
Stolen From Apple - freshfey
http://folklore.org/StoryView.py?project=Macintosh&story=Stolen_From_Apple.txt
======
gpcz
This type of thing was also commonly done in hardware back in the day. For
example, DEC VAX microprocessors sometimes had etchings that taunted Soviets
reverse-engineering their technology (src:
<http://micro.magnet.fsu.edu/creatures/pages/russians.html> ).

------
joezydeco
This was a common practice back in the days of easily-copyable ROM firmware
and boards that were mostly off-the-shelf TTL chips. Companies could copyright
the firmware, but not the board design (which is how companies like Franklin
and Compaq got to survive).

A lot of arcade videogames have similar things, like the ones that were in
Robotron:2084 and Sinistar. Popular arcade titles were counterfeited all the
time, this was done as a safety measure if it ever came down to a courtroom
verification of the code.

[http://forums.arcade-
museum.com/showthread.php?t=87198&h...](http://forums.arcade-
museum.com/showthread.php?t=87198&highlight=easter+egg)

------
JVIDEL
There were similar techniques for pirated games.

Konami for example saw that pirates usually erased their logo from the boot
sequence so what they did is insert some code that detected when this happened
and modified the game accordingly.

One case was the TMNT game for the NES which when pirated set itself in a
ultra-hard mode that was impossible to beat since the final boss keep
replenishing its energy.

~~~
ANTSANTS
The most evil anti-piracy measure in any game:

[http://earthboundcentral.com/2011/05/earthbounds-copy-
protec...](http://earthboundcentral.com/2011/05/earthbounds-copy-protection/)

The article claims that it would only happen to experienced ROM hackers, but I
could easily see some lazy bootleggers only fixing the first copy protection
check without completely testing the game and selling the half-broken result
to some hapless kid.

------
kabdib
Atari (old Atari, pre-layoff days) had an 8 byte sequence that they
copyrighted, and that we were supposed to embed in our games. The idea was you
could find the sequence in a pirated ROM and ask in court, "What does this
do?" Since the bytes weren't executable code, or useful data, it'd be hard to
support their presence in any technical way.

~~~
lloeki
I heard a story from the days of the Game Boy Advance, which supposedly had a
similar feature.

Physically, custom carts could easily be made. To prevent this (from a purely
legal standpoint) Nintendo made it so the GBA internal ROM was looking for
specific data (validated by hash of sorts) on the cart, or it would reject it
and refuse to boot. This data happened to be the (copyrighted) logo displayed
on boot, hence it made unapproved carts either unbootable or illegal.

~~~
derekp7
Reminds me of how, back in the day, software would look for the letters "IBM"
at a specific ROM address (it was in their copyright message) in order to
identify the video card as a VGA card (or maybe it was back in the EGA days,
can't remember). One of the clever clone card manufactures put in the ROM
"There are various pieces of software that expect the letters IBM to appear
here".

~~~
tankbot
Or how a game would make you answer a question that you would only know know
if you had the manual to accompany the game.

"What is the fourth word from the second paragraph on page 13?"

Presumably you didn't have access to a copy machine if you were stealing
software back then...

~~~
gmac
IIRC some games came with a data booklet printed in black on very dark brown,
or similar, to foil potential photocopying.

------
smoyer
My father bought a Franklin Ace and we used it for 5-6 years. It was a great
computer (better than the Apple IIe) but mainly because I was running CP/M on
the Z80 adapter card that came with it. Why use the Apple's 40 character mode
when there was the CP/M 80 character mode handy? And CP/M had WordStar!

In any case, thanks for reviving some great memories!

------
packetbeats
Microsoft did something similar in BASIC, and for the same reason:
<http://www.pagetable.com/?p=43> The link contains the asm code and explains
the obfuscation.

------
eksith
This is remarkably like the Underhanded C contest.
<http://underhanded.xcott.com>

I imagine hardware manufacturers similarly incorporate some form of
identifying macros these days. Of course, most people who buy clones wouldn't
really care, but at least the publishers of those clones would be wise to
avoid bringing too much attention... Unless they're in a country that has very
lax copyright enforcement.

------
rangibaby
Open /System/Library/Extensions in OSX and you'll find "Don't Steal Mac OS
X.kext" :-)

~~~
salgernon
Not sure if this is still present, but the first intel release had this mapped
into ever process's address space:

$ cat dsmos.c

main() { puts(-16 * 4096 + 0x1600); }

$ gcc -o dsmos dsmos.c

$ ./dsmos

Your karma check for today: There once was was a user that whined his existing
OS was so blind, he'd do better to pirate an OS that ran great but found his
hardware declined. Please don't steal Mac OS! Really, that's way uncool. (C)
Apple Computer, Inc.U??VWS?5P

From the excellent:

<http://www.osxbook.com/book/bonus/chapter7/binaryprotection/>

~~~
alxbrun
→ ./dsmos Segmentation fault: 11

On Mountain Lion.

~~~
zbowling
compile for 32bit.

------
kunai
The only thing I really "got" from this article was that there are _way_ too
many Steves at Apple.

~~~
NewAccnt
They should make an iSteve app.

------
nemo1618
ah, folklore.org. Great site, I think I must have read every story on there by
now. You don't have to be an apple fan to enjoy them either.

~~~
jeremyjh
I wasted an entire day at work there a few years ago.

------
JimmaDaRustla
Not sure what they stole as the site won't load, but maybe they should steal
some bandwidth or hosting services...

~~~
jkimmel
I too had to load the Google cache. Here it is in case the site doesn't come
back online soon.

[http://webcache.googleusercontent.com/search?q=cache%3Ahttp%...](http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A%2F%2Ffolklore.org%2FStoryView.py%3Fproject%3DMacintosh%26story%3DStolen_From_Apple.txt&aq=f&oq=cache%3Ahttp%3A%2F%2Ffolklore.org%2FStoryView.py%3Fproject%3DMacintosh%26story%3DStolen_From_Apple.txt&aqs=chrome.0.57j58j60l2.3436j0&sourceid=chrome&ie=UTF-8)

~~~
JimmaDaRustla
Thanks, just what I was looking for!

------
Create
<http://www.nycresistor.com/2012/08/21/ghosts-in-the-rom/>

------
meseznik
Macintosh SE Easter Eggs (via EEVblog):
<http://www.youtube.com/watch?v=y6OTAG1Ersw>

------
mathattack
I enjoy stories like this that capture the mindset of the era. It was a
different time, and very close to the iron.

------
cooldeal
Since page is not loading, full text:

In 1980, a company called Franklin Computer produced a clone of the Apple II
called the Franklin Ace, designed to run the same software. They copied almost
every detail of the Apple II, including all of its ROM based software and all
the documentation, and sold it at a lower price than Apple. We even found a
place in the manual where they forgot to change "Apple" to "Ace". Apple was
infuriated, and sued Franklin. They eventually won, and forced Franklin to
withdraw the Ace from the market.

Even though Apple won the case, it was pretty scary for a while, and it wasn't
clear until the end that the judge would rule in Apple's favor - Franklin
argued that they had a right to copy the Apple II ROMs, since it was just a
"functional mechanism" necessary for software compatibility. We anticipated
that someone might try a similar trick with the Macintosh someday. If they
were clever enough (which Franklin wasn't), they could disguise the code (say
by systematically permuting some registers) so it wouldn't look that similar
at the binary level. We thought that we better take some precautions.

Steve decided that if a company copied the Mac ROM into their computer, he
would like to be able to do a demo during the trial, where he could type a few
keystokes into an unmodified infringing machine, and have a large "Stolen From
Apple" icon appear on its screen. The routines and data to accomplish that
would have to be incorporated into our ROM in a stealthy fashion, so the
cloners wouldn't know how to find or remove it.

It was tricky enough to be a fun project. Susan designed a nice "Stolen from
Apple" icon, featuring prison bars. Steve Capps had recently come up with a
simple scheme for compressing ROM-based icons to save space, so we compressed
the icon using his technique, which not only reduced the overhead but also
made it much harder to detect the icon. Finally, we wrote a tiny routine to
decompress the icon, scale it up and display it on the screen. We hid it in
the middle of some data tables, so it would be hard to spot when disassembling
the ROM.

All you had to do to invoke it is enter the debugger and type a 6 digit
hexadecimal address followed by a "G", which meant execute the routine at that
address. We demoed it for Steve and he liked it. We were kind of hoping
someone would copy the ROM just so we could show off our foresight.

As far as I know, no one ever did copy the ROM in a commercial project, so it
wasn't really necessary, but it did create some intrigue for a while. We let
it slip that there was a "stolen from Apple" icon hidden in there somewhere,
partially to deter people from copying the ROM. At least one hacker became
moderately obsessed with trying to find it.

Steve Jasik was the author of the MacNosy disassembler/debugger, which could
be used to create pseudo-source for the ROM. He found out about the "stolen
from Apple" icon pretty early on, and became determined to isolate it. He
lived in Palo Alto, so I would occasionally bump into him, and he would ask me
for hints or tell me his latest theory about how it was concealed, which was
invariably wrong.

This went on for two or three years, before he finally cracked it: I ran into
him and he had it nailed, telling me about the compressed icon and the address
of the display routine. I congratulated him, but was never sure if he figured
it out himself or if someone with access to the source code told him.

~~~
Intermernet
So, basically, this achieved bugger all.

"As far as I know, no one ever did copy the ROM in a commercial project, so it
wasn't really necessary"

Not to belittle the work, but this is exactly the sort of response I expected
of Jobs.

As you say "It was tricky enough to be a fun project" so kudos to all but,
really, this smacks of paranoia.

~~~
huhtenberg
This comment ^ shouldn't be in gray.

It's a cute story, but if a cloner was dumb, he'd copy the the ROM as is and
wouldn't care if the icon was hidden or not. A smarter cloner would tweak the
code and the resulting ROM image would've likely had different offsets, so
typing "<hex-address> G" in front of a judge simply wouldn't work. It doesn't
really smacks of paranoia, but it does look like something Steve Jobs would've
insisted on.

~~~
craftman
I guess the Apple engineers would have prepared the demo and analysed the
copied ROM, before going to the court. Then, they would have found the routine
(somewhere else, as you point it out) and easy to activate.

~~~
caseysoftware
Absolutely.

I could see a really compelling demo where they bring out the machine still in
the shrinkwrapped box, open it in front of the court, turn it on, and hit the
register.

