Keeping prototypes secret

[tepples]

Say I'm developing a video game, but my publisher wants an exclusive on the ROM for the first few months of distribution. So I don't want one of the beta testers to leak a copy to the public. I already have people in my own family that I can't trust to keep a trade secret.

Here's what I plan: For each copy that I hand out to a beta tester, embed the recipient's name in multiple places in the ROM and encrypt important CHR data. If you turn on the game, you get a decoy: some random single-screen puzzle game. But if you hold a specific button and press Reset, you get a password entry screen. Enter the right password to start running the prototype; a wrong password will give either "Denied" or (if the user is lucky) corrupted CHR data.

Is there a better way?

[tokumaru]

Man, that's a horribly complicated idea. I don't think I have a better solution though...

Maybe give crippled versions to the testers, like with levels and music tracks missing. Make different crippled versions with different things missing, so that the individual parts can still all be tested. I think it's highly unlikely that all your testers will betray you, work together and try to join the pieces from all the crippled versions, but even if they try, this should be really hard to do if the data is shifted around.

If I were to do this I'd probably define some conditionals indicating what's to be assembled and what's not, so that I could quickly use different combinations for different crippled ROMs.

No matter the solution you use, you'll never be sure that the final product is bug-free unless people get to test the exact same binary you'll be selling.

[Bregalad]

I already have people in my own family that I can't trust to keep a trade secret.

If they're like you this is understandable.

Maybe give crippled versions to the testers, like with levels and music tracks missing. Make different crippled versions with different things missing, so that the individual parts can still all be tested. I think it's highly unlikely that all your testers will betray you, work together and try to join the pieces from all the crippled versions, but even if they try, this should be really hard to do if the data is shifted around.

Sounds like horrible. Anyone here could crack your protection easily anyway.

[Jeroen]

Also if someone leaks the rom he'll most likely include the password with it anyway. The best way to get it from not being leaked is either not implement features (sivak didnt have testers have a password version of the rom) or just making absolutly sure the person testing is trustworthy. Also don't put their names in...just put in a random number at a random hex adress...that way they cant find it and erase it.

[tokumaru]

Sounds like horrible. Anyone here could crack your protection easily anyway.

You think it's that easy? With the data all shifted around it should be pretty hard to join them all and fix all the references to it, don't you think?

And you can also cripple by removing code, not only data. Say you make several ROMs, each with a single level for different people to debug, and you also make several ROMs each with a different boss (because the bosses weren't included in the levels)... I think it would be pretty hard to join it all, I wouldn't want that job.

But hey, piracy is piracy, someone always finds a way. If the big companies can't stop the pirates, neither can we. And I don't even know if all this trouble of protecting the ROM is worth it, since anyone that buys the cart can dump the ROM and distribute it the day it is released, so all the effort put into protecting the beta versions would have been for nothing.

And it sucks that you can't even trust people in your own family.

[Dwedit]

This kind of thing is called Data Fingerprinting. But it's really hard to pull off correctly.
And if a password is required to play the game, expect to see that password written on the cartridge in sharpie.

[tokumaru]

Knowing who leaked your game wouldn't help you much after it's already been done, unless you plan on taking legal action.

And people that want to play a game for free won't give a damn about who leaked it, as long as the game is playable.

[cpow]

Man, that's a horribly complicated idea. I don't think I have a better solution though...

Assume you're doing this on an emulator and not on a real NES with a PowerPAK?

If so, why not encrypt the ROM and send with it a modified emulator [binary only] that knows the decryption key? Or scramble the ROM and send with it a modified emulator that knows how to descramble it?

[tepples]

Knowing who leaked your game wouldn't help you much after it's already been done, unless you plan on taking legal action.

I believe Nintendo uses a similar technique to what I described for its official "Ensata" DS emulator, so that it can investigate a leak and apply appropriate contractual sanctions.

And I don't know of any emulator that comes with source code but isn't copylefted.

[koitsu]

Each individual beta tester gets their own cart, which is associated with them digitally (duh). Just want to make that clear. The following would be done *per cart*. Focusing on the ROM itself as a whole, but I guess this would be best in PRG:

Fill in the leftover/unused areas with completely 100% random bytes, ranging from $00 to $FF. The leftover/unused areas should also be somewhat random in size or location (meaning you get to generate a unique ROM image with different offsets and everything per person, fun...).

Make note what the "base offsets" of those unused areas that contain random data are. Then, using the letters from their name, write down/take note of offsets (within the unused areas) which correlate with the letters from their name.

Here's a crummy example, keeping it simple with only 1 section of random data:

Code: Select all

00006000:  f5 41 93 ae 34 e7 54 98  08 2c 42 da d1 93 45 88
00006010:  db c2 9a 68 8f f2 56 ca  25 a5 af a5 f6 06 f1 0e
00006020:  be 2b 46 a5 6e b2 46 04  df d0 fd 0e 70 49 7b 3e
00006030:  89 f5 13 39 45 86 81 ae  b1 b8 92 e9 50 67 89 8e
00006040:  bd 81 f1 5d e8 ff e4 b0  9a 68 cd bc fa 66 03 56
00006050:  b8 e0 3f 82 66 68 99 3b  a5 d2 4e b7 64 a8 f7 2d
00006060:  5b f9 96 66 39 85 87 10  59 93 39 b4 fb 85 52 be
00006070:  95 b0 41 33 8f 6d 6b 2e  c5 d0 6c 40 42 a2 01 d9
00006080:  ac 6c 00 ca f3 8c 28 1a  9b ad 25 3d 83 53 d2 2f
00006090:  68 0c 28 8b e3 99 84 01  81 27 e1 f0 bd 0e 54 51
000060a0:  d2 47 84 34 0c d6 f3 87  2a ba 20 b6 c8 aa 38 ff
000060b0:  14 3f c0 2a 32 84 6e 91  63 ed 8b 11 68 34 e1 36
000060c0:  07 5b cf 22 f8 36 bf d8  a2 6c 3f 41 36 1a e7 48
000060d0:  50 be 06 48 6a 43 d9 80  90 02 42 d8 f4 7f d0 41
000060e0:  31 e7 1e 54 96 3d bd 85  b0 6a a9 51 ca 26 08 db
000060f0:  2e 8e 68 49 53 91 70 01  9c 60 c2 50 b8 b6 2c cd

Let's pretend the individual's name is FAT HEAT. So you'd write down:

FAT HEAT = 0x6000, 23, 01, e4, aa, d4, 0e, cb, 06

The 0x6000 part indicates what base offset you'd need to look at the ROM image (again, assuming PRG) for, and the bytes after are the offsets from that base address.

If you get a hold of a ROM image someone's released on the net (and presumably hasn't modified the hell out of), or a cart someone's put up for sale somewhere, you can simply write a quick script (you know Python ;-) ) to go through your beta tester list, going to that base location + offset and print out the letters.

Well, that's my idea anyway. A good one? Hardly. Failure-prone? Very likely. But you get the idea.

[UncleSporky]

Does the publisher want exclusive on cart production, or the ROM in general? If it's just cart production, aren't there some simple changes that could be made that cause the game to run in certain emulators but not a real NES? The hope is that the other cart makers assume it's a poorly-made game rather than hunting for the code you broke.

[Dwedit]

Cartridge pirates just don't care.

[tokumaru]

@ koitsu:

What you have shown is one way of identifying the person who leaked the game (there are many other possibilities), but that alone won't do it. When the ROM is out, the damage is done. What are you gonna do to the person who did it? Spam their inbox? There isn't much you can do unless you're willing to invest in hiring a lawyer, and that will hardly pay off in the end.

Better than just identifying the culprit after the shit has already hit the fan is to prevent it all from happening in the first place. So I guess the goal here is to find a way to make the distribution of the game impossible, or at least pretty damn hard.

[ailI]

Does the NES version of Contiki have a TCP/IP stack? If so, maybe you could include that on the ROM and have it sporatically make calls to a private server for verification and chunks of code in order to play the game. If said private server is offline, or denying access, then you have incomplete code and a non-working game.

[tepples]

UncleSporky: I'm not sure. This publisher has also put out cart versions of games whose demos are missing levels or (more relevant to my case) missing features. I seem to remember someone else on this publisher not releasing a ROM until the game has been out for months, and the cart got discontinued (on purpose) around the ROM release (also on purpose). So I'm trying to make leaked betas less attractive to casual players or at least try to shame the leaker out of the NESdev community.

Contiki 2.x doesn't support the classic game consoles anymore, only a few commercially significant microcontrollers. Contiki 1.x for NES never had a driver for any serial port hardware over which one could run SLIP or PPP. And even if there were, most of my testers wouldn't have the serial port mod or an emulator that supports it.