Psychological Finale and Game Security
Paul Taylor 2010
Guest Speakers
• Adam and David from BigAnt Studios (http://www.bigant.com/)
• Arrival: Approx 3:30pm– I begin hunting for them when they call– You all entertain yourselves with relevant YouTube
stuff
Psychology Continued
Based on Neils Clark – Psychology is Fun
So what does this next slide mean?...
Reward Distribution
Continuous Reinforcement
• Duh!• A reward for every correct action.
• Can be used incrementally for behavioural shaping
http://lh5.ggpht.com/riya.reshu/SPNUthNHZmI/AAAAAAAAD_A/Uuhp-4DSimE/Shaping-Pen-stand.JPG
Continuous Reinforcement
The Negatives...
• Most prone to becoming boring, as players can easily recognise it
Fixed Ratios and Fixed Intervals
• Fixed ratios– Simply a reward after x correct responses
• Fixed intervals– A reward after x time has passed
Variable Ratios and Variable Rewards
• Variable Ratio– Reward the player after some number of
responses (with an average number of x)• Variable Rewards– Reward the player with some amount of reward
(with an average of x)
Where do Poker Machines fit?
http://megabonus-home-edition.smartcode.com/images/sshots/megabonus_home_edition_17810.jpeg
2 Minute Design Challenge
• A Gambling game that will HELP problem gamblers........
And now for something completely different...
http://www.guardian.co.uk/technology/2010/oct/04/microsoft-motorola-android-patent-lawsuit
Game Security
http://www.treehugger.com/china-segway-olympics-security.jpg
What is security?
Security:“the state of being free from danger or threat”- OxfordProtection:“the action of protecting, or the state of being
protected”- Oxford
Developing Security
• If it is easy to add the security into your games .......
http://www.yesiamcheap.com/images/oldman.jpg
Lazy, Cheap or Stupid?
http://www.liquidmatrix.org/blog/wp-content/uploads/2009/05/vaderfail.png
Lazy
• We’ll add in security as it’s needed
http://www.proactive-security.com/images/Realme6.gif
An Online Gambling site was hacked to that everyone won 100% of the time
• In the 2 hours it took to take the servers down the company lost 1.9 million.
Bolt-On Security
http://scribalterror.blogs.com/beautiful_english/images/2007/06/04/homemade.jpg
http://www.blogcdn.com/www.engadget.com/media/2008/04/colbert_bot.jpg
Taking Security Seriously...
http://www.geekologie.com/2009/06/you_fool_man_builds_giant_mech.php
How would you protect your Castle?
• Both these photos have used bricks, which would offer you the most protection?
• Why?
http://www.mphohweni.co.za/img/rwanda_brick_laying%5B1%5D.jpg
http://www.instructables.com/files/deriv/FJT/TX50/FXP6OJ7M/FJTTX50FXP6OJ7M.MEDIUM.jpg
http://3.bp.blogspot.com/_thbRorvScz4/SiSxAm-GkXI/AAAAAAAABIw/vp2ZpvKO5oI/s400/bricks.jpghttp://leeharps.com/wp-content/uploads/
2006/03/03-Brick-Pile.gif
Security Systems should be independent
• This doesn’t mean bolt-on, it means manageable, and more importantly each system should be secure in its own right
Chains and Meshes
• You don’t want your security defence to be a chain.
http://tutorialqueen.com/wp-content/uploads/2008/04/3dmodel-link-chain-max-studio-tutorial12.gif
http://www.bombayharbor.com/productImage/0095071001227259954/Chain_Link_Fence.jpg
Industry Protection Methods to date...
• Consoles• DRM / License Management• Online Gaming• Prosecutions
Piracy
http://www.gadgettastic.com/images/software%20piracy.jpg
Preventing DuplicationFAIL
FAIL
Detecting DuplicationFAIL
FAIL
Detecting DuplicationFAIL
FAIL
Disk as a key
FAILFAIL
License Keys
• ID and Checksum• Public key encryption• Online Authorisation
FAILFAIL
Collectables, Feelies, and Stuffz
• People LOVE to collect!– Do NOT google collect, Image #2 moderate, off,
image #3 on strict
WIN
WIN
Battle.Net Authenticator $6.50
• Also in Mobile Phone format
WIN
WIN
Commodore 64
• Twin Cassette decks == clones• Sound while copying ~= “It sounded like a Dalek being
flayed alive, but it was actually just the birthing cry of a newly pirated game.”
Source: http://www.gamesradar.com/f/a-brief-history-of-video-game-piracy/a-2010082715101116096
http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/Taping--article_image.jpg
The Nintendo Entertainment System
• The NES contains a lockout chip, the 10NES• IF it detects a fake cart, it sends reset pulses (1
per second) to the console via pin 4.– Guess the solution??
http://www.raphnet.net/electronique/nes_mod/images_lock/lockout_chip2_th.jpg
http://4.bp.blogspot.com/_pJlwRrgGJfk/S-17HldW7AI/AAAAAAAAAVo/kvLQUOMlJx4/s1600/nes-console.jpg
Pirate Consoles
• In the later years, Nintendo even lost console sales to pirates!
• IN Russia Dendy sold as many consoles as
Nintendo!!
http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/NES%20clones--article_image.jpg
http://26.media.tumblr.com/j1FdQE2daikcfffu1yAPYXhDo1_500.jpg
The EVIL anti-piracy techniques used
Lenslok
80’s home computer gamesOnce the cacophonic banshee-wailing of the tape loading
sequence finally came to a merciful end, the game would compound the player’s emotional trauma by flashing up a garbled two-letter code on screen.
http://www.gamesradar.com/f/gamings-most-fiendish-anti-piracy-tricks/a-2010022516730628047
http://farm4.static.flickr.com/3195/2782909930_a20527bfb4.jpg
Lenslok
There were two problems:1) The code had to be manually scaled to make
it readable on different sizes of TV, and the system didn’t work with big or small screens.
2) The codes were incredibly easy to hack, given a bit of coding knowledge.
Batman: Arkham Asylum
Illegal copies of the game worked perfectly apart from one little detail. Batman’s cape glide ability was disabled, making the game playable but uncompleteable.
http://ps3media.ign.com/ps3/image/article/949/949513/batman-arkham-asylum-20090129054204704.jpg
Command & Conquer: Red Alert 2
After 30 seconds of play on a pirated copy of the game, the player’s base and units would detonate.
Like recent EA DRM, the base blasting trick caused all kinds of problems, in particular blowing up the armies of plenty of legitimate players.
Call it a pre-emptive strike just in case they were thinking of passing a copy on.
Operation Flashpoint
Using a system called FADE Dodgy copies would let the
game run Would gradually change the
gameplay in increasingly horrible ways.
Guns lose accuracyEnemies become bullet-sponges The player’s character would
gain the battle resilience of a dead jellyfish.
FADE detected pirate copies by inserting fake errors in the original game code, which CD copiers would clean up, making rip-offs immediately obvious
The Secret of Monkey Island
• The game shipped with a cardboard dial, comprising two circles of different size set one inside the other. Each disc was printed with one half of a series of pirate faces. The game displayed the face of a particular pirate on screen, and the player had to turn the middle disc in order to line up faces and identify the year the pirate was hanged. Typing in the date allowed the game to run.
Metal Gear Solid
At one point in Metal Gear Solid, Snake has to work out how to contact Meryl via his codec in order to continue the story.
The clue is that her codec frequency is on the back of the CD caseCue the world’s unwitting Nintendites searching every object in the
game for hours on end.
http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/02/Inventive%20copy%20protection/Metal%20Gear--article_image.jpg
http://blogs.ocweekly.com/heardmentality/Metal_Gear_Solid_ntsc-back.jpg
Dragon Quest V on DS / Final Fantasy Crystal Chronicles: Ring of Fates
The intro sequence in Dragon Quest V looped infinitely in knock-off copies.
FFCC turned into a 20 minute demo, complete with a “Thank you for playing” kick in the stones from a couple of jolly Moogles at the end.
The Silicon Dreams trilogyWhen developer Level 9 released its
Silicon Dreams interactive fiction series in a bundle pack in 1986, it threw in a free, full-length novella as an introduction to the third game’s story.
The book was also used as a password generator. The game asked for the word at a specific page and line reference whenever a saved game was loaded, and given that the source was a full-scale book, no-one was going to bother photocopying all of the content for a mate’s pirating convenience.
It required a binary patch or a lot of photocopying
The Last Resort?
http://thenextweb.com/me/files/2010/07/anti-piracy-measure.jpg
http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/File%20sharing--article_image.jpg
http://www.willisms.com/archives/ramirezsocialsecurity.gif
Threats, Vulnerabilities, and Risk
• These three combine to decide your response
Flash Hacking
• This is why Flash games are not a part of competitions
• http://www.youtube.com/watch?v=dLO2s7SDHJo
• There’s also a Firefox add-on that allows you to tamper with ALL the browser requests
• https://addons.mozilla.org/en-US/firefox/addon/966/
The Military Approach to security
• Protect, Detect, React
• Attack, Defend, counterattack
16 Weeks for one password?
http://imgs.xkcd.com/comics/security.png
http://www.h-online.com/security/news/item/Four-months-jail-for-refusing-to-disclose-password-1102546.html
Nintendo 3DS to have a TPM
• http://au.ds.ign.com/articles/112/1124753p1.html
http://www.tomshw.it/guides/hardware/cpu/20080211/images/tpmchip.jpg
Summary of Security Principles we’ve look over
1. Anything that is easy to add is easy to remove2. Effective Security comes from weaving
together independent systems3. Make your adversary work a lot harder than
you4. If it’s not simple, it’s no secure
References
• http://www.gamasutra.com/view/feature/6145/psychology_is_fun.php
• Protecting Games – Steven Davis