Don't want to see articles from a certain category? When logged in, go to your User Settings and adjust your feed in the Content Preferences section where you can block tags!
We do often include affiliate links to earn us some pennies. See more here.
GOG has begun using encrypted RAR files in their Windows installers for various games to enhance their security. This however has caused problems for some Linux users.

The new installer format uses password protected RAR files that are encrypted to stop pirates from adding malware to the installer and then spreading that package throught torrents to users. The password protection is also meant to prevent user stupidity where the user would unpack the RAR file without running the installer like it's meant to (on Windows) thus breaking the installation package.
Source

The problems arise when Linux users attempt to use the extraction utility innoextract to unpack the installers of the games without having to use Wine. This is useful when using some versions of Wine that don't support GOG's installers or when you only want to access the game's data files to use them with an alternate game engine. The password protection put in place by GOG effectively prevents innoextract from extracting the package, making users reliant upon GOG's own installers which, like I said, might not work in Wine.

Some users consider this behaviour DRM-ish and against GOG's promise of being a DRM-free game store and they have put up a wishlist entry on GOG to make them revert back to the old installers. You can vote and add your comments here: https://www.gog.com/wishlist/site/dont_slip_into_drm_swamp_stop_using_password_protection_on_installer_packages

Known affected games include games such as Assassins Creed, Wasteland 2, Heroes of Might and Magic 5 and The Bard's Tale along with other games. Note that this doesn't affect Linux packages of the Linux supported games, only the Windows installers. You can also check the full list of games that are affected and also report your findings here:
https://github.com/dscharrer/innoextract/issues/37#issuecomment-67915715

Some Thoughts

The line between DRM and no DRM might not always be absolutely clear. In this case the password protection doesn't prevent you from making copies of your games, as you can just copy the installers around, but it does prevent you from messing around with the installer and makes you depend on their own installer.

But in any case I do side with the crowd against these measures. The way I see it, they are trying to protect pirates from malicious pirates and users from themselves which I find quite ridiculous. Normal user who purchases a game from GOG (on Windows) will most likely go for the big file that contains words like “setup” or “installer” instead of clicking random .bin files. And protecting pirates? Now that is just plain silly. Prevention of malware is of course good but if you are going to pirate games you have to be ready to pay the price of potentially installing something nasty on your system and many pirates are aware of this and throw their anti-virus scanners at every piece of warez they download.

Is preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates? Article taken from GamingOnLinux.com.
Tags: DRM, GOG
0 Likes
About the author -
author picture
I'm a Linux gamer from Finland. I like reading, long walks on the beach, dying repeatedly in roguelikes and ripping and tearing in FPS games. I also sometimes write code and sometimes that includes hobbyist game development.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
28 comments
Page: 1/2»
  Go to:

Imants Dec 30, 2014
Thats why I stopped buying games which do not support Linux by default.

or when you only want to access the game's data files to use them with an alternate game engine
And I am too lazy to do this :). If I can not install game with one ore two clicks I do not bother,

Edit:
As for the password protection I do not see any reason why they could not do with their installer whatever they want as long games stay DRM-free.
StianTheDark Dec 30, 2014
I never use Wine or GOG so it doesn't affect me :)
hardpenguin Dec 30, 2014
Is preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates?
Legitimate? Just pointing out that those 'legitimate' ones want to play games that are not in any way supported for Linux...
StianTheDark Dec 30, 2014
Is preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates?
Legitimate? Just pointing out that those 'legitimate' ones want to play games that are not in any way supported for Linux...

I mean, not supporting Linux is a stupid move and they should do everything they can to make it work on Linux. And if GOG prevents people from playing it in Wine, then they prevent Linux users from playing the game.
neffo Dec 30, 2014
This all seems like a confected outrage. This isn't DRM. And by all accounts it's a trivial matter to bypass. (Why wasn't this mentioned in the post?)

By the sounds of it, this would work:

GAMENAME=neverwinter_nights_diamond_edition

GAMEID=`curl -s -o- http://www.gog.com/game/$GAMENAME | pcregrep --buffer-size 1M -o1 "addToCart\('/cart/add/(\d+)'\)"`

unrar x p`echo $GAMEID | md5sum | cut -d ' ' -f 1` $FILE
Samsai Dec 30, 2014
This all seems like a confected outrage. This isn't DRM. And by all accounts it's a trivial matter to bypass. (Why wasn't this mentioned in the post?)

By the sounds of it, this would work:

GAMENAME=neverwinter_nights_diamond_edition

GAMEID=`curl -s -o- http://www.gog.com/game/$GAMENAME | pcregrep --buffer-size 1M -o1 "addToCart\('/cart/add/(\d+)'\)"`

unrar x p`echo $GAMEID | md5sum | cut -d ' ' -f 1` $FILE
I might have overlooked that bit when I went through the forum thread. Based on the messages I read and the tip that was given to us I got the impression that the password wasn't general knowledge.
pd12 Dec 30, 2014
for authenticity, they could just sign and checksum their files like everyone else?

It seems as if in trying to make a turn-key install process they made it more complicated and harder to install for people who know what they're doing. Not a good sign.
And definitely a breaker for some Linux WINE runners.
aL Dec 30, 2014
for authenticity, they could just sign and checksum their files like everyone else?

Indeed. Just open source your client and use it to authenticate the downloads so clueless people can benefit too...

Easy peasy. This actually makes the teachie guy in gog looks pretty useless. What else is this guy in charge of to be aware?
Bomyne Dec 30, 2014
This is why I only buy games on Steam... Let the Steam client do the installing.
neffo Dec 30, 2014
And definitely a breaker for some Linux WINE runners.

couldn't you just use the GOG installer in wine anyway?

I might have overlooked that bit when I went through the forum thread. Based on the messages I read and the tip that was given to us I got the impression that the password wasn't general knowledge.

it was in the github post (like one post after the one you linked to), not trying to sound like an arsehole here, but i didn't read the thread much either. it just seems like a bizarre change, yes, but the response is completely overblown (like every linux gaming issue).
Ivancillo Dec 30, 2014
This is why I only buy games on Steam... Let the Steam client do the installing.

You seem to not really understand what the topic really is.

GoG supported Linux games are easy to install. That's not the problem.

The thing is about those Windows games that still wern't supported in Linux by GoG but Linux users try to make so by manually extract the assets and running another alternative Linux game engine.

Think about gemRB, scumwm or such.
ssokolow Dec 30, 2014
Is preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates?
Legitimate? Just pointing out that those 'legitimate' ones want to play games that are not in any way supported for Linux...

What about Unreal Tournament? While not a GOG-supported use, buying the Windows version for the resource files and then downloading the Linux port's binaries is a legal, developer-approved way to play it natively on Linux.

(As long as you're willing to take responsibility for writing wrapper scripts to work around things like the original Unreal engine assuming that the CPU's clock speed will remain fixed.)
ssokolow Dec 30, 2014
I should also mention that the RAR password protection is ineffective at protecting against malware.

It's symmetric crypto, so anyone who can gain knowledge of the password (eg. because they know how to breakpoint a file without debugging symbols or they learned to disassemble binaries to write cracks and keygens) can generate a RAR with added malware.

I've already suggested to Gowor that a better approach would be to have the (already signed) EXE do a signature or hash verification check on the RAR. (One of the stated goals was enabling rapid iteration, so maybe embedding a public key in the signed EXE and storing a cryptographically-signed manifest of expected contents in the RAR so it could be updated without rebuilding the EXE)

I also suggested that a much less controversial way to prevent user stupidity would be to replace the 7-byte identifying prefix on the RAR header with some other 7-byte string, since they're already using a modified unrar.dll anyway. (eg. replacing the "Rar!" portion at the beginning with "GOG!")

That way, WinRAR wouldn't recognize it but they could be converted into ordinary RARs by us more technical users with a single line of Python code.

(And, of course, someone else pointed out that, if VLC trying to open BIN files is really that much of a problem, they can come up with their own file extension too.)
Bomyne Dec 30, 2014
This is why I only buy games on Steam... Let the Steam client do the installing.

You seem to not really understand what the topic really is.

GoG supported Linux games are easy to install. That's not the problem.

The thing is about those Windows games that still wern't supported in Linux by GoG but Linux users try to make so by manually extract the assets and running another alternative Linux game engine.

Think about gemRB, scumwm or such.

I run two versions of Steam on my Linux box. The native version, that is responsible for my Linux installs. That version is not the version I am referring to.

The version I am referring to is the one located in a Crossover bottle. My statement still stands. Steam, running under Crossover (Wine) manages the install automatically for me. I have had great success with running Steam in this way, and I do not have to deal with encryption and DRM. Steam manages that... For the most part. Still no luck with UPlay games.
Ignis Dec 30, 2014
And by all accounts it's a trivial matter to bypass. (Why wasn't this mentioned in the post?)
DRM is ineffective, news at 11. Does not mean it's not DRM.
oldrocker99 Dec 30, 2014
View PC info
  • Supporter Plus
As a long-time GOG customer, I will say that this does seem a little DRM-ish to me. Just my two cents' worth.
Hamish Dec 30, 2014
This all seems like a confected outrage. This isn't DRM. And by all accounts it's a trivial matter to bypass ... it just seems like a bizarre change, yes, but the response is completely overblown (like every linux gaming issue).

You do realize that under my country's insane copyright laws bypassing this could be considered just as illegal as pirating the content itself?

Bill C-11 prohibits the circumvention of any access control installed on a work, performer’s performance fixed in a sound recording or a sound recording, even if the work subject to the digital lock is legally acquired.

That alone makes this a very serious issue that GOG is going to have back away from.
Liam Dawe Dec 30, 2014
I don't think anything is being overblown here.

This does smell like small scale DRM, altough it may have good intentions, it doesn't change what it is.

Not impressed by this.
Shmerl Dec 30, 2014
The password method was already discovered by the community. This doesn't make it any better however. Tomorrow they can easily change that method without warning. This is DRM in some way.
Ivancillo Dec 30, 2014
Nevermind.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.