Rumors of games that do not allow offline/must phone home

2»

Comments

  • EvgizEvgiz Posts: 184Member

    TheLoon said:
    How do I contact the Ouya Team to request making offline validation as easy as online?  They've listened about the joysticks and recovery options.
    If ouya included some way of offline validation through their ODK, that would make things much easier to pirate. They would only have to figure it out once, then apply on all games.
    Its not hard to do yourself, and its safer too.

    I made the OUYA exclusive games Cube and Creature and Hellworm!
    evgiz.net




  • StoicHamsterStoicHamster Posts: 113Member
    How do I contact the Ouya Team to request making offline validation as easy as online?  They've listened about the joysticks and recovery options.
    I'm not sure that the Ouya Team should have anything to do with offline validation because that really has nothing to do with their servers or their system necessarily.

    At the simplest level, at the moment a purchase is made you would just save an integer into your game preferences, local filesystem, or whatever persistent storage you have. Then, the next time the game is started without internet access you would just read that integer out of your persistent storage to see if the purchase has been made already. Presto - offline validation.

    Of course, this is easy to pirate by just copying the app and its associated data to another device. If you don't care, then you're already finished. Super easy!

    If you do care, just put extra security layers on top of that. Obfuscate the key name - call it "PenaltyTimeAccumulated" instead of "PurchasedFullGame". Obfuscate the value - instead of storing a 0 or 1, store a 12 or a 42. You could even store off an MD5 hash of your entire persistent data storage file. Then, whenever you start the game, check that hash. If the hash doesn't match, someone has tampered with the persistent data storage. There's lots of little tricks you can do to make the pirate's job harder. You just need to decide how far you want to go.

    For serious levels of offline security, do AES encryption on the integer value using device ID, game ID,  and key name as the encryption key. That will prevent hackers from just copying the encrypted value from key to key, game to game, or device to device. Each encrypted value will then only work on a particular key/game/device combination. Then, for a hacker/pirate to be able to do anything with that encrypted value they would need to crack the AES encryption. And if somebody is able to crack your AES encrypted game data then they're a big-time hacker and would probably be better off using that skill to hack into banks and the NSA.

    Of course, there are still other attack vectors, but mostly beyond the scope of my knowledge and into the realm of serious security programming techniques. The encrypted key might only work with one device ID, but people can hack their device ID. Could maybe fix that by adding Ouya ID to the encryption key. People can attach debuggers to their device and view the contents of your device's memory as the game runs to extract the encryption key. Still extremely difficult but technically possible. In the end, nothing is perfect... but you can still make a hacker/pirate's job pretty annoying and impractical.

    Personally, I plan on AES encryption for locally storing my secure purchase data and leaving it at that.
    Jarcas Studios - Check out our latest Ludum Dare game: The Vengeful Baby-Men

    Take some time and learn Designer-Friendly Programming 101.
  • TheLoonTheLoon Posts: 21Member
    We will have to agree to disagree on that StoicHamster.  Supporting online only is a bad strategy and not popular.  End users will accept anything until they go offline and can't play their game.
  • ladronladron Posts: 31Member
    Evgiz said:
    If ouya included some way of offline validation through their ODK, that would make things much easier to pirate.
    I don't see why it would be significantly more vulnerable than it currently is. Someone could also hack the code responsible for the online checks and fake them to always return a successful purchase.
  • EvgizEvgiz Posts: 184Member
    ladron said:
    Evgiz said:
    If ouya included some way of offline validation through their ODK, that would make things much easier to pirate.
    I don't see why it would be significantly more vulnerable than it currently is. Someone could also hack the code responsible for the online checks and fake them to always return a successful purchase.
    You mean the code in the OS?

    If you mean the game then its much harder if all games have different validation code.

    I made the OUYA exclusive games Cube and Creature and Hellworm!
    evgiz.net




  • TheLoonTheLoon Posts: 21Member
    edited August 2013
    The basic premise here is that you shouldn't expect to change the fundamental expectations of a customer.  A game is theirs once they purchase it.  That right shouldn't go away because their cable connection goes out.

    The reason Ouya should support offline validation has more to do with how we want to change the industry rather than force consumers to do what is easy for us.
    Post edited by TheLoon on
  • ladronladron Posts: 31Member
    edited August 2013
    Evgiz said:
    ladron said:
    I don't see why it would be significantly more vulnerable than it currently is. Someone could also hack the code responsible for the online checks and fake them to always return a successful purchase.
    You mean the code in the OS?
    Yes. If someone hacks the Ouya SDK code responsible for online checks, it doesn't matter what clever way you come up with for storing purchase information locally for your game.

    If Ouya added code for storing purchases offline, I see no reason in principle why that code would be more or less secure than the current online-only checks.
    Post edited by ladron on
  • ladronladron Posts: 31Member
    edited August 2013
    Oops - duplicate post - ignore.
    Post edited by ladron on
  • jtn0514jtn0514 Loganville,DCPosts: 142Member
    TheLoon said:
    The basic premise here is that you shouldn't expect to change the fundamental expectations of a customer.  A game is theirs once they purchase it.  That right shouldn't go away because their cable connection goes out.

    The reason Ouya should support offline validation has more to do with how we want to change the industry rather than force consumers to do what is easy for us.
    Developers are going to do what they want with how their game works, and they might lose a few customers over it but in the end its their decision. Not everyone shares the same views as you.

    Ouya at this point is trying to gain developers and cant afford to impose a ton of restrictions and rules and lose any. They are still trying to get well established and its no secret. This is a controversial topic any way you look at it weather it be from the developer side, the customer side or even OUYA's side.

    In the end, no one is twisting your arm telling you to do or buy anything.

  • LususAnimatLususAnimat Posts: 32Member
    jtn0514 said:


    TheLoon said:
    Ouya at this point is trying to gain developers and cant afford to impose a ton of restrictions and rules and lose any. They are still trying to get well established and its no secret.
    Actually, this is exactly when they should be setting standards and restrictions on their titles. The more stringently OUYA titles follow console standards, the better the console as a whole looks to users, and the more seriously developers are going to take it.


    A few high-quality, standards-compliant titles are better for OUYA than a thousand buggy shovelware ports.
  • ironsoulironsoul Posts: 5Member
    It's fairly late since the last post, but I'm pretty annoyed at the DRM on the Ouya. The worst part is there's no way of telling which software uses the always online requiring DRM. This is a big issue for me, as my Ouya is too far away to use the wireless(all my other wireless devices are fine, the Ouya is the only console too weak to connect to the router) and wired is not an option.

    I've bought two things from the Ouya store, Polarity and Kainy. Both check each time I launch them, Polarity actually checks for every single level. I cannot use either due to the fact I can't get my Ouya online when I move the Ouya to the location I wish to use it in.
  • The_CraigThe_Craig Posts: 89Member
    The latest update of Polarity removes DRM altogether.
  • EvgizEvgiz Posts: 184Member
    Games are required to work offline too now (unless its an online game ofc), otherwise they'll be rejected. There was an issue with the caching code on one of my games that made offline play impossible, and I was told had to fix that before publishing the game to the store.

    Its probably only the games not updated since they added that requirement that still have DRM.

    I made the OUYA exclusive games Cube and Creature and Hellworm!
    evgiz.net




Sign In or Register to comment.