111-1111111 is a valid Windows 95 key (2021) [video]
youtube.comIt may sound strange to people who were born later.
But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine. Software was cracked the moment it came out and it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it -- late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.
There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Windows security mechanism was no better and there were copies distributed so much that probably many people remember "standard" CD Keys even to this day.
And it was pretty much safe because most software did not have ability to phone home so the software developer would have no way of knowing that somebody used an illegal copy.
The business model was mostly companies paying for software (fearing an ex-employee reported illegal use). I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video. The only exception was sometimes people bought OEM software with their hardware.
It's weird reading about my life as if it's history.
Everyone was doing it. I remember my teachers, friends, and family all giving me pirated software at some point. I remember my friends and I getting excited when someone got a ripped copy of some game and we couldn't wait to burn new CD-ROMs to share. If one of us got our hands on the copy of some game, we all got copies. It was kind of like a free-for-all in the world was starving for cool applications. Computers were starting to live up to their promises and software was just like recipe cards.
> It's weird reading about my life as if it's history. Everyone was doing it.
Here in Latvia that's still somewhat the case, at least according to statistics like these: https://eng.lsm.lv/article/society/society/latvia-leading-in...
I've personally seen people who choose to pirate everything from movies, to OSes and IDEs, and have no problem with doing that whatsoever. That said, I can kind of understand it, due to many not exactly having lots of money to throw around.
Personally, I live a bit more ethically, but it kind of sucks: I'm not sure what I'd do without JetBrains offering student licenses, followed by a graduation discount and recurring discounts. I've also not bought a AAA game on release in years, it's always sometime later on sale etc. The same goes for server hosting, most PaaS solutions are too expensive and vendors like AWS and GCP are outside of my price point.
But hey, OSes like Linux and software like LibreOffice are a godsend. As are free IDEs and text editors as well, sometimes.
I used to copy like crazy but now that I have a good job I pay for most of my software. Mainly because I like to keep my computer clean from malware. If I ever need to run something pirated because it's ridiculously expensive (like Adobe stuff or IDA pro) I run it in a VM or an isolated machine.
It's less out of an ethical sense though. Video I still pirate by the terabyte. Most of that comes from large media concerns that I don't really have much care for. The small games industry I support as much as I can on GOG.
Latvia and Bulgaria are great for torrent sites indeed, there seems to be nobody even trying to take them down unlike in western europe.
It’s funny how regular software now seems fishy now that everyone is calling home. I’m close to getting a VM or a raspberry pi to run Citrix and zoom because they have all this junk that runs at startup and removing it causes strange error messages.
Yeah the world has changed. Sure, limewire had tons of trustmebro.mp4.exes but these days I don’t trust cracked software to not be mining coins or exfiling my personal data.
I suppose it was still the case back in the day (more for botnets than coins?) but I just simply cared less. Had to get my hands on the AAA games.
Hell I don't trust most legit software with my data. I still remember people being in awe of how I made Teams work on my Linux notebook (the previous guy couldn't make it right for some reason) by just running it in Chromium. The more sandboxed these 'apps' can be the better.
I myself run it in Edge, specifically because I believe Microsoft is less capable of exfiltrating and collecting my data effectively that Google.
That and the "official" "Linux" app is basically unsupported.
MS dropped support for the “Linux” “client”.
That client was basically an electron app.
How lazy is it to drop support for it? Especially as they’re pretending to be nice now, not hate Linux anymore, rolling it into windows etc.
MS will always be the greedy MS. Embrace extend extinguish.
Fwiw, teams runs well enough in chromium. I don’t use chromium for anything else so chromium has basically become my MS teams “Linux” “client” since they dropped support for it.
I’d run it in its own Firefox container but it would seem like MS purposefully cripples teams in Firefox as I can’t get background blurring or live captioning/translation to work there.
Just like google that requires you to use chrome AND be logged in to unlock background blurring… same evil, but story for another time.
If you're pirating IDA Pro, you're probably the type of person who can figure out which cracks are real and which aren't pretty quick.
True yes but a lot of cracks are real and still include malware. And it can even be introduced remotely. A malware downloader is a few lines of code hidden among millions.
Also analyzing malware tends to make one more paranoid. This is definitely a thing too.
And the most powerful features of it like hexrays require cloud cooperation so they don't work :(
I really wish it was affordable for individuals because I would pay for it if I could.
IDA's decompiler is only cloud dependent if you have the crappy version, if you have the full Pro version with the add on its entirely local.
While it's true that malware could hide well theoretically, I'll also add that in my experience investigating malware infections from friends and family and occasionally hunting for malware myself, samples attached to cracked software tend to be things like miners, iStealer, script kiddie RATs, etc using simple "binders" - which are usually incredibly obvious, like extract the real executable into %temp% or the usual RunPE gimmick. People posting malware on torrent sites are not exactly APTs using spear phishing attacks.
Yes, if only IDA pro had a hobbyist license :(
For what it's worth, IDA now comes in an IDA Home version [1, 2]. It is a one year subscription for 365 USD (single arch) and is cloud tethered for at least the decompilers. I no longer have access to IDA Pro via my university, so I am now using Ghidra. I can recommend newcomers to take a look at it or other tools (e.g. binary ninja), if you are not locked into your IDA workflow.
For me IDA Home seems to lack at least one key feature we needed back then: customizable CPU plugins. We had to extend one with a newer version of the instruction set. On top of that, that CPU type is not even available via Home. Also no RISC-V support (yet?).
On another note: the whole cloud based concept for a disassembler/decompiler with debug support sounds like a recipe for disaster. One wrong key press and you might run malware on an internet connected system. Even when only disassembling, I am tempted to run everything in an offline VM to defend against bugs in the disassembler.
[1] https://hex-rays.com/cgi-bin/quote.cgi/products [2] https://hex-rays.com/ida-home/
>e.g. binary ninja), if you are not locked into your IDA workflow.
As binary ninja is proprietary, I would recommend against getting locked into its workflow, too.
luckily, Ghidra exists now
There is IDA Home https://hex-rays.com/ida-home/
Yeah I just run Linux and I’ve not needed to pirate or pay for software in years. Doesn’t work for everyone but as a robotics engineer it all works out for me. It took me some time to switch from windows ten years ago but I’ve never looked back.
I too am Linux only 99% of the time. I keep some Windows VMs around for tools I rarely need to run. Some are 10+ year old legitimate commercial software with online activation that now accuses me of piracy. Even when you try to do the right thing you get screwed.
Yep I’ve got a crusty old Windows 7 VM, though I’ve not needed to use it for my work in many years. Certainly handy to have now and then. It is remarkable however how much I’m able to do with Wine these days! When something says it’s windows only I go straight to the EXE and run it and most of the time it works! Always makes me happy.
It was so common that "something cd key" was a common search term. And people would put that in the wrong input box/window such that they would end up typing that in chat rooms. In some of those, people would reply with the same "something cd key" followed with "to you too", as if it were some form of greetings. Later on, people would show up saying "something random cd key" as an actual form of greeting, not a mistake.
Reminds how typing an album name into Google used to autocomplete to add MediaFire right after it.
or site:blogspot.com. (So many legit downloads on blogspot, even today, though most of those links are dead now :( )
I remember serials.ws with its frame based we site... had all the keys you'd need. Also there was a windows program that was basically a database of keys and serials.
Those were the days.
There was also that site with all the trainers and cracks for every game ever, with a little landing page that would dynamically show online and offline mirrors before it was cool. I forget its name but as a 10–14 years old I loved it.
gamecopyworld.com it was called. I just remembered.
"______ serial" was my go-to on Google.
When I was a kid it was an actual thing to know how to lift postage stamps off of envelopes with rubbing alcohol so they could be reused to mail pirate floppy disks to your friends. Try explaining that to a kid today and they'll think you had a stroke.
We used to just cover the entire envelope in Sellotape and put an address label over the top so we could just wipe off the postage mark - a dated ink stamp over the postage stamp (Royal Mail employees circa 1990 didn’t get paid enough to care) and use it again.
If you regularly swapped disks with someone you’d just mail the envelope along with the disk
Now you can just buy bootleg stamps on Amazon. Search "Forever Stamps". Amazon catches them frequently but then they just liquidate the stamps. My local Amazon returns store has them upfront 100 for $10.00 and they have tons of them.
Uh, here since forever post office put rubber stamp mark on stamps to prevent that, I'm surprised there is country that doesn't
IIRC, there were two kinds of cancellation ink - black and red. The black just dissolved in isopropyl alcohol, but red was permanent. Probably the result of some cost / benefit analysis.
Yeah exactly. How do you go around the ink on the stamps? Ours ( French ) don’t go away with alcool. At least it was not the case in the 90´s.
I remember the days of cracked software on Apple II systems. The crackers would add custom splash screens advertising themselves.
The related C64 cracking scene also begat the demo scene. The flashy crack intros with sprites, scrollers, and raster bars became the flashy demo intros, and from there they learned about a wonderful thing called "design".
Keygen music is another similar relic. They are chiptunes included in cracked software. Their names were often just whatever software they were cracking. I like Adobe Create Suite 4 here https://youtube.com/watch?v=FVX6t-ivMfE&feature=share
I sometimes just opened keygens after I was done cracking, just to listen to it more.
The revelation for me was when a school friend of mine in the early 2000s told me about a site called crack.cd which had serials or keygens for practically any software I wanted. It was a whole new world, I loved it. Only had to nuke my computer once after a keygen turned out to be a virus! (The other occasion on which I lost everything was when I was installing Ubuntu 5.10 ‘Breezy Badger’ for dual booting with Windows on the family computer and accidentally wiped the entire disk instead of just the old Linux partition - that was a bit more awkward because it had all our family photos on it ever since digital cameras started coming out, but luckily I found a CD backup of them all and also tried my hand at downloading and using a cracked file restoration program. Definitely took some time to rebuild trust and explain that I know what I did wrong and wouldn’t do something like that again.)
I had lots of learning experiences with this kind of stuff that I’m very glad I could have in my little years of first being online, when it wasn’t tied to anything really important, it was all just for fun. Everything would be different for me today if I didn’t have the opportunity to play with non-zero but relatively little risk.
I used those sites to find new software to check out. The popular stuff had to be good, right?
My friend from school basically got his entire PC upgrades for good 5-6 years paid because he "invested" in CD burner (then-expensive devices requiring SCSI card to even work) and profited off copying business. Think it was around age of 10.
I started a « business » sending burned games to tunisia from rural France. At the time Tunisia had a thriving game cafe scene. But shitty broadband.
It was cheaper to find someone on a phpbb forum to send you physically something than dealing with ISP and shitty local internet laws.
It lasted for a year or so. I send hundreds of disks. Was getting pay thought bank wire on my older brother account.
I think I drink all of it in cheap pastis drink.
Keep in mind that here in Poland it is said cdprojekt of Witcher and cyberpunk fame started by selling bootlegged western games. I do not have a source for this.
The founders got their start selling pirated software, but CD Projekt itself started as a legit importer and localiser. Their initial success was due to knowing that they needed to compete with pirates on quality and convenience because piracy was so prevalent in Poland.
I remember! Baldur's Gate was a first "legit" game I bought for my pocket money that wasn't just "a game attached to a magazine".
And the localization was epic. It would be basically equivalent to all movie/TV star localization on the west. I still like the translated narrator better than the original.
CD Projekt CEO Marcin Iwiński aka 'S.S. Captain' (SS came from Star Ship)
https://spidersweb.pl/plus/2021/04/cdprojekt-niekoloryzowane...
translated, but broken images: https://spidersweb-pl.translate.goog/plus/2021/04/cdprojekt-...
Between my freshman and sophomore years in high school I: a) convinced the reluctant phone company to install a dedicated phone line in my bedroom (apparently a very uncommon setup) of my parent's house. b) hooked up a 9600 baud modem I'd found in a dumpster to it and my 386-33mhz computer c) ran a BBS for the sole purpose of having people upload pirated software.
That said, when I do recall that period of time I do feel a bit guilty about the piracy angle. But I'm also reminded of how the original premise (having people give me software) was eclipsed by all of the other things the BBS provided. Within about a month of getting it up and running I'd joined a network of other BBSes that'd automatically call up other BBSes to distribute "packets" (I don't recall the terms used) that'd contain emails, forum posts, and more, of all the other BBSes in the network. It was like having a (very slow) internet connection in my bedroom in 1991, which was not a thing a typical high school skater kid with, at best, a 2.0 GPA, would have, let alone even know existed at the time.
Suggesting that what I learned from that experience was the foundation of my career is a massive understatement. It got me my first tech job, gave me confidence in starting a dot-com (which survived the dot-com-bubble-burst), and built relationships that have lasted over 30 years.
As a kid my main source of new games was to hire it from the video store overnight, install it and then download a no-cd crack. I dont recall ever running into issues finding one.
Your local video store rented PC games? Where I grew up, console games for sure were available in video rental places but there was never a business in renting PC games. I wish there had been!
the public library in my 20k rural town was lending game for 1 euros / week. The console itself for 3/week.
That was ...amazing.
I remember buying games that would come with a huge "don't copy that floppy" booklet. I remember it even argued selling the game when I was done with it was unethical and would likely lead to jail.
Linus from Tech Tips still pirates windows. He even has a whole video on why.
Is it even piracy when Windows allows you to use it unactivated?
It’s nagware, like WinRAR.
Oh, you mean the never ending forty days.
Technically yes.
MassGrave exists these days but almost all laptops come with a Win10/11 license anyway now, probably enough legal grey area to CYA for personal use but I wouldn’t risk it for anything for-profit, even a startup.
Until recently he's run his corporate infrastructure on Windows servers. Not quite the same league as reinstalling on hardware with an existing license.
In many cases, disassembling and modding was often necessary to get software working on your system. We all shared executables that patched bugs, added features, and improved performance back in the 90s and 00s.
Haha :) I still do so for some old legacy games. The biggest patching project was AI War: Fleet Command. Great game, but quite a bit of bugs and missing features. Spend weeks in CIL decompiler, understanding code and then making patches.
pirated software is everywhere in the third world still (hell, even in the first world)
Very true, there are a lot of sites out there back in the day that a lot of oldtimers would remember.
My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
Actually I take that back, my favourite site was +fravia's reverse engineering pages. Mostly because the legitimate crack-sites were safe, but there was always a risk of downloading something with a virus, or a trojan instead. So it was more rewarding to read up on the reversing techniques and do the job myself.
Happy days using Numega's soft-ice (kernel mode debugger) to remove the protection it shipped with.
When I switched to Linux one of the first "problems" was that there were few commercial binaries which required a license key, so there were fewer reasons to actual get into reverse engineering / decompiling & patching linux binaries.
Wow astalavista brings back some great memories. Hadn't thought about that site for a long, long time.
> My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
That name contains two very iconic pop culture references from the 90s: altavista and the terminator
I noticed the terminator connection, but I wasn't too sure of the timescale - which came first.
Anyway it's a definitely a nice memory!
> My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
The domain box.sk [1] hosted other interesting sites as well.
[1] https://web.archive.org/web/20000229151347/http://www.box.sk...
Also an astalavista.box.sk user (typo)
> astalavista
Phew that takes me back. And it's huge list of cracks and other things is what got me started looking into reverse engineering and security analysis haha
Your post really brought back memories of softice and w32dasm. Incidentally one of the websites from that era (gamecopyworld) is still alive! Mind blown.
Ahh SoftIce (and later WinIce for Win9x).. Great RING0 debugger.. I used it quite a bit for crack some games myself :) Oh look, it still here on disk: siw405w9x.exe Why I keep it... ;)
Do you remember crackstore? That was my goto place to find software for cracking.
>It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.
To be fair, this is specifically to do with personal computers of the time; MS-DOS, Windows 3x, and Windows 9x were all single user operating systems: They simply had no concept of multiple users at all. The concept was bolted on later as an afterthought, but it was really janky and paled in usability and security to proper multi user environments like that seen in Windows NT.
Incidentally, this lack of understanding multi users is also why it's a royal pain in the arcane arse to join a Windows 3x or 9x machine to a Windows NT network. A network is fundamentally a multi user environment, something Windows 3x and 9x don't understand.
As for memory access, this too was simply a thing of the times. MS-DOS, Windows 3x, and Windows 9x all simply did not have the concept of segregating and securing memory access between kernel and userland and between each process. All the BSODs that traumatized us back then stemmed from this architecture, and the BSODs quickly diminished once Windows NT became mainstream because the NT kernel operated on the concept of segregated and secured memory access for better security and reliability.
I distinctly remember having lots BSODs with IRQ_NOT_LESS_OR_EQUAL errors due to shoddy drivers all the time on XP (which is the first consumer NT kernel windows version), especially in the early days. Maybe not related to shared memory but overall not great either.
Things got better with newer windows versions.
* Userland printer drivers (that don't bring down the machine if they have a bug)
* Mandatory driver signing...
Nowadays I can run my machine 24/7 without any crashes. Which would be unthinkable back in the day.
Back in the day, your uptime was a source of pride. So much so that I remember using samurize to display my PC’s uptime right in the desktop… my Linux workstation of today isn’t impressed at all.
12:50:37 up 1224 days, 53 min, 6 users, load average: 0.00, 0.03, 0.00
Not desktop tho, my home router/server :)
Are you sure it was drivers issue? Not HW fault? I have good memories of Win2003 (and XP too) Very stable system, if drivers are correctly written.
Back in the days I remember fighting with random BSODs on Audio play/stop on Win2003. After months of fights I nailed that bloody .sys audio driver that gave me the problems. Found orginal vendor simpler driver and problem went away.
Same thing happened after Windows Vista came out. Vista came with a new audio stack that many sound card drivers were not compatible with out the gate.
Multi-user seems to have been something which was dropped when MS/DOS was CP/M inspired by CP/M. CP/M (and I do mean CP/M, not just MP/M) had the concept of user areas. These were a different concept from Unix users: there were 16 user areas numbered 0..15, and one could change between them with the USER command. I believe that user area 0 was in some sense shared, possibly only as a place to load .COM files from. There was no security boundary: it was just an organisational tool.
And in the Windows 9x days, even if the user did have a password, you could bypass that with the novel method of... pressing Escape.
I always thought the password was for the network shares only. You could perfectly log in without a username and password, except networking partially fails. The login dialog only appeared after installing win9x networking components.
A windows password would have been silly, pressing F8 at boot would drop you in msdos
> A windows password would have been silly, pressing F8 at boot would drop you in msdos
As it is to this day with many many Linux installs (unless some disk encryption is set up): edit the kernel command in GRUB and add init=/bin/bash. boom, you're root without any password.
That's why one sets up disk encryption :3
good idea on computers with 100 mhz, an encryption algorithm would've probably not slowed down anything at all, especially not because there was no encryption extension.
My 166Mhz Pentium MMX laptop was encrypted too, with the full disk encryption feature of network associates' PGP Desktop. It could handle it fine even without AES-NI. Slower computers also had slower disk access so the burden wasn't big.
I think there was just less focus on security back in those days. We used the same password everywhere, left thumb drives in taxis, used telnet instead of SSH and regular http.
Wat.
My 166 slows down just from the filesystem itself. I explicitly run jfs, as it is particularly light on cpu. (I believe ext2 is also an option, but you lose journaling).
Not calling you a liar, just very surprised to hear such a report.
Those were very different times though. All software was much lighter. The filesystems of the time were fine on it (and I believe NTFS already had journalling even in those days).
I'm not sure what kind of '166' you have. But you're probably running at least a modern webbrowser as IE 4 is no longer suitable in this day & age. Most sites didn't even use https. You also probably use modern-day crypto. Because it's modern adversaries you want to protect yourself again. By using it to do modern things you're taking it a bit out of context.
I was running Windows 2000 on it, with regular NTFS. I did some webbrowsing and Visual Basic for Applications and ASP development. All this fared just fine with full disk encryption (PGP Desktop's "Whole Disk Encryption").
My older work laptop with Windows NT 4 workstation was also fully encrypted. Also with third-party software of course.
JFS is pretty damn old[1] as is ext2.
> I'm not sure what kind of '166' you have. But you're probably running at least a modern webbrowser as IE 4 is no longer suitable in this day & age. Most sites didn't even use https.
I'm not sure what sort of impression you got about me, but maybe I should clear things up a little; I was also around for the 90's. I know what the general software situation was, and (unlike most) my impressions aren't buried in 30 years of memory haze and nostalgia either, since I still use such software on occasion. The computer in question is a Compaq Presario from ~1996; it's been upgraded with a 233MHz Pentium MMX that's currently clocked down to 166MHz for... reasons. I've maxed out the RAM at 128MB, about half of which is required to get X up and running on any unix release from this century (win95 fares excellently, win2k is pushing it though).
No, it doesn't run a modern web browser. There's no way in hell you'd get one to run on that hardware. The best you can really do is something like Dillo, or D+, depending on platform (or go text-only). Whether or not I run "modern" software on it, really depends on what that software is. A lot of old tools work just fine, while some modern tools are still somewhat lightweight. It really depends.
I have no experience with FDE on windows. The closest comparison I could draw would be to the built in disk compression utility, which I do seem to recall having a speed impact. I'm not saying it wasn't usable; I'm just saying, from my experience with the hardware of that era, running software of the era, I'm surprised to hear that it could give a reasonable experience. As you say, software was much lighter; meaning, there are many things we do today, that you just didn't do back then --- such as making a full pass over the datastream in your filesystem code.
In college I got by with a 75 MHz Pentium with full disk encryption. I didn't notice any performance penalty.
I'll take things that never happened for $200.
While true, there is a quantitative difference:
The linux trick is quite obscure, only used when you're in serious trouble. It's the same level of knowledge as removing a hard drive.
Meanwhile, the F8 trick was in common use by tons of teenagers, especially in Win95: A lot of games were still DOS based and you needed windows out of your RAM if you wanted any performance. People still used the config.sys boot menus to choose between windows and gaming. Browsing the file system and editing text files in DOS were still common enough activities.
There isn't only one linux boot manager in the world. Not every boot manager allow that.
But… you can still insert a bootable usb drive to skip it
Yeah but as with Windows, in a decent environment you'd still need credentials for access to networked resources.
> I always thought the password was for the network shares only.
Correct. It was only for networking.
Ah, this reminds me of one time being an amazing average-competence hero.
Labmate: “my Linux install is borked, now my files are all gone” :(
Me: “Fortunately here in 201X (for low values of X) full disk encryption is rare! Let me introduce… another use for the install drive!”
I remember grepping my entire 2GB hard drive for some files (a bunch of scripts) I lost when doing some Linux shenanigans...
Couldn't that be disabled? I vaguely remember bypassing the login using the little help icon, then opening the help and/or (not sure) printer dialog and finally using the file open dialog to run explorer.exe :-)
that was windows 3.11
> it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it
With windows specifically a factor is that it is/was almost impossible to get a computer (PC/Desktop) without Windows license. Compared to that the number of potentially illegal copies was neglectable. And even for Office it was probably better that people use a copy from dubious source than a competitor so they don't find out that alternatives are good enough.
>was normal for computers to auto-login and have no password
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).
Devils0wn Windows XP Final serial key, yeah baby! Seared into my mind forever after entering it so much:
FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.
I killed so many instances of svchost.exe back in the day! Never ran into anything bad that a reboot wouldn't fix. I remember figuring out by trial-and-error which instances were safe to kill by looking at their memory usage.
There was something exciting about stripping Windows XP to its bare essentials, and also it seemed necessary at the time, if you wanted to run it smoothly on an ageing laptop that was basically obsolete when it was new. Especially if you wanted to run such RAM and CPU hogs like The Sims 2! (Not to mention the 40 GiB disk space that just filled up so fast with save games and expansion packs.)
I wonder if Windows 10 still lets you use an alternative to explorer.exe for its desktop shell? I used to write my own little launchers and spotlight-esque programs.
Oh...my...god...
That CD key. I remember that one as well. Good times :) Thanks for bringing up these memories.
It's famous enough it's in wikipedia - https://en.wikipedia.org/wiki/Volume_licensing#Leaked_keys
RHQQ2. Wow. I was not ready for this throwback.
> Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
ARE YOU ME?! I did all of that stuff! Friggin' svchost.exe man...
> FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I still have a burnt disc somewhere with that key written on the jacket so I didn’t have to look it up every time.
Haven’t used the key in 15+ years but when I saw it in your post I knew exactly what it was. Funny how memory works.
As soon as the parent mentioned memorizing keys, the FCKGW key came to mind!
Very close to the key I had memorised, but now forgotten; although mine had RQ2D3 in the second part and something else at the last part (I think. But am positive about RQ2D3)
At the very least, no tools were ever made widely available, and don't seem to be even to this day.
That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.
Where?
There's some discussions about it on a site which goes by the acronym MDL.
The activation process relies on public key cryptography. The private keys, held by Microsoft, are amongst their most well-protected assets. Much more so than their source code, for instance, which is developed with the expectation that it will be leaked in part or in whole.
Imagine the shitshow that would happen if those keys leaked lmao. They've got to have a ton of them, across all their services.
It'd be cool to be able to build "legitimate" LIVE packages that would be usable on unmodified 360s lol
For everything up to ~XP era MS software, the private key was cracked years ago. Beginning around Vista they started using a longer key, which AFAIK hasn't been (publicly) cracked yet.
Search for "MSKey README" if you want to read more... but as one interesting datapoint, the computational complexity of finding the private key was 2^31.
What stops people from just exchanging the public key that is used for verification?
(Not that it matters in a world where kmspico and dazloader exist, but still)
Given the length of Windows serial keys is not that long, why couldn't one extract the check function and run an iteration attack to generate valid keys?
Edit: @ale42: makes sense, thanks for putting this one to rest. 36^25 is approximately 8 x 10^38 which is a really, really big number.
There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.
This makes me think of a shareware app (I think an icon editor) for Windows 3.1 back in 1994 or so... I could find a valid registration key by entering random numbers by hand in around 2 minutes. And I wasn't lucky as I tried and succeeded several times ;-) But the rule (figured out after I had 10 or so valid keys) was simple maths with the digits, no crypto behind.
> There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.
Kinda depends what is encrypted there. If it is just "magic number + SKU + licence ID" and there is no online check whether that combination is valid then you're "just" trying to hit one that's valid and that cuts few bits off equation as there is spectrum of keys that will be valid but not generated by Microsoft.
Not used characters: 015AEILNOSUZ
So less possible combinations.
I get why some chars aren't used, but why the N and U?
Maybe to prevent certain words from being spelt? I have no idea though
Still 114 bits of entropy...
Not if their cryptography is done properly. Cryptosystems are designed to maintain their security even if the complete algorithm is known to the adversary. You'll commonly see this phrased as "don't rely on security through obscurity".
> don't rely on security through obscurity
Which doesn't mean you shouldn't also use obscurity. NIST recommends it [1], and the industry widely uses it. In practice "don't rely on obscurity" usually means "have enough security besides obscurity to give you a grace period to switch out the obscurity". That's for whole systems, you might get away with people knowing you use standardized primitives like AES.
[1]: https://csrc.nist.gov/news/2021/revised-guidance-for-develop...
Everything we know about the subject of this discussion (windows product key validation) comes from reverse engineering the relevant DLLs because none of it has been discussed publicly. I think MS is probably of a similar opinion regarding publishing unnecessary details.
> don't rely on security through obscurity
if it's not obscure enough that it will be found, then you are correct.
but what's more secure than a password that you don't know? not knowing there is a password in the first place. if the answer is never found, how can it be insecure? I dub this schrodinger's security.
Yeah they're probably in a HSM at the very least.
I wish you still could. I resent being required to create a user account to use my own computer.
I really really miss the 90s computing environment. I was young but it was a total wild west and the internet was beautiful and totally open. For a curious kid without a lot of friends it was amazing.
That really was me in the 90s. Made all my real and best friends using mIRC and ICQ. the good old days.
Got locked out of my OG ICQ years ago and can’t get access back because I can’t prove it’s mine with a copy of my id or birthday (obviously, not even sure I entered anything…)
My icq number is locked forever although I still remember it to this day.
For a while I had the icq incoming message sound for texts on my phone but that sound got obnoxious real quick, even though I had good memories associated with it. “UHOH!”
Early 90s (and end 80s) was more "copy parties" than Internet iirc.
> software did not have ability to phone home
This is the main reason for the simplicity of key checks.
If you copied someone elses windows installation (cd burners were very expensive, but a floppy version existed), you'd also copy the serial number, and just use that. Even if the serial verification algorithm was complicated, noone would really have to crack it at all, because they'd just use the original serial for all the copies.
Piracy was (and still is) rampant with home users, but business users still needed some kind of a simple check (so.. a simple serial) to match the installation to an actual licence, which was more "protected" than the actual medium (cd, floppy), by using holograms, microprint, etc: https://media.karousell.com/media/photos/products/2018/09/13...
> (cd burners were very expensive, but a floppy version existed)
You just borrowed the install CD. The only time you needed it was for the install and (sometimes) installing drivers after installing new hardware.
You could actually copy one of the folders from the windows CD onto your HDD and use that instead of the install CD for device drivers. From memory, you could actually complete a full install from a folder copied onto the HDD.
You can still do this with Windows 11!
I had to do this recently because of an old, well-known, but relatively rare bug with Windows installs. I created an 8GB partition at the start of the target hard disk, booted from it, and installed the OS into the rest of the disk. When the OS was up and running, I cleaned out the install partition.
Now I have an empty 8GB partition on my computer, which is a bit irritating. But I try not to think about it too much.
Yeah, first thing reinstalling a computer was a clean format, copy the CD to C:\WIN.CD\ and install from there. That way, it never asked for the Windows CD when installing drivers or functionality later -- that functionality always read where Windows was installed and only asked if it couldn't find the source. It was really worth it taking up 1/20 of a hard drive back then.
Everyone took software from the office and installed it at home, that's why everyone uses microsoft at home, you got it for free from work.
Worked for microsoft, worked for the people taking it home. Everyone was happy.
>I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video.
I don't think it's true that "most people who used computers" were teens or young adults. Since we're talking about Windows 95, here is some mostly contemporary usage data from the 1997 US Census[0]. A few of the strongest predictors of computer usage for a household are income, education, and using a computer at work. Being older (55+) is a pretty strong negative correlation (along with some correlated characteristics like being widowed).
I don't see a direct statistics tying computer usage to number of children, although the household size does indicate that houses with children probably are more likely to use a computer. Even just looking at the sample, about a third of households use a computer at work, at third don't, and a third don't work, which gives you a very large pool of people using computers who aren't teens or young people.
I suspect it's more likely that many of the people on this board were a young person in the 90s if they were a person at all, and so it felt like many computer users were like them. In fact, plenty of not so young adults were using computers.
PS: if by young person you just mean "under 50", I retract everything above and instead am confused by your definition.
[0] https://www2.census.gov/programs-surveys/demo/tables/compute... , https://www2.census.gov/programs-surveys/demo/tables/compute...
>It may sound strange to people who were born later. But in 90s...
Your remembrances are valid, and fun to read, but people gotta temper their memories with how old they were. You're not describing "the 90s" as much as describing "being a teen and up to the usual teen highjinks"... in the 90's. I'm sure teens today have many equivalent sorts of hustles, but that's not how everybody lives. I had jobs with high bandwidth uplinks and could've downloaded boatloads of stuff. But I didn't because who needs the hassle of getting your employer a nasty call from the ISP, and I could generally buy the things I wanted. a lot of software downloads had trojans and other malware.
not trying to be a buzzkill, just accurate to the history. by way of signing off, let me say
astalavista
.box.sk
Microsoft tried a lot of weird things preventing piracy or refunds.
I remember the Windows cd cases were protected by this seal. If you opened the cd case to install Windows the seal broke and that was kinda your agreement you were not eligble for any refund. However, it was very possible to click open the hinges of the plastic jewel case, use the cd and put it back on its case, so the seal did not break.
And your biggest fear was that an outgoing employee would drop a dime and report you to the BSA (not the Boy Scouts of America).
Don’t copy that floppy
This huge thread is such a send back to old times. Nostalgia overload.
> late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.
This is still true today btw, but the broader user base includes a lot more people willing to pay
What may prevent more of it today is that "cracked" software has been found to be a handy delivery mechanism for malware so, especially after the spread of cryptocurrency and ransomware utilizing it for payment, there is a reasonable fear of your download coming with an extremely costly payload.
So, oddly enough, the transnational criminal gangs are helping the corporations in a way they never could do for themselves.
Decent torrent sites get rid of those very quickly. It’s corporations doing their own work by creating a scare.
One mechanism which was sometimes used for more expensive software was a dongle connected to the parallel port.
These were generally useless at the time, at least as it pertains to online piracy.
Enough to keep honest people honest and not copy the software to their immediate friends, but if the software had people interested in pirating it someone would disassemble it and just jump over the part that looked for the dongle while keeping all the software functionality intact and these patched versions would be readily available online to anyone who knew where to look.
At the end of the day not really any more secure than various software-based copy protection schemes, just more wasteful due to the extra hardware.
This still exists today, only now with USB dongles.
I’ve heard stories about high end recording studios, with shrink wrapped boxes of expensive audio software, that used cracked versions on their workstations because they don’t want to deal with the inevitable iLok hassles…
Hello Cubase!
Prior to W95/NT4 windows didn't even have a license key, scary warning text was the upper limit of enforcement. In some companies part of the IT departments job was to find unlicensed software and delete or pay for it.
Letting people pirate your software early on is a valid business strategy. Enterprise users pay, students/hobbyists find a simple crack. Once those students enter the workforce they decide the market.
That apparently worked well for Adobe products too.
I know that a few pieces of software distributed on floppy showed a warning if it detected it was previously installed (which wrote to some file on the disk, given it wasn't write protected). Which basically amounted to a sternly-written paragraph to say that they're using honor system to make sure you follow the rules.
> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.
Only in the home computing world, which is why people on Real Computers thought home computers were toys back then. Real Computers, running Linux/Unix and VMS and MVS, damn well did have the protections Wintendo didn't, and didn't mandate a reboot every forty-odd days, either. Microsoft didn't even begin to achieve parity until Windows XP or later, and Apple didn't until MacOS X.
> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all.
Indeed, Windows 98 and earlier did not require a username/password pair by default. However, it was stupid easy to log into computers and steal stuff.
Processes could read from each other's pages, but it was also stupid easy to download warez and viruses that took advantage of that. Remember, this was the age of HTTP and plain text all day every day (because computers were too slow to do client-side encryption).
Antivirus reviews and comparisons were really valid, as virus databases were also in their infancy, and some companies had better data that others.
> There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Yup. Which is why Photoshop cost $600 and a non-gimped version of Office cost $400. They baked piracy into the price and had the big companies that thought nothing of these prices pay.
Also, downloading cracks was a super easy way of getting viruses, doubly so if you didn't have AV running (many didn't). Doubly also, finding them was hard(er) before the days of WinMX, BitTorrent, etc. You had to know IRC and newsgroups. Not super friendly places.
That didn't stop people creating hard-to-crack copy-protected software.
Since disk drives existed, games makers created floppy disks that industrial disk duplicators that standard computers could read, but couldn't write, and ensured their games had code to check for that. It generally wasn't feasible to replicate these special tracks with a normal floppy drive, so instead people had to reverse engineer the game and remove the copy protection checks.
This could be easy or hard, depending on how devious the programmers were. One of the legendary games for this was Dungeon Master on the Amiga or Atari ST which took crackers about a year to find _all_ the copy protection checks [0]
This wasn't the only form of copy protection.
* Games since their earliest day had things like "enter word 7 on page 5 of the manual". Some games had a red-on-red "copy protection sheet", designed so that it would be very difficult to replicate with a standard black-and-white photocopier. Monkey Island came with a two-piece "Dial-a-pirate" code wheel [1]
* To thwart third party software developers, and to distort fair trade and give themselves lucrative pricing monopolies, the Nintendo NES had a "lockout chip", the 10NES [2]
* Sony Playstation games had a "wobble" built into the groove of their pressed discs that normal CD-Rs didn't have, and the frequency of the wobble indicated which region the game was sold to, preventing free and fair international trade by foul means [3]
* Products like AutoCAD came with a dongle, [4] it connected to the parallel port because USB hadn't been invented.
But yes, for software like Windows, where the entire product has to be installed on a hard drive, it wasn't within customer expectations to have to permanently attach a dongle or have media in a drive, and there wasn't commonplace network access with which to "phone home", the serial key or CD key was used to limit distribution. As you say, Microsoft enforced this mainly with licence audits - the BSA not only offered a reward for employees to rat out their companies [5] but they also generally acted as a front for Microsoft; Microsoft would drop their lawsuit for your minor infringement of some of their software, if you agreed to stop using Microsoft's competitors' software and convert your business to becoming a Microsoft-only shop.
Microsoft also got paid by doing deals with OEMs. If you bought a PC in the 1990s, you likely paid a "Windows tax", where every PC sold, even ones which will only run Linux, gave a portion of the sales price to Microsoft. They illegally used their exclusive agreements with OEMs to prevent BeOS entering the PC operating system market. Microsoft was found guilty of using illegal anticompetitive tactics to crush their rivals in the x86 operating system market. [7]
[0] https://www.youtube.com/watch?v=VheNpiSZxf0&t=489s
[1] https://oldgames.sk/codewheel/secret-of-monkey-island-dial-a...
[2] https://en.wikipedia.org/wiki/CIC_(Nintendo)#10NES
[3] https://en.wikipedia.org/wiki/PlayStation_(console)#Copy_pro...
[4] https://en.wikipedia.org/wiki/Software_protection_dongle
[5] https://en.wikipedia.org/wiki/Software_Alliance
[6] https://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#...
[7] https://law.justia.com/cases/federal/district-courts/FSupp2/...
I remember a text adventure game on Amstrad CPC ("Le passager du temps" in french, roughly translating as "Time passenger") which I had a pirated copy.
You could play the adventure until you found the time travel machine (could take 1 to 3 hours depending).
You start the machine and then it went on infinite loop text : "tired of piracy tired of piracy tired of piracy..." !
Highly frustrating, but you couldn't help to admire the developper.
If I remember correctly, it was something about the way that a floppy track was formated, with the wrong number of sectors, which was readable by the disk drive, but it couldn't write it using normal copy mode.
Could also be something like that:
https://scarybeastsecurity.blogspot.com/2020/12/the-cleveres...
I remember reading some article I can't find again about a very unusual floppy protection that involved nonstandard floppy format, something like non standard sector sizes that could be read by the hardware but not written, and the protected software implemented some direct access to the floppy hardware to read data.
Settlers III did something like that too.
If you were running a pirate version (or a poorly cracked one), the game would run just fine but at some point, it would only produce pigs instead of another resource (can’t remember which) and you were basically stuck because you couldn’t get the more advanced buildings etc without that resource.
Original SimCity would let you play off you failed the copy protection, but would Chuck disasters at you left and right.
Downright sadistic tbh.
I'm pretty sure I remember a pirated version of Metal Gear solid on the original play station where the fact you where using a pirated version came up in the gameplay at some point.
While I have no recollection of this pirated version, it sounds like something Psychomantis would say.
I looked it up, at a point towards the end of the game you had to find a communication frequency on the back of the disc package. If you had a pirate copy this was obviously difficult (it was before this information was as freely available on the internet).
Yeah elite on pc had such a copy protection mechanism.
But they picked any word in the book, even simple ones like "the". So just entering that 20x or so would get you in.
Everyone used pirated software, Bill still got rich, software developers did make a living, and software prices did not cripple companies. Good old times.
While it seems like a lost battle, Bill Gates chiding letter about software sharing being bad, versus the FSF/Stallman philosophy that hiding what the program does from the user is morally wrong is still being fought out. People need to earn a living, but as Cory Doctorow says, these are computers we put out bodies in and put in our bodies, hiding the flaws behind license contracts hurts us all long term. We all build on each others tools so grabbing all that value for yourself seems wrong. I personally don't know how we allow copyright on software without some kind of source code escrow at the library of congress level. Enforcing these license contracts is a waste of time in the free software paradigm, that could be better used perhaps, but Bill Gates owns a yacht and Richard Stallman doesn't, so I suppose the question depends on your point of view.
When I was young we had a family friend who regularly flew to Hong Kong for work. Whenever we wanted software that was expensive he would kindly pick it up for us there on one of his business trips. He must have known all the right places to look, because he never let us down! I still have a pirated copy of Macromedia Studio MX in a cupboard somewhere. The idea of installing pirate software you bought at an open market in Hong Kong seems absolutely insane in today's world, but 2002 was a very different time! For anyone wondering, we had dial-up internet back then, so even if I'd known the right places to look for pirated software, there was no way we could reasonably download it! I was using Getright download manager to download things over the course of weeks!
> Getright
That's a name I haven't heard in a long time! It's still available! https://getright.com/
Microsoft software (and borland) were easy to copy, but it was not the case before. There were many tricks to protect software like "weak bits", "laser holes", fancy sector layout. We had special software to copy protected disks.
I still remember that all 7s and IIRC all 8s works in Quake 3 Arena as a CD key too. I found this out button-mashing as a kid after my actual CD key wouldn’t take. Probably something screwy with their CD key verification algo that probably just passes stuff around internally as 1 or something. I’m sure this is some whole sub-genre of cryptography — finding inputs that break the verification calculations — but I don’t know the name of it beyond “cracking”, albeit “non-patching-based”.
Software is still widely "cracked" and tons of people still want to not break the law. In some case telemetry is removed. Otherwise you run it in a VM without network access. This has little to do with autologin and lack of efficient memory protection: if you are root: you can still read everything in most cases. The only exception is if some kind of "trusted" enclave is used, but I don't think this is very common.
Being able to just do anything you want was so incredible, though. For example, the Google Assistant DING is one of the most ear-splittingly obnoxious sounds I've ever heard and there's not a damn thing I can do about it besides stop using Google Assistant. When I had similar problems in the 90s I could just go find the audio file in question and quiet or replace it with whatever I wanted.
Remember Windows 95/98 and the shared-by-default $C network mount that was read/write to anyone? Had a lot of fun with that one in the dorms.
This is how NESTicle source code was stolen https://patpend.net/articles/zd/article2.html
> How did he steal the source code? Sardu was running Windows 95 at the time. He made the mistake of leaving drive sharing on
This. As a teenager those days, I never bought software and always cracked them. I grew up learning to use Photoshop, Visual Studio, 3ds max etc. cracked.
Now I'm an adult who learned some of those tools profesionally, and paying for them (or services around some of them) legally.
If I didn't use them cracked in my teenage years, perhaps I would have never become a paying user in the first place.
Computing and software dev definitely was much more fun back then. No worries about security and systems way less complex. I often shake my head when I get a PR that adds one fields to the data model and you have ten different files changes in UI layer and possibly several services. Can't wait until AI writes that code and verifies it works across all layers.
cm3hy-26vyw-6jryc-x66gx-jvy2d reporting for duty. Probably did 50-100 OS reinstalls a week so it is burned into memory.
Can you confirm please that you have only installed Windows XP on a single computer please?
Yes.
Okay sire here is your activation key.
Is that also a key for Windows 95?
Windows XP, I believe.
We also had p2p file sharing before the internet or any networking existed. Files were shared physically, literally from peer to peer. You would meet with your friends and exchange floppies or CDs, take them home, copy and return back. No IP addresses, no VPNs, nobody could take us down. True decentralization.
FCKGW-...
It's _FCKGW_, not what you have. It's easier to remember this way...
I used the mnemonic "FuCK Gates, William...".
All these years I assumed it was George W....
In the gaming space prompt cracks are still common place.
Empress cracked Hogwarts Legacy in about 2 weeks to much fanfare[0].
Cracker efforts are now even crowd funded.
Maybe this is a Peter Pan moment, you grew up but the ever-child world of Piracy continues.
The goal is to not have it immediately cracked on release, so for that the copy protection does work. To protect it indefinitely isn't the main objective. The copy protection should be called malware though, because it basically is. Same goes for some anti-cheat tools.
I think it should be made more transparent if a game uses such tools.
Sometimes it is cracked immediately on release. Hogwarts Legacy had a playable beta crack in only a few days.
Denovu v17 is broken but it still takes work to apply the process and it's tedious which is why only one person works on any/all game (Empress) (a few others only crack single games presumably those they enjoy themselves).
Although I'm sure 2 weeks is a very nice cushion, ideally it'd be at least a month.
There is a conspiracy theory that Day 1 patches are to mitigate cracks.
I've taken my eye off DRM as I believe the real big issue will be cloud gaming.
But Empress at least cracks Denuvo due to not liking the idea of intrusive DRM.
In old days, software is not that soft. Floppy disk, CD, DVD are gone now.
fun fact: in Japanese, software is literally just called "soft", regardless of the medium. and hardware is "hard". no joke.
Is this why that popular secondhand store in Japan is called "Hard-Off"?
V2C47-MK7JD-3R89F-D2KXW-VPK3J
Yes, I still remember. Even after 12 years or so.
VDDF2-JJWM3-X7P27-FRHRT-8BVHT
Interesting! I once lost my original StarCraft CD Key. In a desperate attempt to simply install and play the game I tried converting “StarCraft” to numbers using A1Z26 cipher. Honesty didn’t know it at the time what to call what I was doing. I was just a kid! But, guess what? It worked! It only worked for local play. BattleNet did not see it as a valid key. I like to think some SWE somewhere hid that in there on purpose. Whoever you are, if you see this, thank you!
I once used the example key shown in a software manuals how to register section. It worked. I was rather chuffed at the time.
My brother bought CorelDRAW for Win95 and only kept the CD, forgetting how important the paper with the key was. On a reinstall he than entered 11223344556677889900 and it worked. I used that method multiple times as a teen on software from different manufacturers. It worked quite often. Though sometimes you had to play with the numbers at the end. (sometimes 000 other times 011 etc.)
wtf. he entered that number just out of nowhere and it worked? what a wizard!
The way this worked was there's a very large amount of keys accepted by the installer and a very tiny fraction of them are actually issued / valid for online play.
There wasn't that much value in having the installer keys be that narrow; if you have a legal cd it'll have the key printed right on the case (and there's no way to stop sharing). If it's a burned cd either the person who ripped it can just include the key or they can edit the installer itself to accept any key.
My standard strategy for installing StarCraft (at LAN parties I often had to do it a few times in a row) was just to mash the keyboard a few times until I got through. It usually took somewhere between five and ten tries, in my experience.
There’s also a valid key pre-brood war that was something like “1234567890123”
Brood war didn't have its own keys. Both 1234567890123 and 3333333333333 worked for StarCraft.
All 'G' was valid for Quake 3. I was surprised to find this out from my friend's 11 year old little sibling.
I used a key gen for quake 3 when it came out. Was surprised when I was able to play online. Told my friends who were not able to play online. I guess I was just lucky my key was an actual key!
That feels like some dev being lazy and adding backdoor easy to type keys for testing stuff
StarCraft was my first attempt and success at "cracking" a game!
Apparently it had a bug where it didn't recognize the CD on Windows 98 but it worked on Windows 95!
Didn't have internet, so I fired up Visual Studio, stepped through the .exe, and tried flipping each JE/JNE or JZ/JNZ instruction that came before the copy protection error showed up.
It worked!! I searched for the sequence of instructions in a hex editor and modified the exe. And it led me to one of the best games ever to this date. :)
So my last name is Key, and my initials are C D, so in the mid-late 90s any time I was prompted to enter a CD Key I would always try “yes”. It worked at least half a dozen times.
Thanks for that, it brought me back to my teens.
In the Renegade BBS system, for like one minor version or so, you could authenticate to any account, including SysOp, by hitting Enter instead of providing a password. Of course, in Renegade and many BBSes, you could login with either your account name or ID, which was an auto-incrementing (the manual way) integer starting at "0", the Sysop. And I'm fairly certain that the problem wasn't triggered unless you logged in by ID, which few ever did.
On one Saturday nearly every BBS in my area code running that software was restoring from backup.
I stumbled upon it because I was "1" on another BBS[0] and accidentally popped "Enter" aiming for Shift when typing my password. After picking my jaw up from the table I called my buddy and told him to unplug the phone line. :)
[0] Actually, I had hacked up and substantially re-written from the leaked Telegard 2.5 source (whichever was the origin of Renegade's code) and the password validation code was insanity -- I was young enough to see hacking as mystical and suspected I'd found a cleverly hidden back-door so I rewrote the entire thing to be as "dumb as the rest of the password handling logic was"; I had heard, later, that there was something funny going on but I stopped playing with that code by then and the Internet quickly ended that world. In all likelihood, the original developers were doing something novel that I was totally unfamiliar with and I made it worse, but I like to think I "locked that up". :)
000-0000000 was the key I kept in my memory in case I needed to install Visual Basic 6.0 on a new computer back in my middle school days :) great memory I forgot about, thank you for sharing the link.
FCKGW
I probably am overthinking this; I always wondered if that key was purposely leaked by someone who didn't like Bill Gates.
I recently wanted to use a program for a short amount of time for personal use, but the trial period was only 7 days.
I used strace to find that it kept the timestamp of its first run in a text file, and would read that on startup. Deleting that completely reset the trial period.
I was pretty amazed - I know most people aren't computer savvy to bypass trial periods, but I figured there'd be third-party libraries a developer could use to effortlessly guard against this sort of thing?
(If I ever need it again I will buy it. I just literally needed it a couple of times for something personal and will likely never need it again)
Meh, it's common to let pirates get away with it because it helps adoption Also good antipiracy software is like Financial/business software, usually surprisingly expensive
I think there’s an interesting parallel with “supercookies” on the web, or the long-running battle on iOS to permanently, uniquely identify phones.
Should the user be able to control their machine, and delete data that the app has written? Should they be able to ‘look like a new user’?
Or should companies/apps have the ability to keep persistent data on the user’s machine, and/or link them to a previously collected set of data about that user?
Most Mac-native apps operate pretty much (usually with binary plist, but MacOS includes CLI tools to operate them) like that today, and likely for ever. https://twitter.com/panic/status/679094045768073216
Ableton live used to give out 90 trials with a new “live” account. I used it for about half a year with various different emails. They stopped this from working on live 11 and I decided that the software wasn’t for me :)
I even used that on a piece of software last year to extend the trial period. It was good software, so I brought it afterward. But I was surprised that the old trick still worked.
I remember using this key to install hundreds (possibly thousands?) of school PCs back in the 1990s since I couldn't remember our volume license key. And Microsoft's terms explicitly stated the key we used didn't matter as long as an audit revealed that the number of installed systems matched the number of purchased licenses.
Similarly, 111-1111112 was a valid key for Office.
That practice never stopped: even today, the current version of Visual Studio 2022 Enterprise available for download from MSDN (well, "Visual Studio Subscription") has an option to use a static product-key (which I believe is the same for everyone, considering the search-results I get for the first 5 digits...) - but for some reason the lower SKUs (Community, Standard (rip), and Professional) switched to _only_ supporting MSA-based online activation, so if you have an air-gapped or disconnected dev situation you have to shell-out for the full-fat edition - but at least you get to use it indefinitely.
...which is always really important considering the 20-30+ year lifecycle of actual software - whereas Adobe and their Creative Cloud service is copying Apple's strategy of pretending all their software older than 5-6 years simply never existed in the first place. "Adobe Flash/Fireworks/FreeHand? Never heard of it." - which is a huge PITA for people who might have old source files in those lovely propreitary binary file-formats that can't be opened in newer versions of Adobe software - so what on earth does Adobe expect them to do? This is insane...
Why were all triplets blacklisted except 000, 111 and 222? What was the thought process behind it?
It might be compiler generated code. That the algo is more complex.
This gives me some serious nostalgia for those simple and naive days. Around 95' is when I accomplished my one and only successful attempt at cracking. Some company had their software downloads in password protected StuffIt archives, anyone could download the software but you had to buy it to get the password so you could decompress the archive. I really wanted to use that software and I searched everywhere on the net and on BBSs for that program or the password with no luck, so I set out to crack the archive. I made two archives, one with password protection and one without and then opened them in ResEdit, turns out the only difference between them was that the protected file had a second resource other than the data, delete that extra resource and it became a normal unprotected StuffIt archive.
I shared my findings to the community and within days it was all over the web and on every BBS, people where pretending they were the ones who made the hack, it was everywhere. Within weeks StufIt released a free update to fix this and I felt quite powerful at the effect I had caused. Years later I realized that my crack was banal and probably common knowledge to anyone but an ignorant teenager, most were just smart enough to not share it and ruin a good thing. So I inadvertently made the digital world a safer place.
Edit: thinking on it more, I doubt I was even the first person to share this information, I was just the first person stupid enough to share it on an easy to find warez/cracking site that everyone had access too. I also seem to recall that Stuffit explicitly said that this password protection was not a safe or reliable way to protect your data, if you wanted that you had to upgrade to the paid version. I probably had no real effect on anything and the new password protection StuffIt rolled out was probably already in the works when I showed up.
OEM keys for Windows 95 followed a similar structure to the retail key, albeit with a lot more digits.
OEM Windows 95 keys came in the form of XXXXX-OEM-00YYYYY-ZZZZZ. The XXXXX grouping represents when Microsoft issued the key by day-of-year and year, and the operating system would validate any number where the first three numbers range from 001 to 365 (or 366 for year 96), and the last two X digits were 95-99. The YYYYY group must be a multiple to 7, excluding the number 0. The ZZZZZ group is basically noise and anything is permissible in them.
Now you can run a Windows 95 keygen in your head. You're welcome :)
Actually I believe Windows 98, Me, and 2000 have a similar scheme but they obfuscate it with some algorithm to generate the 25-char alphanumeric style that Microsoft continues to use to this day. I've never dug into how it goes, but you can see the 95-style key on System Properties post-install.
For no reason other than it seemed fun, I used this new knowledge to implement my own version of said key-gen, in my choice of dev environment: Swift and Xcode playgrounds. Fun little exercise.
https://gist.github.com/Bonney/5cc85f41cdeb80146c7d5169ded8a...
Impressive, I see one definite problem and a potential one:
* I had incorrectly stated the conditions of the Y grouping. The digits must sum up to a multiple of 7, rather than be a multiple of 7 by themselves. 0000007 and 0000016 are valid sequences, for instance, but 0000014 is not.
* The Z grouping probably has to be [0-9]. At least I've never tested non-numeric characters whenever I've installed Windows 95 (I usually type out 00195-OEM-0000007-00000 when I install it).
If memory serves (and it was a long time ago) Win98, Office 97 and NT4 all had an easy to guess key. As long as the ABC (product type eg. Pro, Home) followed by the -xxx (first two digits added up to 9 as the last digit eg 639) -xxxx and the last 4 digits also added up to 9 as the last digit) all would be good and passed all the validation checks. A product key of xyz-000-0000 would work although it was a bit obvious where as something like fgh-729-32139 would sail through.... Ah, the good ol' days
Software Piracy
That is the reason Microsoft went bankrupt, and
Bill Gates is living in a mobile home in the Ozarks.
You should be ashamed!
I wish more YouTube videos were like this: no intro, outro, ads, annoying music, please like and sub, captivating voice.
there are tons of these videos on all kinds of topics. Unfortunately, without a captivating thumbnail view counts are extremely low and click through rate is laughable. Yet some creators refuse to A/B test crafted thumbnails that have often nothing to do with the video but drive views. Similarly, I keep my videos short and concise as I see viewer time as at least as valuable as mine and so do plenty of other creators. Unfortunately, viewers don’t appreciate this en mass. My sad conclusion is that people don’t value their time high enough to immediately leave a video that is wasting their time or, as so often, has almost nothing to do with the title or thumbnail. People forget why they clicked on a video within seconds of watching it.
Source: I am a creator myself, releasing a mew video every Friday. I have read the engagement guides from YouTube and other creators and decided to not take part in this landgrab for viewer time. People have more important things in their life than my videos and I should be mindful of how I use their time.
A mew video, you say? stacksmashing has one ;-) : https://www.youtube.com/watch?v=U8fWTDUdWGA "Exploring the Mew Glitch"
Some recommendations of this type:
VWestlife: https://www.youtube.com/@vwestlife
Big Clive: https://www.youtube.com/@bigclivedotcom
Posy: https://www.youtube.com/@PosyMusic
Techmoan: https://www.youtube.com/@Techmoan
Technology Connections: https://www.youtube.com/@TechnologyConnections
Ask me 5 years ago if I'd regularly watch someone play Doom on youtube and I would have laughed. Then I discovered Decino and their Doom deep dive and playthrough channel [1].
Similar thing, no intro or self-promotion, not even a Patron. Just someone playing Doom levels with a calm and even tone explaining things about the game I never would have guessed and it's strangely relaxing.
1. https://m.youtube.com/channel/UCJ8V9aiz50m6NVn0ix5v8RQ#botto...
Behold, salvation is near: https://sponsor.ajay.app/
It's interesting that Youtube is also recommending this to me today. I wonder what caused this coincidence. Anyone else seeing this on their Youtube feed?
I suppose YouTube saw the spike in the video's popularity, caused by this HN post, and started recommending it to people who might be interested in it.
Or the other way around — YouTube started recommending it more, so OP saw it and posted it on HN.
I had it in my feed and watched it some hours before this was posted here.
I found a Half-Life CD in the street, just laying there, when it was a new game and all the rage. I guess it slipped from somebody's jewel case or the like. By some miracle, it wasn't scratched enough to be unreadable, so I went and installed it but… no key. Out of frustration I started to just type silly sequences, until arriving at one that worked: 1234567890 until filling the textbox completely.
Man, the sheer joy and happiness when the game installed and ran without issue. I had to tweak the settings a lot because I had a P75 with a 3dfx Voodoo accelerator card but nonetheless I enjoyed a lot of that game and I still have that disc. I hope the original owner was able to get hold of a copy and still use his original licence though.
It was valid for Visual Studio 97 as well.
Yup, I remember using this key for visual studio 6.0 when I was like ten years old.
TLDW: First three digits are ignored, The remaining are mod 7.
Reminds me of this classic.
Reading all these comments about people mailing floppies and cd's, it's glad I was also part of that scene too - in trading fansubbed anime titles, and trading for more copies to complete strangers. Had a geocities page, and even did transcoding with tmpgenc - back when k-lite codec packs were popular, pre VLC days.
Just can't believe with the right keywords, you can still see these old posts on the internet - 2002/2003 was truly different and I bet pre-2000 even wild.
I worked at Microsoft when Windows 95 was released and I'm certain that is the key we use to install it internally.
The sum of last 7 digits has to be a multiple of 7, not sure if I remember correctly but definitely very simple
I was reinstalling Win95 and Win98 so much in my youth that, to this day, I still have my Windows 95 OEM number and Windows 98SE CDKEY memorised and can recall them with no effort. 20 and 25 alphanumerics respectively.
I didn't know about the much smaller 10-digit Win95 keys.
I remember installing Windows 95 some time in the late 90s only to realize I didn't have a license key handy. Out of frustration I entered all 1s in. I have never been more surprised at something working unexpectedly like that.
Just a side question.. Did the floppy disk version also call it a CD key?
You've posted this 12 hours ago, which was roughly when it showed up in my youtube feed.
Did you post this, because it showed up in your youtube feed?
It seems like the YouTube algorithm started randomly recommending it to a lot of people (before it landed on HN)
Ah, the gold old days of software-keys.txt lists with millions of keys of all version of DOS, Windows, OS/Warp, Autodesk, etc.
To reinstall Win95 in late 90´s was a chance. You had an hour or two then the worms ended it. Fun times. :)
It took me a while to realize this meant "license key", my first thought was about keyboard codes.
The "111-1111111" key is right next to the "any" key on your keyboard.
Obviously it's not a physical key, but the title suggests a surprising result.
It's valid for Quake 3, too!
111-1111111 is also a valid key for Windows 98 and the Office suite of that era.
MS activation mechanisms always remind me of this video: https://youtu.be/rXHu9OmLd8Y; how Microsoft Bob was used to initialize a chunk of random data used with the cryptographic activation mechanism of Windows XP.
It's also the valid key for Office 97
The good old FXP days…
Identity key...
This video could've been a textual content.