Many games with multiplayer features require Galaxy for those multiplayer features. You can consider this DRM-equivalent if you want. However, every singleplayer game on GOG will work without Galaxy installed, and that singleplayer gameplay will be completely DRM-free in every possible way. (That's at least 99.6% of the games on GOG, but eyeballing the 22 games which don't specify that they're singleplayer games, most of them simply have incomplete metadata, so it's really 99.9% of them.)
To be clear: if you buy Disco Elysium on GOG, download the "offline game installer" without using Galaxy, install it, and run the game on a desert island, it will work (the network requests fail open). But if you try to run the game after removing the bundled dylib/DLL, it will not.
Why do Galaxy-free games ship with a mandatory dependency on Galaxy?
> Why do Galaxy-free games ship with a mandatory dependency on Galaxy?
Because the developer linked the dynamic library in at compile time instead of writing additional code to load it at runtime and disabling/enabling features based on its presence.
You can call it budget limitations, incompetence or lack of respect for the customer. Doubt it's intentional DRM though.
Not quite. You can use Galaxy to download the offline installers (or just do that through the website), but when you install a game through Galaxy, it downloads a special build which it just copies to the right location, without running a separate installer.
The running game can also call out to Galaxy and unlock, or not unlock, ingame content based on what it hears back. It's pretty difficult to imagine a definition of "digital rights management" that doesn't include this.
If we have DRM with some private key, then I guess your idea is I download the game files and some private key and that allows me to run the game.
If I can send you the private key and the game and it allows you to run the game with no further inputs, then the DRM is trivially broken (even without open source).
If it does some online check, then if the source is open we can easily make a version that bypasses the online check.
If there is some check on the local PC (e.g. the key only works if some hardware ID is set correctly), we can easily find out what it checks, capture that information, package it, and make a new version of the launcher that uses this packaged data instead of the real machine data.
If you use a private key to go online and retrieve more data, having it be open source makes it trivial to capture that data, package it, and write a new version of the launcher that uses that packaged data.
Basically, DRM requires that there is something that is not easy to copy, and it being open source makes it a lot easier to copy.
- the game payload is sent to you encrypted using the public key of a secure enclave on your computer
- while the game runs all its memory is symmetrically encrypted (by your own CPU) using a key private to that secure enclave. It is only decrypted in the CPU's cache lines, which are flushed when the core runs anything other than the game (even OS code)
- the secure enclave refuses to switch to the context in which the CPU is allowed to use the decryption key unless a convolution-only (not overwriteable with arbitrary values) register inside itself had the correct value
- the convolution-only register is written with the "wrong" value, by your own computer's firmware, if you use a bootloader that is not trusted by the DRM system to disallow faking the register (ie, you need secure boot and a trusted OS)
That doesn't seem to fit in any of your models. There's no online check, you can't send someone else the key because it's held in hostile-to-you hardware, you can't bypass the local-PC check because it's entirely opaque to you (even the contents of RAM are encrypted). You can crack into a CPU itself I guess?
I don't think the mechanism of the DRM being open source helps with the copying AT ALL in this design.
This design is, by the way, quite realistic: most modern CPUs support MK-TME (encrypted RAM mediated by a TPM) and all Windows 11 PCs have a TPM. Companies just haven't gotten there yet.
There is no DRM on GOG.
https://www.gog.com/blog/what-exactly-is-drm-in-video-games-...
I guess depends what you consider DRM, some games appear to have problems
https://www.gog.com/wishlist/site/label_the_games_that_have_...
Last I checked, there is loads of DRM on GOG and most of the games that have it, force you to use Galaxy.
Many games with multiplayer features require Galaxy for those multiplayer features. You can consider this DRM-equivalent if you want. However, every singleplayer game on GOG will work without Galaxy installed, and that singleplayer gameplay will be completely DRM-free in every possible way. (That's at least 99.6% of the games on GOG, but eyeballing the 22 games which don't specify that they're singleplayer games, most of them simply have incomplete metadata, so it's really 99.9% of them.)
Depending on the launcher does not imply DRM. It could be a features-dependency to make the old games working or just allow certain features.
Really? What games are those? I've not encountered a single one :/
6 replies →
And we have always been at war with Eurasia.
Yet the standalone offline installed games won't run without libgalaxy.dylib (Mac) or Galaxy64.dll (Windows) which is responsible for outbound connections to https://galaxy-log.gog.com and https://insights-collector.gog.com?
To be clear: if you buy Disco Elysium on GOG, download the "offline game installer" without using Galaxy, install it, and run the game on a desert island, it will work (the network requests fail open). But if you try to run the game after removing the bundled dylib/DLL, it will not.
Why do Galaxy-free games ship with a mandatory dependency on Galaxy?
> Why do Galaxy-free games ship with a mandatory dependency on Galaxy?
Because the developer linked the dynamic library in at compile time instead of writing additional code to load it at runtime and disabling/enabling features based on its presence.
You can call it budget limitations, incompetence or lack of respect for the customer. Doubt it's intentional DRM though.
[dead]
Famously so. The main method of deployment was an offline installer before they made Galaxy, and AFAIK Galaxy just downloads and runs the installer.
Not quite. You can use Galaxy to download the offline installers (or just do that through the website), but when you install a game through Galaxy, it downloads a special build which it just copies to the right location, without running a separate installer.
No, it doesn't use offline installers. Source: worked on that in the past.
https://content-system.gog.com/
The running game can also call out to Galaxy and unlock, or not unlock, ingame content based on what it hears back. It's pretty difficult to imagine a definition of "digital rights management" that doesn't include this.
3 replies →
Why? Can't DRM be implemented in open source, and only have private keys kept secret?
If we have DRM with some private key, then I guess your idea is I download the game files and some private key and that allows me to run the game.
If I can send you the private key and the game and it allows you to run the game with no further inputs, then the DRM is trivially broken (even without open source).
If it does some online check, then if the source is open we can easily make a version that bypasses the online check.
If there is some check on the local PC (e.g. the key only works if some hardware ID is set correctly), we can easily find out what it checks, capture that information, package it, and make a new version of the launcher that uses this packaged data instead of the real machine data.
If you use a private key to go online and retrieve more data, having it be open source makes it trivial to capture that data, package it, and write a new version of the launcher that uses that packaged data.
Basically, DRM requires that there is something that is not easy to copy, and it being open source makes it a lot easier to copy.
How would you define it if:
- the DRM/delivery software is open source
- the game payload is sent to you encrypted using the public key of a secure enclave on your computer
- while the game runs all its memory is symmetrically encrypted (by your own CPU) using a key private to that secure enclave. It is only decrypted in the CPU's cache lines, which are flushed when the core runs anything other than the game (even OS code)
- the secure enclave refuses to switch to the context in which the CPU is allowed to use the decryption key unless a convolution-only (not overwriteable with arbitrary values) register inside itself had the correct value
- the convolution-only register is written with the "wrong" value, by your own computer's firmware, if you use a bootloader that is not trusted by the DRM system to disallow faking the register (ie, you need secure boot and a trusted OS)
That doesn't seem to fit in any of your models. There's no online check, you can't send someone else the key because it's held in hostile-to-you hardware, you can't bypass the local-PC check because it's entirely opaque to you (even the contents of RAM are encrypted). You can crack into a CPU itself I guess?
I don't think the mechanism of the DRM being open source helps with the copying AT ALL in this design.
This design is, by the way, quite realistic: most modern CPUs support MK-TME (encrypted RAM mediated by a TPM) and all Windows 11 PCs have a TPM. Companies just haven't gotten there yet.
1 reply →
This is factually incorrect. GOG famously has no DRM.
Try checking on the facts first. GOG famously has a slogan that says they have no DRM. They are lying in their slogan.