
Confessions of a Disk Cracker: The Secrets of 4am - empressplay
https://paleotronic.com/2018/06/15/confessions-of-a-disk-cracker-the-secrets-of-4am/
======
jt3
“I’ve had several authors find their own software and thank me for preserving
it. One author even apologized for the copy protection. He understood it was a
“necessary evil” at the time, but he was so glad that someone had finally
bothered to cut through it. He said it was so exciting to be able to
experience his own work again, for the first time in decades.”

That’s cool.

~~~
slantyyz
>> He understood it was a “necessary evil” at the time

Looking back at those days, I'm not sure it was a necessary evil. None of my
friends, including myself, owned any originals, and incurred real expenses
(buying tons of floppies, double side punchers, long distance fees for BBSes)
to get the stuff. I could have at least forgone buying a few boxes of discs
and bought a game or two in its place.

It's not like today where the Internet is a fixed cost for most home users (in
the West at least) and storage costs nearly nothing. There's definitely some
residual guilt for those activities from the 80s, especially now that I work
in the tech industry.

These days, I don't have reason to copy much at all. In general, software is
reasonably priced or free/oss, tv/music/movie streaming is reasonably priced,
and for games, I have Steam (and mainly buy when stuff is heavily discounted).

~~~
oldcynic
Game developers seemed to be swapping just as many floppies as everyone else.
With the added advantage they often had stuff you weren't otherwise going to
come across.

Later when I was buying everything the first thing I'd do was find the No CD
hack online.

~~~
kbenson
To my understanding, that was one of the easiest ways to get a virus. Those
Crack programs always triggered AV. I'm not entirely sure game companies
didn't somehow get cracks included as viruses, but since you're already
circumventing legal requirements to use the crack and getting it through back
channels, it seems a very useful and likely infection channel for virus
authors.

~~~
stonogo
While some cracks definitely shipped malware, and more commonly someone would
release a crack and then a distributor would _add_ the malware, the reason
those things triggered antivirus was because they were doing their jobs:
writing to memory addresses within a separate process space. This is how the
cracks worked, but it's also extremely common infection tactics from malware
authors.

~~~
Moru
They were using pack programs that unpacked the crack program over itself to
save space. This was what triggered the antivirus. The actual crack was often
just there to rewrite the launcher code to skip the copy protection.

~~~
digi_owl
That is the eternal problem of automated security stuff, the action may be
legitimate or not based on context. And code is notoriously blind to context.

------
acd
I think one need to view everything that happens with a time lens.

Locally at the time the content is produced it be seen as evil by corporations
to copy it and distribute the titles for free. For one thing income from
selling the software funds the next releases from the software company. So if
there is no funding due to piracy there will not be a next release.

From a long term perspective and that of preservation. Pirates and crackers
have done a very good deed. If no one could copy the content from an old disk
system to a new system how would it be preserved? How will DRM protected
content be copied and preserved for the future? How will content from online
platforms like Netflix, HBO, Steam be preserved? Maybe it will be preserved by
crackers and pirates? Is that a bad thing?

How will the content of online software as a service companies be preserved
for the future?

~~~
xoa
It's too bad that societies haven't done a better job of exploring codified
(and in turn universal) solutions to this. For example, having the law only
allow technological copy control measures for a period of 14 years from
release, and requiring that in order to use them a clean copy of the software
had to be submitted to the Library of Congress (or similar) encrypted with an
LoC key. When the software technological control period expired it would still
be under copyright, but the public would be assured that even if it was
abandoned (as is likely) legitimate owners would not be prevented from running
it by a decaying DRM system.

For that matter I think encrypted source/asset escrow should also be a
requirement for copyright period, so that when it becomes public domain
someday (currently effectively forever, but a simple act of Congress could
shrink copyright times back down to something sane) the source and assets will
be part of that and can be modified and improved, just as copyright was always
supposed to be and was a given for books. I can recognize the trust issues
this would create, but I still think the public interest (the whole purpose of
even allowing IP in the first place) should have strong weight.

------
pronoiac
> _In the modern era, there is some specialized hardware that can digitize a
> floppy disk at the level of magnetic flux changes. For a variety of reasons,
> the hardware developers focused on non-Apple II platforms, and a few
> unresolved technical differences prevented a community of Apple II-specific
> preservationists from reusing it. There is some new development on this
> front, and I’m optimistic that collectors will soon be able to create flux-
> level digital copies of Apple II floppy disks, and users will be able to
> boot original software in emulators._

Nice timing! Applesauce is that product, mentioned here last week:
[https://news.ycombinator.com/item?id=17256709](https://news.ycombinator.com/item?id=17256709)

I think 4am views it as another tool in his toolbox:
[https://twitter.com/a2_4am/status/993247470414127104](https://twitter.com/a2_4am/status/993247470414127104)

------
paulie_a
I remember hanging out on #3dwarez with the creators/artists from ILM and
other major studios. They would trade cracked software because they couldn't
reasonably afford a 30k license for a new version but wanted to keep up to
date or tinker with something new. Which is understandable. Hell I downloaded
and uploaded millions of dollars of software and models from there.

But to be fair I do give credit to 3ds studio Max for adding a countermeasure
that slowly degraded models if it detected it was cracked. A few months the
support forums were flooded with complaints and the company knew who was
pirating. That was a genuinely hilarious countermeasure.

~~~
pests
I don't really know how to respond to your last statements.

I totally understand the creators blight of not being paid for someone using
their work. Like others have said in this thread, especially now that I work
in the field.

I find an issue with the work output of the stolen tool being tampered with.
Was it permanent? Could you restore full quality by purchasing or some other
arrangement?

To block access, or degrade functionality I find okay. To purposefully destroy
someone else's hard work (even if made with stolen tools) just seems... wrong
to me.

Most of us here have done it. Think about opening up an old project's source
code that you happened to write with a pirated copy of VS or Blender or what
have you when you were young and couldn't afford things but still wanted to
learn.

To find it destroyed would crush me.

~~~
paulie_a
As you developed something it would degrade over time, if you just had it
saved somewhere nothing would happen to the file. The more you used the
pirates copy the more your file would get worse. No you could not restore
access to the original, it degraded the polygon count on models.

I don't agree with this approach but it was pretty damn clever.

~~~
ryandrake
What’s sad is all the waste: count up all the engineering time spent on all
these more and more clever and elaborate copy prevention schemes, and count up
all the time spent defeating them. The world will never get back the
collective productivity wasted on this arms race.

~~~
paulie_a
While the final implementation of the copy protection and code that cracked it
are not particularly useful in the general sense I would assume those
developers on both sides learned a lot in the process. It was a stupid waste
of time outside of a valuable coding exercise. If I was on either side of that
battle it would be on my resume.

------
acomjean
When I was younger I too was trading games. Being in middle school my ability
to crack games was not great.. It really interesting how clever people get
trying to prevent copies and how those counter measures get discovered.

A friend's father got this card that went in the apple // card slot and had a
button. If you pressed the button you could dump whatever was in memory at
that time to a copyable disk. It was called the "Wild card". This was
fascinating to me.. It took some digging but there are a few ads for it on the
internet..

I wonder if some of the lack of title sequences and extras were because people
were using these cards, adding a "cracked splash" screen and calling it a day.

Ad: "Avoid the IRS (Iandvertently Ruined Software)"
[https://mirrors.apple2.org.za/Apple%20II%20Documentation%20P...](https://mirrors.apple2.org.za/Apple%20II%20Documentation%20Project/Interface%20Cards/Debugging/CPS%20Wildcard%20II/Photos/Wildcard%202%20-%20Ad%202.jpg)

Ad2:

"Wildcards are copy cards that stack the deck in your favor, rather than
copying protected disks track by track like the old nibble copiers, Wildcards
ignore the disk and any copy protection on it. Instrad wildcards take a
snapsot of your Apple's memory. This creates an accurate copy of the original
program"

[https://mirrors.apple2.org.za/Apple%20II%20Documentation%20P...](https://mirrors.apple2.org.za/Apple%20II%20Documentation%20Project/Interface%20Cards/Debugging/CPS%20Wildcard%20Plus/Photos/Wildcard%20Plus%20-%20Ad.jpg)

~~~
Starwatcher2001
I built a memory dump system of my own for the TRS-80. The reset button on the
machine launched an RST operation on the Z80 CPU, which was the only non-
maskable interrupt (in other words, software writers couldn't disable or
prevent it).

Unfortunately due to the memory mapping of the TRS-80, this set the CPU to an
address in ROM, meaning I couldn't get at it to do anything useful. I put
together a small veroboard circuit with a 2716 EPROM and a nand gate or two.
This was hacked into the memory decoding circuit on the TRS-80 so that in
normal operation the original ROM would be called, but if the address range
was in the first 2k (the smallest block I could map), it would take
instructions from the EPROM.

A friend then hand copied the entire first 2k of memory from the ROM (in hex)
and cooked it into the EPROM (funnily enough using an Apple). However, we
modified the code around the RST instruction to leap to RAM, where the memory
dump program could reside and then be executed.

As the machine couldn't reboot properly until our dump software was loaded, we
added a toggle switch to enable/disable the memory mapping hack and return the
machine to normal.

Presumably like the "Wild Card" did it, we dumped the memory and register
contents so they could reloaded later. Fun times.

------
NelsonMinar
I love that they wrote a tool to automate cracking. I'd be curious to know
more about it, like specifically what kinds of protection it could break. IIRC
a lot of copy protection on the Apple ][ was pretty straightforward, they'd
just change the marker bytes for where sectors began to something nonstandard.
I imagine that's pretty easy to automatically reverse. But a disc with
something weird like spiral tracking or software with a deeply obfuscated
"look up a word in the manual" system must be harder to crack.

~~~
sp332
It's here
[https://github.com/a2-4am/passport](https://github.com/a2-4am/passport) Also
he has a "best of" list if you don't want to dig through all of the logs he
keeps to find the interesting stuff.
[https://twitter.com/a2_4am/status/993129396520341504](https://twitter.com/a2_4am/status/993129396520341504)

------
AnnoyingSwede
Wow, 1673 cracked software, all with expired copyright. This is an amazing
preservation achievement. Love the automation part and am a bit curious to how
hard this would be to port to another 6502 machine (yes, c64)?

------
puzzle
I never cracked disk protections, but I did sometimes reverse engineer games
to figure cheat codes, etc. One EA game I looked at was the Will Harvey's Zany
Golf for the Amiga. I had read somewhere that there was a secret level (the
mad scientist? Or maybe that was the last public level). I got reasonably good
at it, but not good enough to unlock the level.

I disassembled it, etc. It did not make any sense to me. With other games it
was easier to find where in memory they kept game state. I ran out of tricks.
I was young and not too experienced. Eventually I figured that it was not
really written in 68k code. It was using some kind of interpreter. I hadn't
read many books or studied CS at the time, so I didn't know that I was looking
at a VM. Register A2 or A3 pointed to the current opcode. There was a jump
table and each opcode handler ended with a jump to the dispatcher. I don't
believe the opcodes were 6502 instructions or I would have recognised them. It
would have been a reasonable candidate, since the original was written for the
Apple //gs.

I still never got to the secret level. I either gave up or damaged the disk.

~~~
severine
Nice story! I just had to look it up:

> On the last level (Energy), you will see a mouse hole where eyes appear
> sometimes. When the eyes turn red, putt the ball into the hole. You will be
> teleported to the secret course 'Mystery'.

From [https://gamefaqs.gamespot.com/amiga/931157-will-harveys-
zany...](https://gamefaqs.gamespot.com/amiga/931157-will-harveys-zany-
golf/cheats)

------
8bitsrule
Damn, I hate articles like this, they take me back to the good old days and
suddenly it's HOURS later.

~~~
kchr
Hear hear

------
Reason077
_> "We still can’t make perfect digital representations of Apple II floppy
disks."_

Apparently this is no longer true, thanks to AppleSauce:

[https://news.ycombinator.com/item?id=17256709](https://news.ycombinator.com/item?id=17256709)

~~~
sp332
The preservation is still not perfect though, partly due to limitations in the
format used to store the recovered data.
[https://twitter.com/yesterbits/status/993342787444670464](https://twitter.com/yesterbits/status/993342787444670464)

~~~
ksherlock
That sounds like a problem with the processor running the code, not the disk
image format.

~~~
sp332
Check out the other tweets in the thread though.

------
hyperpallium
Delightful.

> After 8 cracks, I wrote a tool to automate step 1, capturing the RWTS. After
> 152 cracks, I wrote a tool to automate step 3, patching up the unprotected
> copy.

> After 688 cracks, I wrote Passport.

------
kchr
Fascinating read! Anyone have examples on more articles on the good ol' days
of software cracking and distribution?

------
wiz21c
At that time computer were awfully expensive (my dad had to be helped by my
grand father to buy one). Magazine's (at least in my country) were expensive
too. And games, that was just out of question. So piracy had _some_ legitimacy
when you were a teenager. Nowadays, everything is much more affordable and
piracy is much harder (on consoles at least). Those were the days...

~~~
mschuster91
> Nowadays, everything is much more affordable

AAA titles are still 50-60€ upon release, so nothing new there... the real
difference that has cropped up over the last 3,4 years is that free-to-play
crap model. A 0.50€ powerup is cheap, but one a day... 15€ a month. Don't get
me started on loot boxes. 5 years ago the only way to get poor due to gaming
was gambling, now? Have a little kid and make the mistake of attaching a
credit card to the app store account.

It seems affordable but it's a total rip off.

~~~
IronBacon
You are forgetting "game pass", incomplete/bugged games at release date, DLCs,
"special" version games tied to a seller (usually special equipment), timed
exclusives...

I'm surprised the industry hasn't collapsed as it did once in the eighties.

~~~
mschuster91
> I'm surprised the industry hasn't collapsed as it did once in the eighties.

These days you have a massive inertial mass of 16 year old kids dragging their
parents to Gamestop or to their credit cards and begging them to get them
their latest CoD or whatever fix. Parents don't care and the kids don't as
long as they can get their fix (and streaming to Twitch isn't broken).

------
db48x
That's three good stories from Paleotronic in just a few days. They seem to be
doing well.

------
smilbandit
> I enjoy technical writing

Just goes to show you that there are a lot of different types of people in the
world.

~~~
yaleman
And an infinite way for them to find their outlet :)

