> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number?
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
In fairness, the decompiler didn't work on the protection method :)
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
Audience matters. Something intended to stop legitimate business consumers in a non tech industry requires substantially less sophistication than something built to withstand professional reverse engineers.
Copy protection was also generally less robust for educational software, since it sold to generally law-abiding folks (parents, educators, etc.). Never saw Rapidlok or V-MAX! used for educational software on the Commodore 64, for example.
Many a crack back in the day was even more simple still, we'd just find and alter the right JE or JNE into a JMP and we're off to the races. As the author found, the tough part is just finding and interpreting where and how the protection was implemented. If throwing the exe in a hex editor gave you access to String Data References (not always the case, but more common than not) then you'd just fail the check you were trying to skip, find that string, hop over into assembly to see what triggered loading that, and then just alter the logic to jump over it when the time comes.
Very cool to read an article about windows 95 still being used in production - a nice contrast to the infinite AI hype cycle over everything.
Tech may move fast in flashy areas but not in the more "boring" parts of the industry.
>Very importantly, there doesn’t seem to be any “input” into this routine. It doesn’t pop anything from the stack, nor does it care about any register values passed into it. Which can only mean that the result of this routine is completely constant!
This is not necessarily a fair assumption (though it worked this time). It could be some sort of a rolling code, where the reply is not constant but changes, and remains verifiable. Example: garge door openers have no input from the garage, but the sent signal differs every button click, and the garage can verify its correctness
Why wasn't (isn't) this more widely used? It was clearly more effective than a cdkey.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
Dongles were extremely widely used in the 1990s and early 2000s; for anything more advanced than consumer software you'd almost expect them? Almost every DAW, video editor, high-end compiler, engineering/CAD package, or 3D suite used them, certainly.
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
It was widely used in engineering software because the license cost was equivalent to a large fraction of an engineer's salary. Anyone who used AutoCAD back in the 90s can remember.
When parallel ports were discontinued, they migrated to USB and network license servers.
> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number?
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
In fairness, the decompiler didn't work on the protection method :)
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
Audience matters. Something intended to stop legitimate business consumers in a non tech industry requires substantially less sophistication than something built to withstand professional reverse engineers.
Copy protection was also generally less robust for educational software, since it sold to generally law-abiding folks (parents, educators, etc.). Never saw Rapidlok or V-MAX! used for educational software on the Commodore 64, for example.
Locks are there to keep honest people honest.
To expand on the saying, they're not there to be insurmountable. Just to be hard enough to make it easier to do things the right way.
Iremember doing exactly this kind of hack for a small telco in Bueno Aires. Extel. Around the year 2000.
In most cases it was not much more difficult than what OP described.
Yeah, my IT company bitshifts suspect files and provides the magic number.
The protection just needs suficirntly complex.
Many a crack back in the day was even more simple still, we'd just find and alter the right JE or JNE into a JMP and we're off to the races. As the author found, the tough part is just finding and interpreting where and how the protection was implemented. If throwing the exe in a hex editor gave you access to String Data References (not always the case, but more common than not) then you'd just fail the check you were trying to skip, find that string, hop over into assembly to see what triggered loading that, and then just alter the logic to jump over it when the time comes.
Very cool to read an article about windows 95 still being used in production - a nice contrast to the infinite AI hype cycle over everything. Tech may move fast in flashy areas but not in the more "boring" parts of the industry.
My father, an accountant, used to have a program like that, that used RPG and a dongle! Good times. Horrible donle.
Why wasn't (isn't) this more widely used? It was clearly more effective than a cdkey.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
Dongles were extremely widely used in the 1990s and early 2000s; for anything more advanced than consumer software you'd almost expect them? Almost every DAW, video editor, high-end compiler, engineering/CAD package, or 3D suite used them, certainly.
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
It was widely used in engineering software because the license cost was equivalent to a large fraction of an engineer's salary. Anyone who used AutoCAD back in the 90s can remember.
When parallel ports were discontinued, they migrated to USB and network license servers.