Way back when monetized flash games were a thing, there was a problem of ad piracy (people who would decompile your game and then upload and monetize it as their own). The conventional wisdom at the time was that piracy could only be delayed, not prevented. The reasoning was that a piracy check has to read the sites URL at some point and the hacker can just search for the only command in all of actionscript which does that.<p>My game contained a very standard check url type protection. This was not the real protection. This was the piece of code which the hacker was supposed to notice and remove. Early on in the game there was a function call to get the total number of bytes in the file and then divide it by the number of expected bytes. Ostensibly this was to calculate the size of the loading bar. I stored this information in a forgettable global variable. On the surface this looks like the sloppy coding one expects from flash devs. But the real purpose was so that I could later check if this number was not 1.0 and trigger the true copy protection. Long story short if the number of bytes were incorrect then the game becomes unplayable after a few levels. I thought that was a nice touch since these hackers usually didn't play though enough of the game to test if their hack worked.
Its all very clever. Till it doesn't work. A long time ago, we got EA's "seven cities of gold" from my parents for apple.<p>My brothers and I were all excited but it would start to load then the drive would make a strange sound and it didn't work. We exchanged at the local software store, the next one did the same thing.. We tried on a friends apple //c and it worked there. Our //e drives must have been slightly out of spec.
It was bitter disappointment. But a valuable lesson.<p>They're now imaging floppies into new formats so the copy protected disk can still run in emulation:<p>Things like the "Woz" format
<a href="https://applesaucefdc.com/woz/reference1/" rel="nofollow">https://applesaucefdc.com/woz/reference1/</a>
My favorite copy protection was on some games I had (I want to say they were Microprose games? But I could be wrong) where they would cut the hole in the disk just slightly bigger, and then take advantage of the fact that in DOS you could talk directly to the hardware to convince the read head to go just a little too far. Then it could read the magic 41st track to load the game, but no disk copy program could copy it.
Who recalls the provenance of this old legend about the fellow who challenged his pal to decode a certain floppy?<p>It was a bog-standard DOS boot disk (IIRC) that he could put in his machine and boot normally. But his pal put it in his computer and... nothing doing, no boot. Analysis of the floppy availed not. The challenge went unmet.<p>What did our hero do to make the floppy?<p>.esrever ni nups evird eht os ytiralop etisoppo htiw meht dehcattaer dna ,rotom eldnips evird eht ot seriw rewop eht deredlosed ,evird ksid eht denepo eH
Slightly off-topic, but since when were floppies referred to as "disc", as opposed to "disk"? I thought it was from Diskette?<p>Is it a language / region thing?<p>Optical discs <i></i>were<i></i> "disc", but at least growing up in the UK in the 80s/90s with DOS/Windows, I'm pretty certain I remember them always being "disk" for floppies?<p>Am I misremembering?
Modern copy protection techniques are often based on this same principle. For example, the GameCube and Wii do a very similar thing. Since they use optical media, that doesn't have tracks but instead a single spiral groove, what they do is use a laser to burn little scratches into the disc (which you can see against a light). After mastering and lasering, the disc is checked to see what sectors the marks damaged. Error correction ensures the data is undamaged, but the drive can find these drop-outs. Then a table containing the sector locations is encoded and burned with the same laser into the "burst cut area", effectively a standard barcode format in the inner ring of the disc (this part is standard, many normal drives can read BCAs).<p>This all works because the specific angular position of any given sector is unpredictable during optical disc mastering. The groove is continuous, and never lines up in exactly the same way. So, just like the floppy trick, this is "fingerprinting" the natural variation in write speeds of different disc mastering/burning systems. This scheme is undefeatable using off the shelf burners, but one trick that Datel used to master compatible unofficial discs is to rip the encrypted BCA table off of a real game (so they didn't have to crack the encryption, though that was possible later since it's symnetric) and, instead of burning marks into the disc, just <i>turning off the mastering laser</i> writing the disc track at the exact same points in each track. Those discs don't have any holes, but they have a pattern of sector damage that is indistinguishable to the drive (even though the angular positions no longer match), and they work. I believe the same trick should work with a lightly modified standard burner, if you can manage to find a way to burn the BCA (and you need other firmware patches for some other data-level changes to the disc, but those are easier).<p>Xbox (360 and One discs at least I believe) also do this IIRC, but instead of intentional damage the drive has the ability to compute angular relationships between sectors I believe, though I'm not familiar with the details of that scheme.
Back in the 1980's I think there were a lot of interesting schemes.<p>The solution was to just get an updated version of copy2pc or copywrite and they would have a fix.<p>But I remember a few schemes that were interesting workarounds.<p>One was the hole in the disk, one was a laser-burned dot on the disk.<p>I recall with the hole in the disk - the software would try to read and if it succeeded it was a copy.<p>The second one was <i>slightly</i> different and I believe the software would write to it, and read it back, and if it could read it back it was a copy.<p>However the best of all was either the scratch-n-sniff card from Leather Godesses of Phobos, or the Age Verification of Leisure Suit Larry.<p>example:<p><pre><code> "Gone With The Wind" is about
a. outer space.
b. a bank robbery.
c. four hours long.
d. dust.
</code></pre>
or<p><pre><code> President Ford prescribed _____ for dealing with economic problems.
a. tranquilizers
b. employment
c. that everyone wear a WIN button
d. that everyone should have a nice day</code></pre>
I never did BBC Micro, but in the early PC days there were "Copy II PC" add in ISA cards that the floppy cable passed through on the way to the drive. With their software most any floppy disk could be copied with a standard PC drive; and with a bit of hacking you could do things like read Victor 9000 floppies.<p>There was only one floppy I could never get, a licensed Scrabble game that insisted on writing scores to its game disc. My mom loved that game and we had to buy it twice. It was humiliating, I had this special hardware and I never did figure that one out.<p>* found one: <a href="https://www.biocomp.net/o62799.htm" rel="nofollow">https://www.biocomp.net/o62799.htm</a>
I remember my tech-savvy uncle was used to PCs which could read double-sided floppy disks. His jaw about dropped out of his skull when he saw me do the 0.5 second floppy-disk-flip that Apple IIc gamers got used to doing, because they could only read from a single side of the disk.
I remember a similar "easy to write, easy to read, hard to recreate" approach being touted for credit-card security a while ago. The idea was to embed bits of glitter in a clear epoxy matrix, and collect a "fingerprint" of the result when read from different angles. It would be nearly impossible to recreate the glitter pattern. I really liked the idea, but apparently they never solved the alignment problem well enough to make the "easy to read" part a reality.
IIRC, Quaid software's Copywrite on the PC was able to reliably duplicate weak bits, and had a companion called "zerodisk" which would -- in cooperation with marks left by Copywrite -- emulate laser holes.<p>I remember at least one copy protection system I analyzed, which get "free reign" into writing tracks, by configuring the drive to write just one huge sector per track (which ended up being longer than the track), end encoding the sector gaps "in band" which later became "out of band" because the main track header was overwritten (and an "in band" one became out-of-band).<p>It was interesting, but I have no nostalgia for that.
Some thoughts:<p>1. I love how half the comments here are about disc/disk, which was just a passing comment in the article.<p>2. I really like reading these sorts of stories where modern hackers figure out the tricks used in vintage technology. They're interesting, and makes me feel a little better that all the clever hackers haven't died off yet. Sometimes I feel like the power of modern computers has made people lazy and we're going to lose our ability for clever solutions. But maybe the clever people are still there.<p>3. If you like reading about copy protection and (I can't believe I'm about to call the PS1 vintage) vintage tech, you might like this story about the copy protection for Spyro on the PS1. It wasn't so much copy protection as it was punishment after the copying. <a href="https://www.youtube.com/watch?v=4GYSeXLr5sY" rel="nofollow">https://www.youtube.com/watch?v=4GYSeXLr5sY</a>
The other thing this scheme gives you is a unique image per customer, so you could use it to trace illegal copies.<p>When I worked on some expensive emulator software 22 years ago, floppy protection wasn't appropriate but I suggested to the boss that we use the order of linker symbols in the main executable to encode the customer's serial number.<p>I guess it was a No because they wanted to use a standard duplicator, but also piracy was pretty well deterred by the 486 daughter board you needed to run it :)
This reminded me of back in the day with Xbox 360 and the cat and mouse we played with MS. MS started making their games I believe 4.8gb in size and all the pirates could only buy DVDs which were smaller as nothing bigger was actually available. The first thing pirates did was truncate the games and removed some padding so they could fit all the security features the disc required to play and remain stealth. Then MS found a way to detect truncated discs and many people were banned. Then one of the 360 main hackers came out with a genius idea to take the discs we could buy and modify the firmware to a certain brand and model of DVD burner to allow the burner to burn right to the outer edge of the DVD. This was possible because all dvds are actually slightly larger then their listed size but standard DVD burners could not burn to the extreme edge. Some burns didn’t write perfect and sometimes you had to burn it a few times before it was stealth. They also had a program to see if the stealth worked and the disc passed or failed. I never did receive a ban and eventually moved to another mod on my 360 that didn’t require discs at all. What a flashback reading this article.
I don't recall how my friends and I figured this out, if we discovered it or just heard about it, but it became standard practice to carefully insert a finger into the disc drive and slow the spinning disc when loading up a copied disc in order to defeat any complaints from the OS. Not sure why this worked but it always did :)
Is "disc" British English?<p>I have always understood "disk" to mean a floppy disk or hard disk (as short for diskette), and "disc" to refer to circular discs like CDs. (Yes, disks have discs inside them but they are squareish to hold)<p>Seeing people refer to floppy disks as discs really bugs me for some reason.
We had to build our own copy protection after dongles were hacked and too fussy. Weak bits were copyable using the CopyIIPC option board.<p>So what we resorted to is using a needle scratching the inner most tracks of the floppy on random locations. Writing those tracks with a pattern and record where the pattern was broken. While executing the program it did write that track and read that track, the locations where the pattern was broken (two tracks, begin and end) was the key that was used to decrypt some parts of the further into the program.<p>To my knowledge it was never hacked and every disk was unique, we kept the keys for each customer (was part of the serial) so if it was hacked we could trace it to the leaker.
Not the Beeb but this copy protection was common even quite early on the Apple II. We we ran our disk drives with the cases off so we could adjust the speed screw to match track lengths. We had software that would visually feedback the track length so you could get it spot on.
See also Spiradisc <a href="https://paleotronic.com/2018/10/27/microm8-update-apple-ii-emulation-and-spiradisc-support/" rel="nofollow">https://paleotronic.com/2018/10/27/microm8-update-apple-ii-e...</a>
I don't think it was mentioned, but I wonder if the mains power fluctuation (voltage or hz) would affect drive sector length / rpm also? So even the same drive couldn't produce a high fidelity copy of one of these discs if the power input was different.
I'm curious what tricks people use nowadays for software copy protection? Are dongles still a thing? Have people given up on the idea of software protection? (SaaS is probably the best kind of protection if you don't take it too literally)
My recollection from the day was that "disk" was a class of file storage that allowed random access, distinct from tape which needs to be positioned.<p>(For example, "RAM DISK" which isn't at all cylindrical.)
I'm just halfway of the text and I'm already tippy-tapping like an excited toddler waiting for candy! This has the same hackish aura as the "story of Mel"
I seem to remember the only software that would copy any disk you pointed it at, was in fact the source code listed in the official Acorn DFS manual. With the drawback that it copied one sector at a time, so without a double drive, that was a lot of swapping for a 40 track disk, let alone an 80 track one.
Fully online, streaming gaming a la Stadia, will be the ultimate in copy and cheat protection. Since you don't have access the the actual code, you won't be able to modify or hack it to either cheat or bypass protection.
Very clever and great article! But it sounds pretty easy to write a cracker for it: Just rewrite the machine code to jump over the check. Or did I miss anything?<p>Edit: Guess it depends on the details and amount of "obfuscation" that he mentions.