
A Pirate’s Life for Me, Part 3: Case Studies in Copy Protection - NateLawson
http://www.filfre.net/2016/01/a-pirates-life-for-me-part-3-case-studies-in-copy-protection/
======
NateLawson
I've spent a lot of time both reversing and creating these kinds of schemes.
Anyone else here?

I gave a talk a few years back, comparing both retro and modern copy
protection schemes. Also designed hardware for dumping floppies at the bitcell
level (ZoomFloppy) and co-designed the Blu-ray content protection system.

[http://www.slideshare.net/rootlabs/copy-protection-wars-
anal...](http://www.slideshare.net/rootlabs/copy-protection-wars-analyzing-
retro-and-modern-schemes-rsa-2007)

Now my day job (SourceDNA) is building tools to reverse lots of code at scale.
A never-ending stream of apps provides a ton of "wat?" moments as you never
expect developers to make the choices they do.

~~~
mwcampbell
> Now my day job (SourceDNA) is building tools to reverse lots of code at
> scale. A never-ending stream of apps provides a ton of "wat?" moments as you
> never expect developers to make the choices they do.

Can you give an example?

~~~
NateLawson
Sure, how about linking against the platform OpenSSL implicitly by grabbing a
lib.so from an actual Android phone, linking against it with the NDK, and
hoping that the ABI will never change?

[https://sourcedna.com/blog/20150806/predicting-app-
crashes-o...](https://sourcedna.com/blog/20150806/predicting-app-crashes-on-
android-m.html)

And all that only to get access to MD5 or AES...

------
Flammy
Awesome post.

Part 1: [http://www.filfre.net/2015/12/a-pirates-life-for-me-
part-1-d...](http://www.filfre.net/2015/12/a-pirates-life-for-me-part-1-dont-
copy-that-floppy/)

Part 2: [http://www.filfre.net/2016/01/a-pirates-life-for-me-
part-2-t...](http://www.filfre.net/2016/01/a-pirates-life-for-me-part-2-the-
scene/)

~~~
cstuder
It's an awesome blog in total too.

------
QSIITurbo
I remember the Dungeon Master copy protection. Its weakness was that if the
game was even only partially cracked, you'd still have some time to advance
the game before the copy protection kicked in and it crashed or killed you so
we got pretty far by sheer stamina. Luckily we as kids had a lot of time
available for waiting the game to load over and over again. And it _was_ that
good of a game even in retrospect.

I also successfully managed to pirate an original Chaos Strikes Back disks by
repeatedly copying the data with a (pirated) synchronisation dongle and the
Cyclone software. It required several attempts to get the fuzzy sectors
correct because I was using a pre-used disk. This technique and the
recommendation to use completely blank disks would have been mentioned in the
manual of Cyclone but I wasn't aware of it... Since I'd also pirated the
software! I was also unaware of the fuzzy bits themselves, so it was just a
bit of luck.

Anyway, CSB wasn't as exciting experience as its predecessor. Boring maze-like
transforming levels, hard monsters (in the sense that they took a lot of time,
not skill to eradicate), little of anything new, etc. Disappointing after all
that effort ;)

~~~
sleepybrett
I have many many fond memories of dungeon master and was ecstatic to find a
bit of a modern spiritual successor in 'Legend of Grimrock'. If you want a
similar experience with some modern touches (but not too many) check it out.

------
Paul_S
Great read and hopefully a lesson: you can spend time and money and annoy your
customers to no end to provide entertainment and a challenge to young
programmers or you could save yourself all the hassle and make lots of money
by being smart like the good people at GoG and treating your customers better
than the pirates.

~~~
lfowles
Implying current titles using DRM don't make lots of money? :P If that was the
case, then the business case for not implementing would be unignorably strong!

~~~
Paul_S
Ah, but would they make more money if they didn't have to spend money on DRM?
It costs to implement or license. It creates extra work even if you license
it. If your DRM causes damage you might get sued. If you're found out that
you're installing malware/rootkit you will suffer bad publicity. You have to
pay money to upkeep the DRM servers. You have to pay support people to handle
calls when DRM causes problems for your customers. Anyone who paid money will
have to deal with all these issues knowing that people who downloaded it from
pirate bay don't have to. I remember when Morrowind came out and if you
downloaded the cracked executable you'd get a few extra FPS because it lacked
DRM.

~~~
lfowles
If everything else was equal, then yes, they would save money by not
implementing DRM. However, what if they couldn't get the license for
$MOVIE_CONTENT or $PHYSICS_ENGINE without implementing DRM? That's also extra
work for them. (I pulled that hypothetical more from a recent Netflix article,
so it may not apply equally as well to gaming.)

As it is now, AAA titles with AAA amounts of DRM are still doing incredibly
well. It might "cost" more in internal management backlash to suggest not
implementing DRM than to keep to a tried and true formula. Internet backlash
is more visible than ever, but I can't think of a recent case where a title
actually suffered significantly from it (exception being the PC port of Arkham
Knight). It's like a form of the 90:9:1 rule, 90% of consumers are perfectly
happy with their entertainment, 9% are affected by issues, 1% complain loudly.
From an internet perspective, the 1% are heard more strongly. From a business
perspective, the 90% are heard more strongly.

</disjointed thoughts>

------
StillBored
The first two methods were dead on arrival with copy ][+'s track copier. It
could do whole track copies as long as it could identify a starting point for
the track. Later versions were even smart enough to use a simple substitution
database, and sector location information (for sectors stored on quarter
tracks) to tweak the track data as it was copied. I always wondered how they
avoided legal action with that database which asked if the disk you were
trying to copy was one of the hundred or so it knew how to "crack".

Reminds me of another piece of modern software still in use by a lot of
people, which pulls disk metadata from an internet database for similar
purposes.

------
Smushman
I recall the Apple II+ floppy drive would produce all kinds of choking,
strangling, and coughing sounds when playing those copy protected games. When
I got my next computer, my first Mac, I remember my shock at the silence of
the floppy drive. Many times I thought it was broken (and since they were so
slow to load, you had to 'wait it out' to be sure).

~~~
incepted
Those noises didn't come from copy protections.

Copy protections access the drive in much the same way as a regular RWTS, even
those protections based on physical features (e.g. spirals). I'm not aware of
any copy protection based on fast and wide movements of the reading head. Copy
protections read nibbles normally, they just process these nibbles differently
from regular disks.

The noises you remember are most likely from the boot sequence which reset the
head 100 tracks or so (so much more than needed) and as a consequence, that
head would butt against some internal mechanism.

I've never quite understood why it did that myself. Regular disks have 35
tracks so moving the head 36 tracks should have been enough to reset.

~~~
StillBored
IIRC, they did that to save a few cents on a track/head sensor. So they just
did exactly what you stated they seeked a whole disk's worth of tracks, even
when the head was already there (but there wasn't a good way to find that out
except by trying to read the disk, which was slow).

Of course none of this helped by how loud the drive was just seeking.

