Psychological Finale and Game Security

Paul Taylor 2010

Guest Speakers

• Adam and David from BigAnt Studios (http://www.bigant.com/)

• Arrival: Approx 3:30pm– I begin hunting for them when they call– You all entertain yourselves with relevant YouTube

stuff

Psychology Continued

Based on Neils Clark – Psychology is Fun

So what does this next slide mean?...

Reward Distribution

Continuous Reinforcement

• Duh!• A reward for every correct action.

• Can be used incrementally for behavioural shaping

http://lh5.ggpht.com/riya.reshu/SPNUthNHZmI/AAAAAAAAD_A/Uuhp-4DSimE/Shaping-Pen-stand.JPG

Continuous Reinforcement

The Negatives...

• Most prone to becoming boring, as players can easily recognise it

Fixed Ratios and Fixed Intervals

• Fixed ratios– Simply a reward after x correct responses

• Fixed intervals– A reward after x time has passed

Variable Ratios and Variable Rewards

• Variable Ratio– Reward the player after some number of

responses (with an average number of x)• Variable Rewards– Reward the player with some amount of reward

(with an average of x)

Where do Poker Machines fit?

http://megabonus-home-edition.smartcode.com/images/sshots/megabonus_home_edition_17810.jpeg

2 Minute Design Challenge

• A Gambling game that will HELP problem gamblers........

And now for something completely different...

http://www.guardian.co.uk/technology/2010/oct/04/microsoft-motorola-android-patent-lawsuit

Game Security

http://www.treehugger.com/china-segway-olympics-security.jpg

What is security?

Security:“the state of being free from danger or threat”- OxfordProtection:“the action of protecting, or the state of being

protected”- Oxford

Developing Security

• If it is easy to add the security into your games .......

http://www.yesiamcheap.com/images/oldman.jpg

Lazy, Cheap or Stupid?

http://www.liquidmatrix.org/blog/wp-content/uploads/2009/05/vaderfail.png

Lazy

• We’ll add in security as it’s needed

http://www.proactive-security.com/images/Realme6.gif

An Online Gambling site was hacked to that everyone won 100% of the time

• In the 2 hours it took to take the servers down the company lost 1.9 million.

Bolt-On Security

http://scribalterror.blogs.com/beautiful_english/images/2007/06/04/homemade.jpg

http://www.blogcdn.com/www.engadget.com/media/2008/04/colbert_bot.jpg

Taking Security Seriously...

http://www.geekologie.com/2009/06/you_fool_man_builds_giant_mech.php

How would you protect your Castle?

• Both these photos have used bricks, which would offer you the most protection?

• Why?

http://www.mphohweni.co.za/img/rwanda_brick_laying%5B1%5D.jpg

http://www.instructables.com/files/deriv/FJT/TX50/FXP6OJ7M/FJTTX50FXP6OJ7M.MEDIUM.jpg

http://3.bp.blogspot.com/_thbRorvScz4/SiSxAm-GkXI/AAAAAAAABIw/vp2ZpvKO5oI/s400/bricks.jpghttp://leeharps.com/wp-content/uploads/

2006/03/03-Brick-Pile.gif

Security Systems should be independent

• This doesn’t mean bolt-on, it means manageable, and more importantly each system should be secure in its own right

Chains and Meshes

• You don’t want your security defence to be a chain.

http://tutorialqueen.com/wp-content/uploads/2008/04/3dmodel-link-chain-max-studio-tutorial12.gif

http://www.bombayharbor.com/productImage/0095071001227259954/Chain_Link_Fence.jpg

Industry Protection Methods to date...

• Consoles• DRM / License Management• Online Gaming• Prosecutions

Piracy

http://www.gadgettastic.com/images/software%20piracy.jpg

Preventing DuplicationFAIL

FAIL

Detecting DuplicationFAIL

FAIL

Detecting DuplicationFAIL

FAIL

Disk as a key

FAILFAIL

License Keys

• ID and Checksum• Public key encryption• Online Authorisation

FAILFAIL

Collectables, Feelies, and Stuffz

• People LOVE to collect!– Do NOT google collect, Image #2 moderate, off,

image #3 on strict

WIN

WIN

Battle.Net Authenticator $6.50

• Also in Mobile Phone format

WIN

WIN

Commodore 64

• Twin Cassette decks == clones• Sound while copying ~= “It sounded like a Dalek being

flayed alive, but it was actually just the birthing cry of a newly pirated game.”

Source: http://www.gamesradar.com/f/a-brief-history-of-video-game-piracy/a-2010082715101116096

http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/Taping--article_image.jpg

The Nintendo Entertainment System

• The NES contains a lockout chip, the 10NES• IF it detects a fake cart, it sends reset pulses (1

per second) to the console via pin 4.– Guess the solution??

http://www.raphnet.net/electronique/nes_mod/images_lock/lockout_chip2_th.jpg

http://4.bp.blogspot.com/_pJlwRrgGJfk/S-17HldW7AI/AAAAAAAAAVo/kvLQUOMlJx4/s1600/nes-console.jpg

Pirate Consoles

• In the later years, Nintendo even lost console sales to pirates!

• IN Russia Dendy sold as many consoles as

Nintendo!!

http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/NES%20clones--article_image.jpg

http://26.media.tumblr.com/j1FdQE2daikcfffu1yAPYXhDo1_500.jpg

The EVIL anti-piracy techniques used

Lenslok

80’s home computer gamesOnce the cacophonic banshee-wailing of the tape loading

sequence finally came to a merciful end, the game would compound the player’s emotional trauma by flashing up a garbled two-letter code on screen.

http://www.gamesradar.com/f/gamings-most-fiendish-anti-piracy-tricks/a-2010022516730628047

http://farm4.static.flickr.com/3195/2782909930_a20527bfb4.jpg

Lenslok

There were two problems:1) The code had to be manually scaled to make

it readable on different sizes of TV, and the system didn’t work with big or small screens.

2) The codes were incredibly easy to hack, given a bit of coding knowledge.

Batman: Arkham Asylum

Illegal copies of the game worked perfectly apart from one little detail. Batman’s cape glide ability was disabled, making the game playable but uncompleteable.

http://ps3media.ign.com/ps3/image/article/949/949513/batman-arkham-asylum-20090129054204704.jpg

Command & Conquer: Red Alert 2

After 30 seconds of play on a pirated copy of the game, the player’s base and units would detonate.

Like recent EA DRM, the base blasting trick caused all kinds of problems, in particular blowing up the armies of plenty of legitimate players.

Call it a pre-emptive strike just in case they were thinking of passing a copy on.

Operation Flashpoint

Using a system called FADE Dodgy copies would let the

game run Would gradually change the

gameplay in increasingly horrible ways.

Guns lose accuracyEnemies become bullet-sponges The player’s character would

gain the battle resilience of a dead jellyfish.

FADE detected pirate copies by inserting fake errors in the original game code, which CD copiers would clean up, making rip-offs immediately obvious

The Secret of Monkey Island

• The game shipped with a cardboard dial, comprising two circles of different size set one inside the other. Each disc was printed with one half of a series of pirate faces. The game displayed the face of a particular pirate on screen, and the player had to turn the middle disc in order to line up faces and identify the year the pirate was hanged. Typing in the date allowed the game to run.

Metal Gear Solid

At one point in Metal Gear Solid, Snake has to work out how to contact Meryl via his codec in order to continue the story.

The clue is that her codec frequency is on the back of the CD caseCue the world’s unwitting Nintendites searching every object in the

game for hours on end.

http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/02/Inventive%20copy%20protection/Metal%20Gear--article_image.jpg

http://blogs.ocweekly.com/heardmentality/Metal_Gear_Solid_ntsc-back.jpg

Dragon Quest V on DS / Final Fantasy Crystal Chronicles: Ring of Fates

The intro sequence in Dragon Quest V looped infinitely in knock-off copies.

FFCC turned into a 20 minute demo, complete with a “Thank you for playing” kick in the stones from a couple of jolly Moogles at the end.

The Silicon Dreams trilogyWhen developer Level 9 released its

Silicon Dreams interactive fiction series in a bundle pack in 1986, it threw in a free, full-length novella as an introduction to the third game’s story.

The book was also used as a password generator. The game asked for the word at a specific page and line reference whenever a saved game was loaded, and given that the source was a full-scale book, no-one was going to bother photocopying all of the content for a mate’s pirating convenience.

It required a binary patch or a lot of photocopying

The Last Resort?

http://thenextweb.com/me/files/2010/07/anti-piracy-measure.jpg

http://static.gamesradar.com/images/mb/GamesRadar/us/Features/2010/08/A%20brief%20history%20of%20piracy/File%20sharing--article_image.jpg

http://www.willisms.com/archives/ramirezsocialsecurity.gif

Threats, Vulnerabilities, and Risk

• These three combine to decide your response

Flash Hacking

• This is why Flash games are not a part of competitions

• http://www.youtube.com/watch?v=dLO2s7SDHJo

• There’s also a Firefox add-on that allows you to tamper with ALL the browser requests

• https://addons.mozilla.org/en-US/firefox/addon/966/

The Military Approach to security

• Protect, Detect, React

• Attack, Defend, counterattack

16 Weeks for one password?

http://imgs.xkcd.com/comics/security.png

http://www.h-online.com/security/news/item/Four-months-jail-for-refusing-to-disclose-password-1102546.html

Nintendo 3DS to have a TPM

• http://au.ds.ign.com/articles/112/1124753p1.html

http://www.tomshw.it/guides/hardware/cpu/20080211/images/tpmchip.jpg

Summary of Security Principles we’ve look over

1. Anything that is easy to add is easy to remove2. Effective Security comes from weaving

together independent systems3. Make your adversary work a lot harder than

you4. If it’s not simple, it’s no secure

References

• http://www.gamasutra.com/view/feature/6145/psychology_is_fun.php

• Protecting Games – Steven Davis