Game Distribution Model...

I asked a similar question in the 'make money off of widgets' thread. But figured it may need a more generic thread title, because others may have similar questions.

I've finally decided that my basic distribution plan for my game is to have it downloadable from my site. (non-widget)

What I would like to do is have it as a time trial. You get 5 days to play for free then you need a registration key/code, which you purchase at $1.99.

How can I create a timed install, similar to Unity's demo? Mac or PC?

Can any OverTheEdge guys make any recommendations? Is it a proprietary tool you are using for your distribution?

peace,
dingo

 

One resource that might help answer some of your (and other's) questions is the Macintosh Software Business Yahoo! Group.

Group description:
This group is for small, independent Macintosh developers who want to talk with other developers about the business of Mac development. Questions on pricing, packaging, advertising, e-commerce providers, and so on are on-topic.

If you look through the older messages there is a lot of great nuts and bolts info from successful, independent Mac developers. For instance, recently there was a great discussion about which sites are the best place to list your shareware/freeware.

Cheers,
Scott

 

Thanks Scott,

I just went and joined that group, looks like many resources.

One I found is KAGI where you can do registrations and such right in your software. That looks very promising. Has anyone else used them?

Here is the link for others that may want to investigate:
http://www.kagi.com/about/bulletins/krm.html

Peace,
dingo

 

Don't really see why you can't just buy it on the website, and you could have a demo or something..

Kagi doesn't stop the user from redistribruting it when he's paid for it, downloading is easy and cheap, but will make a lot of your cutomers share their game with others sadly (think limewire, or any other download client), that's why it's in some ways better to require cd to play, it's easy hackable, but will stop the common users from copying it.

This is what I'll do anyway, the only good thing about Kagi is that you can try the full game of course, but it's expensive and as far as I see, it may be hackable? :roll:

Good Luck!

 

Limewire isn't our enemy, like Bittorrent is. Jeff

 

One thing I like about that KAGI KRM is that purchase and registration code occur right inside the software, and you can set up timed software.

So the user would not have to go outside the software, register, then wait for an email registration code. And they have it for Mac and Windows.

The cost does concern me somewhat, but I will probably just have to make my game like $4.99 (I want it to be inexpensive) in order to make up for the cost.

The biggest concern is integrating KAGI's code into the game. Is it possible to integrate something like that into a Unity created game?

Any programmers know how hard that's gonna be?(maybe I should ask that in the yahoo group).

 

I think you'd have to wait until the sample plugin is released before you know how hard it would be.

You may want to look into http://www.esellerate.net/ and http://bmtmicro.com/ in addition to Kagi.

-Jon

 

Can any of the Unity guys please comment on this thread?

What is the best solution for distributing unity games as timebased shareware?

Can you make any suggestions?

What does the Unity authoring environment use?

 

Yes, any chance of software activation becoming a Unity PRO feature at least?

 

Hello?....

 

Hi Dingo!

 

I came across this today and thought it might be of interest:

http://aquaticmac.com/

It's an open source registration system that allows you to register applications and generate serial numbers via a website.

 

I've been thinking about all this too with the stuff we've been planning. I agree that a professional type registration technology or way of doing it would make sense, but I also know that (almost) every Mac application can and has been cracked or copied. From Maya (CDN$9000 through to Cinema 4D through to Subethaedit and small shareware titles). So how much effort does one put into a $5 shareware title? How much into a $50 game?

We may wind up doing something a bit fancier than this, but for the time being all we are planning on doing is personalizing each shareware game we sell with the sellers name. Publically on the credits/splash screen, and somewhere else hidden that only we'll know about. Of course, this will only work when we're selling 10 games/week. When (if??) we ever start downloading serious numbers of games like the widgets (yikes!) we'll: a) be able to quit our jobs anyways; b) enjoy the tase of pasta with ketchup :wink: ; and c) work on a better way to protect our stuff.

The benefit of our simple/small system is that if a few get copied and put out there, we'll know who let them loose. But we will look into a more professional way of doing it as well, of course.

Question to the OTEE guys? Is there any way using .NET to check the machine's MAC address and check against that? [EDIT -- One of our work .NET developers and also the lead programmer here are looking itno this for em and will let me know. I will post here with details.]

 

OK, here are two relevant links to methods of using .NET to find out what the MAC hardware address is of the computer running the application. This way, you could limit an application to run only on a computer with a specific MAC hardware address.

Anyone want to tackle changing this into something useful for Unity?

http://msdn.microsoft.com/library/?url=/library/en-us/wmisdk/wmi/wmi_tasks__networking.asp

http://www.codeproject.com/csharp/Host_Info_within_Network.asp

EDIT -----

OK, so one guy at work has come up with an intriguing model. It would require you to have a server running something like MySQL or even something as simple as a CGI script and a writable text file at your end. The buyer would need an Internet connection only on the first time they start up your program. It goes like this ...

Person buys your program and you get an email. You reply with a download link and 5 digit number. You've entered their name and 5 digit number into said database/text file at your end. They start the game. The app looks for a text file on their system (more on this later) and if it doesn't find it they enter the 5 digit number and click a register button. The register button sends the 5 digit number and the machine's MAC address to your database/text file. The CGI script now adds the MAC address to the same line as the 5 digit number and sends back a XOR key based on their 5 digit key you provided and their MAC address. The application now writes a small text file with this XOR info onto their hard drive some place discrete and starts up.

That small text file is what the game looks for when starting up. It compares the text XOR MAC key file with the MAC address the computer is running and if it's the same it runs. This works because the XOR function in the game itself can read the scrambled key backwards and unscramble it meaning that the app reads the text file as simply the MAC address. This way, no one can run the game unless they've registered it and you have their name, 5 digit code and MAC address on file. It's all transparent on the users end and yours too!

Admittedly, if they change computers or lose that text file they'll have to email you and reregister it. But quite simple, no?

I believe I could convince the author of this idea (brilliant programmer Peter B.) to help me create it for the community. Any interest? OTEE guys, what do you think?

 

OK, rather than yet another edit to a long post, here's an example of using JavaScript for XOR ... http://guymal.com/mycode/xor_js_encryption/.

Try entering a dummy MAC address in the String to Encrypt field (i.e., 0D44FGh445G) and then work it. Cool, huh?

In my example, the XOR key field would be the 5 digit number you provide your buyer. If it was unregistered, your Unity app would send the MAC address and 5 digit code to your CGI script which encrypts the former and then sends it back to your app which then saves the encrypted number as the text file. When you run the app, decrypting works inside your Unity app on start; it checks the MAC address versus the decrypted address and away it goes. Here's the code that's making this all work ...

Code (csharp):

1.  
2. function xor_str()
3. {
4.     var to_enc = document.forms['the_form'].elements["str"].value;
5.  
6.     var xor_key=document.forms['the_form'].elements.xor_key.value
7.     var the_res="";//the result will be here
8.     for(i=0;i<to_enc.length;++i)
9.     {
10.         the_res+=String.fromCharCode(xor_key^to_enc.charCodeAt(i));
11.     }
12.     document.forms['the_form'].elements.res.value=the_res;
13. }
14.  
15. function decrypt_str()
16. {
17.     var to_dec=document.forms['the_form'].elements.res.value
18.     document.forms['the_form'].elements.dec_res.value="";
19.  
20.     var xor_key=document.forms['the_form'].elements.xor_key.value
21.     for(i=0;i<to_dec.length;i++)
22.     {
23.         document.forms['the_form'].elements.dec_res.value+=String.fromCharCode(xor_key^to_dec.charCodeAt(i));
24.     }
25. }
26.  

I'll get this working, count on it. Peter B (guru of all things binary) will help create a working version I hope to share with everyone.

 

Just to check if i understood you correctly. The customer knows the 5 digit number (and of course his MAC address). And "lock" is if there is a file somewhere on the hard disk which contains an XOR "of MAC and 5 digit number"?

If i did not misunderstood you, where is the security in that? The customer knows both values, and XOR'ing that is not really difficult. If you would XOR this with a secret "key" only you have access to (and being hardcoded in the app) would give some (minimal) protection.

Just checking for the existence of a simple file created in a (hidden) but defined location would offer the same security, without the privacy issues of getting the users MAC address (which can be be spoofed) without his/her consent, or did i miss something?

Thanks
Alex

 

Yeah, I am explaining this badly.

The customer is given a 5 or 6 digit registration number. They don't give your their MAC address ... the application itself pulls that from their hardware the first time they run the application and sends it and the reg number to your database.

The db checks to see if the reg number exists and then uses that and the MAC address and an encrypting method at the server end (and enhanced XOR or something that sin't just adding 1 to the value of the ASCII characters) to generate another number (let's call it "scambled") that it sends back to the application which in turn writes a text file with "scrambled" in it on the person's hard drive.

The key here (I think?) is that when the application launches again it looks for a "scrambled" type text file and if it finds it, then ... 1. internally decrypts it back to the unscrambled MAC address; 2. checks the MAC address of the machine running the application; and if 1 and 2 match runs the program. My logic may be seriously flawed and I need to talk to Pete about some of the details most likely. But if no one knows the encrypting/decrypting algorithm used by my server and the application, then no one can just create a 'scrambled" text document because the application is the one doing the checking and it won't match with what the app is reporting the machines real MAC address is.

Does this make sense or am I way out to lunch here? :?

 

Makes a lot of sense to me now. Before I didn't get it at all. I like the per macine registration idea, but its very limiting for the user, I for instance have my games installed on more than one computer and second what if they upgrade computers. This is asuming you only alow your server to process each key once, also if they do get your encription process cracking it would be easy to do, so you might want a fall back system of some sort. Jeff

 

In the "How to Register" instructions make it easy for a registered owner to ask for a second or third license (maybe even suggest it?) or to reregister. Tell them, no encourage them, to run it on two machines (change the database and key generation to allow that). Suggest the third one be given to a freind so they can experience your game too. Viral marketing at its best.

 

Ahh... seems like i understood you right

I am a bit nit picky here (working for a company heavily involved in cryptography) but that is a common misconception. The problem you have is, that you could not use an established crypto algorithm (an attacker would simply try out each of them). Instead you'd have to implement your own. Doing that is really, really hard. If i remember correctly german Telekom tried that twice and failed abysmally... well not that pathetic failure is uncommon for big german companies, but you get the idea

Of course it would be secure enough of to prevent "casual piracy", but IMHO simple serial numbers, would do that too (Wil Shipley said some interesting stuff about that, either in his blog or in an interview with drunken batman).

Additionally serial numbers are trivial to implement and you avoid privacy fanatics bad mouthing your hard work for "calling home". It is certainly not more secure than your idea, but i think close enough, while being easier on you and your customers (less points of failures, easier to test, simpler business process etc.).

But also note, that i might have some minimal understanding of security, i know absolutely nothing about how to run a profitable software company!

 

I would love to use just a simple serial number scheme, or just embed the buyers name in the thank you screen and also on another screen only i knew how to get to. That may be the easiest solution rather than trying all this. I certainly concede your insights into scrambling and stuff, though. If I thought 82,000+ downloads caught me unaware, just wait until this whole shareware thing takes off like a comet. :wink:

 

A rough idea would be:

In your game you store a "secret key" (i.e. just a long fat string) in a constant. We call this K, and a function f(x) which takes an input x (your registration key).

x has a default value which conforms to f(x) != K

So in your game you just check periodically if f(x) == K. If this is false, you prompt the user for his registration key.

When the user entered his registration key you check again if f(x) == K. If that's the case your user just successfully registered and you "serialize" x and continue... if f(x) != K you do what ever you want to do to punish the user

The next time the user starts the game x get's set to the serialized value which is the correct key, and the user won't get prompted again. So maybe you need a dummy level just to get set x. Sorry my Unity skills are pretty bad as between my thesis and my day job there is not much time to do anything else... so there might be a much smarter solution to set x permanently in Unity than this dummy level.

So on your server you have this little function g(K) == x (i.e. a function which creates a valid registration key, having knowledge of the secret key). When the user pays, you create the registration key and show it to him/her.

As you have a "secret" key (i.e. K) you can choose from various known and tested open source algorithms, and do not have to roll your own.

You could make this a bit more sophisticated e.g. by storing the users name in the key, so you have something like "f(x) == K, UserName" ... or you could get the user name via Mono's Mono.Unix.UnixUserInfo Class.

Just for the record: This is far from "secure", but IMHO should be enough of a hassle to stop casual piracy and hopefully enough (well my business skills) to softly remind a user to go and register.

 

It's been awhile since I've read the series (back when I had dreams of becoming a rich and famous, okay, not-poor-college-student), so I don't recall all that was in it, but at least on the business end, there a a great series...type type, google search... Here's a couple:

http://www.peter.com.au/programming/sharewareauthor.html

http://db.tidbits.com/getbits.acgi?tbart=04108

And here's some on the piracy issue... (Why can I remember obscure articles from years ago, but I can't remember what I had planned to do today?!?)
http://www.ambrosiasw.com/news/newsletter.php?show=7&start=0

 

Thanks for those links Scandalon, great reading.