 We'll be talking today about gaming in the glass safe, which is about games, DRM and privacy. My name is Ferdinand Trober and I'm a security researcher and I've got a strong background in games. I've done game development and game security. So let's look at the privacy aspects. The outline for my talk is, first we'll start off with some historical development, which is about the copy protection that actually DRM and everything we're going to talk about and the privacy impacts actually came from. I mean it's important to understand the historical development, to understand where we really are at this point in time. Then we'll look at the different DRM approaches that exist at the moment. We'll do a privacy study on each of them. We'll look at some of the failure cases, which might be or might not be depending on if you did it or not, quite amusing. And then we'll look at some of the case studies in particular and give names to things. I'll then continue with messing with the gamer because some of these DRM systems are rather easy to mess with and you can piss somebody off significantly or you can get revenge if they pissed you off. And at the very end there's something that I tossed in on a recommendation from a friend is we'll talk about why games are actually being cracked and there's some interesting tidbits here that basically put everything else into perspective. And then if you still have time here, we'll do Q&A and otherwise the breakout session is in 106. First of all, we've got the historical development of copy protection. One of the very first things that happened was we had floppies. And floppies were the big distribution media in the 1980s and around this time. But the problem is also floppies at that point in time were relatively cheap. I mean, they were feasible. They were cheaper than actually buying, let's say, a game. So the very simple thing that had already happened at that point previously was disk layout protection, meaning you have a very unique disk layout that your normal operating system copy routines don't understand. The application and game itself actually understands it and therefore you can get away with this. You're basically breaking the standard to some extent. This wasn't a big hurdle for copy protection and we'll actually see that has been done in the same way later on because we didn't obviously learn at it from all, from a copy protection perspective. But the resolution for this is really simple. You do enable copy and enable copy just means you're reading out the raw data and you duplicate it. So to counterbalance that, the next thing that came out was the so-called feelies. I'll actually have a specific slide for those because I think they're really interesting. The idea behind those is that you have a physical token that you get with the game or the software. One of the pictures up here and I'm not sure if you can see it is a small little prism that came with the game, really annoying to use but you held it up and it would take some pixels that seemed to make no sense and would generate a picture that you then had a challenge and response to. So you had a lookout table that was printed out. And these are all bound based on the idea that you have something physical that comes with the game that is hard to replicate and therefore you need to buy the original game to actually use it. The other thing is they also give you need little content. But given that you can replicate most of these relatively easily, at least with today's technology, they are totally useless. The other thing that also plays into this here is that if you can remove the little bit of code that actually checks for it, then you can just play the game and don't have to worry about this. So as a side note, the feelies in more detail because a couple of the younger folks might not have seen this. I still remember when I had games that I actually played with this and I really liked them. Especially in the middle we have Ultima 7 and Ultima 7 had this beautiful cloth map and it was really nice, it still hangs on my wall actually but it also doubled as a lookup table. So you could figure out where something was and you needed to answer some questions. This is only effective as long as the token hard to copy. For example, on the right side here you've got like SimCity and that's in red because black and white printers or copy machines would not be able to copy this. These days you take a picture of it with your cell phone and you're done, you put it into the internet and you've just voided everything. So it's completely outdated but it's kind of nice to see that there was a part of DRM or copy protection that actually added value to the user and this is the last time we'll actually see this, that there's added value to the user. So the next step that came along was the revolution with using CDs and later on DVDs that is then again mirrored and that was around 1995. You had games that previously came out of floppy, now it was too big for a floppy, you came out in disks and the CDs were again harder to copy in the beginning because you needed to have expensive hardware, the empty disks were relatively expensive but again like the same thing with the Nibble copy as long as you have a hardware that can actually read the disk and you can copy it bit by bit, there's not much to it. The tricky part here is that the game publishers and game developers or anybody that was in this copy protection scheme broke the CD standard and that's where we get a lot of the disks these days that are bigger than what the original standard was envisioned to be because they just could get away with it. And this is obviously only applies to digital media and we see how this moves forward in a bit into the digital realm as well. A couple of years later after everything failed with the CD protection, the duplication, people were just duplicating their CDs, the next thing that came along which had actually been previously applied to office software for example is the registration key. And very simply put, a registration key is a secret that certifies that you have actually purchased the software legitimately and how they are done underneath the hood is there's typically some cryptographic function that has a couple of parameters that the publishers or game developers can tweak and that will generate a sequence of valid registration keys. Now there's two problems with this approach. First of all, the registration keys can be reverse engineered if you have a lot of them or if you can actually figure out what the checks do because the checks have to know part of that algorithm to actually work and part of the parameters. So again you can break this either in the brute force method quote brute force where you generate valid registration keys and dump them in or you remove that little bit of code that actually checks for it. One of the games that actually used this for the first time was as you can probably barely make out up in the picture is Half-Life, the original Half-Life. And they used it for installation and then later on if you had a collision of registration keys during multiplayer you couldn't play a multiplayer key but it wasn't as essential and as baked in as it is these days. Now I've been talking a lot about these techniques that you can remove a bit of code and then everything is avoided. Like you can work your way around this. So what happened really early on like in the 1980s and even earlier and then again in 2000 and that's why I have two numbers here is code obfuscation. The basic idea of code obfuscation is that you make something so convoluted that it's really hard to remove it or really hard to figure out what it actually does. And pre-2000 at least in the game space this was all mostly homebrew stuff. So people would generate their own little code pieces, they would drop it in, they would have something in their compiler chain that would do some magic and ideally that would thwart all breaking of the software. In reality it doesn't. And this then just moved into a greater business where people specialized on actually code obfuscation and you have the emergent code obfuscation middleware in 2000 and that's why it's listed a second time. And the idea here is that you as a game developer as a game publisher, you don't bother about the code obfuscation, you actually purchase this from a third party, you drop it into your compiler chain and you're good. Well, this has a couple of problems. First of all, you've got these pieces of middleware that all do things simultaneously. And that actually helps as a cracker, if you're in the cracking scene, to identify what's going on and to possibly reverse engineer it faster. The other problem that you have is code obfuscation theoretically could be applied significantly stronger than it is. But it then has a significant performance impact. And since everything about games is performance, like you want to get the very last frame out of it. And I've seen this myself, code obfuscation sometimes would have a feelable performance and measurable performance impact. Or even worse, you would break your ability to even analyze failures in the program. So if you have crashes and code obfuscation is running, you might have no clue what just happened because the point is that you have no clue what happened. So, but this is the state of the art. This is going on even now and there are smarter ways of doing it so you can still get some information out of it at least for debugging purposes. Now the first big category that is still applicable now, everything up to this point is kind of like little bits and pieces that are still applied, but not a whole system. But the first real big one, it came out in 2002 and onward. And that's what I call the network DRM. And the idea is previously we have done stuff on the machine. And since we own the machine, at least from a gamer's perspective and from an adversarial perspective, we can eventually break it. But now you bring in the network. You verify your registration key or some other properties of your machine remotely. And since you don't control in theory the remote machine and the remote server that checks that, you should be able to add more security here from a copy protection perspective. Well, that's not necessarily the case because again, you can remove these bits and pieces and you're adding a lot of additional overhead that is problematic for the user which I'll talk about in a bit. It just raises the bar. And this is all an arms race as you'll see as we move along. It's always a step up and it makes it more complicated and convoluted to the gamer as well. Oh, what I actually should still say for this, this is also the first time that we really have to worry about privacy because before we have been on a local machine and there might have been changes to the local machine, now we are moving, we are sending stuff out. We are broadcasting. And at that point, you actually have to start worrying about privacy. Now in 2003, this is actually a really rapid succession here. There's the so-called social DRM. And specifically, if you look at the picture, I'm talking about Steam for the 2003 date and since then that has emerged into a couple of other platforms and we'll give names to those later on. But the fundamental difference between the network DRM and the social DRM is that you add what is now perceived as a social network to it. And you still have the DRM and everything cooked in, the copy protection, but you now have a user identification instead of a machine identification. And then the last little piece that came around in 2006 is not necessarily DRM, but it's an extension of this which is interesting because it's a big money-making thing these days and that's DLC. That stands for downloadable content and the idea here is if you have already shelled out 60, 70 bucks for a game, we'll sell you an additional content for an additional five dollars and you're probably gonna purchase it because you want to know how stuff continues. But at least in the beginning it was a bit ridiculous because the picture you see up there is the famous horse armor from one of the Elder Scrolls series and that was literally just the texture and I think it cost about two bucks at the time so that is kind of very blatant money-making. Now let's give these systems that we have talked about names. Because you'll hear this in the news, you'll see it when you start up your games and you might have even run into trouble with these. And these are the three categories that I'll mainly be talking about. We've got the copy protection on one side and copy protection is partially outdated so you might still see the names pop up but they are not very effective and they might be employed with other DRM systems on top of them. And I classified them roughly into the obfuscation, the CD copy and the mixed ones and the most successful have been the mixed ones. And by the way, this is by no means a complete list. There is way more out there and as a little segue, it's kind of interesting when I was researching for this, I was looking through a lot of pages and web pages of DRM and copy protection companies. And getting information from them about what their copy protection actually does is surprisingly hard. You would assume that they would advertise, hey, we have this big thing, we protect your memory, we do this and that. No, they're like red cubes and the red cubes for some reason mean copy protection. And then there is a phone number. There isn't even an email address. I think they are so scared and paranoid at this point that they are gonna just get mail-bombed or whatever that they don't put information online anymore. And I didn't really feel like calling them up and explaining to them that I'm actually talking about them. I don't think that would have gone over very well. Okay, back to the topic at hand. So we have the network DRM here that is basically what's more or less the state of the art for a lot of games out there. And three in particular are really popular with games these days and they're actually employed even on top of the social DRM. So you might have two layers on the DRM which doesn't necessarily increase security as we all know, but it just increases annoyance. And my favorite one on there is actually the Tage and that's just because I don't know how to pronounce this stupid thing because it's a French company that makes it so I want to pronounce it in French but it doesn't look like it has an accent or anything in there. And we'll hear about this more in detail why this is so amusing for functionality purposes. The other thing that is in the network DRM because they don't employ social systems is the what I call NextGen DRM. And this is basically publisher oriented. Ubisoft and EA have been dropping them on their games and they are really strict and stringent. Then we also have the social DRMs which are broadly categorized into two categories. You've got the content delivery which is steam where you have a focus on digital delivery of content so you don't have to worry about putting on pants to purchase your games. You can just, you'll just purchase everything online. You'll gift them your credit card or somebody else's credit card and everything is cool. At least until it is covered that you give them somebody else's credit card. And this is where I see most of the game platform starting to move into because they are trying to use the social component to convince you to really buy a game. What is a side note here is what I've put in gray here is the vault garden model. And people don't usually think about this but these are all the consoles that are out there and that's why they are less interesting to some extent to talk about and most of the stuff that I've covered so far is all about PC based gaming. The vault garden is basically you've got specific hardware, you've got specific software and you've got a gatekeeper that prevents software from arbitrarily coming into the garden or uses from arbitrarily coming into the garden. And the iPhone and other mobile platforms are basically similar to this. Now let's hop into the privacy aspects of this because that's one of the main topics here. So again, I'll repeat myself here for the copy protection, we basically have the main intent of copy protection is to locally prevent you from duplicating something. So you keep a local state that is not exposed to the vault. Although one thing that might already be of a little bit of privacy concern or concern in general is that they modify your operating system. They install drivers that later on could wreak havoc and cause a couple of crashes or just bring your system to a crawl and it also stores data locally. So somebody later on could still figure out that you have used the specific copy protection scheme. And sometimes they start on each other too which is kind of funny. Now, the biggest failure of copy protection and that's why they are basically outdated is that the advances in the current technology have made them to some extent obsolete and it's all of this arm race. And the biggest points here is the digital reproduction and I'm thinking specifically about the feelies that I talked about earlier anything that uses a lookup table that is printed and you get with the game. But also binary analysis, technology, hardware in terms of like we can just rip any disk at this point and then the internet that gives us this great big community where we can chat about problems that we have how to break a DRM and also how to share data. But the very fundamental problem that is really the underlying basically I would say Achilles heel of this whole system is that you have everything on copy protection relies on an error case functionality. So you have this one check that will say do you have the proper disk? Do you have the proper registration key? And then there is a yes, no branch and that's pretty much it. And you can toss as many as you want in there but if you find them all, you can just continue playing. Now, the network DRM as I said is a step up from this and actually I want to formally define DRM if I can actually read this on my screen here through the glare, it's technology and this is courtesy of Wikipedia. It's technology that inhibits users for digital content not desired or intended by the content provider. And if you think about this a bit it's significantly more than just copy protection. This basically means if you start this I mean in a really broader sense this could mean if you start this up at 12 a.m. at night or at 12 a.m. at night and it's not intended to be played between 12 a.m. and 3 a.m. then DRM will take care of that. That's way more than copy protection and so this restricts the usage and therefore it needs to monitor you more closely and it needs an external monitor because in a local monitor you could just change. In terms of privacy this has significant impact because first of all we either have a unique machine identifier or we even have what's called a use ID where we fingerprint the user or we fingerprint the machine and fingerprinting the machine means that you basically query and look through all of the hardware that's there and you could theoretically already publish that to somebody. Then all of this naturally needs to be exposed in some extent over the network and this exposure might be just a data stream because it's encrypted and they're actually doing that due diligence but it could also be more that you have a user account and so on, I'll get into this in more detail. But basically I can identify at this point if I'm installing a game, if I'm starting a game and if it's a runtime check, if the game is actually running. And one of the big things here that is on the horizon and hasn't quite happened yet is the content execution thing and this is what Ubisoft in particular has been talking about and I've actually tried to leave names out of this but it's in some extent not possible. The idea here is that you don't have the full program on disk. You have most of the program and at specific points it pulls down critical pieces of executable content and this when you think about it has first of all the privacy aspect that now since these are bigger pieces of content I can probably identify more directly what you're doing but in the other aspect it's also you get executable code through just other means. If somebody high checks this all bad things can happen but this is more, it's on the horizon and it's something that might be of concern in like a year or so. Now, network DRM has had a couple of spectacular failures and I'll go through a couple of those because they're quite amusing and it also shows that they just don't learn. The first one that I want to bring up it has been extensively in the media so I'll gloss over it, is Spore. It uses the Securum DRM and the main idea here is that it requires an online registration on install and it has an install limit which should already ring all your bells. If your computer or your hard drive crashes a couple of times you can't install this past three or you couldn't originally. And it also quotes phone's home meaning that it contacts the server from time to time to make sure everything is still valid. This was in 2008 and in September it basically was the most pirated game ever before it ever came out. Developed about half a million torrent downloads before it released it and this was a major failure in terms of DRM. It was just stripped off the disk immediately. A lot of the people that actually used it really didn't like it and that's that little picture there that is the content in the game for the people that don't know Spore. The idea is that you have a little amoeba and you develop it into this galactic civilization and along that you can create a lot of custom content. And the game just got one star ratings although for all other intensive purposes it's a cool game. From a DRM perspective, the binaries also stayed on disk so you got those binaries for good. Luckily with all of the buzz around this in December there was actually a release of an uninstalled tool and the uninstalled tool if you did it correctly would remove most of the binaries and it would also reset your install count. But the question is why not immediately get it right and this is one of the first examples of the network DRM starting to completely fail and fall apart. The next game, Stalker Clear Sky. It's a more obscure game in this sense because it's a first person shooter that's around Chernobyl with sci-fi aspects. I encourage you to check it out because it's actually quite a lot of fun to play. But it uses this obscure target as a DRM or I shouldn't say obscure is pretty popular but it basically has the same idea behind it. You have an online registration, you've got an installation limit and by the way this time they already learned the lesson you can uninstall and that you get the installation back or you can at least go to a site if you know what you're doing and say yes I uninstalled this. But in December of 2009 after this game was released Steam had a sale and here we see already Steam itself provides a DRM but the DRM from Tarje was still on top of Stalker and so once you installed it through Steam it would go ahead and contact the DRM server from this DRM system. And as it happened over Christmas because of so many people using it the DRM servers went down. And I don't wanna blame the French for not being in the offices during Christmas but it took a few days for them to bring them up online and it was intermittent failures. So imagine you bought this and for three days you can't play because it tells you you haven't purchased this legally or I can't verify this. And this is the next step that points towards that this is just not feasible anymore. Now the next one has been in the media quite extensively and that's Assassin's Creed 2. And this is actually kind of different problem here because before we had this activation limit and the problem was basically the activation and this was a single point in time where it was checked and then ideally we were good for a while. The UBIS of DRM on the other hand and it by the way has a real name but nobody really cares for it. It's just used by all UIS of games. And it requires a permanent connection and I want you to fully understand this. Permanent means that if you play single player and you never intend to go online you never intend to play this with anybody or it's a full single player game you still need to have a perfectly fine internet connection. And if you don't and it drops then you would be reset originally to a checkpoint which you can always see if I can mess with the network then I can pretty much make somebody scream in front of their computer and we'll get into that in a bit. But this whole system was tied to a user account and it also stores safe games in the cloud and that was actually the big selling point for marketing. I guess they couldn't come up with any other reason why people should really buy into this except for your safe games are stored in the cloud and if your computer catches on fire your private files and your bank account is lost but at least you've got your safe games because we have it in the cloud. So in March of this year the obvious thing happened. Authentication servers went down and depending on who you listened to it was Adidas, they just didn't know what they are doing probably it was all of the above. The fundamental fact is that the servers were down for plus 10 hours multiple times and this means a block of 10 hours where you just cannot play on multiple blocks and you have purchased this game for 60, 70 bucks so this is not good and this impacts single player users and the official statement from Ubisoft was 95% of the users were not affected. These are not the droids you're looking for but it's just the fact that even the clouds here have said this point failed. So what was the answer? Patch it, obviously. Luckily it was patched relatively quickly some of the connection problems went away and the good thing is that they at least reacted now the game pauses when you lose connection and then it resumes at the same point that you dropped off you're not reset to a checkpoint that was five hours ago and you can also do local saves. So we see a bit of positive development but the question is why should we use this and there's also data that streams over the network that I'll get into in a bit. The next thing is I apologize if there should be anybody from Ubisoft in the room but I mean this is just what happened. There's Settlers 7. It might be a bit more obscure in the US market but in German market this was a big game and the idea here is that you have like little settlers that run around and you have like you mine stuff you build buildings and so on. It again uses the same DRM like Assassin's Creed and so on, same selling points and in April of this year it came out in Germany and there were immediate authentication server failures. This was so bad that they had within a couple of hours 50K posts in the forum and this wasn't like random people screaming like your game sucks, this was like literally I can't play this, I want my money back. And the multiplayer component for it was virtually unplayable and it's kind of unclear if this was an interaction with the DRM if this was the game being totally like just full of bugs but the main essence here is that the DRM didn't make it better. It was patched with little effect and then the actually really hilarious part was that in June it came out in Australia and the Australian players were immediately greeted with this game isn't active in your region yet. So I mean this happened for a short period until they got their act right but it is kind of a problem that you see with DRM too if nobody flips the bit then you're screwed. Now I'm pointing out the obvious thing here. The network DRM is just a futile attempt and the internet summarized it very well with this picture that I don't even have to further explain. The only measurement or metric I want to give you here is that Assassin's Creed II has been cracked and Assassin's Creed II had the uncrackable DRM and quote was cracked in 25 hours. So this is not a major hurdle for anybody. Now from a publishers and game developers perspective what's the next step? I mean this is clearly broken. Oh, sorry I'm getting ahead of myself. The privacy impacts of this that is definitely interesting to get into. So the Ubisoft DRM is the most stringent of this of these sets of DRMs. And when you look at the network traffic that is going on in your system when you actually run one of those Ubisoft games it has a TCP connection that's encrypted over port 80 or any other port that is tunneled because it could depend on what your network looked like. It actually does a fair attempt of trying to get out obviously. It's also required for single player and it has the whole failures. But what this actually means is that you have the ability to track all game usage at this point. You have this data stream that goes back and forth and you can actually measure when this data stream stops and then you know that whoever played the game stopped playing the game. And this is applicable especially for wireless networks. Now to what I got ahead of myself before. Now the network DRM for most parts are cumbersome and a failure. So let's start over with a semi blank sleeve and look at a different approach and that's what game publishers did. And that's where the social DRM comes in because apart from having the DRM components you also try to use the social media and the aspects of that to have psychological reason for actually buying games and sharing games with other people. The only problem here is this is also for content delivery and therefore you have this whole tale of additional privacy relevant information that now gets tagged onto your games. Specifically you've got everything we talked about in the network DRM. But you also got user account information and what is really interesting here is when you deeply look into what kind of privacy information you have actually your personal information you've got to reveal is, you at least for me, whenever they ask me for my date of birth, I'm like, why? Why do you want to know my date of birth? There's a lot of havoc you can wreak with my date of birth. And so for all official purposes I'm born on the 1st of April 1980 which is not my real birth date but they could eventually bite me in the ass if there's really something that they need to check and forget about this. They also want your address and so on but this gets even worse because you have to have payment information with this because remember digital content delivery you don't wanna send them a check and then receive your digital download you give them a credit card number or your PayPal account. Then you also have got a purchase history because you want to know what you or you have to know what you actually purchased and you have got a friend network because that's when the social content ties in. And this expands because the social content also includes the new thing that is really hip which is achievements or badges and I use these abstractly so these are not copyrighted terms if they're even copyrighted. The main point of this is you get little tokens for actually achieving something or doing something in the game that would either be not normal or is like a little bit goody because people like to be rewarded but these rewards also allow you to create a very accurate game history. I can look at when you got these achievements and build up a pattern of when you are at home playing and when you are very likely not at home playing and I can clean out your living room and steal your Xbox or PS3 or what have you. I also can create a behavior profile because for a lot of games you have or more and more games these days try to give you ethical choices. Let's think about like Bioware games or even like Fable for example. You have the good choice and the bad choice and both of them typically have achievements. Now fast forward like 10 years from now and you have like a whole history of this if I always chose the bad achievements and the evil achievements and my boss sees that because there's time with the next thing to use bigger social network then that could be a problem. I mean, I'm looking a bit forward here but very simply put you can also have the single player versus multiplayer hardcore versus casual do really want to hire the guy that has a gamer score of 150,000. He's probably not gonna be productive. He's just gonna play all the time. And then I also have got a gaming location. In general this just gives you a whole wealth of data and I won't name the social DRM network that does this but there is one that actually gives you achievements down to the second. If you just create a dummy account and browse through other accounts the only thing you need to know is the username and you can buy the second figure out what happened. And this is not necessarily something that makes me feel warm and fuzzy. The next big thing is obviously integration with other social media because you want to for whatever reason have the people from Facebook that you've said hi to once at a bar when you were really drunk and added them you want them to know when you got your next achievement on let's say your Xbox because that seems to be hip. So you're now linked into this profile that already exists all of the previously inaccessible information, your pictures, who your parents are, what your other friend network is. And this is in two levels here because first of all you're bringing that network into your gaming world which you might want to keep separate but you're also now giving the game publishers and the game developers that you don't necessarily trust perhaps as much as your bank or perhaps you trust them even more. Your whole social network so this all blends together and everybody has access to everything. So for me I feel a bit like I'm being watched by Batman like in a most recent Batman game and when you look at the case study for social DRM it becomes a bit more obvious concrete what is actually revealed here. And I just want to say I like Blizzard and I don't want to bash on them. But the battle net has introduced a couple of additional privacy features that I was like what is this? So just to give a quick explanation the battle net is and now called like to some extent the real ID system is an account needed for the install and for playing specific games that Blizzard releases. And this is it's kind of understanding that you need an account with personal information for MMOs like World of Warcraft but for Starcraft and Diablo it's kind of an additional add-on to convince you to not steal the game. At some point this was also considered for official posts for the official posts in the forum but there was such an outcry that it was removed that just happened recently. The main point that Blizzard tries to make here is that it's not needed for single player but on the other hand there's the statement that if you don't use it you don't get a lot of the cool stuff, whatever that means. So you're probably gonna want it especially if you want to be in the beta. So let's walk through the sign up and this is basically what you can just verify through their website. So the very first piece of information that you have to reveal about yourself is your date of birth. And this is something that I'm not sure if I'm the only one here but it really ticks me off when the first thing they want to know. At any point in time they want to know my date of birth. Because the question here should be are you an adult? Yes, no. And that should be all. There's no reason they need my date of birth but that's the first thing you need to reveal about yourself. Then you reveal email address, full name, full address, full number and then you have payment information and so on attached to this. You obviously eventually create a friend list, bring your friends in and what's interesting here is that your friends and the friends of your friends are listed with your real name. Now this might change as the battle net matures but at the moment that's just happening. To some extent this is optional because I mean you can choose never to add any friends but do we really want to be the loser that has zero friends? The other thing obviously here is as this grows and we have seen with this with esteem you've got a game list. So there's some additional information here and then you've got an achievement history because achievements are all hip. Now looking at this social media and all of the DRM that we have talked about it's relatively straightforward to mess with a gamer as we've probably already seen but I want to make this precise. DRM is in essence an unofficial point of failure so if you don't like somebody for example you have played with this kid and he just beats you multiple times and you think he's a fracking cheater because he beat you, nobody can beat you now you're just gonna screw with him. That's your point for the next week. You might not even have to screw with him too much because we have this artificial point of failure where you have network connection that are inherently unreliable and you might already have network restrictions like firewalls or antivirus that might already interfere with your DRM but the bandwidth already could be so small and that's literally a problem with the Ubisoft DRM if you have a small pipe you might run into trouble and might not be able to play it and when you then attack such a system that is kind of on the breaking point of failing that it is relatively trivial and what you can do here is obviously inject local traffic into the local network if you sit there locally but the other thing is also you can interfere with the wireless network and you can DDoS the server and that's what happened with Ubisoft and this is actually a more difficult aspect to control because you could not even be playing the game and you just want to make 500 gamers scream out in pain then you DDoS the Ubisoft server and watch them all cringe. One thing that a lot of people don't think about and when you really look at these games is registration keys are also a problem because they're vulnerable in the end. First of all, I could steal somebody's key like let's say malware lifts your whole user directory I could reverse engineer and see what your key is and post it on a forum. This key is most likely gonna get banned but that becomes more problematic because I mean to some extent just don't get malware, right? But if you then think about the aspect that somebody reversed engineered the key algorithm and is now generating keys if you've got a key collision with a valid key out there and that key gets registered it will probably result in a power ban eventually as well when they detect that they've been installed on two different machines that shouldn't be associated and I kind of imagine that it's really difficult to tell a service representative on the phone, hey dude, I never gave this key out I bet it was a key gen that conflicted with mine. You probably just have to buy the game and you. Accounts are also vulnerable because when you think about this they're just secured with a password and there might be additional security on top of that like Blizzard is doing for example for Vow and that's where a lot of the additional security comes in because MMOs are getting hacked and hacked more at least accounts for them. But fundamentally humans are not good with passwords and so there will always be a problem on this side but then the reset questions that you have for these passwords if you should have not played it for ages and forgotten it can be guessed as well because think back to what I said before the social networks like Facebook and so on will and have been partially tied in already. So the question of what's your hometown is right there on your profile? What's your mother's maiden name? I can probably look up her Facebook page and additional like what was your first dog you'll probably find that out as well. So these, when I see these questions especially for like banking sites and stuff but this is also like a lot of assets are here it really ticks me off and there's not necessarily an easy answer to make this better except for custom questions but then people will just be like what's your hometown and you've got the same problem again. The other thing that you can do if you're really evil and malicious and you don't mind to talk to people on the phone or over email for a while is initiate a false this account has been compromised action where you basically say hey this is my account I can't prove to you that it's my account because it has been hacked but could you please block this until I can show you that this is really my account? The real user of this account will not be able to play until this is resolved and this could take a couple of days and I won't name the gaming platform but I had something similar happen to me and it took five days to get my account back and I couldn't play any games and I just felt like I was being treated by an automatic machine that every like 24 hours would be like yes we are still here working on it and that was all I got. So especially if all your games are on one platform you run into problems. Then the thing that will be really hard to find out unless you have a whistleblower is accounts can be compromised on the back end too. I'm pretty confident that I didn't give out my password for this account that was that in question that I had the experience with that was actually compromised. So my guess is that there might have been something on the back end or it was just like dumped from some disgruntled employee you don't know but this will not be publicly admitted but you should also consider that this will probably the most likely leakage of privacy data that you can have in this whole system. Now we have talked about all of these chunks that you can use to basically mess with a gamer. Now let's do it a specific game study and I picked the Ubisoft DRM because it's really easy to mess with that thing. You've got a couple of methods. Basically it depends where you sit on the network. If you sit locally it's obviously significantly easier and you can make it targeted but you can also do it remotely. So locally let's assume for a second that they have a wireless network. Then it becomes really easy. You basically just inject packets into that wireless network and that theoretically works if you are sitting on a LAN too but you might have to inject way more packets to screw with them. But ultimately their router is probably gonna keel over because who of us hasn't experienced that wireless routers or routers in general are not very stable. And so you just dump a ton of data on it and hope for it to overheat. For wireless you can also do the disassociation attacks which might not necessarily kill their whole connections but it might make it unstable enough so you really run into problems. And we are just talking about barely dual digit drop rates and you're in trouble here. The remote method is a bit more complicated. It depends where you sit on the network. If you sit close enough then you can probably do TCP reset attacks and SSL replay attacks. And the SSL replay attacks here are kind of interesting because most of these connections are configured that if you have a replay you have to fully renegotiate and that sometimes takes long enough so that it will drop out of the game. But in general dumping traffic is a good idea. You either dump a ton of traffic onto the gamer because they've usually got the smaller pipe or if you happen to have a botnet lying around you go for the servers. Ultimately this will just cause this to most gamers. So what am I trying to say for a bigger picture here? The idea is the fundamental idea of DRM is we don't want you to steal our stuff. And I kind of see that, I mean this is a valid concern. You don't wanna work years and years on some software that you sell and people then steal it. But the problem here is that in this process of preventing duplication and protecting your software a lot of data is being made available that shouldn't necessarily be made available for the sole purpose of protecting software. And the bigger question is then also you introduce a lot of complicated systems and systems that can easily fail into this whole mix of games and a system that most likely already has bugs. So a lot of people don't like this and this leads me into this segue of why are games cracked? And the quick answer for this is like I mean if you talk to anybody that is working on DRM they will tell you like people always want free stuff of course they're gonna steal from us. But it's significantly more complex if you look at them most recent cases. I mean we all know first of all it's a challenge. If somebody challenges you and says this is unbreakable you're gonna prove them wrong obviously. But it's also from a gamer's perspective that doesn't necessarily have the motivation to break something and to look at the inner workings. DRM is freaking annoying. It can just be so annoying that a crack game is significantly easier to use. So it's similar to the ripped DVD movies where if you don't rip it you have got this whole big tail of like stuff that happens FBI warnings trailers and so on and if it's ripped you have one movie and that's it you don't have to mess with it. And the same thing is true for crack games. So unless the DRM becomes significantly more streamlined there's not really anything that will prevent crackers from ever succeeding and there will always be people that will show you or like it's human nature to just go ahead and be like you're wrong I'm right. It is also a problem that I might not be able to really play where I want. And actually that was in national news a couple of months ago where people that were stationed in Iraq wanted to play I think out of all things Call of Duty because I don't think they have enough things to shoot at. But they were basically saying like I can play this because there is problems with DRM and other stuff. So I mean this is really a concern. If you are in the middle of nowhere and you don't have a network connection you might still want to play your offline game because you want to relax and you just can't. Then if you're like me there is also privacy and policy concerns around this. All of the data that is now available to the publishers that is transmitted over the wire that is just waiting for somebody to listen in and break the encryption net. The data that is stored in a ton of networks and databases that I don't really trust and I don't have given specific agreement to. There's a lot of things that need to be cleaned up here. And gamers and users in general worry about this legitimately. But ultimately the biggest question is if you look at the old games that we are still playing we are still playing like old Tetris, old games from the 1980s. What do we do if these DRM servers completely go offline? If the company goes out of business and it's just done. We need to either use a cracked version which is not fully legal or we are screwed. We can never play this game again. And this is actually more of a call to the industry in general and to, like somebody needs to figure out what to do here. There needs to be a more generalized system where we store this in a cloud because clouds are always hip. Where we just have no loss of games in the future because this is our heritage to some extent. People have grown up with games and we don't wanna lose games just because of the DRM. Just look at the gaming vintage market and all the emulators. And this might be the answer that we'll just have to in 30 years write an emulator for this DRM server and then for the machine that it ran on. So that's pretty much my rant on this end. And I want to open for Q and A and I think I'm a bit under time. So any questions out there? Otherwise we can take this to 106. Oh, over there, go ahead. Oh, you're talking about the unique challenge and response. So the question was, you're thinking specifically about World of Warcraft, right? So in World of Warcraft there's a little token authenticator that basically verifies on the end. That helps a bit with piracy, but it helps if your machine hasn't been compromised. So over the network it gives you a certain advantage because you actually hold a physical token of security and to some extent that's a feely, although it's not as as cute as the feely's before and it's way more advanced. But that definitely helps with account security, yes. Okay, I'll stop here and I'll take this to 106. Thank you.