A Pirate’s Life for Me, Part 3: Case Studies in Copy Protection
filfre.netI've spent a lot of time both reversing and creating these kinds of schemes. Anyone else here?
I gave a talk a few years back, comparing both retro and modern copy protection schemes. Also designed hardware for dumping floppies at the bitcell level (ZoomFloppy) and co-designed the Blu-ray content protection system.
http://www.slideshare.net/rootlabs/copy-protection-wars-anal...
Now my day job (SourceDNA) is building tools to reverse lots of code at scale. A never-ending stream of apps provides a ton of "wat?" moments as you never expect developers to make the choices they do.
> Now my day job (SourceDNA) is building tools to reverse lots of code at scale. A never-ending stream of apps provides a ton of "wat?" moments as you never expect developers to make the choices they do.
Can you give an example?
Sure, how about linking against the platform OpenSSL implicitly by grabbing a lib.so from an actual Android phone, linking against it with the NDK, and hoping that the ABI will never change?
https://sourcedna.com/blog/20150806/predicting-app-crashes-o...
And all that only to get access to MD5 or AES...
I remember the "Nibbles Away" software on the Apple ][ and there was another one that worked at the bit level.
At one computer camp I was at, someone had hacked a bit copy program that managed to look like you were playing Pong in the foreground. (Otherwise the counselors would look over your shoulder and bust you.)
Awesome post.
Part 1: http://www.filfre.net/2015/12/a-pirates-life-for-me-part-1-d...
Part 2: http://www.filfre.net/2016/01/a-pirates-life-for-me-part-2-t...
It's an awesome blog in total too.
I remember the Dungeon Master copy protection. Its weakness was that if the game was even only partially cracked, you'd still have some time to advance the game before the copy protection kicked in and it crashed or killed you so we got pretty far by sheer stamina. Luckily we as kids had a lot of time available for waiting the game to load over and over again. And it _was_ that good of a game even in retrospect.
I also successfully managed to pirate an original Chaos Strikes Back disks by repeatedly copying the data with a (pirated) synchronisation dongle and the Cyclone software. It required several attempts to get the fuzzy sectors correct because I was using a pre-used disk. This technique and the recommendation to use completely blank disks would have been mentioned in the manual of Cyclone but I wasn't aware of it... Since I'd also pirated the software! I was also unaware of the fuzzy bits themselves, so it was just a bit of luck.
Anyway, CSB wasn't as exciting experience as its predecessor. Boring maze-like transforming levels, hard monsters (in the sense that they took a lot of time, not skill to eradicate), little of anything new, etc. Disappointing after all that effort ;)
I have many many fond memories of dungeon master and was ecstatic to find a bit of a modern spiritual successor in 'Legend of Grimrock'. If you want a similar experience with some modern touches (but not too many) check it out.
Great read and hopefully a lesson: you can spend time and money and annoy your customers to no end to provide entertainment and a challenge to young programmers or you could save yourself all the hassle and make lots of money by being smart like the good people at GoG and treating your customers better than the pirates.
Implying current titles using DRM don't make lots of money? :P If that was the case, then the business case for not implementing would be unignorably strong!
Ah, but would they make more money if they didn't have to spend money on DRM? It costs to implement or license. It creates extra work even if you license it. If your DRM causes damage you might get sued. If you're found out that you're installing malware/rootkit you will suffer bad publicity. You have to pay money to upkeep the DRM servers. You have to pay support people to handle calls when DRM causes problems for your customers. Anyone who paid money will have to deal with all these issues knowing that people who downloaded it from pirate bay don't have to. I remember when Morrowind came out and if you downloaded the cracked executable you'd get a few extra FPS because it lacked DRM.
If everything else was equal, then yes, they would save money by not implementing DRM. However, what if they couldn't get the license for $MOVIE_CONTENT or $PHYSICS_ENGINE without implementing DRM? That's also extra work for them. (I pulled that hypothetical more from a recent Netflix article, so it may not apply equally as well to gaming.)
As it is now, AAA titles with AAA amounts of DRM are still doing incredibly well. It might "cost" more in internal management backlash to suggest not implementing DRM than to keep to a tried and true formula. Internet backlash is more visible than ever, but I can't think of a recent case where a title actually suffered significantly from it (exception being the PC port of Arkham Knight). It's like a form of the 90:9:1 rule, 90% of consumers are perfectly happy with their entertainment, 9% are affected by issues, 1% complain loudly. From an internet perspective, the 1% are heard more strongly. From a business perspective, the 90% are heard more strongly.
</disjointed thoughts>
The first two methods were dead on arrival with copy ][+'s track copier. It could do whole track copies as long as it could identify a starting point for the track. Later versions were even smart enough to use a simple substitution database, and sector location information (for sectors stored on quarter tracks) to tweak the track data as it was copied. I always wondered how they avoided legal action with that database which asked if the disk you were trying to copy was one of the hundred or so it knew how to "crack".
Reminds me of another piece of modern software still in use by a lot of people, which pulls disk metadata from an internet database for similar purposes.
I recall the Apple II+ floppy drive would produce all kinds of choking, strangling, and coughing sounds when playing those copy protected games. When I got my next computer, my first Mac, I remember my shock at the silence of the floppy drive. Many times I thought it was broken (and since they were so slow to load, you had to 'wait it out' to be sure).
Those noises didn't come from copy protections.
Copy protections access the drive in much the same way as a regular RWTS, even those protections based on physical features (e.g. spirals). I'm not aware of any copy protection based on fast and wide movements of the reading head. Copy protections read nibbles normally, they just process these nibbles differently from regular disks.
The noises you remember are most likely from the boot sequence which reset the head 100 tracks or so (so much more than needed) and as a consequence, that head would butt against some internal mechanism.
I've never quite understood why it did that myself. Regular disks have 35 tracks so moving the head 36 tracks should have been enough to reset.
IIRC, they did that to save a few cents on a track/head sensor. So they just did exactly what you stated they seeked a whole disk's worth of tracks, even when the head was already there (but there wasn't a good way to find that out except by trying to read the disk, which was slow).
Of course none of this helped by how loud the drive was just seeking.
There was a beagle bros software in their silicon salad collection that would alternative spin drives (on a two drive system) faster and faster.
It sounded like a train.