GOG.com has moved away from inno’s own compression to storing a password-protected RAR archive inside their installers; a move that brought a lot of complains from various GOG users. According to fans, this new decision to include password-protected RAR files is basically a form of DRM, something that is against what GOG really stands for. On the other hand, GOG.com’s developer ‘Gowor’ shed some light on what exactly is currently going on.
According to Gowor, the archives are password-protected because the GOG.com team wanted to avoid the situation where someone tampers with the archive and uploads it to a torrent site, and because the team wanted to avoid the situation of ‘when user will see a unprotected rar file, download and unpack it, and get a “broken” installation, because he didn’t use the installer.’
“There were situations, when users would download just a single part of the installer, or try to unrar it manually (because apparently some browsers detect our new archives as rar files), or even try to open the .bin files with the VLC Video Player.
In such a situation I think it’s better to give immediate “it won’t work that way” message, rather than allow someone to make a “partial” installation, which may or may not work, without any information. “
Gowor claimed that the Installer is designed mostly for reliability and ease of use for any user, and that most users won’t be affected by those password protected files (as the Installers never ask gamers to insert a password).
As Gowor added:
“Mind you – if you are using the supported installation mode, you don’t have to enter the password anywhere. Nor is it in any way dependent on username, or hardware, or anything else. It’s more or less hardcoded into the installer (I see you guys already figured out how), as much as the decompression algorithm. You can still use the installer exactly as you could since the beginning of GOG, and install your games wherever, whenever, and however many times you want. It doesn’t detect where was it downloaded from either. That hasn’t changed at all. “
Of course this decision to move to password protected RAR archives comes with a price. This new method now prevents the use of tools such as innoextract to dump installer contents. By a number of users, this was the go-to method to set up games with DOSbox/emulators/ScummVM/Freespace 2 on phones, Linux and other platforms.
Users have already figured out ways to gain the passwords for GOG.com’s password protected RAR archives, so at least there is a workaround for those few who are affected by it.
Gowor concluded:
“We don’t really support installing the game by manually unpacking the archives (for whatever reason you do that). On the other hand, I see you already figured out the algorithm for obtaining the password, so you are still able to do as much. I’m not going to say “Hey, good job hacking into our software guys!”, but I’m not going to try and make the password harder either.”
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email
People are just LOOKING for reasons to complain now arent they? Wow.
I think some people view DRM and encryption as kind of like an STD. They want their games to be clean.
Games should be “clean.” This is not DRM.
People do complain about everything…
DRM protections gets cracked and GOG thinks a password can protect from hackers/crackers?? really GOG! -_-
It just prevents the pirates from archiving from the installer file. They can still share it and download it. It mainly prevents people from tampering with the installer. This is kinda redundant if I’m understanding correctly.
This is less adding DRM and more of prevention of file tampering. It is like when a game doesn’t have mod support. You can only install the file the way it is meant to be installed. I am personally not affected or care, but if removing the password makes others happy why shouldn’t GOG do that? I mean can’t you still put the installer on a flash drive and copy it on your friends computer?
how does that prevents tampering when hackers make custome installers for games with uber drm in them, let alone steam, ripping games from steam and make custom installers with emulation is not easy, people think it is becuse all games end up that way.
I didn’t say tampering with game files, just the installer they use. The person who shares the software illegally would install the game, then repackage it using their own installer, or simply share the original install file.
so it doesnt do crap, thats why i dont get why they even bother with it anyway.
I have no idea. It is quite redundant.
Gowor’s statements seemed to imply that he saw using RAR encryption as a substitute for checking hashes or digital signatures, so it should be possible for anyone who gets the password to inject malware into the RAR without the GOG-signed installer complaining.
As for limiting users, what if I want to play Duke Nukem 3D with enhanced graphics via EDuke32 (or enhanced Dungeon Keeper via KeeperFX) without having to install, copy files, uninstall, and hope the uninstaller didn’t leave anything behind?
GOG tries to use the same tech for all their installers so these encrypted RARs will eventually come to those games too.
I’ve actually written a detailed post explaining how to accomplish Gowor’s stated goals properly AND without annoying skilled users:
https://www.gog.com/forum/general/tech_gog_new_windows_installer_a_technical_thread/page2
i know right? Crackers rip game and updates off steam and make custom repacked installers.
Wtf does a password do?
how the mighty have fallen. oh wait, gog has always been terrible. remember when it was found out a game of there was a pirated version and had a crack on it and was distrusted?
now they went full drm… lol. this does nothing to deter pirates and only adds complications to buyers. drm free my a*s.
what stops it from being repacked? nothing. its just drm.
Yeah thats what i want to know as well, how does this stops anything? Crackers rip game and updates off steam and make custom repacked installers.
What does this do exactly to protect the files? It is just a password.
It’s not intended to stop anything other than a failed installation. This isn’t DRM.
you dont have the game installed yet on your laptop.
you go on a trip and have no wifi to check out what the rar file password is.
drm has f`d you out of your purchased game, whese as the earlier gog installer didnt require a drm password.
please feel free to try to troll me further you shill.
Their reasons for adding this don’t make much sense, or he’s not explaining it well. Why should it force users to use the installer? What else is that installer doing other than “extract files here/ there”?
Sometimes, adding registry keys that the game needs to run properly… but there are better ways to prevent unskilled users from doing broken installs.
(Or, since it’s wasted support time he’s worried about, he could write a minimal dxdiag-like tool which checks the install for correctness and then require that its output be attached to support requests.)
Generally, DRM or other form of protection never helped anyone. Not company to make better sales nor customers! It only cause potential problems!
you went full re**rd…
you just went full shill. do you do it for free? or are you paid per every certain amount of posts?
upvoting yourself is a shill thing to do.
lol which game?
I heard ubisoft patched vegas 2 crashes with a crack.
arcanum i believe.
It meets the definition of DRM given by TheEnigmaticT who was, until August, the “GOG Marketer Guy”.
DRM is explicitly a class of technologies that attempt to control the utility of a digital work after sale. Regional pricing, by the definition of it, is something that clearly works before (or possibly, you could argue, during) sale. Further, once you have purchased the game with regional pricing, you are free to do as many things with it as anyone else in the world is, so we’re not attempting to limit your post-sale utility of your files. That’s why I say it’s not DRM. –http://www.gog.com/forum/general/announcement_big_preorders_launch_day_releases_coming/post4015
Also, RAR encryprion is symmetric crypto (which can’t be used for authenticity verification) and, to the best of my knowledge (given what Gowor said and didn’t say about its purpose), it’s currently relying on it as a substitute for hash-checking or digitally signing the RARs. It should be possible to inject malware without tripping any alarms.
“according to fans,” John?
According to some fans who have no idea of what they’re talking about.