LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

A busy week for the courts

A busy week for the courts

Posted Oct 7, 2004 16:34 UTC (Thu) by fergal (subscriber, #602)
In reply to: A busy week for the courts by mcelrath
Parent article: A busy week for the courts

If anyone outside Blizzard had the CD-Key algorithm they could generate new, valid CD-Keys and play on Blizzard's servers.

I would imagine that is not true. From a brief look around the net it seems there is a single CDKey that comes with each licensed copy. This key is needed both for solo play and for network play. This means that the algorithm for _verifying_ the key is embedded in the binary on the CD and could have been reverse engineered. This would not necessarily allow people to generate new keys willy-nilly. That would only be the case if Blizzard were particularly stupid and chose a symmetric encryption algorithm rather than a public key algorithm or a one-way hash function. Even if they were that stupid the fact remains that the bnet guys didn't reverse engineer the key verification part of the software when they could have (just as John Johanssen did with DeCSS).

Also, reverse engineering would probably not have been necessary to exclude multiple use of the same key. The bnet guys could have prevented a large part of the illegal usage - where someone buys one copy and then his friends play it on multiple machines connected to their private server. This assumes that the server can persuade the clients to send their keys in such a way that identical keys can be spotted, this should be possible even if the key exchange uses some sort of challenge response mechanism.

Blizzard has set up their server software so that in order to create "interoperable" software one is forced to also create "circumvention" software. Therefore the user cannot exercise his rights under copyright law, or even the DMCA without violating the anti-circumvention clause of the DMCA.

As I said above, I don't think this is actually the case but I'll assume I'm wrong for a moment. If I kick my ball into disused and dangerous mine, it's still my ball, I have a right to it. Does that give me the right to go into the mine without the owners permission? Can I force the owner to allow me in or force him to go down the mine to get my ball?

I think it's possible to have a right which you cannot excercise because circumstances (or someone elses rights) do not allow it.

Of course if Blizzard had a decent key system, they could make the public key public without any worries, thus allowing the bnet people to implement it easily. Perhaps a court could be convinced that that's the correct answer as it causes no loss to Blizzard (in terms of pirated keys) and allows the bnetd guys to exercise all of their rights.

(Log in to post comments)

A busy week for the courts

Posted Oct 7, 2004 16:51 UTC (Thu) by allesfresser (subscriber, #216) [Link]

>I think it's possible to have a right which you cannot excercise because circumstances (or someone elses rights) do not allow it.

That's very true. However, the right of fair use is a long-established one and the fact that the DMCA makes it very easy to trounce all over this basic right shows its callous and flawed nature very sharply. The basic understanding of copyrights has escaped so many people that the egregious nature of the DMCA glides right by without protest. The right of the copyright holder (when the Constitution was written and this has been affirmed many times until very recently) is a necessary concession, a legislated injury to the basic right of the public to share information. The idea that copyright holders should be able to have a perpetual monopoly with regard to the work(s) in question would have been (and still is, in many circles) totally abhorrent to any person familiar with the Constitution.

</soapbox> :-)

A busy week for the courts

Posted Oct 7, 2004 17:32 UTC (Thu) by fergal (subscriber, #602) [Link]

I agree with everything you say except for one thing. I don't think this is a fair use issue, it is a right to reverse engineer issue. Fair use is more about being able to install the game on multiple machines - home, work etc. I think this is possible with the game, what's not possible is connecting to battlenet from these machines at the same time, which is quite a reasonable and common restriction in the non-Free (as in FSF Free) world. One might say that reverse engineer is just a sub set of fair use but in that case you cannot argue that it is right that has been around for centuries as reverse engineering is a recent thing.

I think the bnet guys were perfectly entitled to do whatever was necessary to create an interoperating server but I think they were wrong to produce software that enabled piracy when it seems they could have prevented it partially or even fully with some extra effort. Yes it would probably have just been a gesture because sufficiently savvy end users could disable it but if they had made that gesture they might not be in their current predicament - although it seems that judge was so confused it wouldn't have a made the slightest difference, surely someone must have pointed out Redhat as an counter example to "open source has no commerical significance".

A busy week for the courts

Posted Oct 7, 2004 18:09 UTC (Thu) by mcelrath (guest, #8094) [Link]

I think the bnet guys were perfectly entitled to do whatever was necessary to create an interoperating server but I think they were wrong to produce software that enabled piracy
They did not set out to "enable piracy". In fact it is extra work for them to prevent piracy. As such, you are arguing that bnetd should be responsible for enforcing Blizzard's copyright. They did not circumvent Blizzard's copyright, rather, they chose not to enforce it. I think that is reasonable.

This is a dangerous path -- requiring all third parties to be responsible for enforcing other people's copyright. It's very similar to the "common carrier" argument used by internet infrastructure companies. This allows them to avoid enforcing other people's copyright.

So, if you want to require other people to enforce my copyright, under what circumstances should that happen? Under what circumstances is it too much of a burden on the third party? There are millions of copyrighted works and it is unreasonable to require anyone except the copyright owner to enforce them all. What about mods and maps? Should bnetd also be responsible for enforcing the copyrights on them in their server?

-- Bob

A busy week for the courts

Posted Oct 7, 2004 18:26 UTC (Thu) by Ross (subscriber, #4065) [Link]

IANAL.

My understanding of fair use does not mean making more than one copy for
multiple machines. That's pretty irrelevant anyway since Blizzard lets you
do that anyway (spawn installs).

Fair use is a right to use a copyrighted work in a way which would
otherwise be copyright infringement, but it does not allow any type of use.

Examples: time shifting a TV show on your VCR, quoting from a newspaper
article to make a point, converting your CD into MP3 format so you can
listen to it while jogging.

There are other doctrines like first sale. You have the right to sell used
books, games, CDs, etc. as if they were new. This would be copyright
infringement (distribution of the copyrighted work without permission)
otherwise.

A busy week for the courts

Posted Oct 7, 2004 18:19 UTC (Thu) by Ross (subscriber, #4065) [Link]

Blizzard tried to make this claim too. The key is encypted now (and has
been since the first patch for StarCraft) with a random number from the
server and the current time on the client. So to a server that doesn't
understand the encryption no two keys look the same, even if they are in fact
the same key.

A busy week for the courts

Posted Nov 2, 2004 9:59 UTC (Tue) by pandaemonium (guest, #25802) [Link]

From a brief look at how things work, one can tell that there must be two seperate CDKey check algorithms.
How I come to this conclusion? It's quite simple.

The first time your CDKey get's checked is when you install the game. So there must be a CDKey check algorithm in the client (or at least the installer software). Now you might happen to have used one of the various (and illegal) CDKey generators that can be found on the web. You can perfectly install the game with such a CDKey and play single player or LAN games.
Now, when you connect to Battle.Net your CDKey is checked a 2nd time. And this time only your valid CDKey from the game's box will pass the check - the one from the CDKey generator will fail (or at least 99.999% of them).

So... What is the conclusion we can make?
There is a CDKey check in the client (or installer) that allows a limited set of CDKeys and there is a check on the Battle.Net servers, that only permits a even more limited subset of those CDKeys.

So the bnetd authors might have been able to reverse the client/installer CDKey check, but what use would it have been of? This check is allready made during install... And without any help from blizzard it's impossible to reverse engineer the check algorithm implemented by the Battle.Net servers themselves...

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds