alt Hacker NewsDefeating a 40-year-old copy protection dongle
Comments
I write civil engineering software [0] and am familiar with this kind of dongle. Yes, even today there are users who want this kind of dongle instead of, say, cloud-based validation. They feel secure only if they have something tangible in hand.
Since we sold (and still sell) perpetual licenses, it becomes a problem when a dongle breaks and replacement parts are no longer available. Not all users want to upgrade. Also, you may hate cloud licensing, but it is precisely cloud licensing that makes subscriptions possible and, therefore, recurring revenue—which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Also, despite investing a lot of effort into programming the dongle, we can still usually find cracked versions floating online, even on legitimate platforms like Shopee or Lazada. You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected. It’s not as if we have the legal resources to pursue pirates.
[0]: https://mes100.com
Many a crack back in the day was even more simple still, we'd just find and alter the right JE or JNE into a JMP and we're off to the races. As the author found, the tough part is just finding and interpreting where and how the protection was implemented. If throwing the exe in a hex editor gave you access to String Data References (not always the case, but more common than not) then you'd just fail the check you were trying to skip, find that string, hop over into assembly to see what triggered loading that, and then just alter the logic to jump over it when the time comes.
> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number?
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
Back when I was a kid in the 80's. I cracked one of the Ultima games. I had it on my hard drive and didn't want to stick a floppy in every time I ran it.
The code decrypted itself, which confused debuggers, and then loaded a special sector from disk. It was a small sector buried in the payload of a larger sector, so the track was too big to copy with standard tools. The data in the sector was just the start address of the program. My fix was to change executable header to point to the correct start address.
Very cool to read an article about windows 95 still being used in production - a nice contrast to the infinite AI hype cycle over everything. Tech may move fast in flashy areas but not in the more "boring" parts of the industry.
I wrote RPG II code in the 80s and helped the company I was working part-time for transition to another one of these S/36 emulation environments on the PC in the 90s. The software we used was made by the very generically named California Software Products.
It worked well enough and allowed the company to run until the founder retired and folded the business.
I was hired in the early 90's by a collection of franchises for a home care company. The privately owned head office self-developed and distributed required monthly updates to the only software franchises were permitted to run their business. The monthly updates (floppies) reset the license for another month at each location. After years of problems, poor support, and in a couple cases offices getting shut down because head office just "didn't like them anymore", they banded together to sue the owners (one of which developed the software). I did IT work for a couple of the offices and was already familiar with maintaining the software / systems. They hired me to bypass the licensing code which was a lot of fun to figure out. In the end I wrote a DOS based license generator each office had that could update their software by just getting a code over the phone for the upcoming month (or any date for 365 days). A few years later once the lawsuit settled and the company broke apart we issued a patch for the software to remove the license check completely. I should fire up DOSBox sometime so I can play with that old software again.
> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number? Defeatable with a four-byte patch?
Nowadays we don't bother with copyright protection other than a license key, because we know enterprises generally will pay their bills if you put up any indication at all that a bill is required to be paid.
This was basically the 80s version of that.
The fact that the software and hardware is evidently still in use at some companies gives me pause about whether releasing it in a cracked form publicly after having published it on a personal website would be a good idea.
Software companies love to milk enterprises for all their worth, because they're the entities who will pay the most amount of money if it means that the software they use can still work - and a big part of how they do this is via vendor lock-in. We can see in this article that this company was still using Windows 98 - they're clearly locked-in!
All of which is to say that this intellectual property might actually still be owned by a company who'll be able to sue.
If you haven't already checked whether the patent and other intellectual property is still owned by any company, OP, I would strongly suggest doing so first.
Is defeating a 40-year-old copy protection mechanism still illegal under Section 1201 of the DMCA, or have they changed the law to make an exception for "very old" software?
This takes me back. There exist emulators for these dongles as well, you run the a dumper with the dongle attached and load the program and it makes a dump file which you then use in the emulator.
I had to do this for a company so they could continue to use their old specialised Win98 software on modern computers using Dosbox and an emulator.
The company i work at has the same problem. We have some old mission-critical windows 2000 pc that runs the rpg compiler, with attached dongle. This gave me some clues on where to start - thanks author!
>The only evidence for the existence of this company is this record of them exhibiting their wares at SIGGRAPH conferences in the early 1990s, as well as several patents issued to them, relating to software protection.
There is also their webpage for ordering PC RPG II. The company address is a residential house.
https://web.archive.org/web/20010802153755/http://home.netco...
I think I remember hacking some of the copy-protection out of a version of Tetris using the Borland debugger. I definitely patched mouse support into a Chris Crawford "Battle of the Bulge" game using it (for my rather tricky platform). That was a good debugger, and probably the last one I have used much - prefer logging/printing for stuff I write myself.
I remember my Dragon 32 (6809, Color Computer clone) had a dongle you plugged into the joystick port to protect a really crap game - Jumping Knights? I never tried to defeat it.
I designed a security dongle a long time ago ... Used properly, it did rotations and XORs like a CRC. You could definitely make it hard to defeat but it was still ultimately deterministic.
So what hardware would be inside the dongle? Would a small PAL be enough? 22V10? Maybe use a few registers to delay the values written by a few cycles, mixing in some decode logic? (Something cheaper than a microcontroller, I'm guessing... due to cost)
wow, the home accountant is basically the great-grandfather of everything we do in modern financial and actuarial modeling. dmitry's breakdown is like digital archeology.
it’s wild to think about the hardware risk people used to accept putting your entire household's financial history on a system that bricks itself the second a 40-year-old plastic dongle fails. really great read.
Cracking this dongle; wouldn't this be a federal offence in the US?
Not being snarky - genuine question! I am not from the US :-)
Fun journey! It would be fascinating to see what's inside the dongle. I wonder if it's programmable or just a simple circuit.
My father, an accountant, used to have a program like that, that used RPG and a dongle! Good times. Horrible donle.
>Very importantly, there doesn’t seem to be any “input” into this routine. It doesn’t pop anything from the stack, nor does it care about any register values passed into it. Which can only mean that the result of this routine is completely constant!
> Is this really worthy of a patent?
You have no idea how deep this rabbit hole goes.
Patents are barely better than copyright, as far as society net-positive.
And they probably could've just used Neverlock Business which cracks zillions of programs.
Why wasn't (isn't) this more widely used? It was clearly more effective than a cdkey.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
[dead]
[dead]
[flagged]
Yeah, Software protection was very naive in the beginning. Fun fact: I owned a windows 3.11 for workgroup UPGRADE disc collection, it was clearly explained and also enforced from the setup installer. So, no previous installed win 3.0 == upgrade installer will fail. The fix: just create an empty Textfile named win.com at any place - the installer simple scans the WHOLE disk just for this existing filename. Next fun fact: in reality, the Upgrade contained the full installation, no only a delta. Men, software was so simple these days....