[IMG]http://i37.tinypic.com/dc3lzo.png[/IMG]
[b]What is Phoenix DRM?[/b]
Phoenix DRM is a simple, easy to implement, unintrusive DRM scheme based upon one simple idea: Pirates gonna pirate. It is written in C# (I would write it using native code but my c++ sucks monster dick) and aims to create a DRM scheme that would repel casual file sharers, while not using any of the insane methods that large game publishers use to attempt to deter hard-core pirates (the kind that will disassemble everything and spend months sifting through code in order to save 10$) because those kinds of people are going to get through anyway. It was created after I started seeing companies create draconian DRM schemes that [url=http://kotaku.com/5487918/ubisofts-new-drm-system-falls-down-locks-out-paying-customers]only serve to hurt the consumer.[/url]
[b]Why should I use it?[/b]
You'll save time by not having to write your own DRM Scheme, and you'll be using one that is completely nonintrusive for your users.
[b]How do I use it?[/b]
The way one implements Phoenix DRM's backend is to create an array of KeySection objects which take a User Name and generate a matching Key. These objects are passed through their constructor what hashing algorithm to use, what they should apply that algorithm to (the whole User Name string, the average of its ASCII values, or the sum of those values), how the should modify that data before applying the cryptographic algorithm (multiplying by or adding a specific number), the length of the segment, and what should be placed at the end (like a -). This array is then fed to the constructor of a new KeyGenerator object. From there, you can call GenerateKey(UserName) and IsKeyValid(UserName, Key). Example:
[cpp]PhoenixDRM.KeySection[] KeySections = new PhoenixDRM.KeySection[2]; //Create a new array of KeySections
KeySections[0] = new PhoenixDRM.KeySection(PhoenixDRM.KeySection.KeyEncoder.MD5, //Use MD5 as an hashing method
PhoenixDRM.KeySection.KeyData.Average, //Use the ASCII average of the UserName string for hashing
PhoenixDRM.KeySection.ModifierType.ModifierAdd, -1, //Add -1 to to the data befor hashing
"-", 6 ); //Make this KeySection 8 characters long and end with a -
KeySections[1] = new PhoenixDRM.KeySection(PhoenixDRM.KeySection.KeyEncoder.SHA512, //Use SHA512. SHA256 is also available.
PhoenixDRM.KeySection.KeyData.Whole //Apply the hashing algorithm to the whole UserName string.
, PhoenixDRM.KeySection.ModifierType.ModifierMulti, 2, //Multiply the ASCII values of the string by 2
"", 6 ); //Make it end with nothing and be 6 chars long.
PhoenixDRM.KeyGenerator RegMgr = new PhoenixDRM.KeyGenerator(KeySections); //Create a new KeyGenerator based on those options
//Example usage:
System.Windows.Forms.MessageBox.Show(RegMgr.GenerateKey("Phyxius").ToString());
//Outputs A3C65C-0E19C6
[/cpp]
For the easiest method, use the Generic Keygen's code generation feature. Simply build a key generation algorithm and hit the generate code button, which will generate C# code which can be copy pasted into your program.
[b]Limitations[/b]
PhoenixDRM is implemented in C# .NET, which will obviously limit how it can be used. As such, I do not expect more than one or two people (at most) to even consider this for their projects, and with that in mind I have chosen a suitable license:
[b]Licensing[/b]
I had somewhat of a dilemma as to what license to release this under, as releasing it under the licenses I normally use (DWTFYW/GPL) are either to free or to limiting as to how this would be used. So I settled on this:
[img]http://i.creativecommons.org/l/by/3.0/88x31.png[/img]
(C) 2010 Shea 'Phyxius' Polansky
This Work is licensed under the Creative Commons Attribution License. You are free to distribute, modify, and derive from this work, free of charge, even for commercial purposes, with the condition that credit be given in some way to the original author (me, Phyxius).
For more information, a summary of the license, and the full legal code may be found at:
[url]http://creativecommons.org/licenses/by/3.0/[/url]
[url=http://filebin.ca/skxus/libPhoenixDRM.zip]Download Link, Including full source code and binaries[/url]
Please keep in mind that this is my first real C# project, but other than that, C&C is welcome and appreciated.
DRM just needs to go away altogether.
Though, I do appreciate that you're confident enough in your code to open-source it. Too many programmers today subscribe to the notion of security through obscurity.
I don't think it takes much time to just disassemble the code and copy the keygen algorithm. Months? I'd think minutes for someone who knows what he's doing.
I didn't try that myself, but I think after disassembling you can just search for a string that appears in the authentication-dialog (as it will stay in tact, unless when loaded by an external file (e.g. because of localisation of messages) in which case you could search for the file-name), then you're already near the authentication code and can dig around until you find the input-code which will lead to the verification process.
You'd probably not even need to understand the key-generation code and can just copy&paste the assembly for that, though maybe a decompiler can help to make it more readable.
What stops two unique users from sharing a user/key pair? ...it might be helpful to add a description for how the enduser uses this, e.g. puts the username and key in text boxes and submits it - no internet connection required.
[QUOTE=Night-Eagle;24349719]What stops two unique users from sharing a user/key pair? ...it might be helpful to add a description for how the enduser uses this, e.g. puts the username and key in text boxes and submits it - no internet connection required.[/QUOTE]
Nothing stops them. The goal of this system is to be as simple as possible in addition to being completely offline. Also, when implementing this system, you would use something unique to each user, like their email address.
Only two ways to fight piracy: 1) Provide incentives to use a service offered through you (online), and 2) Charm. The last thing you want is angry pirates.
[QUOTE=Phyxius;24345437]deter hard-core pirates (the kind that will disassemble everything and spend months sifting through code in order to save 10$)[/QUOTE]
For the 0day community, it's not about saving money, it's about the competition and the challenge.
These kinds of people like to go toe to toe against DRM just to challenge themselves against other people doing the same, not to save money.
[cpp]public bool CheckKeyValid(string UserName, string Key)
{
return ((!(UserName == "") && !(Key == "")) && (Key == this.GenerateKey(UserName)));
}[/cpp]
GenerateKey is not even marked as internal or private.
And even if it was secure at all, just inject pop, ldc.i4.1, and it's gone.
At the very least add some public key crypto. It's just as 'easy' as this scheme and it's way more secure, at least from generating keys easily.
[editline]01:15AM[/editline]
Or even something like a threshold scheme.
[QUOTE=ryandaniels;24350197]Only two ways to fight piracy: 1) Provide incentives to use a service offered through you (online), and 2) Charm. The last thing you want is angry pirates.[/QUOTE]
Unfortunately #1 does not always work (read: WoW)
If you're going to publish this(don't), change the name. Wolfire uses "Phoenix Engine" and I'm very sure they have more lawyerpower. Even though, you know, they're indie and awesome.
I'm p sure name collisions between unrelated projects and when one of them is a home-made DRM scheme no one cares.
[QUOTE=Jawalt;24500623]I'm p sure name collisions between unrelated projects and when one of them is a home-made DRM scheme no one cares.[/QUOTE]
Home-made DRM schemes are fine, but this one is laughably weak. As I illustrated.
A Phoenix. Really now.
[img]http://ploader.net/files/18a97422d7678aa01ba8f66dfdfcd1e3.png[/img]
I'm hungry for some chicken now.
It'd be better if it shouted "Objection!" when you put the wrong key in.
[sp]Phoenix Wright you see[/sp]
[QUOTE=robowurmz;24516990]It'd be better if it shouted "Objection!" when you put the wrong key in.
[sp]Phoenix Wright you see[/sp][/QUOTE]
It'd be more fun if it destabilized the stack.
[editline]10:51PM[/editline]
Or installed a virus or something.
This is rather badly designed, all you need to do is recompile the library (with the conveniently provided source :v:) so it always generates the key "abc" (lets say), overwrite the the application's copy and it's broken. All the keygen logic is contained in the one library, all the client program does is check weather the two keys match (and if you know the key it's looking for is "abc," well...).
I'm going to start working on a crack for this now.
[QUOTE=Phyxius;24345437]that would repel casual file sharers[/QUOTE]
Because obviously casual file sharers don't depend on bypassing DRM in the first place :downs:
[editline]01:46PM[/editline]
Oh and Comic Sans
[QUOTE=a2h;24534389]Because obviously casual file sharers don't depend on bypassing DRM in the first place :downs:
[editline]01:46PM[/editline]
Oh and Comic Sans[/QUOTE]
Apparently this is just a very basic system blocking non pirate users who dont have bought the software from using it.
DRM lol, thats not really a DRM after all. And its written in C# so wtf try harder
[QUOTE=cpf;24533071]This is rather badly designed, all you need to do is recompile the library (with the conveniently provided source :v:) so it always generates the key "abc" (lets say), overwrite the the application's copy and it's broken. All the keygen logic is contained in the one library, all the client program does is check weather the two keys match (and if you know the key it's looking for is "abc," well...).[/QUOTE]
> implying people will dynamically link to it
I don't like things that restrict my rights.
[QUOTE=TVC;24358564]Unfortunately #1 does not always work (read: WoW)[/QUOTE]
WoW makes no attempt at all to fight piracy. It will gladly connect to whichever realm you point it to.
Thing is, you can encrypt it and stop piracy from casual file sharers, but as soon as someone finds a work around, they'll make a one-click launcher and bypass it.
Then there's the whole principal that anything can be hacked somehow, eventually. I do like the way you think, but open source isn't the best way to make a data rights management system. I do like it, I just know how these communities work - they don't stop until they can break in.
[QUOTE=ZeekyHBomb;24542461]> implying people will dynamically link to it[/QUOTE]
>implying facepunch is an imageboard
How about doing stuff that makes people want to buy the game? Kinda like Valve?
[QUOTE=Jookia;24558200]How about doing stuff that makes people want to buy the game? Kinda like Valve?[/QUOTE]
Instead of a DRM system?
Well, that's a good idea of course, but not really relevant to this thread, which is about a home-made DRM scheme.
His point is that instead of working on DRM systems we should be making better games that completely remove the incentive to pirate them in the first place. I don't think he's specifically targetting the OP.
[QUOTE=gparent;24565159]His point is that instead of working on DRM systems we should be making better games that completely remove the incentive to pirate them in the first place. I don't think he's specifically targetting the OP.[/QUOTE]
I realize that. Which is the reason I think it's not really that relevant :smile:
[QUOTE=deloc;24557817]>implying facepunch is an imageboard[/QUOTE]
>implying that I didn't just add a joke and actually wanted to quote via >
Sorry, you need to Log In to post a reply to this thread.
