Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
PC Games (Games) Piracy Games

Enlisting Game Hackers Instead of Fighting Them 118

CVG recently spoke with Christofer Sundberg, co-founder of Avalanche Studios, the company behind Just Cause and its sequel. Sundberg expressed his disdain for both DRM and poor cross-platform ports, and talked about how he sees the hacker community as more of an ally than publishers do. Quoting: "'... 50 percent of the people that work for me come from a hacker background - that's true.' When asked whether approaching leading hackers and asking them to put their programming skills to good use was a wise idea, Sundberg added: 'Oh yeah. I absolutely think that's a fair approach, to think about how these people can fit on the right side of the law. It's one way, at least. Perhaps the truest pirates are too much down the road of anarchy to ever work with you in a proper way; these are the guys who see us as evil! But in Sweden the [hacking] scene was huge... As a studio, we've found that there's definitely a lot of talent [in that community].'"
This discussion has been archived. No new comments can be posted.

Enlisting Game Hackers Instead of Fighting Them

Comments Filter:
  • My cat, Joe, is a proficient hacker.
    • My cat, Joe, is a proficient hacker.

      And is clearly in violation of the DMCA. From the DMCA:

      ... shall include all hacking including (but not limited to) any and all computer, electronic or DRM related deflowerations; dismemberment, decapitation, machete-related injuries, and most licensed and unlicensed quackery; fur balls, hair balls and other cat vomit which may or may not contain unknown material(s); wood chopping (but not chipping), splitting and other lumberjack related activities performed on non-commercial or private lands; ...

  • by Anonymous Coward

    this article used two words wrongly: Hacker and PC - http://www.gnu.org/philosophy/words-to-avoid.html#Hacker - http://www.gnu.org/philosophy/words-to-avoid.html#PC

  • DRM is evil (Score:5, Interesting)

    by Anonymous Coward on Sunday March 27, 2011 @05:53AM (#35628740)

    "The DRM does not stop piracy," he said, "it just punishes the people who have actually paid for the game. It's completely useless."

    Agreed. So that must be why Just Cause 2 doesn't use any DRM.

    Oh, wait, it does. And it punishes people who have actually paid for the game. [giantbomb.com]

    So at least his customers agree with that statement.

    That being said, Just Cause 2 is a lot of fun. Unfortunately, the Square Enix taint is already there, and you get half a game out of the box with the rest being released as an endless stream of DLC [steampowered.com].

    And now that they're published by Square Enix, I wonder how long until we hear about Just Cause 2 2?

    At least Square Enix has a fairly simple form of DRM that they employ. The just make games no one in their right mind plays.

    • by Anonymous Coward

      1. Dev companies can be contractually obligated to add DRM.
      2. DRM is usually just a stupid wrapper around the PE, maybe with some code hints like where to substitute calls or steal instructions - doesn't always require original devs to add it.
      3. That was a demo, the claim without adequate proof. Someone even said the Nvidia drivers caused it. Regardless, at most it was using Steamworks. Not so bad as SecuROM.

      • 1. Dev companies can be contractually obligated to add DRM.

        You can be contractually obligated to blow baby rhinos. Personally, I do not sign those kinds of contracts. If you do, don't complain about the taste in your mouth. Also, don't be surprised if I avoid your breath.

    • Comment removed based on user account deletion
      • That's really just it, though. DRM isn't enough to enrage the masses in most cases. You have the extreme outliers like the blow-up over Spore, but all-in-all, people just don't care. Most people will simply pay their $60, play their game, and never be the wiser.

        • by dovios ( 2027228 )

          "Most people will simply pay their $60, play their game, and never be the wiser."

          Well, isn't that exactly what they want to do?

          • I never said it was a good or bad thing, just that it is how it is. There won't be a revolution against DRM because most people simply don't care.

      • Nobody forces anyone to buy a DRM-crippled game, that's entirely a decision made by the customer. And if enough people didn't buy enough games because of DRM crippling, then DRM would disappear overnight as a commercial failure and none of us would ever hear of it again.

        But would it disappear? Would the publisher not just blame the less than expected sales on piracy? Now if not a single person bought the game and it was not even available at torrent sites then maybe they would conclude that their DRM is too draconian. But back in the real world I can't think of a single scenario where a game publisher would conclude that they are losing business because of DRM that turns their game from a purchase into a rental. It's hard to infer very much from sales of a game anyway. It'

    • by lenroc ( 632180 )

      That being said, Just Cause 2 is a lot of fun. Unfortunately, the Square Enix taint is already there, and you get half a game out of the box with the rest being released as an endless stream of DLC [steampowered.com].

      OK now I hate DLC as much as anybody, but I don't really see Just Cause 2 as an example of a "half game" without the DLC. Did you actually look at the list you linked? There are a few weird vehicles, a couple moderately updated guns (remember this is a single-player game), and.... not much else. It's not like you need to pay to unlock half the map.

      I'm enjoying Just Cause 2, and I have not purchased and do not plan to purchase any DLC.

    • by Anonymous Coward

      The link provided points to a forum post where someone ran into some kind of bug and blamed it on DRM. According to a later poster, the problem may actually be caused by video card drivers.

    • > Unfortunately, the Square Enix taint is already there, and you get half a game out of the box with the rest being released as an endless stream of DLC.

      Oblg.: http://www.jpgdump.com/files/7389 [jpgdump.com]

  • Farewell, cracking. You gave it a valiant go. Alas, they do not want you.
  • by Sentry23 ( 447266 ) on Sunday March 27, 2011 @06:00AM (#35628764) Homepage

    I wonder how much of his coders come from the cracking scene, and how much from the demo-scene.
    The cracking scene has always had some ties with the demo scene (and in some cases demo groups where the 'legal-branch' of some hacking groups) but cracking PC games does not bring much skill for game coding. (or is x86 assembly code really such a special skill these days?)

    • by sourcerror ( 1718066 ) on Sunday March 27, 2011 @06:43AM (#35628876)

      Is this x86 thingie a new .Net language or what? /ducks

      • by Anonymous Coward

        no, #86 is the .Net managed version

    • Using 'hack' to mean 'crack' is no different from using 'jew' to mean 'con'.

      • Using 'hack' to mean 'crack' is no different from using 'jew' to mean 'con'.

        Well, yeah, except for the fact that most people are aware of the definitions of "Jew" and "con." (Well, most of the definitions of con, at any rate. There are a few odd ones that don't get much use.)

        Hacker and cracker? Not so much. I consider myself a reasonably savvy guy, and I'm not super clear on the differences of hacker vs cracker. While I realize the broad strokes that separate them, and that they are non-synonymous, I genuinely had no idea that people are offended by one and not the other.

      • "And now for todays FOX News: Kikes on Steroids! These people treat our Global Economy like a Video Game!"

        ...No, no I don't really think it has the same panache and flair.
      • Using 'hack' to mean 'crack' is no different from using 'jew' to mean 'con'.

        Personally, I prefer "gyp" rather than "jew". Just as insulting, but more socially acceptable.

        And cracking DRM usually involves hacking.

    • And there are people who confuse modders with hackers.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Sunday March 27, 2011 @06:25AM (#35628820)
    Comment removed based on user account deletion
    • by DavidTC ( 10147 )

      RPGs are about the only genre left where mods seem to be accepted and made possible by the game developer.

      • Comment removed based on user account deletion
        • by DavidTC ( 10147 )

          If I had meant MMORPGs I would have said them. I meant standalone ones, exactly like Fallout 3 and Fallout NV.

          Or other Obsidian offerings like NWN2 and KOTOR2. Or the Bioware games like NWN and Dragon Age.

          Basically, every RPG of note in the last decade, and RPG company, seems to have modding capabilities.

  • by erroneus ( 253617 ) on Sunday March 27, 2011 @06:28AM (#35628830) Homepage

    I know, it's really tough to generalize like that but I ask this question because of an experience I am having right now and it's the very burning question I seek perspectives on.

    My programming background is more formal. When I plan a project, I plan the UI, the data structures, the program code and of course, the intended functionality. Only after that do I start coding.

    When I started in programming, I was a kid -- I just wanted to write code and see what I could make it do but I eventually outgrew the idea. But the more I did that, the more I realized I didn't know what I was doing and the more complex my programs became, the more lost in them I became. Those problems led to my needing to become better educated and more systematic in my approach to coding.

    I have a co-worker who is absolutely enamored with hacking and cracking. He is by all definitions a script kiddie. He has managed to generate some simple apps which are useful, but when I look at the code, I am ... well, there is no kind way to put it -- it looks like a teenage boy's bedroom. And while he is coding his current project, he is routinely banging his head on the keyboard trying to figure out why he is getting segfaults and the like until he gets himself through that step of that module of code.... (I presume there is going through steps and modules) I have watched him kill himself over not knowing when to use an ampersand to pass a pointer or what have you. That's when it hit me -- he still has no grasp of C coding fundamentals -- it is not a part of his inherent thought processes when his is "thinking code into an editor" which is what a good programmer should be able to do.

    As I said, I have seen his source code in PHP projects... not good. I have seen where he left output generated by program unclean and incomplete. Now I see he simply doesn't think in code at all --- he spits out commands and then tries to get them to work. All he does it hacking and cracking... he actually uses metasploit and meterpreter scripts in administrating PCs on the network.

    And it goes without saying that none of this is documented particularly well if at all.

    So the question is one I believe I already know the answer to -- are hackers/crackers better programmers? I think no. But what does anyone here think? I am pretty sure some will take the opposing view point and I suspect they will be the same people who once asserted that validating your input is a waste of processing and code execution time.

    • I have a co-worker who is absolutely enamored with hacking and cracking. He is by all definitions a script kiddie.

      You pretty much answered your own question: he is a script kiddie, not a hacker or cracker. Hackers are elegant and, in my experience, have a higher sense of intelligence and thought process. That's often the divide for people who go to school to earn their degree in computer science and the ones that are successful programmers without going to school to earn their degree; the formally educated feel like they deserve some bonus credit because they blew tens of thousands of dollars getting a piece of paper. Don't get me wrong, going the degree route is the smarter choice overall, but it certainly doesn't give merit to your skills. In fact, I'd probably hire a seasoned hacker over someone with less than 10 years of school-earned programming experience.

      • This "divide" is probably the one I've been hearing about where some people just can't program. As in, they can "type in commands" as the parent described but they can't program in the abstract. This is probably the same people (again, heard about, never met one) who fail the FizzBuzz test, yet claim to have worked as programmers for a very long time - that would mean that these people must have hunkered through their career by copying code of the internet and altered it until it works.

        Now, most people wh
        • by DavidTC ( 10147 )

          Programming is both a skill and an art, like painting or cooking. There is a skill, which is mostly knowledge, that you have to train up. But there is also a binary switch...you either have it, or you don't. You either grasp the concept, or you don't.(1)

          If you're ever in a CS program, you'll notice that between 25%-50% of the people actually understand 'programming' by the second year or so. (The number is probably higher in better schools.) Most of these people who understand had already dabbled going in,

          • by DavidTC ( 10147 )

            Actually, right after I posted this, I realized you didn't need a temp variable. I thought you needed temp = current; current = current + last; last = temp;

            But presumably, you have a counter variable somewhere else, so you can do current = current + last; last = counter;

            Duh, that's what happens when I try to describe code without actually coding it.

          • by fbartho ( 840012 )

            Woot! I'm using your question in some near term interview. I'm bored with trying to think up unique and interesting questions, on the fly, only to have the candidate flub them, and still feel like I can't use the question again.

            • by DavidTC ( 10147 )

              Sometimes the simplest do the trick. I mentioned temp variables. (Although it turned out I didn't need them.) Non-programmers don't understand logic flow, which I think is the major difference between programmers and others. So something like:

              You have three variables, a, b, and c. You need to make a end up holding b-a, and b end up hold holding a+b. c can end up with anything you want.

              A real trained programmer will use c as a temp variable. c=a;a=b-a;b=b+c;. They won't even have to think about it, it's ob

              • And some God-like programmer is going to come along and demonstrate that you don't have to use c at all, you can magically XOR things or have a long string of a += b -= c += a or something and make it all work with only two variables. Obviously, they pass also.

                A reluctant pass...firstly, they are, in all probability, not god-like (see footnote); most likely just a show-off, or someone who's indignant at being given such a trivial exercise. (see footnote)

                So you give them a pass, then an Untrained Program

                • And some God-like programmer is going to come along and demonstrate that you don't have to use c at all, you can magically XOR things or have a long string of a += b -= c += a or something and make it all work with only two variables. Obviously, they pass also.

                  A reluctant pass...firstly, they are, in all probability, not god-like (see footnote); most likely just a show-off, or someone who's indignant at being given such a trivial exercise. (see footnote)

                  Actually, you'll never even know that you've been interviewing a true "god-like" programmer because they'll just get bored with such a mundane problem, open the Real Life debugger, hit the "Rewind to Previous-Stack-Frame" button a few times, and walk past your office leaving you wondering why the applicant never showed and experiencing a strong sense of deja vu.

                  ...sorry... I know I'm not supposed to talk about us, but I can't keep pretending that your world isn't just a big physics simulation when you ma

                • by DavidTC ( 10147 )

                  A reluctant pass...firstly, they are, in all probability, not god-like (see footnote); most likely just a show-off, or someone who's indignant at being given such a trivial exercise. (see footnote)

                  *The remaining 20% being made up of the 19.99% of people who've been shown the XOR trick and the 0.01% of "god-like" programmers who intuit it.

                  No, if they can figure out how to make a chain of additions and subtractions come out right for a+b and b-a, they're pretty damn smart.

                  That's why I didn't give a straigh

      • Going the degree route is absolutely meaningless because of what little they teach in college. In fact it's a liability because if you were already a good programmer at age 18 (an age you know you enjoy programming rather than chase the dollar) you wouldn't have pursued it.
      • by DavidTC ( 10147 )

        No, he's not a script kiddie. He's just a bad programmer.

        Script kiddies don't do anything new, they just run code written by other people. Someone who tries to write code, even if not very good, is one step above them.

    • I think you're sort of answering your own question. He's not good at what he does, and evidently can't work or think in a structured manner, so he's a bad hacker/cracker/programmer/what-have-you. Personally, even though I don't have a formal programming education I think that it's intuitively self-evident that any "competent programmer" can learn to break copy-protection/write exploits/etc, not because "it's easy" but because most security holes that can be exploited are perfectly evident if you actually un
    • by Quirkz ( 1206400 )
      My stance is a little different, but I frequently recruit hackers (in the positive sense) to help me with the game I run, though it's frequently more in a testing and advisory capacity than coding. But I have done both.

      My game a web-based RPG programmed in PHP, and started out mostly as a solo project. I'm pretty conscious of security, because I have to be to keep people from exploiting the game. But I regularly rely on good-natured testing from the players to identify functionality problems and security

      • That's all well and good until you start storing "sensitive data."

        • by Quirkz ( 1206400 )
          Well, yeah, that'd be a problem. But 1) it's a game, so I've got almost zero sensitive data. Real name and email address is as sensitive as it gets. 2) I keep even that small bit of data out of the development server where anyone else might have access to it.
    • Bioware released a GUI toolset for Dragon Age: Origins on the PC; It was used to develop the game. When I mod the game with the toolset I am usually modifying textures or character models by changing the variables in the GUI & the editing files they may reference in an editor like Photoshop. So a Bioware developer doesn't need programming skill to do some of the footwork in game development. Programmers use the toolset also. I don't know much about it, Bioware runs a wiki for the toolset that describes [bioware.com]

  • by Rogerborg ( 306625 ) on Sunday March 27, 2011 @06:59AM (#35628922) Homepage

    And we might not always tell you what you want to hear.

    Back in The Day, I wrote a borg client ("Rogerborg") for Netrek [netrek.org] which used a man-in-the-middle attack (and a bit of library overriding) to spoof the RSA authentication scheme used to detect blessed client binaries - Netrek was decades ahead of its time with regard to security.

    It was a great learning experience, and convinced me that trusting the client is futile; there are always more people out there trying to crack it than you have developers to protect it. I kind assumed that in the 18 or so years since then that lesson would have been learned, but even to this day, we still see game after game released that try to play whack-a-hack on the client side.

    Please take it from me: you can't win that fight. And that counts double if you have to pay developers to effectively fight against the enthusiasm of your playerbase. The more successful your game, the more potential crackers you have.

    Saying "Yeah, put some checks in the binary, or ship it with Punkbuster and we'll fix it later."? That's a great strategy if you're planning for failure.

    Secure the servers, come up a network protocol that designs out the ability for cracked clients to profit, and you're done. If your game doesn't lend itself to that design - like a twitch FPS where an aimbot can get an auto-kill - then bad news: You. Are. Screwed. Just try to make your costs back before your client gets raped and your game collapses under the weight of the bots.

    • But how many man-hours would that entail? Looking at Punkbuster and the various DRM schemes, it looks like the main blockage to the built-in-security-in-games suggestion is the pervasive outsourcing of security solutions to outside companies, and they obviously can't just waltz in and redesign the program. Either the programmers or an external consulting group of some sort would have to work/collaborate on it from the beginning. And management would probably only be able to see "cheaper faster clamp-on secu
  • by jmac_the_man ( 1612215 ) on Sunday March 27, 2011 @08:14AM (#35629260)
    Everyone here is focusing on the "we shouldn't have DRM" hypocrisy,while ignoring the "we shouldn't have bad PC ports of console games" hypocrisy. This tells me that nobody here has ever played Just Cause for PC.

    Just Cause is a GTA style sandbox game. You're a CIA agent in a tropical paradise ruled by an evil Communist dictator who has to be overthrown because he's evil and Communist. You go around fomenting revolution. You play the "good drug dealers" off against the "bad drug dealers." You play the civilian police off against the army. You assassinate members of the Evil Communist Dictator's government. Pretty much, you go around wreaking GTA style havoc.

    Oh, and advertising materials said that the island was something like "100 times bigger than GTA III." So in order to get from your successful mission with the Good Cartel to your CIA contact who will tell you to go assassinate the Evil Dictator's son, you need to steal a vehicle. The best way to do this is with your grappling hook, which can hook on to vehicles, and then you can reel yourself into the cockpit/driver's seat and commandeer the vehicle. Seems like a pretty cool feature, right? The hook in this game is literally a hook.

    Here's the kicker. Like I said, I played it on PC. GTA style sandbox games universally play better with a gamepad than with a keyboard and mouse, so I have a USB one. It's not like Just Cause, or any game in this genre, is a twitch shooter. There's too many things to do that aren't move or shoot. Splitting up the various controls that are easily confused makes sense. (The classic example is tilting a helicopter left or right versus using the helicopter's rudder. GTA III era games map tilting the helicopter to the joystick used for movement, and the rudder to the left or right shoulder buttons.) Just Cause does NOT accept a gamepad as an input for some reason. It also doesn't let you remap your controls to a set of settings that makes more sense to you. Those are two basic features that every PC port should have added to it, and the lack of them means they probably cut corners somewhere else too.

    Secondly, because GTA style sandbox games are not twitch shooters, most games in this genre have a lock on feature, even on PC. They took the lock on feature out of Just Cause PC (it's in the console versions) for some reason. This makes it impossible to steal a faster vehicle than the slow helicopter that spawns at your base, which makes it impossible to get from mission to mission, which makes the game not fun because all the areas outside missions are boring and not part of the gameplay. Remember how the island is 100 times bigger than GTA 3? Well, 99% of that space is useless.

    The game should have interested me. I love GTA. I love Red Dawn. This game is pretty much those two concepts mixed together. By all rights, I should have loved Just Cause. But because of the poor PC port of the first one, I had no interest in the second one. A lot of people will keep buying games despite DRM. It won't kill PC gaming. But EVERYONE has a breaking point in terms of crappy ports, and THAT is what will move everyone to consoles.

    • Well, I have not played just cause, but I played GTA 3s and GTA4 with both expansions on PC. Just last week I beat the campaign in Just Cause2. it is a truly worthy game where the grappling hook put to good use.

      I enjoyed last GTA3 (was it san andreas?) more than the 4th one. The expansions improved the situation though. Just cause 2 doesn't have the production values of a GTA game, but it's light hearted and arcade like approach is fun. There are quite a few things I hope the improve and add for the sequ

      • My brother played and beat JC2, after knowing the problems that I had with JC1. He said it didn't fix of the problems I listed. (No auto aim and it taking forever to get somewhere useful. He didn't try it with a gamepad.) Do you disagree?

        I also prefer GTA 3 to 4 for the same reason as you. I didn't play the epansions, but I did play Red Dead Redemption, which seems to fix the problem of not taking itself too seriously.

        • The auto aim is there and I don't think it can be disabled.

          Fast transportation is a major plus in JC2 ans is not an issue. It's much faster than any GTA. You can instantly teleport! to any location you have visited in the past as long as you are not in a mission or being chased. Additionally, there are choppers and fast planes that can get you anywhere you want. So for example if I want to go to a new place which is far away, I teleport! to an airport, steal a plane and I pilot it to the new location.

  • These people are not "on the road down to anarchy". Spare me the melodramatic crime spiral, do you know a single cracker who even sees himself as a criminal? Or as someone who'd see this as his career, as the big, evil mastermind of the next big cracking crew? Puuuleeeeaaase!

    These are people with some skill (of varying degree, I admit... *sigh* the good old copy protections of the past are a past, sadly, today it's more a vanilla crack over and over... but I ramble) who enjoy a good battle of wits. At least

    • Yeah. I'm thinking the main drive behind cracking/releasing is recognition and cred. You get to be all secret and stuff, part of an "inner circle". You're doing things that other people can't do, and are looking in awe at - your abilities are speculated about and discussed. But given that you're not actually creating anything or making real changes (just giving people free entertainment), it's probably going to wind up feeling pretty empty I'd imagine.
      • Has it ever occurred to you that people might crack games because it is challenging and fun? Have you ever actually tried to crack software DRM? I did it once with some specialized software that wasn't popular enough to already have a crack and not only was the process itself enjoyable in a puzzle solving sort of way but it's a great feeling when you finally get it cracked. In some cases cracking a game may be a lot more fun than actually playing it. And the fact that it is illegal and forbidden makes it ev

        • That's the gist of my argument, really. I'm into computer security because I basically think it's fun to play splinter cell with computer systems. Nothing else.
    • Here it the big problem with your post: Most criminals don't believe they are evil or have done anything wrong; even murderers and serial killers. Just ask any prisoner.

      That the crackers don't see themselves as criminals does not mean they are not criminals or that they are not evil. In fact, it argues for believing they are evil. I know someone who was arrested, jailed, tried, convicted, and put in prison for delivery and sale of heroin. She says she didn't do anything. She and her husband deliver

      • They think the law does not or should not apply to them

        Or maybe they think some laws are stupid. Like the laws against software cracking and reverse engineering. Are you one of these people that thinks everything legal is right and everything illegal is wrong? For a thinking person one has nothing to do with the other. That is what "makes it okay".

        • I see. So, it is your suggestion that criminals should be allowed to substitute their judgement as to what constitutes a stupid law and be the arbiters of right and wrong. Interesting idea, but we have something called a "government", maybe you have heard of it. It is this this group of people elected by the whole of the people, not just the criminals, to make the laws.

          Tell me, are you one of those people who believes they are better equipped than all the rest of society to determine what is right

  • by ShakaUVM ( 157947 ) on Sunday March 27, 2011 @09:16AM (#35629560) Homepage Journal

    Turning game poachers into game wardens is an old trick, dating back many centuries.

    This is not a new thing, at all.

    • by drb226 ( 1938360 )
      This is slashdot. Old is new and new is...also new.
    • by Ocker3 ( 1232550 )
      Excellent analogy, perhaps with a correlation. The better the poacher, the better the warden (one would imagine). A hacker who is actually able to pull off very complicated hacks probably has either immense talent or has a methodology.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...