I asked a similar question in the ‘make money off of widgets’ thread. But figured it may need a more generic thread title, because others may have similar questions.
I’ve finally decided that my basic distribution plan for my game is to have it downloadable from my site. (non-widget)
What I would like to do is have it as a time trial. You get 5 days to play for free then you need a registration key/code, which you purchase at $1.99.
How can I create a timed install, similar to Unity’s demo? Mac or PC?
Can any OverTheEdge guys make any recommendations? Is it a proprietary tool you are using for your distribution?
One resource that might help answer some of your (and other’s) questions is the Macintosh Software Business Yahoo! Group.
Group description: This group is for small, independent Macintosh developers who want to talk with other developers about the business of Mac development. Questions on pricing, packaging, advertising, e-commerce providers, and so on are on-topic.
If you look through the older messages there is a lot of great nuts and bolts info from successful, independent Mac developers. For instance, recently there was a great discussion about which sites are the best place to list your shareware/freeware.
Don’t really see why you can’t just buy it on the website, and you could have a demo or something…
Kagi doesn’t stop the user from redistribruting it when he’s paid for it, downloading is easy and cheap, but will make a lot of your cutomers share their game with others sadly (think limewire, or any other download client), that’s why it’s in some ways better to require cd to play, it’s easy hackable, but will stop the common users from copying it.
This is what I’ll do anyway, the only good thing about Kagi is that you can try the full game of course, but it’s expensive and as far as I see, it may be hackable? :roll:
One thing I like about that KAGI KRM is that purchase and registration code occur right inside the software, and you can set up timed software.
So the user would not have to go outside the software, register, then wait for an email registration code. And they have it for Mac and Windows.
The cost does concern me somewhat, but I will probably just have to make my game like $4.99 (I want it to be inexpensive) in order to make up for the cost.
The biggest concern is integrating KAGI’s code into the game. Is it possible to integrate something like that into a Unity created game?
Any programmers know how hard that’s gonna be?(maybe I should ask that in the yahoo group).
Most small and large online game publishers (Ambrosia, GameHouse, Playfirst, Freeverse) have their on copy protection code and you not only can but have to use it, if you want to publish through them.
That said there are of course people who want to publish games on their own with unity.
Once there is a third party who is ready to publish a game we will work with them on creating a copy protection solution for their game.
That said you can write a full copy protection mechanism inside Unity with the scripting languages.
Because unity uses .Net you can read/write files, get the current date and all kinds of methods you also have available in C++.
So a very rough outline of how to do it.
This is of course easily crackable but it gives you basic idea and you can work on solutions to make it harder to crack from there.
After a couple of days nag the user by showing some gui.
When the user presses enter serial number, let him enter the serial number he bought.
Verify the serial number somehow and write it to disk, then allow the user to play more levels.
You can also use a plugin for some more security but you have to make sure your plugin doesn’t get replaced with another one by crackers. One way to make it harder for crackers to do this is placing some gamecode inside the plugin and your game relying on it to work.
I’ve been thinking about all this too with the stuff we’ve been planning. I agree that a professional type registration technology or way of doing it would make sense, but I also know that (almost) every Mac application can and has been cracked or copied. From Maya (CDN$9000 through to Cinema 4D through to Subethaedit and small shareware titles). So how much effort does one put into a $5 shareware title? How much into a $50 game?
We may wind up doing something a bit fancier than this, but for the time being all we are planning on doing is personalizing each shareware game we sell with the sellers name. Publically on the credits/splash screen, and somewhere else hidden that only we’ll know about. Of course, this will only work when we’re selling 10 games/week. When (if??) we ever start downloading serious numbers of games like the widgets (yikes!) we’ll: a) be able to quit our jobs anyways; b) enjoy the tase of pasta with ketchup ; and c) work on a better way to protect our stuff.
The benefit of our simple/small system is that if a few get copied and put out there, we’ll know who let them loose. But we will look into a more professional way of doing it as well, of course.
Question to the OTEE guys? Is there any way using .NET to check the machine’s MAC address and check against that? [EDIT – One of our work .NET developers and also the lead programmer here are looking itno this for em and will let me know. I will post here with details.]
OK, here are two relevant links to methods of using .NET to find out what the MAC hardware address is of the computer running the application. This way, you could limit an application to run only on a computer with a specific MAC hardware address.
Anyone want to tackle changing this into something useful for Unity?
OK, so one guy at work has come up with an intriguing model. It would require you to have a server running something like MySQL or even something as simple as a CGI script and a writable text file at your end. The buyer would need an Internet connection only on the first time they start up your program. It goes like this …
Person buys your program and you get an email. You reply with a download link and 5 digit number. You’ve entered their name and 5 digit number into said database/text file at your end. They start the game. The app looks for a text file on their system (more on this later) and if it doesn’t find it they enter the 5 digit number and click a register button. The register button sends the 5 digit number and the machine’s MAC address to your database/text file. The CGI script now adds the MAC address to the same line as the 5 digit number and sends back a XOR key based on their 5 digit key you provided and their MAC address. The application now writes a small text file with this XOR info onto their hard drive some place discrete and starts up.
That small text file is what the game looks for when starting up. It compares the text XOR MAC key file with the MAC address the computer is running and if it’s the same it runs. This works because the XOR function in the game itself can read the scrambled key backwards and unscramble it meaning that the app reads the text file as simply the MAC address. This way, no one can run the game unless they’ve registered it and you have their name, 5 digit code and MAC address on file. It’s all transparent on the users end and yours too!
Admittedly, if they change computers or lose that text file they’ll have to email you and reregister it. But quite simple, no?
I believe I could convince the author of this idea (brilliant programmer Peter B.) to help me create it for the community. Any interest? OTEE guys, what do you think?
OK, rather than yet another edit to a long post, here’s an example of using JavaScript for XOR … JavaScript XOR Encryption.
Try entering a dummy MAC address in the String to Encrypt field (i.e., 0D44FGh445G) and then work it. Cool, huh?
In my example, the XOR key field would be the 5 digit number you provide your buyer. If it was unregistered, your Unity app would send the MAC address and 5 digit code to your CGI script which encrypts the former and then sends it back to your app which then saves the encrypted number as the text file. When you run the app, decrypting works inside your Unity app on start; it checks the MAC address versus the decrypted address and away it goes. Here’s the code that’s making this all work …
function xor_str()
{
var to_enc = document.forms['the_form'].elements["str"].value;
var xor_key=document.forms['the_form'].elements.xor_key.value
var the_res="";//the result will be here
for(i=0;i<to_enc.length;++i)
{
the_res+=String.fromCharCode(xor_key^to_enc.charCodeAt(i));
}
document.forms['the_form'].elements.res.value=the_res;
}
function decrypt_str()
{
var to_dec=document.forms['the_form'].elements.res.value
document.forms['the_form'].elements.dec_res.value="";
var xor_key=document.forms['the_form'].elements.xor_key.value
for(i=0;i<to_dec.length;i++)
{
document.forms['the_form'].elements.dec_res.value+=String.fromCharCode(xor_key^to_dec.charCodeAt(i));
}
}
I’ll get this working, count on it. Peter B (guru of all things binary) will help create a working version I hope to share with everyone.
Just to check if i understood you correctly. The customer knows the 5 digit number (and of course his MAC address). And “lock” is if there is a file somewhere on the hard disk which contains an XOR “of MAC and 5 digit number”?
If i did not misunderstood you, where is the security in that? The customer knows both values, and XOR’ing that is not really difficult. If you would XOR this with a secret “key” only you have access to (and being hardcoded in the app) would give some (minimal) protection.
Just checking for the existence of a simple file created in a (hidden) but defined location would offer the same security, without the privacy issues of getting the users MAC address (which can be be spoofed) without his/her consent, or did i miss something?
The customer is given a 5 or 6 digit registration number. They don’t give your their MAC address … the application itself pulls that from their hardware the first time they run the application and sends it and the reg number to your database.
The db checks to see if the reg number exists and then uses that and the MAC address and an encrypting method at the server end (and enhanced XOR or something that sin’t just adding 1 to the value of the ASCII characters) to generate another number (let’s call it “scambled”) that it sends back to the application which in turn writes a text file with “scrambled” in it on the person’s hard drive.
The key here (I think?) is that when the application launches again it looks for a “scrambled” type text file and if it finds it, then … 1. internally decrypts it back to the unscrambled MAC address; 2. checks the MAC address of the machine running the application; and if 1 and 2 match runs the program. My logic may be seriously flawed and I need to talk to Pete about some of the details most likely. But if no one knows the encrypting/decrypting algorithm used by my server and the application, then no one can just create a 'scrambled" text document because the application is the one doing the checking and it won’t match with what the app is reporting the machines real MAC address is.
Does this make sense or am I way out to lunch here? :?
Makes a lot of sense to me now. Before I didn’t get it at all. I like the per macine registration idea, but its very limiting for the user, I for instance have my games installed on more than one computer and second what if they upgrade computers. This is asuming you only alow your server to process each key once, also if they do get your encription process cracking it would be easy to do, so you might want a fall back system of some sort. Jeff
In the “How to Register” instructions make it easy for a registered owner to ask for a second or third license (maybe even suggest it?) or to reregister. Tell them, no encourage them, to run it on two machines (change the database and key generation to allow that). Suggest the third one be given to a freind so they can experience your game too. Viral marketing at its best.
; and c) work on a better way to protect our stuff.