Ok, I've decided that if I'm gona push my way into game development I'd better lose my "everything should be freeware if it's not worth $30" and start developing shareware games.

Here are the things I'm gona discuss.

Registration
Payment
Securing Payment methods
User Based Security


Registration
Now, I want to develope my own registration system.

It would require a patch that was specific.
Basicly I would create an MD5 per-download, then when the user registered it instead of a number they would get a patch.

The patch would then be read by the program and cross checked with the MD5.
I don't see how anybody could easly hack this. and they couldn't provide a "SomeUser" "SomeUser Reg Number"

They would have to know the exact MD5 which would be sent only in a secure channel.

I would then auto-genarate the patch and send it to them.

Everything would be automated and I could probably have PHP auto-genarate the patch.
(gota talk to Mike about command line stuff...)

The specifics of the auto-genaration would be that I compile a patch on my server (system PHP function?)

I would then e-mail it to them as an attachment or provide it for download.
Once they download it I'll recive a notice with a username and then if they accedently don't download the entire patch I can re-auto genarate there patch for them.

The hard part is changing the MD5 Per-download.

Now... Is this a good way or not?
I'm not worried about how long it will take to make all that.


Payment
How would I provide payment?
ThemsAllTook said not to use PayPal, and I am NOT going to use Esellarate.

Reason I'm not using Esellarate?
I hacked it using APE. I didn't succsesfully hack it because I couldn't compile the APE module.
(I won't go into detail because it would make it way to easy for people to copy what I tryed)


So how would I?
I would like it if I could stay away from credit cards. On my part.
It would be wonderful if I could transfer the money into a bank acount.



Secure Payment Methods

How would I securly make a payment method?
I don't mind an application based payment method or online forms.

I just have no idea how to set up a secure connection to any website.
Will I need a special host? or can I configure it myself?


User based Security
I want to make it secure on the users side also.

Is there anything I need to do to make it secure like in dialogs?
SpyWare probably won't be on a mac so I'm not worried about that.
But, what happens if somebody loggins through a network and can see sent data?

I could probably in theory make an APE module that viewed nib text areas.
(probably a function that they could easly hijack)





Thanks guys!
(I'll probably edit this a few times over to make it more correct)

P.S. I've studied networking in an MMO game. But not networking security :\
I'm also would prefer an online based payment system over one that's in-game.

How would I provide payment?
ThemsAllTook said not to use PayPal, and I am NOT going to use Esellarate.

Reason I'm not using Esellarate?
I hacked it using APE. I didn't succsesfully hack it because I couldn't compile the APE module.
(I won't go into detail because it would make it way to easy for people to copy what I tryed)


So how would I?
I would like it if I could stay away from credit cards. On my part.
It would be wonderful if I could transfer the money into a bank acount.

You will almost certainly have to use one of the people who accept payments for you, such as Paypal. You'll just have to search for one that you like. And if you don't accept credit cards, I would bet that you are shooting yourself in the foot. Nobody wants to write and mail a $10 check, and then wait a week for the registration information.



Secure Payment MethodsHow would I securly make a payment method?
I don't mind an application based payment method or online forms.

I just have no idea how to set up a secure connection to any website.
Will I need a special host? or can I configure it myself?
Use a service. If you want to set up your own secure host, you need to get Apache with mod-SSL (or some other SSL enabled webserver) up and running, then you have to generate a host key, then you have to pay a CA to sign it for you (anyone know how much this costs?) and then finally you need to set up a frontend to grab card numbers. Then, in the backend, you have to verify and charge cards. It's a pain. Get someone else to do it for you.


User based Security
I want to make it secure on the users side also.

Is there anything I need to do to make it secure like in dialogs?
SpyWare probably won't be on a mac so I'm not worried about that.
But, what happens if somebody loggins through a network and can see sent data?

I could probably in theory make an APE module that viewed nib text areas.
(probably a function that they could easly hijack)





Thanks guys!
(I'll probably edit this a few times over to make it more correct)

P.S. I've studied networking in an MMO game. But not networking security :\
I'm also would prefer an online based payment system over one that's in-game.

Don't worry too much about registered users cheating yet, first get a game up and going. You need users to worry about. Also, people WILL find a way to cheat. It takes massive resources to stop people from doing so, and even the largest companies have trouble still. Many have simply degenerated into banning everyone who cheats ASAP (Xbox LIVE anyone?)

You don't have the budget, experience, or time to waste trying to stop all cheating. Make your game fun and profitable first.

You will almost certainly have to use one of the people who accept payments for you, such as Paypal. You'll just have to search for one that you like. And if you don't accept credit cards, I would bet that you are shooting yourself in the foot. Nobody wants to write and mail a $10 check, and then wait a week for the registration information.

No, No, No...
I want them to use a credit card or the like. I don't want "me" to use a credit card.

I've seen a couple credit cards where you could transfer money to them.
I want the money to go into a bank acount or something like that.




Use a service. If you want to set up your own secure host, you need to get Apache with mod-SSL (or some other SSL enabled webserver) up and running, then you have to generate a host key, then you have to pay a CA to sign it for you (anyone know how much this costs?) and then finally you need to set up a frontend to grab card numbers. Then, in the backend, you have to verify and charge cards. It's a pain. Get someone else to do it for you.


What's a CA?
Well, I just want to develop one system and then that's it.
Put that system into each one of my games and then if somebody hacks it I just change it.


Don't worry too much about registered users cheating yet, first get a game up and going. You need users to worry about. Also, people WILL find a way to cheat. It takes massive resources to stop people from doing so, and even the largest companies have trouble still. Many have simply degenerated into banning everyone who cheats ASAP (Xbox LIVE anyone?)

I'm afraid of people stealing information from there computer.
I could easly use a non-secure system and then get sued.


You don't have the budget, experience, or time to waste trying to stop all cheating. Make your game fun and profitable first.
Normal cheaters that use cheat clients... Easy... variable offsetting, pointer value indexing (whatever you think that means... it doesn't mean that, and data encryption.

The hardest cheaters are APE modules or the like.

But like I said. I'm not worried about this.
I'm worried about people giving there credit card number to the wrong people.


Thanks so much!

Then, in the backend, you have to verify.....cards.

I belive this is easly possible with JavaScript or PHP. can't remember which.

I'm a pretty fast web developer...
And I know my way around PHP/JavaScript...
(man! I love the explode function in PHP)

I'm sorry, I'm not getting exactly where you are going with the security stuff. Your game really shouldn't store any personal information at all... I'm tired, so it's probably blatantly obvious. I'll pass the ball to someone else for that one.

And a CA is a certificate authority - they are the ones who verify that certificates for secure websites (those beginning with https://) are actually owned by the proper company. Lots of heavy crypto there... it's actually pretty cool, just a darn shame that it has to rely on the CAs who are basically out there to make money... :(

I'm afraid I'm not following you either. That said...

You're crazy if you think you can develop a system that rivals Esellerate, Kagi, PayPal, etc. No system is perfect; they all have flaws. Pick one and go with it.

Also, I'm not understanding your patch-with-MD5 system. How does this prevent someone from, saying, redistributing an already-patched binary?

Also, I'm not understanding your patch-with-MD5 system. How does this prevent someone from, saying, redistributing an already-patched binary?


Hmmm.... Good idea... :sneaky:
Give me a few days I'll think of something. :ninja:


You're crazy
I know... ;)


if you think you can develop a system that rivals Esellerate, Kagi, PayPal, etc. No system is perfect; they all have flaws. Pick one and go with it.
But those aren't for shareware games in specific.
It shouldn't be to hard to create a simple program.

I'm about to look at Kagi... it looks nice.
But I know the dark side of shareware cracking.
Esellarate... No.
PayPal... No.

Kagi... (just a sec)

Our online store solutions include all the features you require to customize your storefront, list and describe your products, design robust order pages and use complete shopping carts. Importantly, we provide all the payment processing as the merchant of record. This means that your customers are instantly able to buy your products with credit cards, debit cards, cash, checks and money orders from around the world with all the security and safeguards you expect and require.

Yay! Cash!

So far Kagi looks like the transfer for me.
I'll look and see how the money is transfered to me.


:bored:


I'm sorry, I'm not getting exactly where you are going with the security stuff. Your game really shouldn't store any personal information at all... I'm tired, so it's probably blatantly obvious. I'll pass the ball to someone else for that one.


:???:

User side security.
And Server side security.

The server side security would be SSL and the like.
The user side security would be something like password dotting... But that's not enough... Isn't there a way to put a program in a secure state?



:bored:


g'night guys!
Thanks!

1. What happened to serial numbers? don't bother with advanced techniques because if someone really wants it they will just hack it or find someone else who hacked it. Just keep a blacklist of serials inside the game and have silent updates.

2. I would suggest eSellerate or Plimus. I love esellerate except for the fact that their commission rates are ******** (I get 10% until I hit 15K in sales then they raise it to 15%). Because of this I use Esellerate for GL Golf and Plimus for my other games, that way I can stay in the 10% bracket and still take advantage of their integrated eSeller and good service.

Good Luck with the shareware business, whether you sell 1 copy a week or 10 a day I think you will find it very fun and rewarding.

1. What happened to serial numbers? don't bother with advanced techniques because if someone really wants it they will just hack it or find someone else who hacked it. Just keep a blacklist of serials inside the game and have silent updates.

I didn't even know about LimeWire or BitTorrent till just recently.
If I can't think of anything then it wouldn't be practical to have patches.
Silent updates sounds good though :D
I just gota get info on Kagi (sent them e-mail) and then I'll think about what game to develop.



2. I would suggest eSellerate or Plimus. I love esellerate except for the fact that their commission rates are ******** (I get 10% until I hit 15K in sales then they raise it to 15%). Because of this I use Esellerate for GL Golf and Plimus for my other games, that way I can stay in the 10% bracket and still take advantage of their integrated eSeller and good service.

Like I said, I'm not gona go with eSellarate.
Kagi looks like the thing for me.


Good Luck with the shareware business, whether you sell 1 copy a week or 10 a day I think you will find it very fun and rewarding.

Thanks :cool:

May I humbly suggest not putting the carriage before the horse - put the full force of your energies in dev'ing a game worthy of all of us registering - and only when you see something coming together start investing time into copy protection.

>>
I'm not worried about how long it will take to make all that.
<<
holy crap I would.

Keep in mind also that not everyone will have an always-on fast connection to the Internet...

May I humbly suggest not putting the carriage before the horse - put the full force of your energies in dev'ing a game worthy of all of us registering - and only when you see something coming together start investing time into copy protection.

>>
I'm not worried about how long it will take to make all that.
<<
holy crap I would.

:-P....
Unless it takes me over two months then I'll be worried...
I'm working on an shareware reg. type that will stop pirating except from program to program... (at least stop it from p2p programs)


Keep in mind also that not everyone will have an always-on fast connection to the Internet...
I'm not going for the... Super Mario bros. type shareware...
Probably networked... so it would require fast internet.
(or at least 56k dialup)

Along the same lines, I have a question: when I finally release something as shareware, I'd like the key-code based on a random number generated from the seed coming from their name. How consistent are the random number generators? Basically, if I use the same seed, will the srandom/random functions in C give me the same numbers in Mac/Windows/Linux, and will PHP give me the same number? (for online registering) Or does everybody have their own algorithm and have different numbers?

The same seed will produce the same random numbers for the standard library random functions. I would assume it's cross platform if it's the same algorithm, but there's no guarantee of that and you'd better check.

Use a mersenne twister http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html

The same seed will produce the same random numbers for the standard library random functions. I would assume it's cross platform if it's the same algorithm, but there's no guarantee of that and you'd better check.

On MS Visual C++ 6, rand() returns 16 bit numbers (RAND_MAX = 65536), unlike most other implementations. Maybe they fixed that on .Net?

Use a mersenne twister http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
Thanks! Since the source is available (and short), I could probably put that in PHP and have the system I want.

No time to read all the posts, I assume KAGI was brought up. Here are further links to explore:

http://www.digibuy.com/
http://www.regnow.com/
http://www.bmtmicro.com/
http://www.regsoft.com/index.shtml
http://www.digitalcandle.com/
http://www.shareit.com/index.html
http://www.emetrix.com/
http://www.esellerate.net/

Besides PayPal.com, here are some alternatives:

http://authorize.net/
http://2checkout.com/
http://paystorm.com/
http://www.ccavenue.com/
http://www.paymentonline.com/
http://www.cybercash.com/
http://www.worldpay.com/sg/
http://www.moneybookers.com/
http://www.psigate.com/

Cheers,

No time to read all the posts, I assume KAGI was brought up. Here are further links to explore:

http://www.digibuy.com/
http://www.regnow.com/
http://www.bmtmicro.com/
http://www.regsoft.com/index.shtml
http://www.digitalcandle.com/
http://www.shareit.com/index.html
http://www.emetrix.com/
http://www.esellerate.net/

Besides PayPal.com, here are some alternatives:

http://authorize.net/
http://2checkout.com/
http://paystorm.com/
http://www.ccavenue.com/
http://www.paymentonline.com/
http://www.cybercash.com/
http://www.worldpay.com/sg/
http://www.moneybookers.com/
http://www.psigate.com/

Cheers,

Carlos, do you keep a big list of links somewhere? It seems that you often post a load of links like that. If so, you might want to make them available somewhere :-).

-

Now, I might not sell much shareware, but from my experience Kagi are great. It takes a little while to set stuff up and get used to their interface. Also, they have a few bits that should really be automated but aren't. But once you have an app set up, it's great.

About your security worries:
Firstly, don't.
Secondly, stop trying to remake the wheel. Just use Serial Codes like everyone else :-).
Thirdly, If you're worried about getting sued then put a disclaimer in the installer.
Fourthly, stop trying to make it *unhackable*. It is going to be hackable, whether you like it or not.
Fifthly, make the game before you make the registration system. In just the same way as you make the gameplay before you make the menu screen.

Just contact a server and check how many unique computers are using the seria number. Have it lock down all games after 3 or so, but warn them not to instal it on more than 1. That way nobody gets ripped off, including you. Unless someone patches your game using a disassembler you're safe. And what about the people without internet? They'll live.