop trying and just pocket the money they would spend on copy protection. If they still wanted to fight piracy, they could spend the money on finding crackers and sueing them big time instead.
>>6
Why put locks on doors? They only cost money and don't keep out burglers.
As I heard before, they're there to keep honest men honest. If it takes effort most people won't want to bother and end up actually buying the software they want.
the problem with copy protection is that it makes it easier to get a pirated version of a game working than a legit version.
The money spent on copy protection would be better spent on incentives to purchase the product. Infocom games used to come with cool items that tied into the games. That kind of thing can't be uploaded to the net.
What >>7 said. Moderate copy protection isn't going to stop crackers and BitTorrent addicts, but it does stop thirteen-year-old Joey who doesn't know anything about computers beyond how to use the Start button from giving it to his likewise casual-user friend to copy. If you listen to the line from game companies, they'll say that they'd like to stop all piracy, but if they can at least stop the "casual" stealing, it's enough.
>but it does stop thirteen-year-old Joey
No, it won't. See, if thirteen year old joey knows enough to install a game, he also knows enogugh to download a game with bittorrent. Only 5 or so years ago, If you wanted to download some game, you had have knowledge about IRC or Usenet or had to have a friend who knew someone who ran an FTP. But times have changed. Today, you go to some well-known site (Say piratebay) and download the torrent, the UI of the new clients is so easy to use that a six year old could work most of the stuff out. As soon as the DL is finished, you follow the step-by-step instructions provided, and you're good to go.
Remember, Joey doesn't have to crack the game. There are people who do that for him. And if he still can't figure it out, he'll probably just ask his friend johnny who is good with computers.
some time ago i bought my dad a copy of half-life 2; he played it once, then uninstalled it. recently I attempted to reinstall it on my own computer but now the CD key is linked to dad's steam account, which he's long since forgotten the details of. getting valve to reset it would cost :10bux: which i'm unwilling to pay, it's my fucking software and i paid for it already :|
as a result i cannot even consider buying episode 1 or 2. valve's asinine copy protection just lost them $40. gj guys
Its completely reasonable for companies to want to have tight security on what they own. This would make the casual users to take their asses out there and buy what they use, while me, i'll buy what i really like, which is close to what a casual user would buy if there was tight security (since I i spend more time on my PC , certenly i have more demands ) . But if i don't wanna pay for something i'll go as far as inistalling a chip on my computer or taking it to pieces and spending hours to get it work.
you can stop casual users, but stoping pirates is impossible, and in this, i'll get the better end of the deal. getting something to work is part of the fun!
>>11 indeed it's a lot easier than it used to be but you have to remember that most of us know how to use a computer better than the average user. I know a ton of people that don't know how ot use bittorrent or download the wrong ones and end up with viruses. I agree that it keeps the casual stealing at bay. it may not be much, it may not even be the majority. but it's enough that it's probably worth it for the companies.
>Joey doesn't have to crack the game
That's the key difference between >>7's example and the reality of piracy: you have the best lockpick in the biusiness at your fingertips.
"Moderate" copy protection to stop casual pirates is trivial - game companies have been making uncopyable CDs for nearly as long as they have been publishing games on CD. This is already very effective against casual copying.
Current copy protection systems go much, much further than that. They're not trying to stop casual copying any longer, they're trying to stop all kinds of internet piracy. This is doomed to fail, and in the process they are creating immense troubles for their legitimate users.
>>16
But then again, you can't honestly expect them to lay there and do nothing. They're trying to protect their product, a product that gets them alot of cash. Company+Cash=good business.
Games+piracy=no cash
no cash+company= in the crapper
Games+shitty copy protection that won't let legitimate buyers play=no cash
well, some cash because most stores won't let you return games anymore, but not much once word gets out
>>16
What? What the heck is an uncopyable CD?
It's a CD that contains a track that is broken in such a fashion that a CD reader can verify it exists in its correct form, but a CD writer with its built-in error correction cannot write it.
Have you seriously never encountered such a disc? It's been used on pretty much every single game since forever. Well, I don't know about modern games, it was ages since I bought a PC game.
>>21
Newer apps (Say, alcohol 120%) don't even bother you with this anymore. You say "copy!" and the app copies, and with a newer writer, they do well more often than not.
But most people I know only create an image and mount that image anyways, it's much more comfortable than having to search for the disc everytime you want to play.
>>21
your cd writer sucks.
the only cd's i've ever had trouble with are ones that are broken in such a way that they only work in certain cd drives.
those ones apparently cause drives that can read them to get stuck in some sort of loop if you try to read the wrong part of the cd, which makes it impossible to copy the entire disc (and sometimes cause the drive to stop functioning until the machine is rebooted).
I'm wondering. Will starforce still work with vistur?
>>24
If it doesn't, that would be a fuckup of legendary proportions.
>>5
Imagine all you want. Organized crime has access to CD and DVD pressing machines and can take a 1:1 copy of the original discs like that. Copy protection and all. Same as with movie DVDs.
It's not the russian mafia that releases no-cd cracks, you know.
http://www.securityfocus.com/cgi-bin/index.cgi?c=briefcomments&op=display_comments&BriefID=34&expand_all=true&mode=threaded
Relevant to your interests, the comments, that is.
The article itself is regarding the usage of Sony BGM rootkit to cheat WoW's spyware from detecting that you're using cheats.
i don't think piracy will ever end (and thank god for that). the crackers are numerous and hide in the shadows. the development teams are limited and have to worry about funds. who do you think is going to win?
> who do you think is going to win?
Corporate interests.
I doubt they'll completely wipe out piracy, but the days of copying and crackz are probably limited.
How OSS factors into this is an exercise left to the reader.
>>29
Buhh. First, end-to-end encryption doesn't quite cut it when the decryption is done on hardware that is fundamentally in the user's control. Stick all the TP modules you want on the motherboard, or even in the processor; doesn't matter. Someone's going to crack it either via the almighty sweep electron microscope or plain old "master key, and you're oodles richer / your children will live". This much should be obvious given that the opposition is made of people, and the system is made of hardware.
Case in point, the PSP and its various firmwares and their associated downgraders. Everything is signed, the hardware is proprietary, end-to-end encryption using a fairly strong cipher is present.
Second, you can't cook a frog like that. (Why you'd want to cook a frog is beyond me.) That's an urban legend commonly reiterated ad nauseam by slashdot refugees. Certainly it may be a passable technique for introducing, nay forcing, unpleasant changes upon a population, but the frog-cooking metaphor itself is stale enough to attract the FDA.
>>29
For films and music, there's always the analog hole, which is pretty much unpluggable. So, it doesn't have the best possible uber-quality? Whatever, as long as it has enough quality, pirates will be ok with it.
>>31
indeed. pirates already usually settle for poor quality (low quality variable bitrate mp3, for example).
> Someone's going to crack it either via the almighty sweep electron microscope or plain old "master key, and you're oodles richer / your children will live".
I think you're underestimating how expensive it is to reverse-engineer a modern microprocessor. Only a corporate entity has that kind of funding, and it's only going to get harder. The more expensive it becomes, the fewer who will attempt it, particularly when combined with the second part:
You're ignoring the legal prong. For now, so far as I know, only the United States and Australia has legislation overtly hostile to reverse engineering, yet other countries are feeling the pressure.
Further, I see no reason why corporate interests will not continue to squeeze for even stronger protection. They have lobby groups, and you don't. We're talking decades here.
> the PSP and its various firmwares and their associated downgraders.
This probably only means that they have not yet developed a strong implementation. The pirates are giving them a lot of practice, and eventually they'll get it right. Then what?
> Second, you can't cook a frog like that.
Did you understand my point? Similes and metaphors do not need to be grounded in reality.
> reiterated ad nauseam by slashdot refugees
Charming. Really.
>>31
Macrovision deals with that. I have no doubt research is being done to produce more robust analog varients, which could be embedded into everything.
Even if you bypass something, which isn't hard (for now), you're left with a lossy recording. Now what do you do with it? Re-encode it digitally and give it to your friends (including your digital signature?). Give them tapes?
Now, what about software?
>>34
And, like, Macrovision actually prevents anything nowadys? Also, concerning plugging the analog hole:
Most consumers are going to put up with a lot of shit, but some stuff is just too intrusive.
Also, before audio/video copyright protection schemes that are so unrackable that no one can ever break them are developed, we'll probably all die in a nuclear war or something.
Software piracy: I guess at some point software piracy will return to beeing something only the 31337 h4x0rs do. Then again, the 31337 h4x0rs probably use mostly OSS, so they couldn't care less.
>>35
That's a valid point, although if it's background music it's probably not high fidelity enough to be of concern to IP holders, nor for copy protection to kick in.
Of course, if everything digital you produce is signed, that's going to be interesting. Your camera will presumable soon use digital media.
>>36
Signed? Yea rite, and sureley signed in a way that makes it absoluteley impossible to remove the signature. I think you are overhyping this quite a bit.
I'm not hyping. I'm stating possibilities. Worst case, everything you produce is signed, and kept permanently attached to the data in a resource fork or alternate data stream.
And why not? It's for your own safety! <insert spin>
>>38
Effective signing of everything you create would require supporting PC hardware, software, network equipment and whatnot. Also, such a solution could not be allowed to work on or with legacy hardware, because that would be a security hole, that means not transferring from "safe" PC's to "unsafe" ones.
How realistic is it to assume that ALL MAJOR VENDORS would manage to agree on something that big, when you can't even get two companies to agree on a next gen DVD format, and what is the chance of getting basically all major businesses that use PC's to completeley rebuild their IT infrastructure? The recording/movie industry is powerful, and they have a lot of money, but some companies are more powerful have more money.
And then, if someone found a hole after everything was changed over, everyone would have to start over again.
You do realize most of these things are happening right now? Both HD-DVD and Blu-ray are built to (optionally) not support legacy hardware, and to implement a secure encrypted data path all the way from disc to display, and will refuse to work at full resolution if this is not provided? This includes the video playback framework in Vista.
>>40
Backward compatibility is there, Blu ray and HD-DVD are going to work in windows XP, using a software player, and software player means it can and will be cracked. Also, there's already devices on sale to filter out the HDCP from a HDMI stream (They recieve the stream encrypted and just output it decrypted). And key revocation? As soon as a key of an device that is spread far enoguh has been broken, the system is doomed.
>>40
This secure path does not enable you to copy data from medium to medium/PC to PC and to convert it to different formats, which is something you'll want to do with your own documents/data. It was also made to work only with certified OSes and players, and only needs to work with video streams.
The problem that HDCP is trying to solve is the creation of high quality digital rips, it's not trying to uniqueley identify every single part of every single disc (be it audio, video, text or whatever) that is created, which would be a tad more complex.
I concur with >>40, and I think >>41 is missing the point: so what if it has a backward compatibility for now?
It's once all the required pieces are in place (both hardware and software) that things will become problematic. XP has a lifecycle, and will eventually be replaced by Vista and Vista's successors on all machines that matter. Same with OSX. Once all the required components are in place will the race be on.
You're thinking too short-term.
> As soon as a key of an device that is spread far enoguh has been broken, the system is doomed.
Unless the network is involved, similar to Steam. The current Steam can be broken, but mainly because the hardware is insecure. What happens when both pieces are in place?
I can see it already: We're sorry. Your system has not been certified, so to protect other users you cannot sign on. Please take your computer to your nearest certified IT professional, et cetera.
I didn't say it did. I said that your arguments for it being impossible to do are invalid, because an effort of similar difficulty is being made right now. The aim is somewhat different, but it could easily be done again, especially when a lot of the stuff that's being put in place can be reused.
>>33
Dude, put down the tripcode and take a deep breath. Like I said, this isn't slashdot.
Reverse engineering a modern microprocessor is cheaper than building one from scratch. Second, your understanding of the PSP's security model is clearly lacking. They've got all the bits you suggest in there in the current revisions: a TPM analogue, signed software components all the way up from the BIOS-equivalent (it being a MIPS-based system, so no x86-style BIOS), hardware verification and attestation, you name it. Hell, even the original Xbox had signed software components and hardware verification using an "onion" model, and look at what happened: some MIT dude puts a FPGA-based bus analyzer on top of the cpu-to-northbridge wires and BOOM.
My point is that if you understand at all how many distinct factors go into making a system secure (well, actually, "more secure than the one before that", being as security isn't like being pregnant), the tradeoffs become readily apparent. Certainly Sony could rewrite all code that goes into the PSP in Haskell or some such verifiable language in which stack smashing or integer overflows didn't happen or were caught in hardware, but then you'd have issues with algorithm level bugs and the way verification-oriented languages tend to result in code that isn't appropriate for systems that have use for that 60% of cycles that the runtime tends to slurp up for its own use. Like, uhh, a handheld game console for instance.
It's like putting a lock on the front door. Either the burglar will break the lock using omg-hueg cutting tools, fucks with the hinges, comes in through the window or back door or (best of all) manipulates the mechanism of the lock so that the lock opens as if by key. Likewise, if you use signed executables, the attacker will simply attack the signed executables' behaviour in order to run his stuff inside the privileged zone. The complexity of software in these so-called secure systems will keep increasing at a rate that I believe cannot be matched by the rate of closing shit up. (Indeed, some would argue that the act of closing shit up tends to kill creativity and restrict improvement to the evolutionary, thus leaving the game console manufacturer's flank wide open to an innovative competitor.)
In a nutshell, I think human ingenuity is going to keep on winning as it has from the dawn of recorded culture. After all, the hackers outnumber the greyfaces.
> Dude, put down the tripcode and take a deep breath. Like I said, this isn't slashdot.
You're right, it isn't. So why the patronizing tone?
> Reverse engineering a modern microprocessor is cheaper than building one from scratch.
Yet it's still expensive, and only becoming more so. Make it expensive enough and protected by a legal framework, and then what?
> a TPM analogue
Analogue could mean anything. A strong implementation is strong, and weak is weak. It looks like PSP's wasn't strong enough, which says little about future attempts.
> using an "onion" model
An onion or ring model makes a poor security architecture since it violates the principle of least privilege.
> some MIT dude puts a FPGA-based bus analyzer on top of the cpu-to-northbridge wires and BOOM.
Yes, which says something about that particular implementation. There is no reason why a bus cannot one day have strong encryption. Cracking open chips means a lot fewer MIT dudes.
> then you'd have issues with algorithm level bugs
Yes, which is why the principle of least privilege exists. Use a formally proven security kernel to enforce permissions.
> It's like putting a lock on the front door.
Indeed, but if you make a house difficult enough to break into, it's unlikely to happen. Consider the difference between your home and the proverbial Fort Knox, yet both use doors and locks.
we got always online shit now :C