ssokolow: 2. Customize (but don't change the length on) the 7-byte constant header prefix in your RAR files so WinRAR won't recognize them.
immi101: If they change the rar archive to be unrecognizable by the standard unpacker, someone has to take out a hex editor, examine the file, figure out that it is just a mutated rar archive and then post these results here publicly. Then we can come up with a method/script which repairs the file to a standard rar archive, so that we can unpack it.
How is that any different from what we currently do with the password protected installers?
1. With the password, they can easily change the algorithm used at any time or even on a per-game basis because it's just a line or two of code in their custom unrar.dll. With the custom header approach, it's more work to do that and less likely to happen carelessly.
2. It's clear to potential tool developers who might be scared away that supporting a customized RAR format is unlikely to be viewed as "illegal circumvention" by laws like the DMCA while getting at an obfuscated password very much is.
...plus, a tool to unpack a RAR with a customized header prefix, complete with safety stuff, is eight lines of Python:
with open(filename, "r+b") as fobj:
____tmp = fobj.read(7)
____fobj.seek(0)
____fobj.write(b"\x52\x61\x72\x21\x1a\x07\x00")
subprocess.call(['unrar', 'x', filename])
with open(filename, "r+b") as fobj:
____fobj.seek(0)
____fobj.write(tmp)
Compare the current approach, where it needs to reliably get the GOG game ID, which
greatly complicates things since you either need to poke around in the InnoSetup installer (which means two different unpackers and some ID-finding code) or retrieve it from the website, which is akin to online activation in the fragility it introduces.
immi101: Imho there are two alternatives here:
Either GOG decides to stick to standard rar archives together with an installer exe which sets up registry keys, compatibility settings, etc. To unexperienced users is has to be explained that for a proper installation the installer has to be executed, just unraring the file is not enough. Users who want to fool around with the game data without using the installer can do so with standard unpack utilities.
- or -
They try to make it impossible to just unrar the archive. Then it doesn't really matter if they do it with password protection, malformed archives or any other clever tricks. Those who want to bypass the installer have to create and maintain their own tool/script to unpack these gog installers. And be prepared that the script will most likely break whenever GOG changes something.
I personally belief throwing explanations at the user is the better alternative in the long run, rather then limiting the user's options so much that they can't do anything stupid. But since this is supposed to be a "tech"-thread, I will refrain from any long philosophical ramblings :p
Gowor explicitly said that his goal was to prevent sloppy users from unraring the bin files without realizing that it'll leave a broken install and then complaining to support, wasting their time.
...so it's either an archive format that standard archiving tools don't recognize (like the old InnoSetup packing which prevents quick patches to the archive without a full rebuild) or, as I also suggested, bundling a dxdiag-like diagnostic tool with the game and requiring its output before a support ticket can be opened for a Windows installer.