• Eneryi@feddit.de
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    How can the key still be sold after the chargeback? Is there no way for the devs to deactivate it?

    • Aux@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      Because keys are randomly generated. To block them, you need some cloud infrastructure and force players to always be online. That’s expensive for indy developers and gamers hate online requirements for offline games.

      • Eneryi@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        So if you know how the rng works and have a seed you could, in theory, generate keys that would work?

        • Da_Boom@iusearchlinux.fyi
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Possibly, but doing that also opens up the potential for someone who is not legit to work out the algorithm used and build a keygen for it, then they could sell/distribute keys that shouldn’t exist or keys that already exist.

          Some games only contact the key server once to tell the server that it’s activating the key with X account, then never contacting again, or only contacting again if an internet connection exists. This will prevent the same key activating twice, while also allowing for offline play post installation.

          If a key can be generated, someone could steal a legit key and activate it before the legitimate key holder activates it, which would then result in a “key already activated” error, and a massive headache when the purchaser(s) complains and shows legit receipts.

          This is why keys are usually randomly generated and logged server side at purchase, the key is then handed over to the user via secure connection. This not only allows for key activations, but will also allow the company to revoke the key if needed.

          Most pirates get around this by blocking or spoofing the “activation successful” message and preventing contact with the activation servers.

          Of course this is the general idea behind key and key activations, the true mechanisms are usually more complex than that, especially if a game launcher like steam, ea play/origin or Ubisoft connect is involved, but it all more or less accomplishes the same thing.