Piracy in Second Life

From K.R. Engineering Support Wiki
Revision as of 22:40, 1 March 2017 by Karsten (Talk | contribs) (Exploits)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Piracy in Second Life


This is intended to be a simplified overview of piracy, and not by any means a tutorial or comprehensive exploration of the particular exploits available. It is intended only to aid in understanding how an object you've encountered in Second Life may not be legitimate, even if it otherwise appears to be.

Second Life is software just like everything else on your computer. What you think of as "objects" or "textures" in your avatar's inventory are really just "files" the same as you would find on your own personal computer at home. A notecard is no different than a .txt file. A texture/snapshot is no different than a .jpg or .png image file. "Objects" in Second Life can be thought of as entire applications, such as the Second Life viewer itself, comprised of executables (scripts), images (textures), audio files (sounds), and so forth that make up the user experience of running that program.

Just like the software you run on your own computer, software in Second Life can be pirated. You've probably heard about software piracy in the news! The most basic form of piracy is when you copy a file, or a program, and give or sell it to someone else without permission of the original creator. Some companies employ what is known as DRM, or Digital Rights Management in an attempt to prevent this. Many forms of DRM are very simple, such as you pressing "I Agree" when you install new software. The thing you are agreeing to typically includes a section about "this is for your use only, do not distribute to anyone else." Other forms of DRM can be more complex! If you've ever had to enter a key when installing new software on your own computer, this is a more sophisticated version of DRM. When you enter that key, it asks the company that made the software "Hey, is this a valid key that you've sold and is this the first time anyone has tried to use it?" If it's a fake key, or if it's a key someone has already used, then it won't let you install the software. Most modern software uses some form of the key system, everything from your operating system (such as Microsoft Windows) to your graphics software (such as Adobe Photoshop). Piracy happens when someone outside of the company figures out how to get around the DRM, such as by generating fake keys the same way the company does thus making them APPEAR to be valid, or by tricking the software into asking the wrong person whether a key is valid.

Like most other software, Second Life has its own form of DRM. You know this as 'permissions.' Modify, Copy, and Transfer. Just like other forms of DRM, it can also be broken or bypassed by pirates. Below is a look at three of the most common ways this is done, and how they are different from each other.


The most fundamental reality of the internet is that for you to see anything on your computer, be it a web page, or a video on YouTube, or an object in Second Life, is that it has to be sent to you. To see a web page, your internet browser first downloads the entire web page including all of the images and sounds. Every web page you visit is actually copied onto your own computer's hard drive. This is known as the 'cache.' The cache is the place your web browser keeps all the copies of everything you've seen on the internet. Second Life works exactly the same way! Every prim, object, texture, sound, avatar, animation, gesture, etc that you see in Second Life is first copied onto your computer's own hard drive before the Second Life Viewer is able to show it to you. Second Life also has a cache on your computer where it keeps the copies of everything you've encountered in the virtual world.

Because the internet works this way, that means if you know where to look you can find those copies for yourself. If you saw a grass texture you really liked, a copy of that grass texture can be found in your cache. If you heard a sound you really liked from an object, that sound can be found in your cache. This was the earliest method of pirating things in Second Life, and was commonly used to pirate things like avatar skins which sell for a lot of money. If you bought a skin from a skin artist, you could wear it from your inventory and it would appear on your own avatar, but to do this Second Life first had to download those skin textures onto your hard drive and store them in your cache. You could then go in and get those texture copies, re-upload them yourself, and sell copies of the skin that you just bought to anyone. This is piracy, as it violates the copyright on the original skin artist's intellectual property. It was also a very limited method of piracy, because getting geometry (prim shapes) was very difficult, while sounds and textures were relatively easy. Scripts can never be copied this way, because scripts are the only thing in Second Life that is never downloaded to your computer.


If you've skipped to this section, please read the Interception section first, as it explains necessary fundamentals needed to understand copybotting.

When most people think of piracy in Second Life, their first thought is what is known as "Copybotting." Copybotting became widespread when Linden Lab open-sourced the Client side of the Second Life software many years ago, allowing people outside of Linden Lab to easily learn exactly how the Viewer (the software you install on your computer to play Second Life) and the Server (the simulator or region your avatar is in) send information and commands back and forth. Programmers then constructed what is known as "bots", which are other programs that log onto Second Life and pretend to be a user, when really they're a computer. You've probably encountered these bots in many places. In fact, Second Life now allows you to register a Second Life account specifically as an account that you intend to operate as a bot because they've become very popular! These bots are often used in beneficial ways, such as greeters at stores, or automated group inviters.

Because a computer could now log in as a Second Life user and "see" the Second Life world through digital eyes, it wasn't long before someone created a bot that could precisely replicate anything it saw. These nefarious bots could look at an object, such as a house, and rebuild it exactly the same by reading all the prim information (size, rotation, position, cut, hollowness, etc) that was downloaded to your computer and then just making their own prim with all those exact same numbers! Repeat for every prim in an object, and now you have an entire object that's an exact clone of the original that the bot looked at, recreated in seconds by an automated program. They could also get the texture information and set all the same textures on those prims as the original object. It's a bot that copies objects that it sees, a "copybot" if you will. This is the origin of the term "copybotting."

It is important to note that like Interception, copybotting cannot copy scripts. Scripts are the only things in Second Life that are never downloaded to your computer/viewer. Copybotted objects typically are empty, they look exactly the same as the object copied, but they do not have any of the contents that make them interactive. Scripts, animations, etc. are typically absent from them entirely, or knockoffs of these are added in later by the person operating the copybot. Copybotting is commonly seen in objects that do not rely on a great degree of interactivity to be sellable. Things such as clothes, shoes, jewelry, houses, landscaping, etc. are things that are typically fairly static or only have simple scripts in them (such as opening/closing doors). These are common targets of copybots, because they can still be sold without their original scripts by using a different door opening script (for example) than the original one. Nobody will notice as long as the door still opens on their house!

An important misconception about copybotting is that the copybotted object will always show the account that copybotted it as the "Creator" of the object. This is simply NOT TRUE! The "creator" on a copybotted object can be anyone the copybotter wishes it to be. If "Alice" creates a Widget, and "CopyBob" copies Alice's Widget, the Creator on the copybotted Widget might show "CopyBoB", or "Alice", or even "Philip Linden." The Creator field is meaningless on a copybotted object!


The most worrisome and damaging form of piracy in Second Life happens when someone discovers an exploit (or loophole) in the software. Exploits in most cases are actions that a piece of software (such as Second Life) can do, but that the programmers (Linden Lab) did not INTEND it to be able to do. These happen a lot in very complex software projects, and are often patched in subsequent updates to the software after being found. Exploits are how viruses and malware get onto your personal computer, because of unintended functionality that exists in your operating system or your web browser. Second Life has had many such exploits in its long history. Many of them have been fixed, but not all of them, and even when they are fixed new ones are often discovered.

Using these exploits in the Second Life Viewer or Simulator code, pirates are often able to trick Second Life into doing things that Linden Lab doesn't want to happen. There are currently two exploits that I personally know of in Second Life that have been active for several years allowing pirates to bypass the DRM (permissions) on objects. Using these exploits, a pirate can take a no-copy object (such as K.R. Engineering games) and make as many copies of them as they want. Because they are merely tricking Second Life into believing that a no-copy object is actually copyable, then Second Life itself is doing the actual copying of the object. It is not being simply re-built by the person doing the copying such as is the case with Copybotting. Because Second Life is treating it as it would any other copyable object, then you get EXACT copies, including the shape, textures, animations, scripts, everything. These copies are indistinguishable from the original item in nearly every way, including the "creator" on them.

Imagine you bought a copyable landscaping rock for your garden. When you drag it from your inventory onto the ground, what appears on the ground is an exact duplicate of that rock made by Second Life. The original rock is still in your inventory. You can repeat this process as many times as you like. Each time you drag the original rock from your inventory, a new exact copy is made instead, because Second Life looked at the rock's permissions and said "This rock is copyable, so I will make a copy." Now imagine that you could enable the "Copy" permission on any object in your inventory, including objects you just bought (such as a K.R. Engineering game). You could then makes as many copies of it as you wanted just like the rock. This is how an exploit works! Linden Lab didn't INTEND for you to be able to enable copy on an object you bought, but you can because of a problem in the software, so now you reap all the built-in benefits of that object being copyable.

Exploits are often discovered by accident. It is not uncommon for Second Life users to accidentally duplicate our products from an exploit without even realizing it. We have seen this happen many times. This is not your fault, and you are not a pirate if this happens! Pirates are those that discover these exploits, and then purposely use them over and over and over again to make as many copies as they want to sell.


Only items that show "Sold by: Karsten Rutledge" are guaranteed to be genuine K.R. Engineering products.

Because K.R. Engineering games rely very heavily on their scripting to be usable, the primary form of piracy used on our products is Exploits, NOT Copybotting. If you purchased a game on the Marketplace and were subsequently told it was pirated, then it was almost certainly done so with Exploits. Unfortunately there is nothing that can be done about these exploits unless Linden Lab chooses to fix them. When purchasing anything in Second Life, especially on the Marketplace, you are firmly in "Buyer Beware" territory. The original creators of an item are under no obligation to support a pirated copy that you've purchased, and Linden Lab will not intervene on your behalf or on behalf of the original creator. If you know who created an object you want to buy, it is up to you to make sure that it is the creator's name on the Marketplace page before buying. For example, if you wish to buy a K.R. Engineering product, it will say "Sold by: Karsten Rutledge" on the item page (see picture on the right). If it says it is being sold by anyone else, then BUYER BEWARE, this item will probably not be supported and is likely not authentic!