Copy protection, also known as content protection, copy prevention and copy restriction, is any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyrightreasons. Various methods have been devised to prevent reproduction so that companies will gain benefit from each person who obtains an authorized copy of their product. Unauthorized copying and distribution accounted for $2.4 billion in lost revenue in the United States alone in the 1990s, and is assumed to be causing impact on revenues in the music and the game industry, leading to proposal of stricter copyright laws such as PIPA. Some methods of copy protection have also led to criticisms because it caused inconvenience for honest consumers, or it secretly installed additional or unwanted software to detect copying activities on the consumer's computer. Making copy protection effective while protecting consumer rights is still an ongoing problem with media publication.
This section needs expansion. You can help by adding to it.(November 2015)
Media corporations have always used the term copy protection, but critics argue that the term tends to sway the public into identifying with the publishers, who favor restriction technologies, rather than with the users.Copy prevention and copy control may be more neutral terms. "Copy protection" is a misnomer for some systems, because any number of copies can be made from an original and all of these copies will work, but only in one computer, or only with one dongle, or only with another device that cannot be easily copied.
The term is also often related to, and confused with, the concept of digital rights management. Digital rights management is a more general term because it includes all sorts of management of works, including copy restrictions. Copy protection may include measures that are not digital. A more appropriate term may be "technological protection measures" (TPMs), which is often defined as the use of technological tools in order to restrict the use or access to a work.
Copy protection is most commonly found on videotapes, DVDs, computer software discs, video game discs and cartridges, audio CDs and some VCDs.
Many media formats are easy to copy using a machine, allowing consumers to distribute copies to their friends, a practice known as "casual copying".
Companies publish works under copyright protection because they believe that the cost of implementing the copy protection will be less than the revenue produced by consumers who buy the product instead of acquiring it through casually copied media.
Opponents of copy protection argue that people who obtain free copies only use what they can get for free, and would not purchase their own copy if they were unable to obtain a free copy. Some even argue that free copies increase profit; people who receive a free copy of a music CD may then go and buy more of that band's music, which they would not have done otherwise.
Some publishers have avoided copy-protecting their products, on the theory that the resulting inconvenience to their users outweighs any benefit of frustrating "casual copying".
From the perspective of the end user, copy protection is always a cost. DRM and license managers sometimes fail, are inconvenient to use, and may not afford the user all of the legal use of the product he has purchased.
The term copy protection refers to the technology used to attempt to frustrate copying, and not to the legal remedies available to publishers or authors whose copyrights are violated. Software usage models range from node locking to floating licenses (where a fixed number licenses can be concurrently used across an enterprise), grid computing (where multiple computers function as one unit and so use a common license) and electronic licensing (where features can be purchased and activated online). The term license management refers to broad platforms which enable the specification, enforcement and tracking of software licenses. To safeguard copy protection and license management technologies themselves against tampering and hacking, software anti-tamper methods are used.
Floating licenses are also being referred to as Indirect Licenses, and are licenses that at the time they are issued, there is no actually user who will use them. That has some technical influence over some of their characteristics. Direct Licenses are issued after a certain user requires it. As an example, an activated Microsoft product, contains a Direct License which is locked to the PC where the product is installed.
From business standpoint, on the other hand, some services now try to monetize on additional services other than the media content so users can have better experience than simply obtaining the copied product.
From a technical standpoint, it would seem theoretically impossible to completely prevent users from making copies of the media they purchase, as long as a "writer" is available that can write to blank media. The basic technical fact is that all types of media require a "player" — a CD player, DVD player, videotape player, computer or video game console. The player has to be able to read the media in order to display it to a human. In turn, then, logically, a player could be built that first reads the media, and then writes out an exact copy of what was read, to the same type of media.
At a minimum, digital copy protection of non-interactive works is subject to the analog hole: regardless of any digital restrictions, if music can be heard by the human ear, it can also be recorded (at the very least, with a microphone and tape recorder); if a film can be viewed by the human eye, it can also be recorded (at the very least, with a video camera and recorder). In practice, almost-perfect copies can typically be made by tapping into the analog output of a player (e.g. the speaker output or headphone jacks) and, once redigitized into an unprotected form, duplicated indefinitely. Copying text-based content in this way is more tedious, but the same principle applies: if it can be printed or displayed, it can also be scanned and OCRed. With basic software and some patience, these techniques can be applied by a typical computer-literate user.
Since these basic technical facts exist, it follows that a determined individual will definitely succeed in copying any media, given enough time and resources. Media publishers understand this; copy protection is not intended to stop professional operations involved in the unauthorized mass duplication of media, but rather to stop "casual copying".
Copying of information goods which are downloaded (rather than being mass-duplicated as with physical media) can be inexpensively customized for each download, and thus restricted more effectively, in a process known as "traitor tracing". They can be encrypted in a fashion which is unique for each user's computer, and the decryption system can be made tamper-resistant.
For information on individual protection schemes and technologies, see List of copy protection schemes or relevant category page.
Copy protection for computer software, especially for games, has been a long cat-and-mouse struggle between publishers and crackers. These were (and are) programmers who would defeat copy protection on software as a hobby, add their alias to the title screen, and then distribute the "cracked" product to the network of warezBBSes or Internet sites that specialized in distributing unauthorized copies of software.
Early ages 
Further information: Bad sector § Copy protection
When computer software was still distributed in audio cassettes, audio copying was unreliable, while digital copying was time consuming. Software prices were comparable with audio cassette prices. To make digital copying more difficult, many programs used non-standard loading methods (loaders incompatible with standard BASIC loaders, or loaders that used different transfer speed).
Unauthorized software copying began to be a problem when floppy disks became the common storage media. The ease of copying depended on the system; Jerry Pournelle wrote in BYTE in 1983 that "CP/M doesn't lend itself to copy protection" so its users "haven't been too worried" about it, while "Apple users, though, have always had the problem. So have those who used TRS-DOS, and I understand that MS-DOS has copy protection features". Apple and Commodore 64 computers were extremely varied and creative because most of the floppy disk reading and writing was controlled by software (or firmware), not by hardware. The first copy protection was for cassette tapes and consisted of a loader at the beginning of the tape, which read a specially formatted section which followed.
The first protection of floppy disks consisted of changing the address marks, bit slip marks, data marks, or end of data marks for each sector. For example, Apple’s standard sector markings were:
- D5 AA 96 for the address mark. That was followed by track, sector, and checksum.
- DE AA EB concluded the address header with what are known as bit slip marks.
- D5 AA AD was used for the data mark and the end of data mark was another DE AA EB.
Changing any of these marks required fairly minimal changes to the software routines in Apple DOS which read and wrote the floppy disk, but produced a disk that could not be copied by any of the standard copiers, such as Apple's COPYA program. Some protection schemes used more complicated systems that changed the marks by track or even within a track.
Pournelle disliked copy protection and, except for games, refused to review software that used it. He did not believe that it was useful, writing in 1983 that "For every copy protection scheme there's a hacker ready to defeat it. Most involve so-called nibble/nybble copiers, which try to analyze the original disk and then make a copy".IBM's Don Estridge agreed: "I guarantee that whatever scheme you come up with will take less time to break than to think of it." While calling piracy "a threat to software development. It's going to dry up the software", he said "It's wrong to copy-protect programs ... There ought to be some way to stop [piracy] without creating products that are unusable."
By 1980, the first 'nibble' copier, Locksmith, was introduced. These copiers reproduced copy protected floppy disks an entire track at a time, ignoring how the sectors were marked. This was harder to do than it sounds for two reasons: firstly, Apple disks did not use the index hole to mark the start of a track; their drives could not even detect the index hole. Tracks could thus start anywhere, but the copied track had to have this "write splice", which always caused some bits to be lost or duplicated due to speed variations, roughly in the same (unused for payload data) place as the original, or it would not work. Secondly, Apple used special "self-sync" bytes to achieve agreement between drive controller and computer about where any byte ended and the next one started on the disk. These bytes were written as normal data bytes followed by a slightly longer than normal pause, which was notoriously unreliable to detect on read-back; still, you had to get the self-sync bytes roughly right as without them being present in the right places, the copy would not work, and with them present in too many places, the track would not fit on the destination disk. Locksmith copied Apple II disks by taking advantage of the fact that these sync fields between sectors almost always consisted of a long string of FF (hex) bytes. It found the longest string of FFs, which usually occurred between the last and first sectors on each track, and began writing the track in the middle of that; also it assumed that any long string of FF bytes was a sync sequence and introduced the necessary short pauses after writing each of them to the copy. Ironically, Locksmith would not copy itself. The first Locksmith measured the distance between sector 1 of each track. Copy protection engineers quickly figured out what Locksmith was doing and began to use the same technique to defeat it. Locksmith countered by introducing the ability to reproduce track alignment and prevented itself from being copied by embedding a special sequence of nibbles, that if found, would stop the copy process. Henry Roberts (CTO of Nalpeiron), a graduate student in computer science at the University of South Carolina, reverse engineered Locksmith, found the sequence and distributed the information to some of the 7 or 8 people producing copy protection at the time.
For some time, Locksmith continued to defeat virtually all of the copy protection systems in existence. The next advance came from Henry Roberts' thesis on software copy protection, which devised a way of replacing Apple’s sync field of FFs with random appearing patterns of bytes. Because the graduate student had frequent copy protection discussions with Apple’s copy protection engineer, Apple developed a copy protection system which made use of this technique. Henry Roberts then wrote a competitive program to Locksmith, Back It UP. He devised several methods for defeating that, and ultimately a method was devised for reading self sync fields directly, regardless of what nibbles they contained.
Copy protection sometimes caused software to not run on clones, such as the Apple II-compatible Laser 128. The back and forth struggle between copy protection engineers and nibble copiers continued until the Apple II became obsolete and was replaced by the IBM PC and its clones.
In 1989 Gilman Louie, head of Spectrum Holobyte, stated that copy protection added about $0.50 per copy to the cost of production of a game. Other software relied on complexity; Antic in 1988 observed that WordPerfect for the Atari ST "is almost unusable without its manual of over 600 pages!". (The magazine was mistaken; the ST version was so widely pirated that the company threatened to discontinue it.)
Floppy disks were later displaced by CDs as the preferred method of distribution, with companies like Macrovision and Sony providing copy protection schemes that worked by writing data to places on the CD-ROM where a CD-R drive cannot normally write. Such a scheme had been used for the PlayStation and could not be circumvented easily without the use of a modchip.
For software publishers, a less expensive method of copy protection is to write the software so that it requires some evidence from the user that they have actually purchased the software, usually by asking a question that only a user with a software manual could answer (for example, "What is the 4th word on the 6th line of page 37?"). However, this approach can be exploited with the patience to copy the manual with a photocopier, and it also suffers from the issue of making the product more inconvenient for the end user to use.
It has become very common for software to require activation by entering some proof of legal purchase such as:
- Name & Serial, a name and serial number that is given to the user at the time the software is purchased
- A phone activation code, which requires the user to call a number and register the product to receive a computer-specific serial number.
- Device ID, specifically tying a copy of software to a computer or mobile device based on a unique identifier only known to that device (like the IMEI of a smartphone).
To limit reusing activation keys to install the software on multiple machines, it has been attempted to tie the installed software to a specific machine by involving some unique feature of the machine. Serial number in ROM could not be used because some machines do not have them. Some popular surrogate for a machine serial number were date and time (to the second) of initialization of the hard disk or MAC address of Ethernet cards (although this is programmable on modern cards). With the rise of virtualization, however, the practice of locking has to add to these simple hardware parameters to still prevent copying. Another approach to associating user and/or machine with serial number is product activation over the Internet, where users are required to have access to the Internet so the information on which serial number is installed on which machine gets sent to a server to be authenticated. Unauthorized users are not allowed to install or use the software. Microsoft's Windows Genuine Advantage system is a far-reaching example of this. With rise of Cloud computing, requiring Internet access is becoming more popular for software verification. Beyond online authentication, a standalone software may be integrated with the cloud so that key data or code is stored online. This could greatly strengthen the protection; for example, the software could store a property file or execute a process needed by the application in the cloud instead on the user's computer.
Problems and criticisms
The copy protection schemes described above have all been criticized for causing problems for validly licensed users who upgrade to a new machine, or have to reinstall the software after reinitializing their hard disk. Some Internet product activation products allow replacement copies to be issued to registered users or multiple copies to the same license. Like all software, copy-protection software sometimes contains bugs, whose effect may be to deny access to validly licensed users. Most copy protection schemes are easy to crack, and once crackers circumvent the copy protection, the resulting cracked software is then more convenient and hence more valuable than the non-cracked version, because users can make additional copies of the software. Due to this problem, user-interactive copy protection by asking questions from manuals has mostly disappeared.
In his 1976 Open Letter to Hobbyists, Bill Gates complained that "most of you steal your software." However, Gates initially rejected copy protection and said "It just gets in the way."
There is also the tool of software blacklisting that is used to enhance certain copy protection schemes.
Early video games
During the 1980s and 1990s, video games sold on audio cassette and floppy disks were sometimes protected with an external user-interactive method that demanded the user to have the original package or a part of it, usually the manual. Copy protection was activated not only at installation, but every time the game was executed.
Sometimes the copy protection code was needed not at launch, but at a later point in the game. This helped the gamer to experience the game (e.g. as a demonstration) and perhaps could convince them to buy it by the time the copy protection point was reached.
Several imaginative and creative methods have been employed, in order to be both fun and hard to copy. These include:
- The most common method was requiring the player to enter a specific word (often chosen at random) from the manual. A variant of this technique involved matching a picture provided by the game to one in the manual and providing an answer pertaining to the picture (Ski or Die, 4D Boxing and James Bond 007; the Stealth Affair used this technique). Buzz Aldrin's Race Into Space (in the floppy version but not the CD version) required the user to input an astronaut's total duration in space (available in the manual) before the launch of certain missions. If the answer was incorrect, the mission would suffer a catastrophic failure.
- Manuals containing information and hints vital to the completion of the game, like answers to riddles (Conquests of Camelot, King's Quest 6), recipes of spells (King's Quest 3), keys to deciphering non-Latin writing systems (Ultima series, see also Ultima writing systems), maze guides (Manhunter), dialogue spoken by other characters in the game (Wasteland, Dragon Wars), excerpts of the storyline (most Advanced Dungeons and Dragons games and Wing Commander I), or a radio frequency to use to communicate with a character to further a game (Metal Gear Solid).
- Some sort of code with symbols, not existing on the keyboard or the ASCII code. This code was arranged in a grid, and had to be entered via a virtual keyboard at the request "What is the code at line 3 row 2?". These tables were printed on dark paper (Maniac Mansion, Uplink), or were visible only through a red transparent layer (Indiana Jones and the Last Crusade), making the paper very difficult to photocopy. Another variant of this method—most famously used on the ZX Spectrum version of Jet Set Willy—was a card with color sequences at each grid reference that had to be entered before starting the game. This also prevented monochrome photocopying. The codes in tables are based on a mathematical formula and can be calculated by using the row, line and page number if the formula is known, since the data would have required too much disk space.
- The Secret of Monkey Island offered a rotating wheel with halves of pirate's faces. The game showed a face composed of two different parts and asked when this pirate was hanged on a certain island. The player then had to match the faces on the wheel, and enter the year that appeared on the island-respective hole. Its sequel had the same concept, but with magic potion ingredients. Other games that employed the code wheel system include Star Control.
- Zork games such as Beyond Zork and Zork Zero came with "feelies" which contained information vital to the completion of the game. For example, the parchment found from Zork Zero contained clues vital to solving the final puzzle. However, whenever the player attempts to read the parchment, they are referred to the game package.
- The Lenslok system used a plastic prismatic device, shipped with the game, which was used to descramble a code displayed on screen.
All of these methods proved to be troublesome and tiring for the players, and as such greatly declined in usage by the mid-1990s, at which point the emergence of CDs as the primary video game medium made copy protection largely redundant, since CD copying technology was not widely available at the time.
While not strictly a software protection, some game companies offered "value-added" goodies with the package, like funny manuals, posters, comics, storybooks or fictional documentation concerning the game (e.g. the Grail Diary for Indiana Jones or a police cadet notebook with Police Quest or the Hero's manual of Quest for Glory or a copy of the National Inquisitor newspaper in Zak McKracken) in order to entice gamers to buy the package. This trend is re-emerging in modern gaming as an incentive to both buy games and discourage their resale; some games like Forza Motorsport 3 and Dragon Age: Origins provide bonus in-game material that will only be given if one buys the game new.
Video game console systems
When Sega's Dreamcast was released in 1998, it came with a newer disc format, called the GD-ROM. Using a modified CD player, one could access the game functionality. Using a special swap method could allow reading a GD-ROM game through a CD-ROM just using common MIL-CD (standard CD Boot loading, commonly found on Windows Installation Discs, Linux Live CDs, and others). Dreamcasts sold after October 2000 contain a newer firmware update, not allowing MIL-CD boot.
The Xbox has a specific function: Non-booting or non-reading from CDs and DVD-Rs as a method of game copy protection. Also, the Xbox is said to use a different DVD file system (instead of UDF). It has been theorized that the discs have a second partition that is read from the outside in (opposite current standards thus making the second partition unreadable in PC DVD drives) which give the tracks the appearance that the disc was spun backwards during manufacture. The Xbox 360 copy protection functions by requesting the DVD drive compute the angular distance between specific data sectors on the disc. A duplicated DVD will return different values than a pressed original would.
The PlayStation 2 has a map file that contains all of the exact positions and file size info of the CD in it, which is stored at a position that is beyond the file limit. The game directly calls the position at where the map file is supposed to be. This means that if the file is moved inside the limit, it is useless since the game is looking outside the limit for it, and the file will not work outside of the limit, making any copied disc unusable without a mod chip or the use of FMCB (free memory card boot). FMCB uses the memory card to trick the built-in DVD video software into booting copied games. Before a copied game can be played, it must have been patched with a free application.
Nintendo's Wii and Nintendo GameCube have their own specialty format for copy protection. It is based on DVD/miniDVD (Game Cube) technology; each disc contains some deliberately placed defects. The exact positions of these defects, which differ for each produced disc, is encoded encrypted in the BCA of each disc. The BCA is readable on most standard DVD-ROM Drives, but consumer burners can reproduce neither the BCA nor the defects. As an additional obfuscation mechanism, the on-disc sector format is a little bit different from normal DVDs. Nevertheless, it can be read using some consumer DVD-ROM drives with a firmware modification or "debug mode". It is also possible to hack the Wii to install unlicensed software, some of which can use the Wii's own drive to create disc images and then play these copies.
The PSP, except the PSP Go, uses the Universal Media Disc, a media format similar to a MiniDisc. It holds about 1.2 GB. Although it cannot be copied, one can make an ISO image (a file version of the UMD) on a memory card and play it on custom firmware, which can be installed on the PSP.
The PlayStation 3, Xbox One, and PlayStation 4 use Blu-ray BD-ROM discs. In addition to any protection provided by the consoles themselves, the BD-ROM format's specification allows for a ROM-Mark which cannot be duplicated by consumer-level recorders. The BD-ROM format, in addition, provides considerable capacity: up to 100 gigabytes per disc with potential revision to provide more (many BD-ROM games use 40-50 gigabytes), making it unwieldy for online file-sharing, a major method of video game copying. To prevent the consoles themselves being hacked and used as a means to defeat these protections (as happened with the Wii and partially with the PlayStation 3), contemporary consoles employ trusted hardware paths that authenticate the internal hardware and software prior to operation.
Some game developers, such as Markus Persson, have encouraged consumers and other developers to embrace the reality of unlicensed copying and utilize it positively to generate increased sales and marketing interest.
Companies such as Macrovision and Dwight Cavendish provided schemes to videotape publishers making copies unusable if they were created with a normal VCR. All major videotape duplicators licensed Macrovision or similar technologies to copy protect video cassettes for their clients or themselves.
Starting in 1985 with the video release of The Cotton Club, Macrovision licensed to publishers a technology that exploits the automatic gain control feature of VCRs by adding pulses to the vertical blanking sync signal. These pulses do not affect the image a consumer sees on his TV, but do confuse the recording-level circuitry of consumer VCRs. This technology, which is aided by U.S. legislation mandating the presence of automatic gain-control circuitry in VCRs, is said to "plug the analog hole" and make VCR-to-VCR copies impossible, although an inexpensive circuit is widely available that will defeat the protection by removing the pulses. Macrovision has patented methods of defeating copy prevention, giving it a more straightforward basis to shut down manufacture of any device that descrambles it than often exists in the DRM world.
Another form of copy protection, MicroVision, was designed to prevent VCRs from recording a television program. Cable movie channels rejected it; Michael J. Fuchs of HBO said in 1985 that MicroVision was "not good technology" because it reduced picture quality and consumers could easily bypass it, while Peter Chernin of Showtime said "we want to accommodate our subscribers and we know they like to tape our movies".
By 2000, Napster had seen mainstream adoption, and several music publishers responded by starting to sell some CDs with various copy protection schemes. Most of these were playback restrictions that aimed to make the CD unusable in computers with CD-ROM drives, leaving only dedicated audio CD players for playback. This did not, however, prevent such a CD from being copied via an analogue connection or by ripping the CD under operating systems such as Linux, which was effective since copy-protection software was generally written for Microsoft Windows. These weaknesses led critics to question the usefulness of such protection.
CD copy protection is achieved by assuming certain feature levels in the drives. The CD Digital Audio is the oldest CD standard and forms the basic feature set beyond which dedicated audio players need no instructions. CD-ROM drives additionally need to support mixed mode CDs (combined audio and data tracks) and multi-session CDs (multiple data recordings each superseding and incorporating data of the previous session).
The play preventions in use intentionally deviate from the standards and intentionally include malformed multisession data or similar with the purpose of confusing the CD-ROM drives to prevent correct function. Simple dedicated audio CD players would not be affected by the malformed data since these are for features they do not support—for example, an audio player will not even look for a second session containing the copy protection data.
In practice, results vary wildly. CD-ROM drives may be able to correct the malformed data and still play them to an extent that depends on the make and version of the drive. On the other hand, some audio players may be built around drives with more than the basic features required for audio playback. Some car radios with CD playback, portable CD players, CD players with additional support for data CDs containing MP3 files, and DVD players have had problems with these CDs.
The deviation from the Red Book standard that defines audio CDs required the publishers of these copy-protected CDs to refrain from using the official CDDA logo on the discs or the cases. The logo is a trademark owned by Philips and Sony and licensed to identify compliant audio discs only. To prevent dissatisfied customers from returning CDs which were misrepresented as compliant audio CDs, such CDs also started to carry prominent notices on their covers.
In general the audio can always be extracted by applying the principle of the analog hole. Additionally, such programs as IsoBuster may be capable of producing hidden audio files.
Examples of CD copy protection schemes are Cactus Data Shield, Copy Control, and Data Position Measurement.
Other digital media
More recently,[when?] publishers of music and films in digital form have turned to encryption to make copying more difficult. CSS, which is used on DVDs, is a famous example of this. It is a form of copy protection that uses 40-bit encryption. Copies will not be playable since they will be missing the key, which is not writable on regular DVD-R or DVD-RW discs (except with special Qflix DVD-recorders and media). With this technique, the work is encrypted using a key only included in the firmware of "authorized" players, which allow only "legitimate" uses of the work (usually restricted forms of playback, but no conversion or modification). The controversial Digital Millennium Copyright Act provides a legal protection for this in the US, that would make it illegal to distribute "unauthorized" players—which was supposed to eliminate the possibility of building a DVD copier. However, encryption schemes designed for mass-market standardized media such as DVD suffer from the fundamental weaknesses that consumers have physical access to the devices containing the keys, and once implemented, the copy-protection scheme can never be changed without breaking the forward compatibility of older devices (or the backward compatibility of newer media). Since consumers are highly unlikely to buy new hardware for the sole purpose of preserving copy protection, manufacturers have been prevented from enhancing their DRM technology until recently, with the release of next-generation media such as HD DVD and Blu-ray Disc. This period represents more than enough time for the encryption scheme to be defeated by determined attackers. For example, the CSS encryption system used on DVD Video was broken within three years of its market release in November 1996 (see DeCSS), but has not been changed since, because doing so would immediately render all DVD players sold prior to the change incapable of reading new DVDs—this would not only provoke a backlash amongst consumers, but also restrict the market that the new DVDs could be sold to. More recent DVDs have attempted to augment CSS with additional protection schemes. Most modern schemes like ARccOS Protection use tricks of the DVD format in an attempt to defeat copying programs, limiting the possible avenues of protection—and making it easier for hackers to learn the innards of the scheme and find ways around it.
The newest generations of optical disc media, HD DVD and Blu-ray Disc, attempt to address this issue. Both formats employ the Advanced Access Content System, which provides for several hundred different decryption keys (for the varying models of players to hit the market), each of which can be invalidated ("revoked") should one of the keys be compromised. Revoked keys simply will not appear on future discs, rendering the compromised players useless for future titles unless they are updated to fix the issue. For this reason, all HD-DVD players and some Blu-ray players include an ethernet port, to give them the ability to download DRM updates. Blu-ray Disc goes one step further with a separate technique called BD+, a virtual machine that can execute code included on discs to verify, authorize, revoke, and update players as the need arises. Since the protection program is on the disc rather than the player, this allows for updating protection programs within BD's working life by simply having newer programs included on newer discs.
4K resolution Blu-ray discs augment the existing Blu-ray protections. First, players must be dedicated devices that use protected hardware paths to ensure the entire process chain (from media to display) is not compromised. Second, some media require the use of players able to access the Internet for additional verification.
Over time, software publishers (especially in the case of video games) became creative about crippling the software in case it was duplicated. These games would initially show that the copy was successful, but eventually render themselves unplayable via subtle methods. Many games use the "code checksumming" technique to prevent alteration of code to bypass other copy protection. Important constants for the game - such as the accuracy of the player's firing, the speed of their movement, etc. - are not included in the game but calculated from the numbers making up the machine code of other parts of the game. If the code is changed, the calculation yields a result which no longer matches the original design of the game and the game plays improperly.
- Superior Soccer had no outward signs of copy protection, but if it decided it was not a legitimate copy, it would make the soccer ball in the game invisible, making it impossible to play the game.
- In Sid Meier's Pirates, if the player entered in the wrong information, they could still play the game, but the difficulty would be increased substantially.
- As a more satirical nod to the issue, if the thriller-action game Alan Wake detects that the game is cracked or a pirated copy, it will replace tips in loading screens with messages telling the player to buy the game. If a new game is created on the copied game, an additional effect will take place. As a more humorous nod to "piracy", Alan Wake will gain a black Eyepatch over his right eye, complete with a miniature Jolly Roger.
- While the copy protection in Zak McKracken and the Alien Mindbenders was not hidden as such, the repercussions of missing the codes was unusual: the player would end up in jail (permanently), and the police officer would give a lengthy and condescending speech about software copying.
- In case of copied versions of Settlers 3, the iron smelters would only produce pigs (a play on pig iron); weaponsmiths require iron to produce weapons, so players couldn't amass arms.
- Bohemia Interactive Studio developed a unique and very subtle protection system for its game Operation Flashpoint: Cold War Crisis. Dubbed FADE, if it detects an unauthorized copy, it does not inform the player immediately but instead progressively corrupts aspects of the game (such as reducing the weapon accuracy to zero) to the point that it eventually becomes unplayable. The message "Original discs don't FADE" will eventually appear if the game is detected as being an unauthorized copy.
- FADE is also used in ArmA II, and will similarly diminish the accuracy of the player’s weapons, as well as induce a “drunken vision” effect, where the screen becomes wavy, should the player be playing on an unauthorized copy. 
- This system would also be used in Take On Helicopters, where the screen would blur and distort when playing a counterfeit copy, making it hard to safely pilot a helicopter.
- The IndyCar Series (2002 video game) also utilizes FADE technology to safeguard against piracy by making races very difficult to win on a pirated version. The penultimate section of the game’s manual states:
Copying commercial games, such as this one, is a criminal offense and copyright infringement.
Copying and re-supplying games such as this one can lead to a term of imprisonment.Purchase only genuine software at legitimate stores.
Think of a pirated game as stolen property.
This game is protected by the FADE system. You can play with a pirated game- but not for long. The quality of a pirated game will degrade over time.
- Batman: Arkham Asylum contained code that disabled Batman's glider cape, making some areas of the game very difficult to complete and a certain achievement/trophy impossible to unlock (gliding continuously for over 100m).
- The PC version of Grand Theft Auto IV has a copy protection that swings the camera as though the player was drunk. If the player enters a vehicle it will automatically throttle, making it difficult to steer. It also damages the vehicle, making it vulnerable to collisions and bullets. An update to the game prevented unauthorised copies from accessing the in-game Internet browser, making it impossible to finish the game as some missions involve browsing the web for objectives.
- EarthBound is well-documented for its extensive use of checksums to ensure that the game is being played on legitimate hardware. If the game detects that it is being played on a European SNES, it refuses to boot, as the first of several checksums has failed. A second checksum will weed out most unauthorized copies of the game, but hacking the data to get past this checksum will trigger a third checksum that makes enemy encounters appear much more often than in an authorized copy, and if the player progresses through the game without giving up (or cracks this protection), a final checksum code will activate before the final boss battle, freezing the game and deleting all the save files. A similar copy protection system was used in Spyro: Year of the Dragon, although it only uses one copy protection check at the beginning of the game (see below).
- In an unauthorized version of the PC edition of Mass Effect, the game save mechanism would not work and the in-game galactic map would cause the game to crash. As the galactic map is needed to travel to different sections of the game, the player would be stuck in the first section of the game.
- If an unauthorized version of The Sims 2 was used, the Build Mode would not work properly. Walls would not be able to be built on the player's property, which prevents the player from building any custom houses. Some furniture and clothing selections would not be available either.
- A March 2009 update to the BeeJive IM iPhone app included special functionality for users of the unauthorized version: the screen would read "PC LOAD LETTER" whenever the user tried to establish a connection to any IM service, then quickly switch to a YouTube clip from the movie Office Space.
- Red Alert 2 and The Lord of the Rings: The Battle for Middle-Earth have a copy protection system that completely wipes out the player's forces briefly after a battle begins on an unlicensed copy. However, some who purchased the latter have encountered a bug that caused this copy protection scheme to trigger when it was not supposed to.
- If a player pirated the Nintendo DS version of Michael Jackson: The Experience, vuvuzela noises will play over the notes during a song, which then become invisible. The game will also freeze if the player tries to pause it.
- Older versions of Autodesk 3ds Max use a dongle for copy protection; if it is missing, the program will randomly corrupt the points of the user's model during usage, destroying their work.
- Older versions of CDRWIN used a serial number for initial copy protection. However, if this check was bypassed, a second hidden check would activate causing a random factor to be introduced into the CD burning process, producing corrupted "coaster" disks.
- Terminate, a BBS terminal package, would appear to operate normally if cracked but would insert a warning that a pirated copy was in use into the IEMSI login packet it transmitted, where the sysop of any BBS the user called could clearly read it.
- Ubik's Musik, a music creation tool for the Commodore 64, would transform into a Space Invaders game if it detected that a cartridge-based copying device had attempted to interrupt it. This copy protection system also doubles as an easter egg, as the message that appears when it occurs is not hostile ("Plug joystick in port 1, press fire, and no more resetting/experting!").
- The Amiga version of Bomberman featured a multitap peripheral that also acted as a dongle. Data from the multitap was used to calculate the time limit of each level. If the multitap was missing, the time limit would be calculated as 0, causing the level to end immediately.
- Nevermind, a puzzle game for the Amiga, contained code that caused an unlicensed version of the game to behave as a demo. The game would play three levels sampled from throughout the game, and then give the message "You have completed three levels; however there are 100 levels to complete on the original disc."
- In Spyro: Year of the Dragon a character named Zoe will tell the player outside the room containing the balloon to Midday Garden Home and several other areas that the player is using an unlicensed copy. This conversation purposely corrupts data. When corrupted, the game would not only remove stray gems and the ability to progress in certain areas but also make the final boss unbeatable, returning the player to the beginning of the game (and removing the save file at the same time) after about 8 seconds into the battle.
- The Atari Jaguar console would freeze at startup and play the sound of an enraged jaguar snarling if the inserted cartridge failed the initial security check.
- The Lenslok copy protection system gave an obvious message if the lens-coded letters were entered incorrectly, but if the user soft-reset the machine, the areas of memory occupied by the game would be flooded with the message "THANK YOU FOR YOUR INTEREST IN OUR PRODUCT. NICE TRY. LOVE BJ/NJ" to prevent the user examining leftover code to crack the protection.
- An update to the sandbox game Garry's Mod enabled a copy protection mechanism that outputs the error "Unable to shade polygon normals" if the game detects that it has been copied. The error also includes the user's Steam ID as an error ID, meaning that users can be identified by their Steam account when asking for help about the error on the Internet.
- The Atari version of Alternate Reality: The Dungeon would have the player's character attacked by two unbeatable "FBI Agents" if it detected a cracked version. The FBI agents would also appear when restoring a save which was created by such a version, even if the version restoring the save was legal.
- VGA Planets, a play-by-BBS strategy game, contained code in its server which would check all clients' submitted turns for suspect registration codes. Any player deemed to be using a cracked copy, or cheating in the game, would have random forces destroyed throughout the game by an unbeatable enemy called "The Tim Continuum" (after the game's author, Tim Wissemann). A similar commercial game, Stars!, would issue empty turn updates for players with invalid registration codes, meaning that none of their orders would ever be carried out.
- On a copied version of the original PC version of Postal, as soon as the game was started, the player character would immediately shoot himself in the head.
- In Serious Sam 3: BFE, if the game code detects what it believes to be an unauthorized copy, an invincible scorpion-like monster is spawned in the beginning of the game with high speeds, melee attacks, and attacks from a range with twin chainguns making the game extremely difficult and preventing the player to progress further. Also in the level "Under the Iron Cloud", the player's character will spin out-of-control looking up in the air.
- An unauthorized copy of Pokémon Black and White and their sequels will run as if it was normal, but the Pokémon will not gain any experience points after a battle. This has since been solved by patching the game's files.
- If Ace Attorney Investigations 2 detects an illegitimate or downloaded copy of the game, it will convert the entire game's text into the game's symbol based foreign language, Borginian, which cannot be translated in any way.
- The unlicensed version of indie game Game Dev Tycoon, in which the player runs a game development company, will dramatically increase the piracy rate of the games the player releases to the point where no money can be made at all, and disable the player's ability to take any action against it 
- In Crytek's Crysis, if the player uses a naive copy of the game, his bullets are replaced by harmless chickens, making it almost impossible to beat the game without cracking the game.
- In Crytek's "Crysis 3", if a player used an unlicensed copy of the game, he is not able to defeat the last boss (The Alpha Ceph), thus making it impossible to beat the game.
- In an unauthorized copy of Five Nights at Freddy's, the player can still play the game normally, but will be unable to exit until he/she is defeated by an animatronic enemy, with frightening noises.
The usage of copy protection payloads which lower playability of a game without making it clear that this is a result of copy protection is now generally considered unwise, due to the potential for it to result in unaware players with unlicensed copies spreading word-of-mouth that a game is of low quality. The authors of FADE explicitly acknowledged this as a reason for including the explicit warning message.
Anti-piracy measures are efforts to fight against copyright infringement, counterfeiting, and other violations of intellectual property laws.
It includes, but is by no means limited to, the combined efforts of corporate associations (such as the RIAA and MPAA), law enforcement agencies (such as the FBI and Interpol), and various international governments[clarification needed] to combat copyright infringement relating to various types of creative works, such as software, music and films. These measures often come in the form of copy protection measures such as DRM, or measures implemented through a content protection network, such as Distil Networks or Incapsula. Richard Stallman and the GNU Project have criticized the use of the word "piracy" in these situations, saying that publishers use the word to refer to "copying they don't approve of" and that "they [publishers] imply that it is ethically equivalent to attacking ships on the high seas, kidnapping and murdering the people on them". Certain forms of Anti-Piracy (such as DRM), are considered by consumers to control the use of the products content after sale.
In the case MPAA v. Hotfile, Judge Kathleen M. Williams granted a motion to deny the prosecution the usage of words she views as "pejorative". This list included the word "piracy", the use of which, the motion by the defense stated, would serve no purpose but to misguide and inflame the jury. The plaintiff argued the common use of the terms when referring to copyright infringement should invalidate the motion, but the Judge did not concur.
Anti-piracy in file sharing
Today copyright infringement is often facilitated by the use of file sharing. In fact, infringement accounts for 23.8% of all internet traffic today. In an effort to cut down on this, both large and small film and music corporations have issued DMCA takedown notices, filed lawsuits, and pressed criminal prosecution of those who host these file sharing services.
- On June 30, 2010, U.S. Immigration and Customs Enforcement (ICE) cracked down on many video-hosting websites including NinjaVideo.
- RIAA sues file-sharers that share music over P2P networks.
- The MPAA encrypts DVD movies using the CSS cipher, prohibiting the distribution and use of DeCSS, while also having the effect of banning free/open source DVD player software.
- "Coded Anti-Piracy", also called CAP codes, are utilized to put a forensic identification on films to trace back any illegal copies of them back to the source.
- Metal Gear Solid and many other computer games require a piece of information from the game's jewel case for the player to progress after a certain point, making unauthorized copies effectively worthless without the original jewel case; however, in the present day, said information can be easily be found on the Internet.
- Microsoft removes Windows Vista and Microsoft Office from various torrent trackers.
- Certain SNES games such as Super Mario All Stars and Donkey Kong Country may sometimes show warning screens, usually caused by dirty or damaged cartridges or use of third-party peripherals.
- Rockman EXE Operate Shooting Star has anti-copying code that causes every step the player takes to reveal an enemy, also in an unauthorized copy.
- In Mirror's Edge, during the game, the player's character starts to slow down making it impossible to jump over ledges and proceed further in the game.
- Classic NES Series features a "mirroring". If a Classic NES Series game is emulated or the cart doesn't feature "mirroring", the player will fall victim to copy protection. For example, in "Classic NES Series - Castlevania", the player becomes unable to move the character at all.
- ^Thomas Obnigene, DVD Glossary, filmfodder.com 2007. Retrieved July 19, 2007.
- ^ abGreg Short, Comment, Combatting Software Piracy: Can Felony Penalties for Copyright Infringement Curtail the Copying of Computer Software?, 10 Santa Clara Computer & High Tech. L.J. 221 (1994). Available at: http://digitalcommons.law.scu.edu/chtlj/vol10/iss1/7
- ^Confusing Words and Phrases that are Worth Avoiding, GNU Project - Free Software Foundation (FSF).
- ^How do technological protection measures work?Archived 2013-06-14 at the Wayback Machine., World Intellectual Property Organization
- ^Wallach, D.S. (Oct 2011). "Copy protection technology is doomed". Computer. 34 (10): 48–49. doi:10.1109/2.955098. Retrieved 2013-02-10.
- ^ abCopy Protection: A History and Outlook http://www.studio-nibble.com/countlegger/01/HistoryOfCopyProtection.html
- ^ abPournelle, Jerry (June 1983). "Zenith Z-100, Epson QX-10, Software Licensing, and the Software Piracy Problem". BYTE. p. 411. Retrieved 20 October 2013.
- ^Curran, Lawrence J.; Shuford, Richard S. (November 1983). "IBM's Estridge". BYTE. pp. 88–97. Retrieved 19 March 2016.
- ^Mace, Scott (1986-01-13). "Two Firms Plan to Sell Apple Clone". InfoWorld.
DVD Encryption Broken
A version of this article appeared as a guest commentary on ZDNet.
The scheme to protect DVDs has been broken. There are now freeware programs on the net that remove the copy protection on DVDs, allowing them to be played, edited, and copied without restriction.
This should be no surprise to anyone, least of all to the entertainment industry.
The protection scheme is seriously flawed in several ways. Each DVD is encrypted with something called Content Scrambling System (CCS). It has a 40-bit key. (I have no idea why. The NSA and the FBI shouldn't care about DVD encryption. There aren't any encrypted terrorist movies they need to watch.) It's not even a very good algorithm. But even if the encryption were triple-DES, this scheme would be flawed.
Every DVD player, including hardware consoles that plug into your television and software players that you can download to your computer, has its own unique unlock key. (Actually, each has several. I don't know why.) This key is used to unlock the decryption key on each DVD. A DVD has 400 copies of the same unique decryption key, each encrypted with every unlock code. Note the global secret: if you manage to get one unlock key for one player, you can decrypt every DVD.
But even if this were all perfect, the scheme could never work.
The flaw is in the security model. The software player eventually gets the decryption key, decrypts the DVD, and displays it on the screen. That decrypted DVD data is on the computer. It has to be; there's no other way to display it on the screen. No matter how good the encryption scheme is, the DVD data is available in plaintext to anyone who can write a computer program to take it.
And so is the decryption key. The computer has to decrypt the DVD. The decryption key has to be in the computer. So the decryption key is available, in the clear, to anyone who knows where to look. It's protected by an unlock key, but the reader has to unlock it.
The DVD software manufacturers were supposed to disguise the decryption program, and possibly the playing program, using some sort of software obfuscation techniques. These techniques have never worked for very long; they only seem to force hackers to spend a couple of extra weeks figuring out how the software works. I've written about this previously in relation to software copy protection; you can't obfuscate software.
It might be a bitter pill for the entertainment industry to swallow, but software content protection does not work. It cannot work. You can distribute encrypted content, but in order for it to be read, viewed, or listened to, it must be turned into plaintext. If it must be turned into plaintext, the computer must have a copy of the key and the algorithm to turn it into plaintext. A clever enough hacker with good enough debugging tools will always be able to reverse-engineer the algorithm, get the key, or just capture the plaintext after decryption. And he can write a software program that allows others to do it automatically. This cannot be stopped.
If you assume secure hardware, the scheme works. (In fact, the industry wants to extend the system all the way to the monitor, and eventually do the decryption there.) The attack works because the hacker can run a debugger and other programming tools. If the decryption device and the viewing device (it must be both) is inside a tamperproof piece of hardware, the hacker is stuck. He can't reverse-engineer anything. But tamperproof hardware is largely a myth, so in reality this would just be another barrier that someone will eventually overcome. Digital content protection just doesn't work; ask anyone who tried software copy protection.
One more lesson and an observation.
The lesson: This is yet another example of an industry meeting in secret and designing a proprietary encryption algorithm and protocol that ends up being embarrassingly weak. I never understand why people don't use open, published, trusted encryption algorithms and protocols. They're always better.
The observation: The "solution" that the entertainment industry has been pushing for is to make reverse-engineering illegal. They managed in the United States: the Digital Millennium Copyright Act includes provisions to this effect, despite the protests of the scientific and civil rights communities. (Yes, you can go to jail for possessing a debugger.) They got a similar law passed in the UK. They're working on the EU. This "solution" does not work and makes no sense.
First, unless reverse-engineering is illegal everywhere on the planet, someone will be able to do it somewhere. And one person is all you need; he can write software that everyone else uses. Second, the reverse-engineer can -- as in this case -- work anonymously. Laws wouldn't have helped in this case. And third, laws can't put the cat back into the bag. Even if you could catch and prosecute the hackers who did this, it wouldn't affect the hacker tools that have already been, and continue to be, written.
What the entertainment industry can do, and what they have done in this case, is use legal threats to slow the spread of these tools. So far the industry has threatened legal actions against people who have put these software tools on their Web sites. The result will be that these tools will exist on hacker Web sites, but will never be in public-domain software -- Linux, for example.
The fatal flaw is that the entertainment industry is lazy, and is attempting to find a technological solution to what is a legal problem. It is illegal to steal copyrights and trademarks, whether it is a DVD movie, a magazine image, a Ralph Lauren shirt, or a Louis Vitton handbag. This legal protection still exists, and is still strong. For some reason the entertainment industry has decided that it has a legal right to the protection of its technology, and that makes no sense.
Moreover, they are badgering legislatures into passing laws that prop up this flawed technological protection. In the US and UK (and possibly soon in the EU), it is illegal to circumvent their technology, even when you never use it to violate a copyright. It is illegal to engage in scientific research about the encryption used in these systems. It is illegal to peek under the hood of this thing you have legally bought. So not only does this system not work, it creates a black market where there was none before, while doing no social good in the process.
This DVD break is a good thing. It served no one's interests for the entertainment industry to put their faith in a bad security system. It is good research, illustrating how bad the encryption algorithm is and how poorly thought out the security model is. What is learned here can be applied to making future systems stronger.
Summary of the DVD encryption scheme:
My essay on software copy protection:
My comments on the Digital Millennium Copyright Act:
New Intel software obfuscation techniques that, I predict, will be broken soon:
Categories: Computer and Information Security, Laws and Regulations