Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Friday June 05 2015, @07:15PM   Printer-friendly

Game piracy is a real problem for independent game developers, especially on platforms like Android and Linux where reverse engineering games is quite easy.

To counter this, a simple method of using OpenGL to encrypt the assets such as images and data can be done by using the graphics card or GPU for performing the encryption/decryption work completely on the GPU, by using native OpenGL calls. This uses the already established General Purpose GPU (GPGPU) computing methodology to accomplish this task. A description of a proof-of-concept is available at Stealth Labs blog and the source code is available at github.

From stealthy.io:

Suppose you are an independent game developer. You are facing piracy and fake copies of your game, and you do not have the legal and economic power to handle this problem. You want to continue making games without getting discouraged by pirates, who most likely reside in other countries. What do you do ? How do you prevent or reduce the incentive to pirate your game through reverse engineering ? Maybe you could perform encryption of your game assets, like textures, shaders and images, to thwart the piracy and copy-cat efforts ? You could use standard encryption libraries like OpenSSL, but that still leaves the decrypted data open to access, in CPU memory, by anyone running a debugger on your software. What if you could use OpenGL to do the encryption and leave the data in the framebuffer object and render it from there using OpenGL itself ? Then you would never have to even extract the data from GPU memory into CPU memory ! Debugging tools for OpenGL are not good enough, and reverse engineering tools for OpenGL are non-existent.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by arulatas on Friday June 05 2015, @07:26PM

    by arulatas (3600) on Friday June 05 2015, @07:26PM (#192640)

    Debugging tools for OpenGL are not good enough, and reverse engineering tools for OpenGL are non-existent.

    -Yet

    --
    ----- 10 turns around
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Funny=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Friday June 05 2015, @08:08PM

    by Anonymous Coward on Friday June 05 2015, @08:08PM (#192665)

    That is a spot on observation.

    On top of this it smells of security thru obscurity. This assumes no one can write an emulator or walk the code manually.

    There are vids of people out there reverse enginering blu-ray external USB drives. I seriously doubt doing something in the framebuffer (which is easily accessible thru opengl calls...) is all that secure.

  • (Score: 2) by VortexCortex on Saturday June 06 2015, @09:13PM

    by VortexCortex (4067) on Saturday June 06 2015, @09:13PM (#193007)

    Software only MESA / OGLES reference drivers = debug tool to dump decrypted assets.

    Probably most who rip-off games wouldn't know how to use them, but it's kind of incorrect to say no tools exist. In fact, there are many perf tools for hooking into OGL, and some even can fetch texture data. So, it's not a question of if but when "pirates" will use those tools, and "yet" has already happened.

    What's more interesting to me is the ridiculousness of trying to save the economically untenable practice of artificial scarcity via security theater. Data in the Age of Information is infinitely reproducible. If the copies are in infinite supply, Econ101 says their price should be Zero regardless of cost to create. For instance: Sand is cheap on this planet even though it was forged in an expensive supernovae. The 1's and 0's are not scarce, so monetize what is: The skill and capability required to make new arrangements of bits. If you don't release your work until it's been paid for in full, then you don't need to leverage artificial scarcity, and piracy disappears into free advertising and hardcore modders / fans. Just forget about "Intellectual Property" and monetize skilled labor: Make a payment arrangement up front, do the work (make the game/app), get paid, do more work to make more money. This is proven to work as it's how any labor industry operates. With crowd-funding I can ask for as much as I need to fund the entire project (+profit) and then give the output away for "free" (since it's already been paid for). This is basically the same as working for a publisher, except I cut out the middle man by working directly for the consumers, get free advertising and market research (not funded = saved time), and since publishers spend 3-5 times the dev budget on ads I can ask to earn 2x what I would under a publisher and still deliver the game/app to the public cheaper than a publisher does. Bonus: No "pirate" can hurt my sales since I've already been paid.

    All this insanity over "Piracy" is just propping up the bogus artificial scarcity model that no other market besides "Intellectual Property" leverages. Use the same work method that home builders, mechanics, FOSS devs, and etc. laborers do and in the time I save by not screwing with DRM I can add more content / value to the game (and extract more pay since time is money).