• General Chat

  • Let's talk about game resource protection. Contrary opinions welcome. :)

@BillGHero said:

@Nerdzmasterz said: Is there a way to prevent DDOS attacks on our software? If I understand correctly, I was a victim of that once. It wasn't my software/web site, I was looking up stuff and got hit. All I remember was having to completely wipe out everything on my PC to get rid of it.

Needless to say, I do not want a repeat. :#

Did you mean DDOS as is Distributed-Denial-Of-Service, which is classically accomplished using a zombie farm to overwhelm the target so it is not available to provide services to clients over the Internet?

I am curious; why did you have to wipe your PC for that?

Yeah, Distributed Denial Of Service.

Maybe it wasn't that, but just a terrible virus or... something- it got in an infected the PC and I had to lose everything to stop it. I can still remember when I watched the computer BSOD (Yes, the Blue Screen Of Death). I don't exactly remember if we ever recovered that device in some miraculous method or had to replace it.

Either way, I'm mainly looking for protection against cheaters and viruses/worms/DDOS.

@Nerdzmasterz said: Either way, I'm mainly looking for protection against cheaters and viruses/worms/DDOS.

DDOS is all about brute force -- the only real protection is to have a bigger server farm. Viruses and worms mainly spread through people deliberately downloading and/or running infected files. There are a few clever ones that can infect systems remotely, but they prey on people who don't update their software. The odds of godot having a severe security weakness that can be attacked remotely, and anyone evil knowing about it and taking the time to exploit it, are remote.

In thirty-plus years of computing, I've run into five viruses, none of which infected my (personal) systems. If you don't want malware, don't run untrusted code -- it's that simple. (Untrusted code includes web scripts and anything other than text in your email, both of which are easy to avoid.)

You could make your software exploitable, if you allow unsanitized user input to do anything in a server, but that's not godot's fault.

Cheaters are a whole different issue. You can't defend against someone cheating on stand-alone software. If they really want to put the time in, they can make it do whatever they want. Protecting against cheating in multiplayer is similarly difficult. If you run the server that controls the game, you at least have a chance.

Edit: Dealing with malware is a whole branch of computer security. However, the first thing you should do if you suspect malware, is shut everything down and boot from a known safe live disc or lockable usb drive. Then back up anything you need to another drive. Assume that everything you backed up is infected -- remove everything executable or set it to not be executable. Use anti-virus software on your live drive to deal with it. Then, in order of safety, destroy, format, or disinfect the original drives and/or anything with firmware that might be infected, possibly including your usb live disc.

Of course, you should have off-line backups already. If you don't, shame on you. :)

7 days later

Steam has such a thing as DRM, but if my resources are correct, people can still easily swipe from it.

It's kind of pointless to fight piracy. Just accept it as the cost of doing business. I'm considering making an open-source game (with MIT code CC art) but then I'm afraid people won't buy it and just compile themselves. Maybe the id concept is good, release the source a few years after the game came out because you made all your sales already. You could also do donations with Itch, but then no one will pay for your game. Or you can release a "cracked" version yourself, because the pirates will pirate either way, but at least they won't get their computer compromised by Russia in the process.

I don't know how to crack a game, I just build them.

But I was wondering if going through Steam and posting the game as a Steam Key somewhere like Itch would prevent some issues with pirates, as probably not everyone can hack- plus I would have more than one site that it's posted on, which could mean more real sales.

Since we're on the subject, as for cracking, some games managed to make their original games have a "bug" in them as well, so you wouldn't even have to post on a pirating site. The bug only triggers if the game was pirated.

https://cracked.com/article_29468_5-wonky-ways-video-games-got-back-at-pirates.html

Well DRM has gotten more advanced. I've looked into it briefly, like for classic games. Basically you can think in the game there is a function like: "check_copy_protection()". You can decompile the EXE file first. It won't give you the source code, but you'll have ASM (assembly) code and you can do some checks in a debugger to see when the game starts. This will give you a clue to which ASM instruction is the function "check_copy_protection()". Then you edit the last statement to always return 1 (True), so the game thinks the pirate copy is legitimate. You can also use JMP instructions to bypass the DRM (for example, so instead of the game calling "check_copy_protection()" it just calls "start_game()" and completely ignores the DRM). But these tricks are all known, so the current DRM techniques are more complicated, but that is the basic idea.

@cybereality said: I'm considering making an open-source game (with MIT code CC art) but then I'm afraid people won't buy it and just compile themselves.

Don't mind me changing subject, but I couldn't help but notice, that's sort of the issue with mine. "Most" of the assets are from Kenney.com. (Loads of free stuff)

I'm trying to make the game original despite the free stuff with the very weird and broad amount of mechanics. In the end, I'm hoping to offer a more advanced experience than that from most games of its genre, so it would actually be worth whatever. Post a YouTube video or something to demonstrate what it does, and hope for the best.

Spoiler: it's actually meant to feel less like a 2D top-down game, and more like a 3rd person shooter.

@cybereality said: I also like the Itch.io model, where you can suggest a donation, but allow anyone to download for free. I don't think the game will make as much as a fixed price on Steam, but you have more people playing, and more potential to get popular (if the game is good). Also, you don't lock people out if they are young and/or broke and can't afford your game.

If a game is good, could someone live off the money you get from itch?

I've been wanting to be an indie dev for literal years, and need to at least get money somewhere. :)

I'm just trying to find the best solutions.

Steam might be the way to go for me, but I would love to hear what else is available for protection from pirates and beginner entrepreneurs.

(and moderators, please don't take this the wrong way. I've spent literal weeks on Zombie World, and I'm only half-way done with it. I'm also considering changing the art in the game when all the mechanics are ready before release, as I don't think this content gives the right mood. I kinda need to get something out of this in the end, even if it's just enough to keep me an indie dev for a while longer. :# )

So, to give you an idea, I released some free demos on Itch and Steam to get some experience. I had my first demo up on Itch for almost 2 months when I pushed to Steam, and I got as many downloads in the first week on Steam as I did in the whole 2 months on Itch. I still get a decent amount on both total, considering it was a short graphics demo. As of today, the demo Decay got about 4x the amount of downloads on Steam. The audience on Steam is huge, and also have better computers if you are making a 3D game. But both platforms are good for different stuff. Itch is better for shorter experimental games, 2D indie stuff, more like the old Flash games. Steam for more serious projects.

In terms of the donation model, I doubt anyone is making a living like that. I have seen some popular games on Itch, I'm sure there are a few people that got rich, but most of the developers there are not making money. Though you cannot see download or sales numbers, you can sort games by best selling, and then see how many comments they got. This gives you some idea. The issue with donations is that most people download for free. There is an argument that they would not have played otherwise, but the interface makes it easy to just download (especially on the desktop client, there is just an install button and you have to click another thing to pay separately).

I did donations on my demos and I made $400 total this year with all of them. Granted, these were supposed to be free, and they were only a few minutes each, so I did not expect to make much money. But that didn't even cover the cost of the art and music I purchased. I think with a full game you can make more, but unlikely the kind of money you make on Steam. I've seen some people on Itch release a free demo, then on the same page you are forced to buy the game (or you can even embed a Steam widget) and some of these people seem to be successful with that. Others just use Itch for marketing, with the free demo (can be WebGL), and then link to Steam for the sale. I'm considering this as well.

Here are the expenses of a legal indie studio, by way of attorneys. Warning: this gets spooky. :o

After picking a name, you go to make it officially yours. This runs from 500-1500.

Next is going to a business attorney- which runs from 150-325/hour.

After that, you are taxed based on what type of company you set your indie studio to be.

Would you also like the fancy (r) symbol beside your company? From research, that's another $40 dollars a month.

Why do it?

There are benefits to doing this, if you make an LLC.

Thomas Brush explains the reasons for this well:

https://youtu.be/xK0SDfAvOTg

Hopefully, this at least offers an idea of why pirates need to be fought. :)

7 days later

Another very long-term plan for this is to study white hat hacking, or at least hiring such a specialist. Long story short, hackers are white hat, black hat, and gray hat. The white hats are the good ones, and are actually hired by companies to go in and search for weaknesses in your system which the bad hackers can exploit, and then report their findings. This means understanding more computer languages like C++, C#, Python, HTML, basically the works.

There's a course about it on Udemy, but it sounds incredibly complicated.

    Thanks, @Nerdzmasterz that video was super helpful. I want to start my studio after I graduate from college later this year. So far I have released my free demos under my own name, cause I figure there couldn't really be any issue, but for a commercial product I'd like to do it legit.

    Nerdzmasterz The white hats are the good ones, and are actually hired by companies to go in and search for weaknesses in your system which the bad hackers can exploit

    That is specifically a pen-tester, a type of "white hat", but any open-source software developer can be also considered a hacker and depending on what they are developing they can be either white, gray or black hat. Most are probably white tho.

    https://en.wikipedia.org/wiki/Hacker#Definitions

      And, well, even the white hat hackers probably had some history on the other side...