You have the worst reading comprehension I have seen in a while. I just explained why it DOES NOT disprove you and lash out at me for being desperate to disprove you.
Exactly :). I have already suggested we use such empirical testing. (but didn't go into as much detail as you did in explaining the exact methodology since its rather obvious).

Only reason I haven't done so already is because I have been having trouble getting fiddler to work for some reason.

According to the original poster MoW doesn't function without the server - when played offline it gave an error message and he had to be online to access it.

This also applies to the NWN1 Premium Modules outside of the Kingmaker pack - try playing them on an offline PC and they will hang on the activation screen (well, at least 10 minutes before I gave up on them).

If the games cannot work offline, then they cannot work without an activation server either. That server may be generating "OK, go ahead" messages to all and sundry for now, but it still means people losing access when it gets shut down for good.
As the games don't function without access to the DRM server, removing the check should be perfectly within the limits of the agreement reached. For that matter, bug-fixes should be covered too. Only adding new features would qualify as making these titles "more competitive" and even that would depend on the specifics.
I think a more appropriate question to ask is whether Hasbro would bother taking anyone else on over this. Their main aim was to recover publishing rights from Atari (achieved) and they did agree to allow previous titles to remain available (subject to the restrictions discussed previously). That suggests they either see them of lesser importance or are sensitive to the negative PR that removing (generally) well-regarded games would generate.

Actually, while you DO need to be online, the other premium mods run fine without the authentication server. Go ahead and install one. You will receive a message that you can't connect to the master server, and it will offer to let you play the demo. Decline the demo. Wait a few moments for the authentication to time out. You will then be able to play normally. Regardless of Taltamir's asserions to the contrary, the official word from Bioware is that the authentication servers are down, and this remains the consensus of the NWN community at BSN.

You would be right in regards to MoW if it was tied to the same master server as NWN1 and NWN2, but it's not. The Mow DRM is completely different from NWN2. It was developed by Atari, and it authenticates on their server. That server is chugging along quite nicely, and even if it failed Hasbro could easily, and rightly, assert that Atari would be in a position to fix it without changing their game code.

I have absolutely no doubt that Hasbro would leap at any chance to finish off Atari. While it may be over an old game, Atari remains a viable target for litigation.

Hasbro did not allow them to retain any rights to pre-existing titles out of the kindess of their hearts. The courts ordered it, and Hasbro was not happy with that part of the decision. When Atari realized they were going to lose this case they adopted a stalling strategy and frantically milked the D&D licence for all it was worth. Can you say "Daggerdale"? They knew the courts would most likely let them keep the titles already released. They tried desperately to get NWO finished in time to get it released before a decision was rendered.

Hasbro was outraged by this strategy. They felt that all of Atari's profits and titles since the Nameco/Bandai incident should be forfeit, and that was a pretty big stack of coin.

Hasbro COULD have let them finish NWO and profited by it, but they were so pissed that once they had recovered the video game rights to the DnD IP they refused out of sheer spite. This forced Atari to dump Cryptic Studios at a fire-sale price to Chinese MMO developer Perfect World.

There's a LOT of bad blood between these two companies and a crap-load of money invested in the dispute. Hasbro has lawyers on retainer, and while Atari's pockets may not be that deep, they do have assets that Hasbro would delight in seeing liquidated and that would more than pay for any legal costs they might run up.

In order to try to resolve the matter of whether the NWN authentication server is really not doing anything or if it actually does something I did some experimental analysis of the data exchange happening between the game and the remote server at the moment you try to play one of the premium modules for the original NWN1 (the ones that do need to authenticate online, such as Infinite Dungeons). Actually, the authentication server appears to be anything *but* down - there's still a valid authentication request coming from the game that does indeed receive an appropriate response from the remote server (I won't go into the details of the packet exchange for obvious legal reasons, but I can only say that both the request *and* the response indeed contain a valid encoded message without which there is *no* way to activate the module, because the data received from server is then used to decrypt the module. The scheme used indeed appears to be quite complex and the request-response pair is apparently unique every time). Blocking this exchange in any way (no matter if you just disconnect from the Internet *or* redirect the master server address to localhost *or* even write your own server emulator which implements everything except the authentication request/response part and run it locally) will result in the game *not* allowing you to activate the module and just staying in the "Please wait or play the demo" screen forever. The game keeps repeating the request to the server every couple seconds until it receives a valid response or until the user cancels out or opts to play the demo.

It appears that the authentication server in its current state simply doesn't check the request against any CD key database and instead authenticates *all* incoming requests, but it is indeed alive as far as sending out responses is concerned. If that part of the server ever dies or goes offline, the modules will become unplayable.

I'm not sure if NWN2:MoW scheme is the same, similar, or different from the one used above, but if it is at least remotely similar, then the basic principle is the same and it still relies on the server-side software sending a valid response.

If you still don't believe me, just see for yourself by tracing the data packet exchange between the game and the master server (if you don't know how, there are plenty of free tools available for that - just google it).

Thank you Agetian for doing the legwork for us and providing this info.

I have it from a very knowledgeable source that a temporary "always authenticate" server was not possible. A number of skilled community members have looked into this. The encryption keys are tied directly to the registered CD key for a paid installation. Without knowing the individual serials attached to the paid installs the server would not be able to understand the inquiry or properly respond to it. How are they getting around this?

As far as I understand, the mechanism is actually a variant of a public/private key mechanism. The client initiates an encrypted request with a public key, the server is supposed to look it up in the CD key database and if it finds it there, respond with the corresponding private part necessary for the decryption, or something along those lines, I don't know the particulars of the DRM scheme. Still, no matter as to what exactly happens, as of right now it just does the same thing (whatever the exact procedure may be) without the actual "look up in the CD key database" part - the server always responds with the correct, missing part of the decryption key no matter what original request/key is submitted - in other words, it just has an algorithm that generates the proper response from the submitted initial request (whether it's present or missing in the CD key database is irrelevant, maybe it doesn't even look it up at all, it *used* to do it when the master server was fully operational, now it just works in this limited, authenticate everything mode for whatever reason). Something like that, I believe.

- Agetian

Thanks for taking the time to check this out Agetian. That confirms that the DRMed NWN1 premium modules are effectively living on borrowed time (generating no income to EA/Bioware to compensate for the cost in running the server) and explains why my (offline) gaming system can't run them.

Hopefully we'll see something done regarding MoW - I would hazard a guess that the contract between Atari and GOG does require them to provide a DRM-free version, and given the willingness of other publishers (*cough*Activsion/Arcanum*cough*Strategy First/Flatout) to use unofficial hacks, I suspect Atari may even offer a warez version if they can't get Ossian to provide a proper DRM-free one.

If any unique info (such as cd keys) was used as part of the encryption then each person would have to have a unique installer for the module which would each be uniquely encrypted to only decrypt with their key.

The fact that everyone uses the same file (as per the links you yourself gave) means that a key that works for one person must work for every other person.

At absolute most the key to decrypting the module could itself be encrypted with the cdkey of the person serving a password for it. Which would not present any problems (the game sends the cdkey to the server anyways so it just uses it to encrypt the key it sends back without a lookup; the lookup never having been part of the encryption but merely a requirement for the server to deliver a key)

Either there was a miscommunication or you misunderstood.

We are still discussing this problem but there is no blue update yet :/ I want to know what's going on ...

Since the all but Kingmaker is part of the gog version gog does not have the rights to the other premium packs for NWN and thus they way they are authenticated have no bearing on here. Now if the premium mods that gog is selling are doing the exact same thing as those other Premium mods then yeah you guys can bitch about it. As for a warez version of MOW there is no such thing currently. MOW is very hard to get working far harder then trying to find by itself. If someone does manage to get ti working they probably have a key that has not been reported to atria and black listed yet.

I don't think that's right. You're certainly wrong about a unique installer being needed to tie the serial to the encryption.

If you look at the link you posted you'll see that I actually suggested an always-on server as a possible solution, but some of the community hackers talked me down.

As it was explained to me the client sends out a handshake that identifies the purchaser who bought the module with a portion of the users cd key, and the authentication server uses this to look up the client's complete registered serial. The authorization is then encrypted using the complete serial as a key. The client then uses it's own serial to decrypt the authorization. No special installer is needed because the only variable in the system is the users serial number.

This makes always-on authorization impossible because unless the authorization is properly encrypted to the clients specific serial the authentication will fail.

FFS read a post before you "correct" it.

You managed to call me wrong about something and then repeat to me the very process I explained as a method of getting around such a limitation. Specifically that the only way to tie a cdkey to an encrypted module without unique downloads for each person is to have a single key to decrypt the game, and then encrypt that single key with a unique key for each person, aka their CDkey.

So the one singular generic key used to decrypt the module is itself encrypted with the cdkey. Hypothetically... If they really had such a stupid godawful system in place.

Having the client send only a PORTION of its own CDkey for the server to lookup the rest though is something I did not address (so, if you were really that hard up for correcting me THIS is what you should have brought up)...
Except this still doesn't prove your point because:
1. Its been tested to work so its obviously not what it is doing right now.
2. And even if they really did do that at some point in time in the past, it doesn't mean that this is the ONLY way that the client can handle authentication (as per choices of the server). It could very well easily have the option to simply transmit the module decryption key without encrypting it, or using generic encryption, or having the client send forth its full CDkey rather then just a portion (if the portion method was ever implemented).

Actually the "god awful" system makes sense. If there was a single generic authentication it could be easilly cracked and emulated. By tying it to the CD key and limiting installs they effectively eliminated the possibility of cracking it.

As for the rest, smarter guys than me were working on the problem. I'm not a hacker. I just hang out with them. But according to the NWN community hackers (the guys at BSN) that's how the system works.

I'm no fan of DRM, but whatever else you might call it the system was never cracked, so I'm not sure "stupid" is a fair assessment.