The company has tweaked its policy to counter potential "install-bombing" and clarified how titles on Xbox Game Pass and similar services will be impacted.
It'll probably much easier... In the end, Unity needs to call something to let them know there was an install, like http://telemetry.unity.com?game=DiabloImmortal&deviceId=acb-123
After installing a game locally or on a VM / Sandboxie, someone will figure out how it works... Then you just generate a lot of calls, either call it locally or through a proxylist / botnet - and you have millions of installs.
That brings up a good point. If they were smart they'd encrypt the fingerprint payload so it can't be easily spoofed. However, I thought I read that this was going to apply to already existing games. So short of the developers (laughably) issuing an update for existing games, how are they going track installs of older games? And that's probably easier to target for the lulz.
well sure, they would probably encrypt the payload, but they'd still have to add the encryption code / key in there to be able to do that.
It wouldn't be as easy as just finding the correct url and calling it loads of times, but someone cracking the game would already be deobfuscating and reverse engineering the code anyways patch out the DRM.
So figuring out how Unity "calls home" and replicating it can't be too complicated
It'll probably much easier... In the end, Unity needs to call something to let them know there was an install, like
http://telemetry.unity.com?game=DiabloImmortal&deviceId=acb-123After installing a game locally or on a VM / Sandboxie, someone will figure out how it works... Then you just generate a lot of calls, either call it locally or through a proxylist / botnet - and you have millions of installs.
That brings up a good point. If they were smart they'd encrypt the fingerprint payload so it can't be easily spoofed. However, I thought I read that this was going to apply to already existing games. So short of the developers (laughably) issuing an update for existing games, how are they going track installs of older games? And that's probably easier to target for the lulz.
well sure, they would probably encrypt the payload, but they'd still have to add the encryption code / key in there to be able to do that.
It wouldn't be as easy as just finding the correct url and calling it loads of times, but someone cracking the game would already be deobfuscating and reverse engineering the code anyways patch out the DRM.
So figuring out how Unity "calls home" and replicating it can't be too complicated