• Which the release of FS2020 we see an explosition of activity on the forun and of course we are very happy to see this. But having all questions about FS2020 in one forum becomes a bit messy. So therefore we would like to ask you all to use the following guidelines when posting your questions:

    • Tag FS2020 specific questions with the MSFS2020 tag.
    • Questions about making 3D assets can be posted in the 3D asset design forum. Either post them in the subforum of the modelling tool you use or in the general forum if they are general.
    • Questions about aircraft design can be posted in the Aircraft design forum
    • Questions about airport design can be posted in the FS2020 airport design forum. Once airport development tools have been updated for FS2020 you can post tool speciifc questions in the subforums of those tools as well of course.
    • Questions about terrain design can be posted in the FS2020 terrain design forum.
    • Questions about SimConnect can be posted in the SimConnect forum.

    Any other question that is not specific to an aspect of development or tool can be posted in the General chat forum.

    By following these guidelines we make sure that the forums remain easy to read for everybody and also that the right people can find your post to answer it.

MSFS Piracy, Asobo and MS marketplace pcs of...

Messages
1
Country
us-texas
I was wondering who here also has their content up in the MSFS Marketplace. I want to share my story and what is happening to me to see if there could be a viable solution.

I know my account says it was just created, but I couldn't find the credentials for the other account I had here for more than 6 years, so I had to make this new one.

Like a lot of you, I am a hobbyist of flight simulation for about 15 years now. I started learning how to make scenery for FSX back in 2015, and it took a long time for me to learn, as scenery development is not an easy task. However, I enjoy it very much. So in 2020, when MSFS 2020 came out, I started to make scenery and sent my application for the marketplace because it looked very promising. It took me 2 years to get approved. I sent my application in October of 2020, and they sent me back an email saying something like, "Thank you for your application, welcome to MSFS Marketplace. We will review your application and get back to you ASAP." That was the only email I got from them at the time.

Two years went by, and in October of 2022, I got an email saying that my application had been approved and that I could start the process of registering my "company." So I went through the process, which took almost 2 more months. Finally, on the 5th of December 2022, I was fully approved, so I uploaded my first project. To my surprise, it got processed very fast. Less than a week later, my first scenery was listed on the MSFS Marketplace. I was very happy at the time. Then, about a month went by, so I checked how my sales were going. Looking at the numbers, I was amazed; it said a little over 3000 dollars, so you can imagine my happiness at that moment. Of course, this was like a honeymoon. Only the first month was like that. The following month, I only made about 500 dollars, but it was still very good for something I was doing as a hobby. So I decided to start making more airports. For most of 2023, I managed to complete 6 sceneries and upload them to the marketplace. I was making around 2 to 3 thousand dollars a month with this.

Around March of 2023, I received an email from someone at Microsoft Marketplace asking me to sign a kind of class action lawsuit against a website that was posting marketplace products for free. This website is called SimPlaza. At the time, I had never heard of it, so I went to the site and found out that they already had my content uploaded. I used the contact form and wrote them an email asking them to please not upload my content or remove it from their site. Someone answered me and told me not to worry, and a few days later, my content was no longer listed. So I wrote them back, thanking them, and that was all. Time went by, and my sceneries were selling well. I always tried to put them on discount so they would be accessible at around 8 dollars.

In April of 2024, I went to the SimPlaza website and saw that my content was listed again, only this time everything I had made over the year 2023 was available for free download. It was weird to me that after more than a year, nobody from Microsoft wrote me about the class action suit they mentioned earlier. I was asking myself how it was possible that SimPlaza had almost immediate updates from every developer posting their content up in the MSFS Marketplace. If something gets updated today, by tomorrow, these guys already have it posted on their site. I wrote to the Microsoft Teams chat that they assign you as a guest for being a "developer" and asked if anything was being done about SimPlaza. A week later, someone answered: "Yes, we know about the SimPlaza issue. We have an ongoing investigation." That was it.

The problem was that when I checked my earnings, they had gone from an average of 2000 dollars in Q1 of 2024 to less than 150 dollars—143 to be exact. I don't think Microsoft or Asobo cares one bit about this situation. They are making literally millions of dollars, and they seem not to care. I had my content published exclusively with them because I thought it would be harder to get pirated. After all, they are Microsoft, and one would think they would have good security systems to prevent this from happening, but I think I was wrong.

Does anybody know if something is being done about it? If not, we should get together as developers and try to do something about it. For the time being, I think I won't be uploading any more content to the MSFS Marketplace because it is just not worth it. It is a lot of work just to get stolen the next day.
 
Your story is the story of almost any content creator for MSFS, Simplaza is a well-known pirate content site, nothing seems to affect them, I have read forums where creators have taken legal action, it doesn't seem to have any results.
No matter what controls you implement in your content (not much in the case of scenarios) they will publish it.
MSFS doesn't seem to mind too much, I think its biggest market is Xbox and Simplaza is not a problem for that platform.
 
Just a little bit on this from their whois. Their domain registrant is Tucows. They're also using Cloudflare which hides their real host, but what they're doing is still a violation of Cloudflares terms. While lawsuits apparently haven't been successful, another method to get them taken down, most likely for a short time, is to go after the services they use. The registrant is in Saint Kitts and Nevis, so not sure if there's anything you could do that way in terms of legal action.

You can report abuse on Tucows here: https://tucowsdomains.com/report-abuse/
You can report abuse on Cloudflare here: https://www.cloudflare.com/trust-hub/reporting-abuse/

The more reports, the better. If people keep at them, eventually they'll get tired of running. If the domain registrar doesn't take action, you can file a complaint with ICANN who is the global authority on domains: https://www.icann.org/resources/pages/abuse-2014-01-29-en
 
I will observe that it is easy to get mesmerized by the metrics, as case in point I refer the $3k month, congratulations btw. Also btw, SimPlaza has been online since 2021 which kind of blows a hole in those same metrics.

Bottom line I am not saying right or wrong, I am saying you are using concurrently occuring incidences, literally "coincidences" and your desire to maximize your investment as your main metrics, while you probably should be using IP trails and Bittorrent accounts to know just how much is getting shared, agreed? And on top of that, you have absolutely zero metric on how many people that already take the trouble to pirate, will just go ahead and pay your very reasonable fee of $8 because you made it too hard for them to get it any other way. I am going to guess zero is the number, based on the belief that most flight simmers don't play on wooden boxes under overpasses and wouldn't get caught dead with a DMCA black eye, but I like to think not only the good, but the practical in people.

I would say there are many reasons why you'd have an arbitrary month that stood out that also coincidentally was your first month, maybe your first month would have been $750 but oh no, some major virtual sim event just happened to pass through your airport and lucky you.
I also think it is absurd to believe that corporations are any less concerned about profits than any of us are. Before you can lose a penny they have to give up theirs, so again, imho, the metrics simply don't add up. As to what should be done about it? You sound about ready to grab a torch and pitchfork, over coincidences, I'd say you still have to convince that Microsoft has not come to similar conclusions, but is instead unconcerned about "shrinkage." Flight1 is an option, pretty sure they still have their wrapper installer, it checks machine identity and you have to re register your purchases if you change configuration or OS, so it's kind of a pita for peace of mind.

👍
 
SimPlaza has been taken down numerous times - they keep popping back up - it's wack a mole.

Microsoft - Jorge even talk a small bit about them in the last Q and A - he can't say anything about what they are doing, but apparently they are doing something.
Different countries have different rules, so very difficult to get rid of these sites.

Oh and I thought these types of discussions are frown upon here. You just end up going into a rabbit hole.

This thread should probably be locked.
 
My Simmarket content has no encryption, two of my customers immediately published gltfs with their repaint liveries, we went through takedown yadda yadda at fs.to only to learn they are extremely reluctant to the point of telling the same customers I do not want repaint liveries published! Because I did a dmca takedown request! Now they will not reply either myself, or the customer what the status is. The customers made a mistake, it's all patched up mostly, but the harm it did to relations just the same, I'll let the pirates have free content if ever again I am given the decision.

As to dev support from the offshore haven? Grudging to nil, so glad I picked Simmarket to host and they're probably thinking, "oh so you'll sell your stuff in Germany, but you'll throw us a little banner cheddar with your free files, we see how you are."
 
Still waiting to hear about the MSFS 2024 'thin client'.

If it streams marketplace content then that's piracy insta-dead and will drive more developers to be marketplace only.

It's probably far more than the average bandwith could ever handle, but that's the obvious route.
 
Still waiting to hear about the MSFS 2024 'thin client'.

If it streams marketplace content then that's piracy insta-dead and will drive more developers to be marketplace only.

It's probably far more than the average bandwith could ever handle, but that's the obvious route.
According to yesterday's stream from MS, Partners will have more control of the content for 2024 and products/updates should be published faster. I did not hear any more details on streaming marketplace content other than what was mentioned a year ago.

Laminar is also going to have their own "in-game" store with DRM.
 
This type of stuff has been going on for decades, you're lucky to have even had replies from Microsoft, many of us in the FSX days had to take them on ourselves using the method you describe. I even had a link to a pirated copy of one of my aircraft on someone's youtube video featuring my product.

You're not alone, but other than taking on the websites yourself, or going after the host, there's not much you can do when these idiots are living in other countries.
 
This has always gone on. Can I reframe the picture for you though based on experience since the days of FS1.0.

Those who pirate were never going to pay for addons, the fact it is up at pirate sites does not really relate to a drop in sales. Honest people will always pay, dishonest people will never pay.

It is upsetting to see stuff up on pirate sites, but just like every retail business, theft is a part of operating the business. You do what you can to minimize it but you can never eliminate it.

The smartest way to move forward is to make it so that unless users have a key or some other verification they legitimately own the addon and paid for it, your addon will break in a specific way (textures don't work for example or a building doesn't show or a gauge doesn't work). It can be a checksum that gets hidden or a registry entry that gets called. Something hidden that just copying stuff means it breaks without that secret function.

You could make it so that a code of data is encoded in the BGL file that saves the original purchasers details in it so when something is pirated you can go back to the original purchaser and take action.

At the end of the day though it is chasing the wind and will only lead to stress that will lead to health issues.

As for sales drop off that is normal after the initial release.
 
Wow. I must have been living under a rock, because this is the first time I heard of SimPlaza. This is very disheartening. I am myself published on MP - I published my product about a year ago, and was delighted to net about $800 in 4 days (!), however, it went down to about $100 a month for the past year. I attributed that to the "eyeballs" on the product in MP, when it gets published initially. So basically, after it is out of "NEW THIS WEEK" lineup, it gets buried in the MP and customers can't find it unless they search for it. So - after a few months or so, I decided to release an update, hoping that would place me back into the "NEW" lineup and in front of eyeballs, however, updates are not included in the lineup. I guess the only way to get eyeballs back to the product is advertising ($) and submitting release/update news to FS websites.

As for the pirating - I am confused. User has to have an XBox account to play MSFS2020. What is preventing MS from blocking mounting non-purchased titles which are deployed through MP, since they know that the account owner purchased it? So, if there is a MP title and the owner has not purchased it - don't mount it! And sure - if account owner downloads the pirated title through SimPlaza and places it into Community folder, it should mount through there. However, all MP content is actually encrypted by Microsoft. So, if the sim sees anything encrypted in Community folder, just don't decrypt and mount it! How hard would that be?
 
Microsoft are aware that their Marketplace encryption has been broken for at least eighteen months, but it may be longer. Eighteen months ago is where I came in when Stefan (CEO/owner of PILOT'S) told me that the B-314 was being pirated literally overnight. I got hold of a pirated copy from SimPlaza and found that the pirate decryption wasn't perfect (some files were a few bytes out) so I set about creating some embedded code that would detect a pirate copy on startup and report it back to PILOT'S. Two things went wrong with this: Microsoft will NOT under any circumstances allow you to package an .exe that talks to an external website i.e. one that validates a licence ("the Marketplace is good enough") and the damn pirates fixed the wonky decryption. Right about this point I decided that continuing to develop for MSFS2020 was not in my near future. Or in my far future either. I have a developer's account on Microsoft but I've never even logged in to it. As Dean says, the stress ain't worth it.
 
As Dean says, the stress ain't worth it.

Thankfully most of the stuff I had built for previous versions of the sim are already covered in MSFS, saved me years of work developing more large scale photoscenery. :) The hazard of writing your dreams and the dreams of the FS community into game design documents that Asobo actually integrated. :D

Now I have stuff that I'm working on that I want to make creative commons. There's some stuff that needs to be commercial but there's stuff I want to make available to the community that follow real world design and color standards etc that everyone can use.
 
Wow. I must have been living under a rock, because this is the first time I heard of SimPlaza. This is very disheartening. I am myself published on MP - I published my product about a year ago, and was delighted to net about $800 in 4 days (!), however, it went down to about $100 a month for the past year. I attributed that to the "eyeballs" on the product in MP, when it gets published initially. So basically, after it is out of "NEW THIS WEEK" lineup, it gets buried in the MP and customers can't find it unless they search for it. So - after a few months or so, I decided to release an update, hoping that would place me back into the "NEW" lineup and in front of eyeballs, however, updates are not included in the lineup. I guess the only way to get eyeballs back to the product is advertising ($) and submitting release/update news to FS websites.

As for the pirating - I am confused. User has to have an XBox account to play MSFS2020. What is preventing MS from blocking mounting non-purchased titles which are deployed through MP, since they know that the account owner purchased it? So, if there is a MP title and the owner has not purchased it - don't mount it! And sure - if account owner downloads the pirated title through SimPlaza and places it into Community folder, it should mount through there. However, all MP content is actually encrypted by Microsoft. So, if the sim sees anything encrypted in Community folder, just don't decrypt and mount it! How hard would that be?
Addons purchased from the MP have encrypted files. The .bgl files are not there but instead are replaced with .fsarchive files. If the addon folder from the official folder is moved to someone else's community folder (who didn't purchase it) I WON'T work.

But somehow hackers got a hold of the packages before it was passed by the encryption or they were able to decrypt the fsarchive files.
 
Last edited:
100% defeating piracy isn't really going to happen, and at some point, it will start to affect the legitimate customer's experience.

In FSX/ESP and to some extent, X-Plane, if you decided to use DLLs, you could use commercial piracy protection schemes such as Themida, or Obsidium. These would not only pack the binaries, they would also run under a virtual machine, and in some cases, you can encapsulate sections of code with macros to virtualize different sections of code with different opcodes, to make both dynamic and static analysis very difficult. Not only will the end assembly program itself not be readable in an analyzer like IDA or Ghidra, many commercial packing solutions also have integrity checkers to prevent patching or dumping of code, and would require you to not only unpack the binary, but also devirtualize it.

However, these solutions are not foolproof. Depending on which e-commerce API you decided to use (remember E-Sellerate?) it may be easier to patch those requests rather than the binary itself. Certain others worked off of file offsets and would patch requests on-the-fly instead of having to rip out the virtual machine and unpack the binary.

The gist of this older method was that, you would compile your DLL, a commercial protection scheme would then have three main components: physical file packing, and then an unpacker that would unload the entire program into memory. And to prevent tampering while loaded into memory, integrity checking, debugger detection, exception traps, and virtualization would all make this job more difficult. Finally, you would have your license checker component, either via E-Sellerate, FastSpring, or FlexNet, or whatever other API you decided to use.

The only reason why MSFS seems to struggle so much against piracy is that the first and second component of commercial protection schemes are often not compatible and often times, useless with what MSFS uses: WASM. WebAssembly is almost like C#, in the sense that WASM code is not compiled the same like a C++ DLL. Instead, it is compiled into bytecode, which can be run under a virtual machine that converts it into native machine code. The benefit of this is that any bytecode made in WASM (or other languages with this similar concept, such as C#'s CLS or Java's JVM) can be run under any machine so as long as the virtual machine supports the target computer. For native protection schemes, you often have to use APIs, function calls, or macros native to the operating system or computer you're targeting (i.e., a C++ program isn't going to run in Linux if you programmed it for Windows.) This makes WebAssembly much more easy to use for both the Xbox and Windows, because you don't need to rewrite your code for either systems, WASM's virtual machine will take over your bytecode and convert it to the appropriate machine code.

But to go back to the first point, because protection schemes often rely on functions or APIs that are very close to the bare metal hardware, it means that they often ONLY work on Windows. Another problem is the bytecode. C#, Java, Python, Lua, and WebAssembly really only have one kind of protection scheme, and it's obfuscation or encryption. But just like file packing, you can often find the unencrypted code by looking in memory while its running, or often times, it is very easy to decrypt or deobfuscate. Windows DLLs doesn't have this issue, as it is not interpreted, and the compiled code cannot be "encrypted". The fact that code compiled into .EXEs or .DLLs is turned into machine code from the get-go is already a big enough deterrent and is almost like encryption in it of itself, combined with a custom virtual machine, it is much harder to break compared to public and open source virtual machines such as the ones that power C#, Java, Python, and WebAssembly.

I'm not saying that protection schemes on PC are the end-all be-all. In fact, those who were talented enough to crack Denuvo cracked it in only 24 hours. But here in the FS community, it is a bit more hard to find talented reverse engineers like those who target big AAA game studios and their products. So it is certainly much more effective than what we have now in MSFS.

Regardless, whether it's Microsoft or a company like Oreans Technologies or VMProtect, you are not going to stop piracy. Any kind of code, can be reverse engineered. It is just a matter of time and whether or not a reverse engineer cares to spend that time to do so. And once one version of your program has been reverse engineered, it will stay that way until you completely refactor your protection scheme, which is often too expensive, time consuming, and not worth the effort. Hence why many AAA game studios take out protection schemes once their product has been cracked.

Even if you decide to go head-on with piracy, you will affect the user experience. Many bigger anti-cheat and anti-crack solutions used methods that are somewhat sketchy, such as kernel-level drivers to prevent debuggers from even reading your program's code even in memory, or fully online activation with no option for an offline experience. There really isn't a way to win here, so my only advice is to offer a product at a price point that people will feel like they can afford it and they feel like they are willing to purchase it. There will be those outliers that frankly don't care, but I think that many people don't want to deal with piracy, but without regional pricing, it is hardly justifiable to spend half your month's paycheck for a virtual airplane/airport.
 
Last edited:
MSFS Marketplace has regional pricing
Yes, but many developers may choose to not engage with that sort of pricing. Even though the marketplace has the option, there are developers that don't sell on the marketplace, and many of them don't engage with regional pricing.
 
The only reason why MSFS seems to struggle so much against piracy is that the first and second component of commercial protection schemes are often not compatible and often times, useless with what MSFS uses: WASM. WebAssembly is almost like C#, in the sense that WASM code is not compiled the same like a C++ DLL. Instead, it is compiled into bytecode, which can be run under a virtual machine that converts it into native machine code.
Not quite. The MSFS2020 WASM assemblies are converted to dlls at the point of use. You can watch them do it and it's why some add-ons take a complete eon to load. See step (6) in this post:

 
Not quite. The MSFS2020 WASM assemblies are converted to dlls at the point of use. You can watch them do it and it's why some add-ons take a complete eon to load. See step (6) in this post:

Yes, but it doesn't stop someone from taking the .WASM in the panel folder and dumping that bytecode. That way, the sim will recompile it to a new DLL, and you can skip patching that DLL and patch the .WASM in the panel folder instead. Compiling a DLL from your IDE natively does not produce bytecode, provided that it is a native DLL.

I had actually witnessed this when comparing certain aircraft's WASMs; Initially compiled in debug mode, the WASMs were dumped and recompiled into release mode and truncated the file size once being cracked. This would not be possible with a native DLL, as they are already compiled without VMs or bytecode. The sim uses the DLL, but the sim gets its DLL from the WASM bytecode.

MSFS runs them in a sandboxed environment as well, and you cannot use the Windows API due to aforementioned compatibility reasons with Xbox. Even if DLLs were compiled natively, they cannot function as normal DLLs due to sandboxing. Protection schemes don't have the power to enact their measures without requesting certain features that would require the Windows kernel to interact with the program and the hardware, which I'd assume that the Xbox and Windows kernel are not exactly the same. Many undocumented NT functions in NTDLL are used, such as NtGetContextThread and NtSetContextThread, specifically for DRx detection as it populates the CONTEXT structure with the NT driver development kit header, but not the WinNT header; I don't believe that one gives debug registers. Certain others use timing functions for software breakpoint detection, like NTQuerySystemTime. There's also other detection methods that I'm not even sure if Xbox's kernel supports, as it is more akin to a unikernel as Xboxes traditionally are not meant for multitasking. It's sort of hard to say if the Xbox kernel has features of the NT kernel like the PEB or if even they work in the same context, if NtGlobalFlag does exist for example, it is most certainly in a different offset compared to Windows.
 
Last edited:
Back
Top