How to make Neocron profitable

[Lexxuk]

This is a long post and something I thought about a little bit, with my reasoning behind my theory too, its a long post with many stages!

Ok, NC cannot really make much of a profit, if any, from its current subscriber base, if, as I've been told, the server %'s is 1%=10 people, at 15% only 150 people are online, whilst that may be enough to pay for the servers and bandwidth, its not going to make billions of pounds for KK. So what is the solution?

Well my idea is rather simple, it frees up KK from expensive developer time, and brings in a way for KK to start to make money from NC, its not really all that complicated, and the idea seems pretty straight forward.

1) Open source the NC2 client - just the client not the server side code.

By opening the client you can free up the paid developers to work purely on server side coding, and into implimenting the rest of my idea. Choose a licence which allows commercial use of the code, but is restrictive enough to allow parts of the code to remain closed source. Set up a "foundation" of developers with a lead developer (Snowcrash) who is fully in charge of all modifications. Using something like git will allow developers to work on changes which can then be tested and if the code doesn't work properly it can be removed rather than being added to the main code base. Before any code is put into the main code base it has to be approved by the lead developer.

My reason for this, by opening the code you will attract people who like to develop stuff, who like to programme and it frees up the KK staff to work on other stuff. An open source FTP client *should* eventually become more stable and more secure, which leads me on to point 2!

2) Once the client is open source, create a list of must do firsts.
The first thing to be done is to work on securing the client. File checks etc. to ensure only a fully patched 100% complete unmodified client is allowed to connect to the game servers, this will prevent people with programming skills from modifying their own OS client to give them an advantage. It could be something as simple as a random check of 15 files before the client is launched, and if the 15 files fail the integrity check the client reports back to the server "this client is trying to launch naughty code! spank them!"

The second thing to work on would be cheat detection, simple checking to ensure that people are not using hacks or any other unfair means in game. The last thing people want when playing a game is for cheats to have an advantage, its not very nice and will put people off with "I aint playing that game, its full of cheaters!"

Other stuff to add with a lower priority, would be stability, adding the "bloom filter", little things like that. Make NC2 the difference that Windows 7 is over Vista, small changes that improve the entire experience. Who knows, maybe one day FRE will be a legend like the Dildo of Maven (btw, can a GM gimme one of them? )

3) The money making part - DLC

This is where KK will start to make money, from downloadable content. The DLC will be the source code that is closed, it will be created by the paid dev's, with input from the forum users. The people who play the game will have the option of spending real money on in game items.
50p items - 25% XP pills, taking this pill will grant you a bonus of 25% XP for 48 hours to a certain stat (INT/STR etc..)

99p items (99p is important, its psychologically better than £1) - 50% XP pills, same as the 50p pill only it grants a bonus of 50% XP over 24 hours. Logging out stops the timer, you can only have 1 pill active at a time, taking another pill will cancel any pill you currently have running, 99p will always over-write 50p, but 50p pills will give a "you cannot use this" message.

£1.99 items - maybe teir 4 gloves in trade skills, giving you a better chance of slots, or slightly increasing XP, making CST/RES/Pokes faster, non-drop and does not take damage -also (importantly) non-tradable.

£3.99 items - uber instanced dungeons with guaranteed uber loot drops, obviously the drops will have to be worth the trouble, new items, a bit better than the current items available, MC5 v2.0 or something, a Pain Easer V3.5, or a mix of both. The dungeons will be hard and require a good team to complete, but only one person needs to buy the dungeon. To stop grief tactics, all loot goes only to the person whos dungeon is it, so its put into a chest at the end of the dungeon which only dungeon owner can open.

The DLC doesn't need to be expensive, it can be very cheap but people will pay for good downloadable content, micro-transactions I believe they are called.

This is where KK will start to make its money on Neocron. People who are going for Woc 10 Dex will happily pay 99p every couple of days if it makes their XP easier to get. And as the client is open source, the developers will be free to concentrate on DLC and server side code.

4) Make an official NC dev centre.

Something like the techhaven wiki place could (if they wanted that is, its just an example!) could become the central area for development of the NC client, hosting bug trackers and what not, a focal area for the community, with the NC forum and the dev centre working together to put into place ideas from the community.

I say techhaven wiki because they already host a lot of information about NC, so in my mind at least would be a good place for looking for information, as well as inputting information.

There could also be Official NC Rep's, unpaid people who have fantastic ideas, like DJ for instance, they could be in charge of looking at ideas for the code base, be it new items, balance issues etc and kind of like a senate, they sit around and discuss the good ideas, the bad ideas, modify them and eventually either reject or accept the ideas and stick them on the to-do list. It makes use of the NC community who are without a doubt, NC's most valuable asset.

===
So, thats my basic skeleton of an idea on how KK can turn NC into a profitable venture, by using the current community to impliment new items, areas, mobs, ideas and what not, and by enticing new people who have an interest in working on the code base to improve the client, make it more secure, hunt down and destroy cheats, give it more stability.

A further off-shoot of that, once the client is open-source, one of the objectives could be to try and remove the reliance on DirectX, so the community of programmers could attempt a port to Linux or OSX (without wine) futher opening the possible client base. It could also attract Linux developers who generally seem pretty good at programming.

My idea kind of hinges on the client being open sourced, as that frees up dev time for the DLC, though if the client is not open sourced, the DLC idea would still be a viable option, but would require a fair bit of time from the dev's to work on the DLC, as well as on the client, and on the payment methods and security and, well, quite a lot of stuff that would be needed.

[Mighty Max]

Sorry to burst your bubble.

If you open up the client as open source, there is NO WAY to make sure only whitelisted clients can connect to the server. The server needs to trust the client to send the correct data to check against the whitelist.

But we now know in which way this check is done AND can build a workaround into the client to fake a whitelisted version for use with ease.

Breaking your (well meant) chain in the first element.

[Seezur001]

If Neocron were to be open sourced, it would ruin the game.

In order for Neocron to have any type of "secure" future, what really needs to be done is a complete rebuild of Neocron using a newer modern engine.

[nobby]

it's easy having DLC, but what happens when the tiny population thinks "Fuck this..." and all finally leave?

I know of no marketing from KK, I've seen NOT a SINGLE advertisement for Neocron 2, except for the PC Zone magazine, in which our twatty community fucked up a potentially good review.

[Lexxuk]

@ Max - All the security can be handled server side, which is closed source, the in built security could also be part of a closed source solution if it was really needed.

The client has to communicate with the server, the server says "ok, check a couple of files for me - pass an MD5 hash please" the client says "sure, two secs... yep they pass!" the server says "great! now run an MD5 check on the checker please" and the client goes "thats failed". It basically runs a check on itself and the server, which only KK has the code to, runs security checks based on the code.

@ Seezur001 - To totally rebuild NC would cost KK millions in investment, money they kind of don't have right now, and a client base that would make such investment impossible. By opening the client it promotes external investment, which in turn would give frequent patches for both stability and security, more items will be added from the community (fire bones? poison resist bones?).

By opening the client and allowing a community to decide on the implimentation of new free content (paid content is controlled by KK) the game itself will expand, which should see new people coming to play, the more people that come to play, the more developers will be drawn in, and the more money KK can make from DLC.

You may even start to get Mech mods, who knows!

[Mighty Max]

@ Max - All the security can be handled server side, which is closed source, the in built security could also be part of a closed source solution if it was really needed.

No it can't. The server will never be able to tell if the client got the shot direction from some algorithm in the client or the player at the mouse.
It can't know if the client suppressed a friendly-fire in chaotic situations.
It can not decide if the client has other "helping hands" build it.
etc etc etc

The client has to communicate with the server, the server says "ok, check a couple of files for me - pass an MD5 hash please" the client says "sure, two secs... yep they pass!" the server says "great! now run an MD5 check on the checker please" and the client goes "thats failed". It basically runs a check on itself and the server, which only KK has the code to, runs security checks based on the code.

You are forgetting that the hash the client returns does not need to be the actual hash, but the (predictable because the algorithm is known or can be easily be captured) hash of the original content. (Not to mention that MD5 is broken just as sha-1)

Even if you use a asymetric encryption and check that, you are giving out the mean to fake it by opening the client up (even when hiding the key as a closed-bin of the open source client)

The only way to ensure you can trust the communication is a Trusted Path. But that apporach has other issues (inclusive this massive no-TPCM movement )

[aKe`cj]

Mighty has some mighty knowledge of this stuff - if he says nay it's most definitly correct

I'd prefer Seezur001's solution anyway - a 'proper', 'lets start this from scratch' redo would be teh win!













...anyone care to provide the 7-8 digit investment?

[Lexxuk]

One MMO has already gone OS but maintains a subscription fee (Ryzom) so that to me would suggest there are ways to secure a client and ensure all the data the client is sending is the correct data.

I guess one way to do it would be certain files are encrypted when the client is built, it then has to go through a check to ensure the files are how they should be.

The built exe instead of NeocronLauncher.exe is Download.exe or something which has to download NeocronLauncher.exe from the FTP and cannot be a modified version, obviously to test the builds Download.exe could connect to a test server and be used as a client, but only the downloaded NC exe could connect to the live servers.

Once the NeocronLauncher.exe is first downloaded, it forces a file check, checking hashes and file size and if any of the files fail the hash or are the incorrect size the Launcher downloads the correct files and the server keeps a note of the files downloaded, every time the client then tries to connect, instead of just connecting it tests the files.

This is the reason why I put secure the client as the number 1 priority, and getting rid of the bits that allow cheating as number 2.

MD5 is broken, I seem to recall something about people allowing any file to have the MD5 of another file no matter what that file may be, so instead of MD5, use one which isn't broken

There will never be a new Neocron, unless Nobby earns billions and decides to be nice and licence a new engine and pay lots of people lots of money :P

[nobby]

Of course I'd buy Neocron...


Just for the fact... "Who'd've thought it... Nobby... wtf... he bought... Neocron?"

[Mighty Max]

One MMO has already gone OS but maintains a subscription fee (Ryzom) so that to me would suggest there are ways to secure a client and ensure all the data the client is sending is the correct data.

No, it just means, that they think they can handle the amount of cheating. Well i don't trust anyone in that direction anymore, esp. not some of the individuals that have played nc

I guess one way to do it would be certain files are encrypted when the client is built, it then has to go through a check to ensure the files are how they should be.

Sure encrypt it. What is the instance that has to decrypt it? Its the client, the thing you just gave to us.
It's like giving me a treasure in a locked box with the key taped under it.

[...]but only the downloaded NC exe could connect to the live servers.

Thats the point: This last point is impossible to ensure. It's a very classic security problem. Known as the Alice = Mallory problem.
No matter what you do, you have to give Alice the method to connect to the server, but then Mallory (the attacker) knows it too.

This renders every security basing on that premise void.

I wish it was not that way, but it is.

[rob444]

Making Neocron open source is suicide :P. The game will be infested with cheaters . There is no secure way, it can always be broken.

You can encrypt data, it'll be decrypted by figuring out the formula or retrieving the decryption key from the client's memory. CRC hashes etc. won't keep the game safe, it can be easily manipulated. There is code shifting but that can be broken as well.

It's better to have all these things than have nothing at all, it slows the hackers down a bit but when it's broken it is broken until a new patch arrives. And by releasing patches all the time just for the cause of slowing hackers down, the hackers can eventually see a pattern in the code and program their noob tool to automatically find the right bits of code and use it for their cause.

I think the best security is on the server side, monitoring each player and see if there is a possibility of an aimbot, teleporting etc... That wont stop hacks like colored models, wallhacks etc. though.

Another good thing is to also monitor the running process' on the system and check for debugging tools etc. and eliminate them. Add debug protection etc.....

[Biglines]

plus, KK has let it known that deals with other companies for writing the damn game in the first place (KK didn't develop nc by itself inhouse) would prohibit opening it up for anyone.. (they were payed to make the game, and a deal that they would be the ones to do further work on it....

or at least that's what I've heard.

as for the checking if the file is correct, wouldn't that be possible with a second client? like punkbuster or something, that checks if the "other" client that is connected is correct? this punkbuster wouldn't be open of course?

[Mighty Max]

IIRC Nid corrected you on that statement allready in a different thread.

NC was developed by KK. There are some assets from outside, but well you don't reimplement another huffman(pak) if you don't need to, do you?

[Asurmen Spec Op]

Sorry to burst your bubble.

If you open up the client as open source, there is NO WAY to make sure only whitelisted clients can connect to the server. The server needs to trust the client to send the correct data to check against the whitelist.

But we now know in which way this check is done AND can build a workaround into the client to fake a whitelisted version for use with ease.

Breaking your (well meant) chain in the first element.

ugh...
You cannot EVER trust your clients, period.
Open or closed, it doesn't matter.
I am shocked as a programmer that you would actually make the assumption that because no one can see your code that data you receive is safe.

Fuck, it isn't even that hard to inject data.
Verify ALL incoming data, sure it slows it down but you should not trust the other side blindly.

[-FN-]

In order for Neocron to have any type of "secure" future, what really needs to be done is a complete rebuild of Neocron using a newer modern engine.

That's where my money is. Take the Unreal 3 engine, redo the Neocron zones one by one, throw in a little SpeedTreeRT, sprinkle a little PhysX in there, rework how zoning itself works a bit to make indoor zonelines make sense (non-campable) and see what can be done with outside zonelines to make it more seamless (if possible), and viola, there you have it.

Neocron: Redux

So... when I win a million dollars and I can drop $750g on the Unreal 3 engine, $10g on development hardware, can hire a graphics artist, and can take a year or three off work, I'll give everyone I knew in NC a free trial