Not logged in, Join Here! or Log In Below:  
News Articles Search    

 Home / Game Design & Programming / Any good ideas on registration codes? Account Manager
Archive Notice: This thread is old and no longer active. It is here for reference purposes. This thread was created on an older version of the flipcode forums, before the site closed in 2005. Please keep that in mind as you view this thread, as many of the topics and opinions may be outdated.

April 03, 2005, 12:27 AM

I'm nearing the end of a project, a little 2d car combat game. I'm planning on selling it as shareware and I'm trying to come up with how to do registration, specifically what identifiers to use for unlocking the game.

I'm not really concerned with stopping hardcore pirates I just want Average Joe not to be able to spread the registered part of the game to his friends (I'm already going to give away the first 1/3 to 1/2).

I'm probably going to use a combination of identifiers for the key, and only require some of them to match so if the costumer changes their system the game will still let them play.

Here are some of the identifiers I've thought of:

1- Window's serial number: Very unique, except in the case of pirated windows and maybe some multi-licenses for windows.

2- Processor Level/Revision: Fairly system specific but not enough where someone couldn't just post a bunch of keys one for each processor type.

3- User Name: Really easy to get around but most people might not think of it. Plus then odds are the same person could use the key on all their machines, but only if this is the only identifier the key requires.

4- Hard drive serial number: Unique?? maybe the best way to go.

I'm not as concerned with stopping piracy as wanting to be fair to the costumer. Anybody have any opinions or criticism?

-John Loehrlein


April 03, 2005, 03:55 AM

Why do you think that these identifiers make your system more secure? I think that every effort you make to do advanced protection (that is: more than a name + serial combination) is a waste of time. The best way to protect it is having two versions of your game, the shareware (limited) one, and the full version. In this way you'll sell at least one version before it gets pirated ;)

For the full version: you can add secret watermarks to full versions which are customer unique, and so you'll be able to figure out who pirated your game. Unless these watermarks are found by people who care.

In the case that you still prefer usage of a serial: crackers will either extract your algorithm that creates the key, or they'll patch your binary which takes less time. For example, if you have a code structure like this:

if (isRegistered())
//do full version things
MessageBox("buy my game");

attackers could simply patch your isRegistered routine into a return true;
The clue: if you really want to use a serial system, make huge spaghetti code, make tons of functions setting global flags, fake key-check alike routines, multiple serials that get accepted that trigger certain flags, where just only one flag enables the real version and where the other flags make the game crash at random points for example, etc. Just make it hard to analyse. But remember, it is wasted time.


April 03, 2005, 05:16 AM

If it's a good game, someone will sit down to crack your key checking, whatever complicated it'll be. It always boils down to the final check: Do we accept the key or not ? Then a crack will be available, and Joe Average-User will be able to download it.

Probably the only modestly safe way is to offload some code to a server, where the game has to download it on every run. At least it'll be a bit harder to catch the traffic, extract the binary code, store it to disk, and tell the game to use that instead of downloading it.

It's probably not too hard to code, but it's impractical for a number of obvious reasons, and users most likely wouldn't accept it.
Me, I got a flatrate internet access only recently. While I had to pay for online time, I wouldn't have used such a game.


April 03, 2005, 07:59 AM

ALL anti-piracy schemes are a waste of time - they are all hackable in a day or less. I've worked at companies that spent tens and hundreds of thousands of dollars on elaborate anti-piracy schemes. In every case there were cracks posted on the Internet within 24 hours of release.

For games the only scheme that even partially works is the unique GUID for multiplayer games that at least keeps multiple copies off the same CD from being played through authentication servers at the same time - but even that is only partially successful due to keygen hacks.

Really the most successful effort that is going on right now is the somewhat questionable practice of using auditing services that watch peer-to-peer traffic. My sister got caught by this when she was nabbing a pirated copy of Photoshop, and the auditor put pressure on her ISP (Adelphia) who then told her if she was caught again her Internet access would be blocked. At that they shut her down for 48 hours as "punishment". But even this is only catching a fraction of the pirating going on.

Factor-in a 1:10 ratio of legally purchased-to-pirated copies of your game. Activate it via user registration, then sell the customer data you mine to marketing companies to make-up your losses. That's what the big software publishers do. It's about all you can do.


April 03, 2005, 08:29 AM

theAntiELVIS wrote: ALL anti-piracy schemes are a waste of time - they are all hackable in a day or less. I've worked at companies that spent tens and hundreds of thousands of dollars on elaborate anti-piracy schemes. In every case there were cracks posted on the Internet within 24 hours of release.

Well, I think that Starforce is another case. Some games weren't pirated at all because of Starforce, and some pirated versions were delayed for months because of it.

Dan Fekete

April 03, 2005, 09:04 AM

There can be one way, which I consider pretty good. When I've worked with a smaller company, who distributed games over the internet, we came up with a solution. After we did all registration code (keychecking, etc...), so when the user tries to register the game, the game connects to an SQL server and looks up, if the key is a SOLD key (you gave out the key, and not a hacked keygen) and it doesn't exists. If everything goes well, the new key is entered into the database, and only a minute from the user's time is lost.


April 03, 2005, 09:13 AM

Even then, modifying a few conditional jumps will defeat it.


April 03, 2005, 09:13 AM

What's the point ? That also ends up in a check "is this game registered or not ?" and can be hacked by finding the appropriate jump instruction byte, and NOP-ing it.
It sure makes the use of "generated" keys hard (if not impossible), but what does that help if I can manage to get around the need to register at all ? And that can be managed as easy as with any other method.


April 03, 2005, 11:41 AM

Dude, two words. "Code wheel"

Check out the sweet code wheel from the original Monkey Island:

Registration depends upon who your customer is. If you're making a tool targeted at companies (not individuals) your biggest concern should be people using one registered copy on 50 machines. In that case you could ping the network looking to see if anyone else is running the same ID. If so you kill everything running and have them reregister.

You have the right idea for your game. Just targetting trivial pirating is best. Simply setting a value in the registry is good enough to prevent most people from pirating.....assuming you use expiring keys. When you generate a key encode the date into it. Have it expire after a couple days. That way if someone posts their key it isn't going to work for other people. If someone reinstalls on another computer then just give them another key. Allow up to like 10 keys without question. After that require the person to email you.

The most annoying thing about this type of registration is in most cases you can't reinstall years in the future because you can't get the registration code anymore.


April 03, 2005, 01:34 PM

A code wheel would be awesome. However even those can be thwarted via the use of a photocopier or grid paper. Anyone remember "The Bard's Tale 3" triple-decker code wheel? That was a masterpiece.

I remember one specific code wheel incident (back before the internet) involving one of the D&D games where a friend of my brother's had copied the game and would telephone every day and describe the symbols on the screen, then one of us would use our code wheel to help him play the game illegally.

I'm considering the use of a paragraph book like the old wasteland game. Another good idea would be to make a huge and overly complicated custom controller.

All kidding aside, I'm not even going to worry about the hardcore pirates. I just want to make it clear to anyone pirating my game that they are doing something illegal.

One tricky thing is that I've set the whole thing up as C++ for the core engine and interrupted Lua for all the game specific stuff. All the content is loaded via Lua commands. So basically I'm going to alter the game to hard code some of the Lua unless it's registered. It'd just be funny to do the key check in Lua. That would at least strip the pirates of any sense of accomplishment.

-John Loehrlein


April 03, 2005, 02:47 PM

I guess when you can *guarantee* everyone has an internet connection who buys your game (which probably won't be that long), there will be something virtually unhackable introduced - maybe you download a specfic executable for your game, coded for your pc (ala winXP)- maybe you have to download a new one every day, or even every time you play.

With ultra-fast connections, eventually you wont even buy the game itself, just a client which recieves the screen-updates and sends input-commands? Go figure...


Patrick Grawehr

April 03, 2005, 03:19 PM

What about good old dongles? My company is using them for an old piece of software, and it works quite well. Only disadvantage: Hardware compatibility, because these dongles still come from DOS times...
For our new software, we have an even better dongle. It's an $1'000'000 sensor equipment ;-)


April 03, 2005, 04:04 PM

The original "Pirates!" did a similar thing with pirate flags - which everyone photocopied.


April 03, 2005, 04:06 PM

The original 3D Studio Max had a dongle - almost immediately circumvented and it became one of the most pirated products ever.

Billy Zelsnack

April 03, 2005, 05:48 PM

One very simple, but semi-effective scheme of protecting against casual posting of passwords is to have your passwords time coded. Say a week. By the time your average joe finds a password on google, it will have been expired.

Of course this does not protect against people posting a hacked exe, but it does give you at least protection against people not willing to spend more than 5 minutes (most people) searching for a cracked version of your game.


April 03, 2005, 07:58 PM

Actually one thing I forgot to mention is the only current unhackable system: Patches.

Hear me out... You release a game X - very popular, and probably hacked and available on a multitude of warez sites and P2P networks within a week of shipping.

2 weeks later you release an important patch for download, replacing the current .exe.

You will find that the people responsible for hacking the original have a very limited attention span on titles - always working on the latest releases, and not "rehacking" the same title over and over again every time a new update becomes available (there are exceptions for VERY popular games).

Conclusion: The player is "forced" to purchase the full copy of the game in order to stay current and play with people who have upgraded to a later version.



April 04, 2005, 01:59 AM

There is an interesting article on Gamasutra about Spyro's anti-cracking measures (note the 'c'). The main point that the author made was that, as most sales of a game are made right after it first hits the shelves, as it were, it is more important to delay the crack than prevent it. If you could delay it for, say 1 month, then you could offer a patch or upgrade, as was previously mentioned.

Someone posted a comment about basically asking a central server whether a user is allowed to run a program. E-license found out the hard way that such a scheme is very vulnerable if used for multiple products. Some crew or another released a server that acted like the E-license server, allowing people to basically crack any E-license software they wanted. Obviously this can be made to be difficult for the cracker, but I just wanted to point out a possible vulnerablility.

Anyway, just some possibly useless information.

This thread contains 17 messages.
Hosting by Solid Eight Studios, maker of PhotoTangler Collage Maker.