search

rlabrecque / Steamworks.NET

Steamworks wrapper for Unity / C#
http://steamworks.github.io
MIT License
2.81k stars 368 forks source link

Players getting around Steam by replacing the demo's files with the full version's and then refunding it #519

Open PortgateStudios opened 2 years ago

PortgateStudios commented 2 years ago

Hi guys!

A player just reported to me that he could play the full version of my game by:

  1. buying the game,
  2. backing up the files, (just the whole folder)
  3. refunding the game,
  4. pasting the full version's files into the demo's folder.

I tried replicating it and I experienced the same:

  1. I have a full version account and a demo version account.
  2. I couldn't launch the full version with the demo account and vica-versa.
  3. I copied the full version's files (the whole folder's content) into the demo's folder.
  4. I could launch the demo (which is actually the full version) with my demo account

I have the correct AppID for both the Demo and the Full Version:

In the steam_appid.txt, restarted Unity, and at:

if (SteamAPI.RestartAppIfNecessary(new AppId_t(MY_APP_ID))) { Application.Quit(); return; }

Could you help me please? Thanks!

JamesMcGhee commented 1 year ago

This is down to how you architected your game

You can check the App ID that the system is running as using SteamUtils.GetAppID

You can also check info about the user and what they own, when they purchased etc. So for example once you are sure your running as the app you think your are you can check things like SteamApps.BIsSubscribed which if your using RestartAppIfNecessary should always be true ... but that anyway tells you rather or not the user is "subscribed" to the App ID the API is running as

You can also check how they have access to the App e.g. family sharing, free weekend, etc.

In short you have several tools you can use throughout your game to prove the user is running the game as the proper App ID and things like that

So for example if they init as your demo you could at some or many points check the App ID that the game is running at and lock out some content

JamesMcGhee commented 1 year ago

You know you could also detect when this happens and report it to Valve

Letting Valve know about the pirates on its site seems like a good thing and would give them some info on how people are abusing the demo and refund policies