Choosing an engine -- extensibility, encryption..?

[jdoe]

I'm quite keen on the idea of creating a Kinetic or Visual Novel, but am having trouble deciding what type of engine to code it in. The main considerations I have are the ability to use animation, extensibility (porting), and, most importantly, the ability to encrypt all resource files.

I'm confident in my writing, art and animation skill, and my ability to learn just enough of any structured-programming language to build a simple VN/KN, but am essentially no programmer.

Everything I seem to read about all kinds of engines, from Ren'Py to ONScripter, and even the likes of LiveMotion (erk..), seems to either disregard encryption or imply that it's basically nonexistent or impossible. Is this true?

I mean to do this as an independent commercial work, so it's important to me that it'd take so much work, skill and resources to decrypt the game (code, script, and especially art and animation/video) for translation (or pirating), that the only kind of person to attempt it would odds-on have to have the ethics to not attempt it without my own direct blessing. Honestly, for all I know about application programming, a passworded 7z with a different extension and a long password comprised of random characters might afford this kind of security -- but if so, how is it that so many VNs are decrypted and translated without the input of the original authors? Am I being paranoid about the ease of decryption?

All signs are pointing me toward using Flash, coding a simple (kinetic) engine in ActionScript, and using some kind of application wrapper for the final export to encrypt the code -- though I haven't yet found a way to encrypt the game's resources.

I'm very interested to hear other creators' opinions on these issues. Any input's much appreciated!

[Jake]

I'm quite keen on the idea of creating a Kinetic or Visual Novel, but am having trouble deciding what type of engine to code it in. The main considerations I have are the ability to use animation, extensibility (porting), and, most importantly, the ability to encrypt all resource files.

Well, my experience with varieties of different engines is fairly limited, but Ren'Py fulfils all of these criteria to some degree. It's got no problem with animation, it's immensely extensible and runs on many platforms already (as I understand it there's no reason that it shouldn't be runnable on any platform that has a Python implementation and sufficient hardware capabilities).

The part you're going to have trouble with wherever you look is the encryption. Ren'Py has a packaging functionality which obfuscates the game's assets, packs them all into monolithic resource files which aren't readily accessible. However, it's perfectly possible for someone determined enough and skilled enough to open them up.

Everything I seem to read about all kinds of engines, from Ren'Py to ONScripter, and even the likes of LiveMotion (erk..), seems to either disregard encryption or imply that it's basically nonexistent or impossible. Is this true?

Yes and no.

It's impossible to encrypt something such that it cannot be accessed with malicious intent but can still be accessed by an authorised client such as a game engine. Simply, if the information is there in whatever form, it's possible to reconstruct it. Sometimes it's hard, but it's never impossible.

The further problem is that you're distributing the game, so necessarily you're giving the hypothetical malicious user a tool which decrypts the resource already - so if you're using key-based encryption, the key must be stored in the program somewhere, so the malicious user can find it and use it; if you're using a two-way hash (no password or anything, just an obfuscating algorithm) then the malicious user can decompile the program and find out how the algorithm works so they can use it to get into the 'encrypted' resource file. Even ignoring these options, it's a trivial task in a lot of cases for someone of sufficient skill to simply attach a debugger to the game application, wait until the game has done all the work decrypting the pictures or music or whatever, and use the debugger to grab them out of system memory.

Lastly, the obvious problem that's not possible to overcome is that you need at some point to display the pictures on the screen or play the music, because without doing that the legitimate player won't see or hear them - so there's nothing stopping someone recording the music as it's played or screen-shotting the game to get the images out, if they want to.


Basically, all you're ever going to do is make it harder for people to get at these things, but since there's no correlation between skill and ethics, that still won't stop a determined malicious user getting in. Consider HD-DVD, Blu-Ray, HDCP and so on - each of those has protections designed to prevent people stealing movies, and each one of them has been cracked in some small part. In my opinion, there's no real point making your 'encryption' any more secure than that which prevents casual access, simply because you're never going to eliminate the possibility, and thus effort spent trying to is effectively effort wasted.

[PyTom]

I think we need to distinguish between encryption and psuedo-encryption here.

To quote Wikipedia, "encryption is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key". Encryption works because there is a secret key that is not known to people who are not allowed access to the protected information.

When you distribute the key along with the information, what you have is psuedo-encryption. Sure, the data is technically encrypted... but since the key is present along with the encrypted data, there's really no strength to the encryption. Everything that's required to access the files is present on the end-user's system.

That means that it's really easy for anybody who's skilled enough to get access to the data. You say "the only kind of person to attempt it would odds-on have to have the ethics to not attempt it without my own direct blessing", but looking at the number of pirated games on various torrent sites, that's unfortunately not the case.

Take the case of your 7z file. Sure, the data is well encrypted... but there's some way in which the data gets decrypted. By tracing through the program, that way can be found, and the data accessed.

The question is, how much effort do we put into stopping the inevitable. In Ren'Py, we have the .rpa format, which is mostly undocumented, and stores the image files. Someone sufficiently motivated can read through the Ren'Py source code, and figure out how to access those files... but it would require a bit of work.

I could make it harder, but honestly, I'm not sure it's worth it. I can't make it impossible, or frankly even very hard, for a determined user to get access to the data. This isn't a problem with Ren'Py... it's a fundamental limitation of the problem. Check out the DRM scorecard... every system that purports to protect data from people who are allowed to use it has fallen.

Copy Protection is similar to this problem, with the addition of a program that decides if access to the information should be granted or not.

It's a hard problem that has few good solutions. (And often serves to alienate users.)

[Blue Lemma]

I've wrestled with the same issues, not for commercial reasons, but for secret/artist integrity reasons (like I want people to play, not just rip files.) In the end, you can only make your game data annoying to copy/rip/hack/whatever, but not impossible. The good news is that a lot of people are willing to pay money for a good work, and piracy is generally frowned upon in visual novel and ren'ai communities. You can't thwart all the bad guys who want to mangle and pirate your work, anyway, so I wouldn't lose sleep over it. Unless it's a major-money release like in the $100,000+ range, you're probably fine without any huge security steps. Taking extra steps can delay the hackers potentially, but not really thwart them (of course it depends on the incentive for the hackers, popularity of the game, etc.)

So yeah, as a fellow computer science guy, I agree with PyTom

On a side note, if this is your first visual novel/game project, worrying about piracy at this point is putting the cart before the horse IMHO. The biggest threats are the obstacles to finishing, like poorly defined storyline, overambitious plans, and lack of time, not the hackers. ^_^;

Good luck!

[jdoe]

Thanks for the very insightful replies.

I further understand the situation now, "pseudo-encryption" probably is a better term.

However, this pseudo-encryption is partially what's drawn me to VN/KNs in the first place. "Graphics" and "story" can be effortlessly converted to a multitude of formats and delivered to the "consumer" in a multitude of ways -- however, as opposed to totally open formats such as digital video and DVD (e.g. a non-interactive original animation), VN/KNs afford not only the appealing interactive element, but, even if only slightly, more security through obfuscation.

I guess effective burial of the "key" is the only variable before getting into silly stuff like DRM.

Digital distribution has got to be the most important development after digital creation when it comes to the ability of an artist to work professionally as a true independent; it's this idea that "digital" means "totally unsafe" when it comes to the protection of both copyright and, as it were, "potential profit," that causes somewhat helpless paranoia.

In any case I wonder, for instance, haven't there been any visual novel translation projects forced to quit due to an inability to decompile the code, or has every popular VN engine been totally decompiled? The flimsiness of Flash SWFs' security is actually pretty scary.

[PyTom]

In any case I wonder, for instance, haven't there been any visual novel translation projects forced to quit due to an inability to decompile the code, or has every popular VN engine been totally decompiled? The flimsiness of Flash SWFs' security is actually pretty scary.

I don't know of any, offhand. You may want to ask at the gemot, where the translators hang out.

My gut feeling is that the only games that haven't been cracked are the ones that nobody has felt like cracking.

Digital distribution has got to be the most important development after digital creation when it comes to the ability of an artist to work professionally as a true independent; it's this idea that "digital" means "totally unsafe" when it comes to the protection of both copyright and, as it were, "potential profit," that causes somewhat helpless paranoia.

This is an important problem of our time, and a very complex one for many reasons. Artists deserve to be compensated for their work, while at the same time users deserve to be able to use the works they've bought.

Underlying this is the technical problem that to play a file all the information necessary to play it must be present on the users system; and if all the information necessary to play the file is present, then people can get at those files and do what they want with them.

I have given some thought on how to add copy-protection to Ren'Py games. It's not a trivial problem, since anything done in the python code is trivial to intercept, if the python code can be changed. I think I would need to develop a python interpreter that only runs signed/encrypted code, and only accesses signed/encrypted data files.

That's a lot of work, and frankly it's still just pseudo-encryption, since all the information needed to access the data is there, for anyone with any modicum of skill to access. I don't want people basing a business model around what is ultimately a faulty assumption (information can be protected for any guaranteed amount of time), and I really don't want to step foot in the DRM/Copy protection tar pit.

The only approach I see that has even a chance for success would be to use steganography to encode the user's personal details (Name, Address, Phone, Credit Card, etc.) into the game before he gets it, along with the promise that if piracy becomes widespread, you will release a tool that lets people access the encrypted, steganographied, information.

This approach has a number of flaws:

1) Technical: It's possible to detect and remove the steganographic information.
2) Weak identities: The user can buy the game under an assumed name, with a virtual/disposable credit card.
3) Legal: The credit card companies may not take kindly to you posting people's personal details, or a tool that allows them to be obtained.

[Jake]

I think I would need to develop a python interpreter that only runs signed/encrypted code, and only accesses signed/encrypted data files.

Even then, though - signing is usually used to ensure that the signed resource is definitely from the expected source, it's a verification rather than a protection. It works well for - say - games consoles which want to ensure only official releases and not any old code gets run, but don't care so much about how accessible game data on the disc is, but doesn't help much when you want the engine to be able to run anyone's game but don't want the resources to be accessed.

At least, signing isn't really adding anything on top of the encryption, there.

The only approach I see that has even a chance for success would be to use steganography to encode the user's personal details

I'm reminded of old floppy-distributed copies of Office, which would remember the name you typed in when you first installed the product and write it to the first disk, refusing to install if it was write-protected; thus, anyone who installed from the same media would have your name on the splash screen as the 'registered user'. At the time, being young and naïve, I wondered how Microsoft dealt with support calls from people who'd got married and changed their surname.

[BellosTheMighty]

While I've never made a commercial game, my suggestion would be "Trust your players".

Yeah, yeah, go ahead and laugh: "LOL dum n00b! d@t d0nT w0rk! w3 h@xxx U h@rd n r33m ur aZZ!" You're right, it doesn't work especially well. Assuming they can find it (not really hard, if you sell via download from your website), most players will be happy to pay a reasonable price for your game, but that kind of altruistic approach doesn't really work against the minority that are devoted to get it without paying. The thing is, nothing ELSE works either. I've been gaming for a long time, and seen a lot of philosophies on copy protection, and none of them is 100%.

I remember back when I first started it was on a Commodore 64, when they still used floppy disks that actually flopped. There copy protection consisted of a notch in the side of the disk that told the machine whether or not it was copy protected. I can't remember if the notch meant "copy" or "can't copy", but either way it was pretty laughable- A hole punch for arts & crafts or a glorified piece of masking tape thwarted it easily. Later on they tried manual locks instead- to boot up the game, you'd have to look up some information in the manual or on a code wheel or somesuch. That worked somewhat better, but more frequently what it did was a legitimate player would lose the manual and be screwed. Plus, pirates could still get access simply by distributing lists of answers to the questions. Later people used CD-keys, but that's the same problem- hackers cracked the keys, and if the legitimate player lost theirs, up a creek.

Meanwhile on the consoles they used hardware locks, like the famous lock-out chip on the NES. (That was necessary, if for no other reason then to keep the console from drowning it's fanbase with mediocre games like Atari did.) These worked very well, but pirates still found a way around it. It also almost killed Nintendo when they put too much faith in it- when the 64-bit era rolled around, they stuck with carts that they thought were secure (this was some years before emulation became big), instead of CDs that were easily copied. As a result of this, they lost the loyalty of major developers who wanted to do things you couldn't do with carts, and have taken years to build their fanbase back up.

Nowadays the trend is towards complex DRM software like StarForce- stuff that modifies the user's OS in such a manner that they can't copy the program. But that risks doing serious damage to the user's system- in fact, it's so bad for the player, it can actually drive customers away. Worse, you risk something like the Sony rootkit fiasco, which made them simultaneously look avaricious, paranoid, AND stupid. And... the game can STILL be cracked. I don't really know if anyone's cracked StarForce yet, but I'm sure if noone has, then someone's working on it.

The bottom line is- If someone really wants to get your game without paying you, they're going to do it. Throw barriers in their way and you could be frustrating a few into submission, but you'll also lose far more in terms of pushing away legitimate players. So don't go crazy. Take reasonable steps- maybe a CD-key with some way to verify a former customer, so that you can replace it if lost. But you can't be sure your game won't be cracked and pirated. Rather trust in the fact that, internet idiocies non withstanding, gamers are generally an honest sort unless provoked. If you make it easy to find your game, and price it reasonably, I'd estimate at least 90% are going to do the honest thing. The rest, you can't do anything about anyway.

(Edited to fix a thought I left dangling...)

[DaFool]

As a gamemaker who is seriously planning to go commercial sometime, I'm considering these two options:

1.) Downloadable - $10.00 or less, being a fully-functional-trial sort of thing (i.e. the game itself runs, but entering a CD-key from an online purchase will get rid of annoying reminders). Now I haven't tried the LearningSquared commercial Ren'Py game, but I'm assuming the system for this has already been implemented else I can just ask PyTom for the module.

2.) Physically Distributable - $15.00-$25.00. I'll probably contract a professional press-as-per-demand CD replicator and package the thing with something else physical like an artbook, a CD soundtrack, or hell even a plushie or trinket and call it "Limited Edition". People still like having physical media, and having them come with physical goods gives added incentive to purchase them. With this arrangement they would be paying for more the artbook, etc., then the actual game. This is similar to the approach Zeiva Inc. uses.

Of course, this would entail that I work my butt off more to produce something ever closer to professional quality, and the work still won't deserve the full retail price that a huge gaming conglomerate is able to produce (RPG, FPS, RTS, etc.).

[Jake]

A couple of comments:

There copy protection consisted of a notch in the side of the disk that told the machine whether or not it was copy protected. I can't remember if the notch meant "copy" or "can't copy", but either way it was pretty laughable

I didnt have a C64, but I believe that PCs of the era used the same 5.25" floppy disks, and speaking from that perspective - that mechanism wasn't supposed to prevent people from infringing copyrights at all - it was supposed to prevent people from losing data accidentally. If you'd just calculated your budget for the year, written your manuscript or whatever and saved it to floppy, you pressed one of the plasticised stickers that the blank disks had come with over the hole and the drive would then prevent you from making changes to the contents of the disk until you took it off again.

True, commercial software usually came without that notch - or later, in the era of 3.5" disks, the clip-switch in one corner of the disk would be solid plastic in the 'write-protected' configuration - but that wasn't an anti-piracy measure.

(Personally, I grew up with the ZX Spectrum, where all software was stored on audio casette and it was pretty much necessary to make backup copies of your tapes just 'cause audio tapes die so easily... and there was zero copy-protection on most software then. The first time I remember seeing anti-copy measure was the early days of PC gaming.)

StarForce

...and this kind of intrusion makes people hate you. Personally, after hearing a couple of horror stories about people finding themselves unable to use their CD/DVD-burners at all after installing StarForce-protected software, I just stopped buying PC games which had that kind of protection on, because I value my ability to backup data too much. This led to me realising just how much I didn't care about most PC games, and the industry lost a customer.

After the Sony 'rootkit' thing... well, put it this way: I'm about to buy a new TV, and Samsung's, Phillips' and Pioneer's are the top of my shortlist.

Rather trust in the fact that, internet idiocies non withstanding, gamers are generally an honest sort unless provoked. If you make it easy to find your game, and price it reasonably, I'd estimate at least 90% are going to do the honest thing. The rest, you can't do anything about anyway.

I'd quibble the 90% - I doubt that 90% of the players of - say - the Touhou games (reasonably priced, easy for anyone into that kind of game to find for sale) own legitimate copies. But those people with legitimate copies probably do comprise 90% or more of the set of people who would ever have bought a copy. A lot of people will download illegal copies of software which they would never under any circumstances buy - either because they don't care that much about it, or because they really can't bring themselves to afford it.

[Shish]

Consider HD-DVD, Blu-Ray, HDCP and so on - each of those has protections designed to prevent people stealing movies

Actually, they're there to stop you playing them on players which haven't paid the decryption licence fee -- the encryption is totally irrelevant to piracy, as you can copy encrypted data from one DVD to another just fine.

The same also applies here -- encryption can make it harder for people to extract the data, but it won't have any effect on piracy~

[Jake]

Actually, they're there to stop you playing them on players which haven't paid the decryption licence fee -- the encryption is totally irrelevant to piracy, as you can copy encrypted data from one DVD to another just fine.

That's another facet of it - and arguably the actual intention of the industry, given the protectionism shown by the companies involved in the past - but the stated reason for it is as I said - to stop people intercepting the signal.

Making direct copies of the disc isn't the only way to copy a movie - another way is to rip it to PC and throw it out over BitTorrent or whatever. People who hold the copyrights seem to be more upset about this particular form of copying - presumably because the law is less inclined to raid people's houses for torrenting a movie than it is to raid people's warehouses for making hundreds of direct copies and selling them at the local covered market, so they see it as a loss-of-earnings which they have to combat themselves rather than rely on the law to do so for them. And to rip a movie to distribute it over the 'net you have to get at the encrypted data.

[Shish]

to rip a movie to distribute it over the 'net you have to get at the encrypted data

That's just the sensible way of doing it -- you can still torrent the raw .iso

I'd quibble the 90% - I doubt that 90% of the players of - say - the Touhou games (reasonably priced, easy for anyone into that kind of game to find for sale) own legitimate copies. But those people with legitimate copies probably do comprise 90% or more of the set of people who would ever have bought a copy.

An anecdote, and I'm not sure which side of the argument this supports: I'd downloaded a couple of Touhou games from a link someone gave me on IRC, and the thought of paying never occurred to me; now that I have thought about it, I've gone and bought all the ones I can find /o/

[jdoe]

I thought about physical distribution as well, as everyone must, but it seems a bit scary for a first (commercial) work.

A lot of people will download illegal copies of software which they would never under any circumstances buy - either because they don't care that much about it, or because they really can't bring themselves to afford it.

This is just the kind of thing that really just plain sucks from an independent creator's point of view, and has always given me stomachaches.

It's still illegal, but you can be sure creators/studios under contract to a big publisher wouldn't even feel such ostensibly innocent piracy, but as an independent literally every cent counts. If nothing else, it forces creators into the corporate system, seeking security.

[papillon]

true, but the bit you're quoting is talking specifically about people who would NOT buy under any circumstances - they aren't really lost cents. (Yes, I'm a small producer making a living off selling games, it's a real issue for me.)

It's not a matter of the piracy being innocent - it's a matter of it being irrelevant.

What you want to stop are the people who just try briefly to crack it and then give up and buy it. You want to make sure they can't make a simple websearch and get a free copy of your game with no work, you want to make sure they can't find a working serial posted on usenet that anyone and everyone can use. But if they're hanging out in secret pirate clubs and trading hacking tools, they're not going to decide to buy your game just because it was a little harder to crack.