0

I have a few C++/DirectX games that I want to start selling from my website. What's the best way to protect my games from being copied/shared? I don't really want to use a classic DRM and the games aren't well suited for the ingame purchase/freemium model. I don't think revealing the download link after the visitor pays a fee is the correct answer... If DRM is the only way - even if I don't like it - is there a lightweight DRM solution used by other game developers? (Something with minimal protection)

Thank you!

Mihai Dragomir
  • 3
  • 2
  • "DRM" isn´t a single method, but the purpose. Every copy protection because of copyright/financial reasons is DRM. And about the "minimal protection"..."Did you legally buy this game: Yes/No". Seriously, either the full course or nothing. – deviantfan Mar 17 '15 at 22:54
  • I was actually asking for an advice on what I should do in order to generate revenue by selling the game directly from my website. I have to sell something, I can't just send a download link with a fully unlocked game (I guess). Should I sell keys and implement a basic DRM? Should I completely change the games and implement some ingame purchase features (and I don't like ingame purchases but I like full games)? Maybe I should make a demo version that asks you to make an ingame purchase after a few levels to unlock the full game? – Mihai Dragomir Mar 19 '15 at 08:22

1 Answers1

3

It's easy if the games are meant to be played online only... perform part of the game calculation only on the server, and use logins. But if you have a single-player mode...

A good "minimal" protection would be to use a hardware fingerprint and a matching HMAC downloaded from the server. When the user moves the game to a different computer, they have to use their credential to generate a new HMAC. The game itself doesn't contain the private key necessary for HMAC generation, only the public key necessary for verification. This will prevent accidental unauthorized copies, and there's very little you can do about skilled crackers anyway.

It's probably a good idea to include sunset logic, in case you shut down your server someday, you don't want your paying customers left with no way to reinstall. The likelihood you'll still be seeing significant income from sales more than 3 years after release is miniscule. You could also release an "update" with the license checks removed at some point in the future if you get tired of checking licenses.

For some extra information on why you don't want to join the arms race, see this answer of mine: The #1 law of software licensing

Community
  • 1
  • 1
Ben Voigt
  • 277,958
  • 43
  • 419
  • 720