Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 22, 2014
arrowPress Releases
October 22, 2014
PR Newswire
View All
View All     Submit Event

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

The Ideal Copy Protection or The DRM That Works
by Roger Haagensen on 11/16/10 08:05:00 pm   Featured Blogs

The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.


Since I'm a technical guy the first part will describe the technical implementation, then followed by the benefits this has for legit customers and the drawbacks for non-legit customers. Although this is aimed at MicroSoft Windows and PC Gaming in particular, the principle applies to Apple Mac and Linux as well as other platforms.

(Originally posted on my website EmSai.)

Roger Hågensen considers himself an Absurdist and a Mentat, hence believing in Absurdism and Logic. Has done volunteer support in Anarchy Online for Funcom. Been a Internet Radio DJ with GridStream. Currently works as a Freelancer, Windows applications programmer, web site development, making music, writing, and just about anything computer related really. Runs the website EmSai where he writes a Journal and publishes his music, ideas, concepts, source code and various other projects.

A few basic things first.

First of all there is no perfect solution, anything that is executable or stored on end-user hardware can be cracked in some way no matter how elaborated it is, and all it takes is for one individual to be able to do that, once that has happen that person gives a copy to others who in turn give it to others, none of those people need to worry about the protection as the cracker already have. This is true for disc checks, online checks, save games stored online, regardless of implementation it can be circumvented, disabled, emulated, replaced and so on.

Meanwhile the legit owners get annoyed, or end up with various issues some real and some philosophical while others are consumer rights related, and in some cases law conflicting. So what is the goal of DRM? It is to prevent copying, period. What is the best case scenario? Delay cracking for a few months and prevent casual copying, and lately DRM is becoming less and less effective, DRM seems to only be able to limit pre-launch leaks, and in some cases failing that. Pre-launch leaks is not DRM related at all, it's more an issue of trust and not keeping tabs on your own merchandise while not looking.

So, back to DRM (Digital Rights Management), or copy protection, scratch that, copy prevention, no not that either... I'm not sure what to call it, but whatever it is, it's not prevention/protection/right management nor anything close to that, it's more like product lock-in and product expiration and greed all wrapped into one, I guess you can tell I'm no fan of DRM or Copy protection systems, at least not any of the past or current ones I've seen out there.

What is The Ideal Copy Protection?

The answer is simple, The Ideal Copy Protection is "Value Added".

What the heck does that mean? It means that the value of a legit copy should outweigh that of a non-legit copy so much so, that a pirate would seriously consider buying it, whether they actually do or not is another case, but if the product is good and they can afford it then they most likely will. Think of digital pirates as the client group of your fiercest competitor, then try to think of ways to lure them from your competitor to you company and your products. This is the unwritten law of the Free Market. A pirated product is no longer your product, it's a competing product, but it's also a lesser product, or at least it should be, but most methods used today actually allow the pirated copy to add value by simply reducing or eliminating any and all inconveniences for the consumer.

What would you choose (ignoring the social morality issue for now) if you had the choice between a free and hassle free software and a non-free software with an overly annoying hassled procedure to get it running and use it? I know what my answer would be, and I think I know what your answer would be too.

So what can you do as a developer/publisher? Ignore the pirates, and make potential customers realize that by getting a legit copy/becoming a legit owner that they get some value added, something that no pirate can give them.

But before detailing legit owner benefits, let me just do a quick technical outline of how the Ideal Copy protection should be implemented, and don't worry it's not overly technical, but be prepared to maybe look some terms up in Wikipedia if you are unfamiliar with them.

How to make The Ideal Copy Protection.

The Installation

If a CD/DVD distribution then the following steps should occur:

  • 1. Autorun or Manual start of Installer.

  • 2. The Installer does not require Elevated Privileges, but if the user chooses "All Users" then elevation must be performed, you could do a RunAs but Mictosoft advises to run a executable which has a administrator elevation manifest instead.

  • 3. The Game/Program is installed, any updates of support files like DirectX and so on should use the official runtime redistributable, these will prompt elevation if necessary, or the OS will auto elevate them in some cases, not really your concern, you just need to execute the installer and check for success or failure.

  • 4. At some stage during installation preferably at the end when completed, ask the user for the product serial. For a non-elevated install aka normal user this would be the current user, but for a elevated install this would be an administrator while you actually want the user that initiated the install, if possible try to add support for an unattended install with a way to provide a serial and target user. Do simple serial validity check to ensure the user actually typed it correctly, so that if it's a HEX or numeric or alphanumeric that it only contains expected characters, is the right length, maybe add a checksum to it for self checking, inform the user if it seems wrong, if they keep messing up again and again, offer a link to a support page or phone number or something like that as it's likely there is either a bug or the issued serial is wrong.

  • 5. If the user choose to enter the serial then store the serial under the users roaming preferences folder, on Windows 7 for example this defaults to C:\Users\(username)\AppData\Roaming use the appropriate OS API to retrieve this path, essentially it should be the same location where the save games are stored or where the player profile or game or program config is stored. Inform the user that the serial is required for the software to function.

  • 6. Although this part is optional it's highly advised as many as possible do this as this is one of the steps needed for the Value Added part. Allow the user to register the software, let email be the minimum info and optionally name and address and so on, inform that registering with email is required for Value Added, support, updates and much much more, make registering sound life important and wonderful, just make sure you can back up any claims you make. Remember to keep registering optional, you'll see why a bit later.

  • 7. The CD/DVD is now no longer needed, but reminding the user to make a backup of it is a good advise, why not take the chance to give tips on how or even what product to use. Telling the user to also write down, copy to the clipboard (just use a normal text field) or even allowing the user to print out the serial as part of a mini-quickguide with links to website support page, support numbers, and whatever else would be suitable for a one-page sheet of paper.

  • 8. If you give the option to run the software at the end, make sure it does not run elevated, let the autorun/install wrapper exe run the program instead.

Running The Software

  • 9. When the user starts the software do the same as in step 4, 5 and 6, in fact, do exactly the same, code-reuse in this case simplifies thing, use the same serial/registration exe or dll etc. Why repeat this step? Well, it's possible the user did not want to enter the serial or register during the installation. Show the exact same dialog for consistency.

  • 10. Now here's the important part and why the registration should be optional. After a certain amount of time, let's say maybe a year, the software should no longer needs the serial to actually run, it is only during that "initial period" that the serial is required for the software to run. There are at least two ways to do this, one is to hardcode the start date and compare with current time, and the other is to hardcode the end date and check if passed. Maybe intermix the two and spread checks throught the program at different intervals. The install or first run of the software will still ask for the serial, it's just now optional. Depending on the distribution, a way to minimize the impact of fake serials especially during the initial period is to not pre-generate the serials at all. Instead generate the serial upon purchase instead, and when possible tie the serial to the user at once before download or installation. Providing a manual interface/website for retailers that does not automatically contact your server is advised, this would be regular physical retailers, let them enter the customers email and get a serial in return, a serial that is now tied to that email. Once the user gets home they register the software using the same email and serial. In both these cases, even if someone made a fake but valid serial, even if it matches a real one, they will not gain anything, a bit later I'll let you know why.

  • 11. Any patches, downloadable content, expansions, or addons should probably update the serial/registration expiration date every time possible to a year after their released date. This way a year or so after the last update or the final patch or extra content or (hopefully not) the demise of the company, but more usual it would be the eventual end of line support of a product. This avoids the "final patch" issues that so many are concerned about for current DRM solutions, if support for it is gone then the budget for that patch probably is as well, or the company went under and nobody can patch it, or the source files got nuked, or upper management decides to not waste time on it. And when it comes to productivity software it certainly minimizes the risk of legal claims, which can happen due to not being able to use the software that they created something in but they are unable to export their data from it.

  • 12. If the user chooses to register then the serial get tied to their "account", this may be an existing account or a new one, make sure to properly brand the registration so the user clearly knows where it's being registered, this avoids issues with a user ending up with multiple accounts. Make sure they are informed if the name of the account system etc. changes, which could happen during mergers or branching, or if it's separated into it's own service.

  • 13. I'll mention more about the account stuff a bit later, but I'll touch on a particular account feature here as it's tech related. Serial trade transfer. In particular games tend to be traded/exchanged, either someone gifting it to somebody else, or trading for another game. The account system should if possible provide a Escrow feature. User A and User B have agreed to trade, User A locate their game in their profile's game list, select it and who they wish to trade with and choose "Trade", User B does the same. If this was one of the Users gifting the game to the other it would be similar, except that the giver would indicate they want nothing Traded back. But in this case a full trade is requested and after User B has clicked "Trade" the details are frozen, and both will have the opportunity to choose Accept or Cancel, this system can be realtime or non-realtime and is easy to implement. The title/name of the game is shown to both in the Trade Escrow, and since the system has validated the serial it can ensure to either party that the listed game name is actually the game they are trading. Both click accept and the serials are swapped and each game is now re-registered to their new owners. At this point the new owner might benefit from a download offer, maybe a near cost only digital download, or even offer them a "backup" copy of the disc in the mail, more on things like this below.

  • 14. In the Game/Software ask if they wish to login but do not require it. If they do log in, offer access to various extra features, obviously you could offer nothing extra at all but that'll hardly gain you many customers right? Provide a optional news feature so that the user can get to know about new benefits of being a registered aka legit owner. At the very least send them a welcome email, bragging of all the things they'll get, new content, planned features, discounts and much much more. Just make sure you can keep the promises you make.

What are the benefits to the paying consumer?

A lot!

But it all depends on what support you are willing to offer. A consumer does not just buy the product these days. They actually pre-pay for the software, the support and service for the life of a product, too many developers/publishers fail to realize this. Those who do realize this tend to beat their competition all the time. If you do not plan to provide any support, then forgo the registration altogether (unless you want the statistics) and prepare to sell the product dirt cheap. So what can you offer a legit owner that has registered?

Why not offer a digital download, either a low cost/near cost only download, or a free bittorrent download which moves most bandwidth cost from the servers to the user, it could also mean way faster download than directly from a overloaded server half across the world, this could also be leveraged during patching and downloadable content and extras or expansions, anything really. When possible also offer a "backup copy", this should be just a plain disc, it could even be a burned disc, just make sure it's got the product name and room for the user to write the serial on it, offer it for cost only and shipping.

Support services like asking for help via the website, email, phone is made available to registers users. Add as much "Value Added" material as you can. Offer the manual as a digital download, preferably printable and navigational and searchable for offline use. Offer media like the game soundtrack for download, concept art. "Behind The Scenes" featurette for download, offer outtakes of voice cast or motion capture actors and so on.

Make being a registered user a part of something bigger than simply playing a game. Internet play and multiplayer available for registered users, embed chat for registered users, messaging for registered users. Able to make posts on the official discussion forum, special "members only" forum for registered users of particular products, you'll find these will quickly become an exclusive club all on their own. Give special special forum avatars. Give certain registered owners that have proved themselves the honor of being a moderator in certain parts of the forums. Recognizing the games or software they own and allowing them to show others that they have them should also be possible. Although it should be optional for those really private folks.

Only legit owners that have registered will be able to download patches and updates, or get downloadable content, or get expansions or addons. Give registered owners a discount for new expansions or addons or downloadable content that have a price. Give them discounts on other products as well. Run regular raffles where registered owners can win stuff. Run promotions with hardware makers for discounts on hardware if they are the registered owners of certain software.

For games, why not offer save game backups, and how about free save game restoration, luckily it does not happen often but corrupt savegames can and do happen. As the developer you hopefully know how to parse a savegame and rescue as much info as possible from it, then give a fixed savegame back to the player, all those hours they thought was lost are now saved. (pun intended)

Other things to give a registered owner would be a downloadable or online game guide, walkthrough, developer cheat codes/command console to use in single player, maybe some MOD tools, or a Game Editor/Campaign Editor/Level Tool, make it easy for registered owners to create and share custom/user created content for your product, provide a ranking system so they can vote on the best, release a regular newsmag or email or similar where users and the things they create are mentioned.

Final Words

Treat your valuable customers as what they actually are, that they are valued. And you will quickly see that they will in return remain loyal, they will even support you in return, they will spread you brand, convince others of your product (if it's good obviously), they will be more likely to get some of your other products, even if they aren't exactly what they would have wanted, or they do not have a need for it that much but they still like it because it's from you. You will find a growing community, and at times the support they give each other may actually ease up the pressure on your own support department, and the word of mouth would beat even the best viral PR campaign.

The whole point is, make those who pirate your product, those non legit users, make them feel like an ass for not buying it, make them look in envy what all those legit users get.

This may not be the answer you where hoping for when starting to read this article. but trust me, you will sell as good as or better than you did previously. Consumers will love you.

It will mean a lot more work, but these days you are not just selling the product but your support, service, community and more, all into that single sale, and if you throw the typical DRM on that thing your smarter competitors will win the market from you, because they are already working on most of the things mentioned in this article, and it's working.

Remember, The Ideal Copy Protection is "Value Added"!

Related Jobs

Bohemia Interactive Simulations
Bohemia Interactive Simulations — ORLANDO, Florida, United States

Game Designer
Petroglyph Games
Petroglyph Games — Las Vegas, Nevada, United States

Illustrator / Concept Artist
DoubleDown Interactive
DoubleDown Interactive — Seattle, Washington, United States

Game Designer
Zindagi Games
Zindagi Games — Camarillo, California, United States

MOBILE Art Director


Tim Carter
profile image
"Think of digital pirates as the client group of your fiercest competitor, then try to think of ways to lure them from your competitor to you company and your products. This is the unwritten law of the Free Market."

Geez, I don't know about you, but in other areas of the free market - take cars for example - if you just take something, you get arrested. Cars are sold on the free market.

I might also say that "value added" doesn't cover the original thing. If you can get X for free from a pirate, but non-pirate offers X+1 for money, then pretty sure a lot of people will just get X and leave the +1 out of it.

Luis Blondet
profile image
Cars can't be copied, only stolen and software can't be stolen, only copied.

What he's saying is that the legitimate copy should not just be X+1, it should be X+100.

[User Banned]
profile image
This user violated Gamasutra’s Comment Guidelines and has been banned.

Brett Williams
profile image
This is an interesting concept. Working in this field for several years I can oddly enough say that the view within the publisher and distribution space is actually pretty similar. It usually just carries the burden of continuing to utilizing the existing technology implementations as well. Everyone wants to provide a bonus to utilizing either part of the supply chain or distribution service, or the product itself.

The unfortunate part for most developers in this situation is that nearly all of the Value Add you discuss above, is not with in their domain to create. An additional platform that provides this content rich system is extensive, and in turn very expensive to create. You have the following custom implementations (regardless if they use existing tech): account management, forums, messaging, content delivery, image gallery, social network API, and the API necessary to facilitate these services from a client perspective.

Most developers, and in fact most publishers, do not have the capability to build this and back this up with the revenue available for the product development. Many are currently trying, including several of the top publishers. Blizzard is one of the few that has been able to build it and they have a huge investment into it, as well as the ongoing ROI provided. For now this space is primarily reserved for third party channels.

With the push to going direct to consumer many of these publishers are having trouble getting into this space and providing services directly, as gamers have become more dependent on the intermediary solutions, and continue to use those communities.

The answer to whether Value Add is the the ideal copy protection is a resounding Yes. Unfortuantely the new question becomes, How do publishers or developers attempting to build these Value Adds leverage this concept without offering up 10, 15, 20, 25 percent of their margins to third party solutions?

Kassim Adewale
profile image
What an interesting and informative article we have here.

Let me add to some of the Value Added services that a game company can employ, before addressing the contrast and supporting DRM:

(1) In-game advert is also an option if done right.

(2) Personalization of game background, sound etc. that can be submitted by legit customer back to the game company so that other legit customers can download it and add it to their game.

(3) Game blog to harvest customer's feedback for the next version.

(4) Different language choice and variety of interface colour. I was compelled to put pink inside my game because I met with a lot of people that love pink so much.

Contrasting to the value added idea:

Roger, your ideas are welcome, but a starting indie may find additional support that you claimed as ideal very challenging to cope after releasing their game.

Accepting your ideal copy protection from your value added services perspective is difficult as it does not prevent piracy if the game is sweet, awesome, and unique, the customers will come then the sharks (pirates) will come also. I guess it's going to be tough for an indie like myself that is coming out with my first game.

Some games from all perspective is difficult to add any value to them, which can lure customers. I have a friend that will buy any game that has 98% pink as a dominant colour. But how many games have that?

Supporting DRM:

I am a strong believer of "Quality DRM", a technique where DRM code will start with normal game code development and be polished along AI and other game codes. Quality DRM is a code so polished that it will buy the developer the needed time to sell the game, may be a year or two.

The hype about making good profit using in-game ad is going down.

Likewise some games value addition may not suite most players, World of Goo for instance has an editor that legit buyer can use to create their own personal level; I am not sure how many buyers utilized it.

Pirates feed potential game buyers false information if they see a tough DRM that they can't break. How many games DRM use Execryptor for instance? Developers are scared because pirates will ill-inform the buyers if they implement tough DRM.

I believe there is a major aspect of DRM that a lot of game companies got wrong, eg:

(1) Most developers concentrate on polishing the game interface, AI physics etc, without polishing their DRM.

(2) Game development took 3.5 years, but DRM code addition and testing was just 2month before game release, honestly there can’t be any quality DRM here.

(3) Most game companies DRM get implemented at the game start-up code so denial of service is high to customers and pirates. Pirates that want to crack the code know the code start-up range to look for.

(4) Lack of unique DRM. Most game companies repeat the ubiquitous DRM of other game companies, which has been cracked already. Just on the basis of "Let just put some sort of protection inside".

(5) Most DRM were not planned during start-up of most game coding. DRM codes need to be planned along the game code from the start.

(6) Most DRM were not dynamic, they are statically tied to one key element that may change on the user’s PC profile, and there goes the widespread gossip of depraved DRM from a legit customer.

(7) Most DRM looks the same from one company to another, no innovation as we see in game AI that DRM should mirror.

(8) Relying on another third party DRM is the evil of all DRM complaints, especially if it was implemented at a library level instead of source. Customer send in complain, the game company can't respond in time because complain is being forwarded to a third party.

(9) Most game developer shy away from cryptography, so when the game is ready for launching, they will need to call a security expert that can't develop game and may find it difficult to mingle protection code inside AI code.

I am working to release my first game (Elewenjewe) soon, and I will be putting my "Quality DRM" to test. Since my efforts to release the game free with in-game ad as sources of revenue failed. Both the game and the DRM are ready, but the DRM will undergo testing for 4 months before game release. I will be glad to share my story if I succeed after game launch.

In a nutshell, a company that has release game may alternatively want to try some of your suggestions so that we have some statistics to benchmark, or if you can research and write a sequel to this article and base it on comparison with statistic to prove your points professionally further, myself and lots of indie will love to hear from you.

Thanks for the great article Roger, it’s an eye opener.

Sean Farrell
profile image
Basically I agree with you, legitimate users should have added value over pirates. But not everything works here:

Things that work: private Forum access, access to multiplayer (no server available software), and tech support.

Things that don't work: extra content, DLC, guides, walkthroughs and finally multiplayer (if you release the server software). If they pirated your initial game, they will probably also get the other stuff pirated.

My take on DRM is simple, don't implement it, it is only a waste of money and time. What you really need to protect yourself from pirates hogging your resources, such as tech support time or network bandwidth.

Regarding server software, don't go the way of restricting your users. Nothing really kills your cred if your users want to play the game in a LAN and just can't. You still can have a number of official servers for ranked games or such that only legit users have access to.

Basically those that think about pirating your game, will mostly pay for it based on merit and credibility. Because they thing you deserve it. A different aspect is prestige and peer pressure. If only legit users can play together or your can only join a ranked game people will pay for it, because they want to play with their friends.

There is no silver bullet to solve the piracy question...

Roger Haagensen
profile image
I'm playing connect the dots here.

This post, combined with the two following posts


Should help give a certain picture.

James Grimshaw
profile image
Good post!

One small problem

Pirates are getting just as much added value...

The problem being most of the private tracker sites we monitor, they will always add in as much stuff as they can get their hands on.

Witcher 2, a week later all the DLC were uploaded. Several times due to the errors and glitches between the different versions. (GOG,Steam,Retail)

Dirt3, two days later the extra 5 car DLC pack was uploaded.

Duke Nukem Forever, The multiplayer trophies and other unlock cheats.

It's unfair, as you can download the DLC content easier than earning them!