Hacker News new | past | comments | ask | show | jobs | submit login
Confessions of a Disk Cracker: The Secrets of 4am (paleotronic.com)
275 points by empressplay on June 16, 2018 | hide | past | web | favorite | 54 comments



“I’ve had several authors find their own software and thank me for preserving it. One author even apologized for the copy protection. He understood it was a “necessary evil” at the time, but he was so glad that someone had finally bothered to cut through it. He said it was so exciting to be able to experience his own work again, for the first time in decades.”

That’s cool.


>> He understood it was a “necessary evil” at the time

Looking back at those days, I'm not sure it was a necessary evil. None of my friends, including myself, owned any originals, and incurred real expenses (buying tons of floppies, double side punchers, long distance fees for BBSes) to get the stuff. I could have at least forgone buying a few boxes of discs and bought a game or two in its place.

It's not like today where the Internet is a fixed cost for most home users (in the West at least) and storage costs nearly nothing. There's definitely some residual guilt for those activities from the 80s, especially now that I work in the tech industry.

These days, I don't have reason to copy much at all. In general, software is reasonably priced or free/oss, tv/music/movie streaming is reasonably priced, and for games, I have Steam (and mainly buy when stuff is heavily discounted).


Game developers seemed to be swapping just as many floppies as everyone else. With the added advantage they often had stuff you weren't otherwise going to come across.

Later when I was buying everything the first thing I'd do was find the No CD hack online.


To my understanding, that was one of the easiest ways to get a virus. Those Crack programs always triggered AV. I'm not entirely sure game companies didn't somehow get cracks included as viruses, but since you're already circumventing legal requirements to use the crack and getting it through back channels, it seems a very useful and likely infection channel for virus authors.


While some cracks definitely shipped malware, and more commonly someone would release a crack and then a distributor would add the malware, the reason those things triggered antivirus was because they were doing their jobs: writing to memory addresses within a separate process space. This is how the cracks worked, but it's also extremely common infection tactics from malware authors.


They were using pack programs that unpacked the crack program over itself to save space. This was what triggered the antivirus. The actual crack was often just there to rewrite the launcher code to skip the copy protection.


That is the eternal problem of automated security stuff, the action may be legitimate or not based on context. And code is notoriously blind to context.


Yes, this is the correct answer.


I'm sure there were some, and I'm not saying never but as I was the one usually asked to help fix friends and family I'd like to think I'd catch local ones. Usually the AV trigger on cracks were one of the generic catches for writing to unusual places etc.

There was one NoCD site that was highly reliable. Random Google searches were, as with everything, asking for trouble.


gamecopyworld?

Wow, it still looks the same way it did 15 years ago!


Gcw. The site you went to to avoid damaging your discs. And improve performance. Well, and sometimes to play games you couldn't afford :D


Ah yeah, that was the one. :)


Back in the early days of cracked flippies virtually nobody had a hard drive to be infected.


I fell victim to a virus on PC that only had a floppy drive.

The virus was a DOS TSR virus that would stay resident, hook itself into DOS' interrupts and infect any executables run, even if on a different disk.


Back in those days I bought what I really wanted or asked for it for christmas but copied what friends had available. Some games had 300 page manuals and maps, by not buying you had a more difficult experience. I wouldn't feel guilty because you might have told someone at school how cool it was and they purchased a copy based on your experience.


It wasn't necessary (people who weren't going to buy the program still got a copy via file sharing, and as I point out later DRM chiefly hurts those who cooperate with the abuser/publisher). And Steam is not your friend (as it is proprietary which is untrustworthy by default, and we see now with Steam being made not to work fully for older OSes instead of liberating Steam to let people port and maintain it for whatever system they want to run).

DRM was profoundly bad for the user and reinforced the class structure of proprietary software -- those who got to control your computer versus you. This class difference has far worse effects now because computers are so prevalent and the data they hold is so much more important than what we had available to a game on the old 8-bit computers. Sometimes the data on a modern computer is a matter of life & death, or access to that data allows a ne'er-do-well to make someone become insolvent, and other seriously horrible outcomes.

The lesson is that proprietary software users have been taken advantage of by a system intent on deceiving them. You can see a bit of the ill effect of this in the language the article uses: "copy protection" frames the issue from the proprietor's viewpoint because their interests are being "protected". The much larger class of users and their interests, even decades later, are subordinated. I see the software 4am seeks to remove as removing anti-copying routines or removing copying prevention, something beneficial to everyone.

The chief underlying problem here is proprietary (non-free, user-subjugating) software. Software you're not allowed to run, inspect, modify, or share (also known as 'software freedom'). Proprietary software is licensed and distributed to keep you from running the program despite you acquiring the software in a legitimate way. This software is meant to keep you from treating your friends as friends by sharing a copy, inspecting the program to see what it does, and distributed to prevent you from modifying your copy the program should you wish to for any reason.

I came to realize this with the Commodore 64: A video game called Elite on the C-64 had an anti-copying scheme so clumsy and prone to problems it drove me to understand what was really going on. Today we'd properly call this DRM—digital restrictions management (expanded that way because I take the side of the user class, not the publisher class) which was only visited upon those who obtained their copy of the program in a way the publisher found acceptable. Typically this meant buying a copy, but I later came to understand some copies were distributed gratis. The packaged game came with media, a manual, and a flat plastic device with a see-through window. The device could be bent so it resembled a table like an inverted letter "U". On starting the game, the user was shown some blocky image that looked incomprehensible. When the plastic device was folded, placed on the monitor at the proper distance (via the "legs" of the device), and peered through one could see the blocky image turn into something readable. If I recall correctly, the readable image was a page number reference in the manual one was expected to look up and type in the proper word to get past this stage of the loading program.

After I did this a couple of times it dawned on me that those who engage in filesharing and treating friends like friends (sometimes propagandistically called "pirates") never have to put up with this. Only the people who used the publisher-distributed copy did. And most of those users had paid for this treatment.

Those who shared copies were doing us all a favor: they let us try programs before buying a copy, they let us run copies that didn't have what we now call DRM; the anti-copying code had been stripped away. They let us have copies that one could copy in an ordinary fashion, no need for special copiers (such as "nibblers", or any copier that knew how to get past the errors which were deliberately added to the disk to defeat the standard file and disk copiers). There was no need to work around the issue by using audio tapes instead of disks (since audio tapes didn't have copy-prevention added to the media). These so-called "pirates" were doing us a service, a service I might have paid for if offered the opportunity to pay a publisher for a headache-free copy of the program.

Later I obtained a memory snapshotting cartridge called "Isepic" which let me make my own copy of the RAM-resident portion of the game. Isepic produced a copy which loaded faster, never prompted me for the manual lookup, and played identically to the other copy loaded from the distributor's media (no surprise there, it was the same code being loaded into memory). I never loaded the distributor's media again. But this got me to thinking about all the other programs (not just games) that treated the users this way across all the computers I had used. And I began to realize that this was a scam perpetrated on the people who treated the publishers the best. We were literally exchanging our money for being treated badly. And this harm pushed on the users was indiscriminate, everyone who got a copy in the typical way was mistreated.

There was one more issue to wrestle with: proprietary software. This was an issue even the filesharers couldn't really contend with. Almost all of the software I saw anyone use on the C-64 was proprietary: users weren't allowed to do things we wanted to do: understand how the program worked, share copies, modify the program, or (in some cases) even run the program whenever we wanted. At best, the filesharers could grapple with runtime limits: Want to play 'Elite' from the publisher's media without the plastic device? Too bad; that plastic device and loading routine is DRM to stop one from running the program (meaning that even if you copy the media you'll probably make a copy you can't really use). It's not likely one will be able to look at the screen and manually decode the image, by design. Tough on the paying users, easy on the users who know how to share with each other. But this won't help you with the other freedoms of free software.

As a practical matter we didn't face some very serious problems with always-networked computers: We didn't have our C-64s constantly on, we didn't store sensitive credentials on the C-64, and we didn't connect them to networks most of the time. So we didn't have the privacy-busting ramifications proprietary software poses for ordinary computer users today (for example, FlightSimLabs was caught distributing software that covertly copied users' website credentials to FlightSimLabs. Copying people's credentials to websites ought to be criminal; this is very likely to include copying credentials to medical, banking, and work-related websites). What if that flight simulator company doesn't keep the lid on whatever they illicitly copied from the users? Remember that FlightSimLabs did this indiscriminately: They did this to all of their users; there's no reason to believe they won't mistreat a paying user. FlightSimLabs lied to all their users by misrepresenting what that flight simulator does—I'll bet that people who got a copy thought they were getting a flight simulator, not a credentials copier.

In the end I came to recognize that the heart of this issue where the computer owner has less power over their computer than an organization that convinces the user to run their software is the main issue of software freedom. Software proprietors have unjust power over the users. The only way to break that power and keep people opting for freedom is to teach people to value software freedom for its own sake, and then choose free software consistently: play free software games, run free software apps for other jobs, and install and use free software operating systems. You'll have to have the spine to say 'no' to a lot of what is advertised, but you'll retain control of your data and your computer and it's a lot less likely you'll ever bump into DRM. Free software DRM is ineffective—edit out the DRM code and run that version instead. You also get to treat your friends in a way that is natural to do with digital computers—sharing copies of published software.


What's the point of the folded table viewer? How is it any better than just including a password in the manual? Is the idea that the password changes, so you need the viewer and manual each time?


I think it is to make it harder for the end user to circumvent copy protection. You could just make a xerox copy of the manual and give it to your friend, but it's hard to xerox a plastic trinket.


I think one need to view everything that happens with a time lens.

Locally at the time the content is produced it be seen as evil by corporations to copy it and distribute the titles for free. For one thing income from selling the software funds the next releases from the software company. So if there is no funding due to piracy there will not be a next release.

From a long term perspective and that of preservation. Pirates and crackers have done a very good deed. If no one could copy the content from an old disk system to a new system how would it be preserved? How will DRM protected content be copied and preserved for the future? How will content from online platforms like Netflix, HBO, Steam be preserved? Maybe it will be preserved by crackers and pirates? Is that a bad thing?

How will the content of online software as a service companies be preserved for the future?


It's too bad that societies haven't done a better job of exploring codified (and in turn universal) solutions to this. For example, having the law only allow technological copy control measures for a period of 14 years from release, and requiring that in order to use them a clean copy of the software had to be submitted to the Library of Congress (or similar) encrypted with an LoC key. When the software technological control period expired it would still be under copyright, but the public would be assured that even if it was abandoned (as is likely) legitimate owners would not be prevented from running it by a decaying DRM system.

For that matter I think encrypted source/asset escrow should also be a requirement for copyright period, so that when it becomes public domain someday (currently effectively forever, but a simple act of Congress could shrink copyright times back down to something sane) the source and assets will be part of that and can be modified and improved, just as copyright was always supposed to be and was a given for books. I can recognize the trust issues this would create, but I still think the public interest (the whole purpose of even allowing IP in the first place) should have strong weight.


These are all good points. National Libraries in several countries do however preserve software as a mean of digital culture preservation but the public as well as the private sector are generally unaware of this.


> In the modern era, there is some specialized hardware that can digitize a floppy disk at the level of magnetic flux changes. For a variety of reasons, the hardware developers focused on non-Apple II platforms, and a few unresolved technical differences prevented a community of Apple II-specific preservationists from reusing it. There is some new development on this front, and I’m optimistic that collectors will soon be able to create flux-level digital copies of Apple II floppy disks, and users will be able to boot original software in emulators.

Nice timing! Applesauce is that product, mentioned here last week: https://news.ycombinator.com/item?id=17256709

I think 4am views it as another tool in his toolbox: https://twitter.com/a2_4am/status/993247470414127104


I remember hanging out on #3dwarez with the creators/artists from ILM and other major studios. They would trade cracked software because they couldn't reasonably afford a 30k license for a new version but wanted to keep up to date or tinker with something new. Which is understandable. Hell I downloaded and uploaded millions of dollars of software and models from there.

But to be fair I do give credit to 3ds studio Max for adding a countermeasure that slowly degraded models if it detected it was cracked. A few months the support forums were flooded with complaints and the company knew who was pirating. That was a genuinely hilarious countermeasure.


I don't really know how to respond to your last statements.

I totally understand the creators blight of not being paid for someone using their work. Like others have said in this thread, especially now that I work in the field.

I find an issue with the work output of the stolen tool being tampered with. Was it permanent? Could you restore full quality by purchasing or some other arrangement?

To block access, or degrade functionality I find okay. To purposefully destroy someone else's hard work (even if made with stolen tools) just seems... wrong to me.

Most of us here have done it. Think about opening up an old project's source code that you happened to write with a pirated copy of VS or Blender or what have you when you were young and couldn't afford things but still wanted to learn.

To find it destroyed would crush me.


As you developed something it would degrade over time, if you just had it saved somewhere nothing would happen to the file. The more you used the pirates copy the more your file would get worse. No you could not restore access to the original, it degraded the polygon count on models.

I don't agree with this approach but it was pretty damn clever.


What’s sad is all the waste: count up all the engineering time spent on all these more and more clever and elaborate copy prevention schemes, and count up all the time spent defeating them. The world will never get back the collective productivity wasted on this arms race.


While the final implementation of the copy protection and code that cracked it are not particularly useful in the general sense I would assume those developers on both sides learned a lot in the process. It was a stupid waste of time outside of a valuable coding exercise. If I was on either side of that battle it would be on my resume.


FWLIW, I think there's a destructive poetic justice in the situation. It's not the noblest impulse -- to screw someone who you perceive screwing you -- but it seems eminently human.

The delicious part is in the slow play. Would it be better to halt the creation, rather than degrade it? In that case, there would be no skill development in addition to no product, which seems objectively worse.


Agreed as a whole but a small nitpick as that instant deactivation leads to instant cracking whereas slowly degrading might not be detected for awhile.


When I was younger I too was trading games. Being in middle school my ability to crack games was not great.. It really interesting how clever people get trying to prevent copies and how those counter measures get discovered.

A friend's father got this card that went in the apple // card slot and had a button. If you pressed the button you could dump whatever was in memory at that time to a copyable disk. It was called the "Wild card". This was fascinating to me.. It took some digging but there are a few ads for it on the internet..

I wonder if some of the lack of title sequences and extras were because people were using these cards, adding a "cracked splash" screen and calling it a day.

Ad: "Avoid the IRS (Iandvertently Ruined Software)" https://mirrors.apple2.org.za/Apple%20II%20Documentation%20P...

Ad2:

"Wildcards are copy cards that stack the deck in your favor, rather than copying protected disks track by track like the old nibble copiers, Wildcards ignore the disk and any copy protection on it. Instrad wildcards take a snapsot of your Apple's memory. This creates an accurate copy of the original program"

https://mirrors.apple2.org.za/Apple%20II%20Documentation%20P...


I built a memory dump system of my own for the TRS-80. The reset button on the machine launched an RST operation on the Z80 CPU, which was the only non-maskable interrupt (in other words, software writers couldn't disable or prevent it).

Unfortunately due to the memory mapping of the TRS-80, this set the CPU to an address in ROM, meaning I couldn't get at it to do anything useful. I put together a small veroboard circuit with a 2716 EPROM and a nand gate or two. This was hacked into the memory decoding circuit on the TRS-80 so that in normal operation the original ROM would be called, but if the address range was in the first 2k (the smallest block I could map), it would take instructions from the EPROM.

A friend then hand copied the entire first 2k of memory from the ROM (in hex) and cooked it into the EPROM (funnily enough using an Apple). However, we modified the code around the RST instruction to leap to RAM, where the memory dump program could reside and then be executed.

As the machine couldn't reboot properly until our dump software was loaded, we added a toggle switch to enable/disable the memory mapping hack and return the machine to normal.

Presumably like the "Wild Card" did it, we dumped the memory and register contents so they could reloaded later. Fun times.


These types of freezers were on lots of systems. Everyone in the C64 scene will remember the ISEPIC, for example, which functioned in a like manner (I have an ISEPIC, but I used a Super Snapshot and/or a Final Cartridge III more often -- more reliable and loaded snapshots faster).

Even back in the day these were recognized as lower-quality cracks, but sometimes the best you could do until the protection scheme was better understood.

(ObDisclaimer: not an endorsement of piracy.)


I love that they wrote a tool to automate cracking. I'd be curious to know more about it, like specifically what kinds of protection it could break. IIRC a lot of copy protection on the Apple ][ was pretty straightforward, they'd just change the marker bytes for where sectors began to something nonstandard. I imagine that's pretty easy to automatically reverse. But a disc with something weird like spiral tracking or software with a deeply obfuscated "look up a word in the manual" system must be harder to crack.


It's here https://github.com/a2-4am/passport Also he has a "best of" list if you don't want to dig through all of the logs he keeps to find the interesting stuff. https://twitter.com/a2_4am/status/993129396520341504


> software with a deeply obfuscated "look up a word in the manual" system must be harder to crack. Reminds me of the paper codex used by Lucasarts and their Monkey Island series :-) Pragmatic solution, and very funny, although not that hard to copy and distribute along with the pirated game.


Wow, 1673 cracked software, all with expired copyright. This is an amazing preservation achievement. Love the automation part and am a bit curious to how hard this would be to port to another 6502 machine (yes, c64)?


I never cracked disk protections, but I did sometimes reverse engineer games to figure cheat codes, etc. One EA game I looked at was the Will Harvey's Zany Golf for the Amiga. I had read somewhere that there was a secret level (the mad scientist? Or maybe that was the last public level). I got reasonably good at it, but not good enough to unlock the level.

I disassembled it, etc. It did not make any sense to me. With other games it was easier to find where in memory they kept game state. I ran out of tricks. I was young and not too experienced. Eventually I figured that it was not really written in 68k code. It was using some kind of interpreter. I hadn't read many books or studied CS at the time, so I didn't know that I was looking at a VM. Register A2 or A3 pointed to the current opcode. There was a jump table and each opcode handler ended with a jump to the dispatcher. I don't believe the opcodes were 6502 instructions or I would have recognised them. It would have been a reasonable candidate, since the original was written for the Apple //gs.

I still never got to the secret level. I either gave up or damaged the disk.


Nice story! I just had to look it up:

> On the last level (Energy), you will see a mouse hole where eyes appear sometimes. When the eyes turn red, putt the ball into the hole. You will be teleported to the secret course 'Mystery'.

From https://gamefaqs.gamespot.com/amiga/931157-will-harveys-zany...


Damn, I hate articles like this, they take me back to the good old days and suddenly it's HOURS later.


Hear hear


> "We still can’t make perfect digital representations of Apple II floppy disks."

Apparently this is no longer true, thanks to AppleSauce:

https://news.ycombinator.com/item?id=17256709


The preservation is still not perfect though, partly due to limitations in the format used to store the recovered data. https://twitter.com/yesterbits/status/993342787444670464


That sounds like a problem with the processor running the code, not the disk image format.


Check out the other tweets in the thread though.


Delightful.

> After 8 cracks, I wrote a tool to automate step 1, capturing the RWTS. After 152 cracks, I wrote a tool to automate step 3, patching up the unprotected copy.

> After 688 cracks, I wrote Passport.


Fascinating read! Anyone have examples on more articles on the good ol' days of software cracking and distribution?


At that time computer were awfully expensive (my dad had to be helped by my grand father to buy one). Magazine's (at least in my country) were expensive too. And games, that was just out of question. So piracy had some legitimacy when you were a teenager. Nowadays, everything is much more affordable and piracy is much harder (on consoles at least). Those were the days...


> Nowadays, everything is much more affordable

AAA titles are still 50-60€ upon release, so nothing new there... the real difference that has cropped up over the last 3,4 years is that free-to-play crap model. A 0.50€ powerup is cheap, but one a day... 15€ a month. Don't get me started on loot boxes. 5 years ago the only way to get poor due to gaming was gambling, now? Have a little kid and make the mistake of attaching a credit card to the app store account.

It seems affordable but it's a total rip off.


You are forgetting "game pass", incomplete/bugged games at release date, DLCs, "special" version games tied to a seller (usually special equipment), timed exclusives...

I'm surprised the industry hasn't collapsed as it did once in the eighties.


> I'm surprised the industry hasn't collapsed as it did once in the eighties.

These days you have a massive inertial mass of 16 year old kids dragging their parents to Gamestop or to their credit cards and begging them to get them their latest CoD or whatever fix. Parents don't care and the kids don't as long as they can get their fix (and streaming to Twitch isn't broken).


> Have a little kid and make the mistake of attaching a credit card to the app store account.

iOS and Android have parental controls where you can lock out/limit IAPs for an account or device to counteract this. I agree the whole practice is shady, but there are at least tools to prevent some of the worst scenarios. Which was not always the case.


That's three good stories from Paleotronic in just a few days. They seem to be doing well.


> I enjoy technical writing

Just goes to show you that there are a lot of different types of people in the world.


And an infinite way for them to find their outlet :)




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: