Byon June 6, 2010 5:37 PM
This weekend saw the launch of Doctor Who: The Adventure Games, a series of downloadable adventure games starring The Doctor and Amy Pond which coincides with the currently running series of Doctor Who.
Many people world-wide (and in Britain) have been disappointed with their attempts to install the game, since it calls to the BBC to determine if you’re in the UK or not. I have a friend in London who can’t install the game because of this check, which just seems laughable to me.
Knowing that the geolocation check in the installer was almost certainly related to a web call, I set up tcpdump to capture all the network traffic on my machine while I attempted the install. I then loaded the resulting pcap file into wireshark, and filtered out all the traffic not going to the BBC netblock with the following filter rule:
ip.addr >= 188.8.131.52 && ip.addr <= 184.108.40.206.
This showed a single HTTP request to the following URL: http://www.bbc.co.uk/doctorwho/tag/api/geo/isukrequest
The response was a 403 with a
0 in the body.
I then decided to test a frighteningly simple theory. I started up the nginx instance on my machine, dropped a file named
1 in the
/var/www/nginx-default/doctorwho/tag/api/geo directory on my Ubuntu 10.04 machine, added a line containing
127.0.0.1 www.bbc.co.uk to my
/etc/hosts file, and began the install.
Note: Actually, I had to disable to /doc location section in the
/etc/nginx/sites-available/default file, as it matched the /doctorwho request, and completely messed up the request.
The install worked perfectly, and I was able to launch the game in Wine1.2 (from the Wine PPA) on Ubuntu 10.04 while running in Virtual Desktop mode for Wine. I haven’t tried full-screen just yet, and the option to let DirectX programs lock the cursor doesn’t seem to be working really well, but the game is playable. I’ll have a more thorough review later this week, once I’ve had an opportunity to play through it.
I expect the BBC will eventually release a non-UK exclusive version. Some people feel that they’ll charge for it, since many UK residents feel the reason they’re getting the game at no charge is because it was developed using their TV Licensing fees. That may well be true, and if the game gets released outside of the UK with a charge associated with it (there has been no word from the BBC about this possibility to the best of my knowledge) I would encourage people to consider paying for it. However, I would encourage the BBC to use this series of games purely as a way to drive interest in this season of Doctor Who, which has been, by far, the best since the show relaunched.
I was also surprised by just how easy circumventing this was. There was no encryption. No handshake. No reverse engineering was required, just a tiny bit of observation of the traffic on the wire, and setting up a web server on your own system. The ‘attack’ on this system is completely trivial, not even running afoul of anti-reverse engineering provisions in certain laws (which I disagree with). A simple challenge-response handshake would have made this task even remotely challenging, and protected the software via anti-reverse engineering clauses.