I recently bought a digital download of a PC game from Amazon. I figured the download would take ages, but still probably faster and a bit cheaper than buying a DVD. So, I let the Amazon download manager do its thing all night, came back 12 hours later and tried to install the game. Failure: CRC error.

Some Googling suggests this is a common flaw with the Amazon download manager, NOT with the game itself. Silly me, I thought the whole point of a proprietary download manager program was to ensure the download went correctly! To be fair, I stopped and restarted the download program a few times, and also saw some messages about "Connection lost, retrying in 30 seconds..." Still, a decent download manager should handle this with no sweat. I later found that the middle of one file had a big run of zero bytes that weren't supposed to be there – so it wasn't even some random bit corruption, it was likely the download manager padding the filesize out for whatever reason, but it forgot to, you know, actually download the data in that part of the file.

I wanted to play the game right then, but it didn't seem like I had much of a choice. Since the last step of the download had been to drop a CD key file in the destination directory, I decided to import that CD key into the game publisher's own game download/social gaming/advertising/etc. platform (I was going to be forced to tie the CD key to this anyway) and download it straight from them and hope they were better at verifying the download. This started working, but the download time was estimated at 13 hours. I also started downloading a cracked copy of the game via BitTorrent (semi-successfully using the Amazon files as a "partial download" of the torrent), but ended up canceling that for fear the "crack" would include malware.

Well, I still hadn't given up on playing the game that night, so I was poking around in the game platform's directory and found a text file with a bunch of filenames, decimal numbers, and long hex numbers. Bingo, checksums! Cross-checking with the files I got from Amazon, I found the decimal numbers were the filesize, and the hex strings were md5sums. A few regexp replaces later and I had a GNU md5sum-compatible check file. Only one file from the Amazon download failed the vendor's checksum list. The aborted torrent-download had that entire file (either a blazing-fast download, or more likely seeding the torrent DL with the Amazon files worked and it quickly got patched with the rest of the contents.) What do you know, the torrent-sourced file matched the md5sum from the vendor! Popped that in, started the install again, and this time it finished.

So, those lazy, greedy, good-for-nothing pirates saved me from waiting 13 hours to use my paid-for product. They also saved the game vendor from paying for 8GB worth of bandwidth they would have needed to have me download the entire installer again because their distribution partner couldn't be bothered to run checksums. I'm disappointed, Amazon.

P.S. It's also possible the pirates made an md5-colliding infected file to fool people like me into installing their malware. You can never be too paranoid, right?!