• RonSijm@programming.dev
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    It’ll probably much easier… In the end, Unity needs to call something to let them know there was an install, like http://telemetry.unity.com?game=DiabloImmortal&deviceId=acb-123

    After installing a game locally or on a VM / Sandboxie, someone will figure out how it works… Then you just generate a lot of calls, either call it locally or through a proxylist / botnet - and you have millions of installs.

    • ramble81
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      That brings up a good point. If they were smart they’d encrypt the fingerprint payload so it can’t be easily spoofed. However, I thought I read that this was going to apply to already existing games. So short of the developers (laughably) issuing an update for existing games, how are they going track installs of older games? And that’s probably easier to target for the lulz.

      • chameleon@kbin.social
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Unity aren’t exactly in the DRM business, and there is really no chance they’re going to do something silly like licensing Denuvo for every single one of their clients just to obfuscate a piece of analytics code designed to make them money; stuff’s far more expensive than what they’d earn from it. They’re not going to build something remotely Denuvo-like, the best you can hope for is obfuscation that only has to be cracked once that gets cracked in days.

        My guess is they’re not even going to bother doing HWID-ish nonsense and will just hope that identifiers from the previous install hang around, which will often be the case on Windows PC anyhow (a little more complicated on other OSes). Hitting the uninstall and reinstall buttons in Steam doesn’t do much other than deleting the game’s files and re-running redistributable installers the first time you play the game.

        But on Android/iOS where this is really targeted at, that approach simply doesn’t work. The only stable thing apps can get across a reinstall is the AAID/IDFA advertising identifiers and that can be turned off or changed at will. Either Unity has found a novel solution (which is a one way trip to Apple’s shitlist) or they’re just bullshitting this change to appease the population while not actually changing anything. Since they did their prep work so badly that they couldn’t even answer whether app updates would count, my money’s on the latter.

        • grinde@programming.dev
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Last year Unity merged with ironSource - a “mobile monetization and distribution” company that was once blacklisted by Microsoft for developing and distributing actual malware. I’d assume the tracking is done via a product brought over from that side of the business.

        • greenskye
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          If they do roll it out, there will be a vested interest in actually abusing it purely to highlight the absurdity. The legal fees alone from a company fighting the charges would negate a vast amount of any potential profit.

          Which means they’ll probably drop ‘excessive’ install charges from anyone they think can actually take them to court and will instead focus on gouging smaller companies that can’t fight back.

      • RonSijm@programming.dev
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        well sure, they would probably encrypt the payload, but they’d still have to add the encryption code / key in there to be able to do that.

        It wouldn’t be as easy as just finding the correct url and calling it loads of times, but someone cracking the game would already be deobfuscating and reverse engineering the code anyways patch out the DRM.

        So figuring out how Unity “calls home” and replicating it can’t be too complicated

    • jeeva@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Heck, I was thinking the same but “what do I need to block to ensure unity never sees my installs?”