GOG Implementing DRM?

There are some very controversial posts on GOG forum, Reddit Linux Gamers and GamingOnLinux about GOG's new password protection for their RAR data containers.

Is this DRM?
Does it break Wine & PlayOnLinux?
Who is it really protecting?

 

Vote on GOG to stop using password protection on installer protection: GOG Vote

 

I have not tested any of the installers that implement this, but the posts I have seen claim that the new installers do not work in Wine. Meaning that GOG games can't be installed through Wine anymore.

I can't see this as anything else than an implementation of DRM in their installers, something they have always claimed they would never do. This is nothing more than adding frustration to paying customers.

 

After reading from all three sites, people against RAR password make some really good points.
Its protecting Pirates from getting malware and restricting anyone who wants the game files for using in an alternate engine DOSBox, ScummV, etc

I'm not sure how GOG developers came to this conclusion because others have mentioned better ways to prohibit access to raw game data.

Not to mention Steam allows access to raw game data for every game, but the DLL's and EXE's have been modified to require Steam.

Why should paying customers be encouraged to pirate Window$ just to install a game from GOG in order to get the raw game data?
DRM free was the BEST benefit of using GOG because the fact you could install the game without their "installer" if you wanted to. Isn't freedom the point of DRM free?

Malware creators will always find another way to use GOG games maliciously.

 

This whole post from GOG staff pretty much sums it up:

-Rars are used for convenience, as they have some features that the old archives lack. For example when making a test build of the game, it's faster for us to update the archives than to repack them from scratch when making small changes for testers.

-Watermarking the installers with username is not planned. One, for ideological reasons, two it's not really technologically feasible.

-Yes, the archives are password-protected. Here's why:

The supported way of installing the games is by using the Installer, which apart from unpacking the files, also creates registry entries, shortcuts, compatibility fixes etc. We want to avoid having the situation, when user will see a unprotected rar file, download and unpack it, and get a "broken" installation, because he didn't use the installer.
There were situations, when users would download just a single part of the installer, or try to unrar it manually (because apparently some browsers detect our new archives as rar files), or even try to open the .bin files with the VLC Video Player.
In such a situation I think it's better to give immediate "it won't work that way" message, rather than allow someone to make a "partial" installation, which may or may not work, without any information.

Another reason - I want to avoid the situation where someone tampers with the archives (let's say adding malware, or some illegal content), and uploads the modified version on torrents. I don't want the GOG Installer installing anything else than it was supposed to, and it doesn't matter how it was obtained.

The Installer is designed mostly for reliability and ease of use for any user. And it's intentionally designed as it is.

Mind you - if you are using the supported installation mode, you don't have to enter the password anywhere. Nor is it in any way dependent on username, or hardware, or anything else. It's more or less hardcoded into the installer (I see you guys already figured out how), as much as the decompression algorithm. You can still use the installer exactly as you could since the beginning of GOG, and install your games wherever, whenever, and however many times you want. It doesn't detect where was it downloaded from either. That hasn't changed at all.

We don't really support installing the game by manually unpacking the archives (for whatever reason you do that). On the other hand, I see you already figured out the algorithm for obtaining the password, so you are still able to do as much. I'm not going to say "Hey, good job hacking into our software guys!", but I'm not going to try and make the password harder either.

Translation:
Instead of creating a single download for our games, we are taking the quicker route for our testers and use a password on all RAR files so we can avoid support tickets for people who can't install the game by opening RAR files instead of the EXE.

Also, we want to avoid support tickets where someone got malware from a GOG game they downloaded somewhere else other than GOG. So we created a password on our RAR files that appears to be hacked already by the community.

 

I just installed Assassin's Creed from GOG. Its version 2.1.0.23 and I verified the .BIN files DO have a password.
Not sure what this means, but the game runs fine

 

It could be that is just fails in older Wine versions. Those who reported that the new installers fail, did not specify which Wine versions were used.

Personally I find it an inconvenience that the new installers prevent extracting the game files as easily as before.

 

well you can still unpack it, the passwords of games are general knowledge
example to unpack:
GAMENAME=neverwinter_nights_diamond_edition

GAMEID=`curl -s -o- http://www.gog.com/game/$GAMENAME | pcregrep --buffer-size 1M -o1 "addToCart\('/cart/add/(\d+)'\)"`

unrar x p`echo $GAMEID | md5sum | cut -d ' ' -f 1` $FILE

 

Wow, 465 votes already!

 

well you can still unpack it, the passwords of games are general knowledge
example to unpack:
GAMENAME=neverwinter_nights_diamond_edition

GAMEID=`curl -s -o- http://www.gog.com/game/$GAMENAME | pcregrep --buffer-size 1M -o1 "addToCart\('/cart/add/(\d+)'\)"`

unrar x p`echo $GAMEID | md5sum | cut -d ' ' -f 1` $FILE

Welcome to the forum
Thanks for the tip loggfreak!

 

If people get a malware for downloading malware files elsewhere I say let them burn. These people are likely pirates, so why protect them and make it harder for their legal customers?

 

Totally agree! I have a feeling its not GOG's intention to protect pirates, but that is a result of their decision. I hope they will protect DRM Free instead, because this is their niche!

 

http://www.gog.com/forum/general/on..._extract_the_rar_innosetup_installers/post470

Read their full response in the link above. I will quote a few paragraphs here:

We’ve heard your concerns regarding this solution and we do agree it could have been better. Although the same could probably be said about many other answers to this problem, it doesn’t mean we shouldn’t try to do better for our community. To that end we will be removing the mentioned archive protection from the select Windows installers that had it until a better solution, both technically and philosophically, is ready. Please continue sharing your suggestions regarding such a solution in this topic - your feedback is very appreciated.

...we cannot guarantee that our installers will never change and will forever remain compatible with each of such unsupported tools. However, it never was and our goal to purposely break compatibility with some third-party extraction tools or emulators used by some of our customers - and, rest assured, it never will be.

 

Awesome! GOG really does care about the community. Only 700 people voted on the subject and that is a small number compared to ALL the GOG gamers. I'm glad they care about their community.

 

I added in another paragraph in my quote. Basically they are saying that they can't promise that their installers will never change in the future and they can't promise that they will continue working on unsupported platforms. But it is also not their goal to break compatibility with extraction tools of emulation software.

So that means that they actually keep wine in mind, not as a goal, but they will probably listen to their customers if their installers were to stop working in wine if they update them in the future.

 

My respect for GOG is even greater! I have always loved their business model.
Its unique and customer friendly.
Their business is for gamers made by gamers