copy protection

8 Articles

PC Floppy Copy Protection: Vault Corporation Prolok

October 11, 2024 by 6 Comments

In the 2020s we’re used to software being readily accessible, and often free, whether as-in-beer or as-in-speech. This situation is a surprisingly new one, and in an earlier era of consumer software it was most often an expensive purchase. An anti-piracy industry sprang up as manufacturers tried to protect their products, and it’s one of those companies that [GloriousCow] examines in detail, following their trajectory from an initial success through to an ignominious failure driven by an anti-piracy tech too extreme even for the software industry.

Vault Corporation made a splash in the marketplace with Prolok, a copy protection system for floppies that worked by creating a physically damaged area of the disc which wouldn’t be present on a regular floppy. The write-up goes into detail about the workings of the system, including how to circumvent a Prolok protected title if you find one. This last procedure resulted in a lawsuit between Prolok and Quaid Software, one of the developers of circumvention tools, which established the right of Americans to make backup copies of their owned software.

The downfall of Vault Corporation came with their disastrously misjudged Prolok Plus product, which promised to implant a worm on the hard disks of pirates and delete all their files in an act of punishment. Sensing the huge reputational damage of being tied to such a product the customers stayed away, and the company drifted into obscurity.

For those interested further in the world of copy protection from this era, we’ve previously covered the similar deep dives that [GloriousCow] has done on Softguard’s Superlok as well as the Interlock system from Electronic Arts.

PC Floppy Copy Protection: Electronic Arts Interlock

September 17, 2024 by 8 Comments

Continuing the series on floppy copy protection, [GloriousCow] examines Electronic Arts’ Interlock system. This was used from 1984 to 1987 for at least fourteen titles released on both 5.25″ and 3.5″ floppies. Although not officially advertised, in the duplication mark sector the string ELECTRONIC ARTS IBM INTERLOCK. appears, hence the name. Compared to other copy protection systems like Softguard Superlok this Interlock protection poses a number of somewhat extreme measures to enforce the copy protection.

The disk surface of Side #0 of the 1984 mystery-adventure title, Murder on the Zinderneuf (Credit: GloriousCow)
The disk surface of Side #0 of the 1984 mystery-adventure title, Murder on the Zinderneuf (Credit: GloriousCow)

Other than the typical issues that come with copying so-called ‘booter’ floppies that do not use DOS but boot directly into the game, the protection track with Interlock is rather easy to spot, as seen on the right. It’s the track that lights up like a Christmas tree with meta data, consisting out of non-consecutive sector IDs. Of note is the use of ‘deleted’ sector data marks (DDAM), which is a rarity in normal usage. Along with the other peculiarities of this track it requires an exact query-response from the disk to be accepted as genuine, including timings. This meant that trying to boot a straight dump of the magnetic surface and trying to run it in an emulated system failed to work.

Reverse-engineering Interlock starts with the stage 0 bootloader from the first sector, which actually patches the End-of-Track (EOT) table parameter to make the ridiculous number of sectors on the special track work. The bootloader then loads a logo, which is the last thing you’ll see if your copy is imperfect.

Decrypting the second stage bootloader required a bit of disassembly and reverse-engineering, which uncovered some measures against crackers. While the actual process of reverse-engineering and the uncovered details of Interlock are far too complex to summarize here, after many hours and the final victory over the handling of an intentional bad CRC the target game (Murder on the Zinderneuf from 1984) finally loaded in the emulator.

After confirming the process with a few other titles, it seems that Interlock is mostly broken, with the DOS-based title ArcticFox (1987) the last hurdle to clear. We just hope that [GloriousCow] is safe at this point from EA’s tame lawyers.

Interested in more copy protection deep dives? Check out the work [GloriousCow] has already done on investigating Softguard’s Superlok and Formaster’s Copy-Lock.

PC Floppy Copy Protection: Softguard Superlok

September 9, 2024 by 15 Comments

Many have sought the holy grail of making commercial media both readable and copy-proof, especially once everyone began to copy those floppies. One of these attempts to make floppies copy-proof was Softguard’s Superlok. This in-depth look at this copy protection system by [GloriousCow] comes on the heels of a part one that covers Formaster’s Copy-Lock. Interestingly, Sierra switched from Copy-Lock to Superlok for their DOS version of games like King’s Quest, following the industry’s quest in search of this holy grail.

The way that Superlok works is that it loads a (hidden) executable called CPC.COM which proceeds to read the 128 byte key that is stored on a special track 6. With this key the game’s executable is decoded and fun can commence. Without a valid ‘Play’ disk containing the special track and CPC.COM executable all one is instead left with is a request by the game to ‘insert your ORIGINAL disk 1’.

Sierra’s King Quest v1.0 for DOS.

As one can see in the Norton Commander screenshot of a Sierra game disk, the hidden file is easily uncovered in any application that supports showing hidden files. However, CPC.COM couldn’t be executed directly; it needs to be executed from a memory buffer and passed the correct stack parameters. Sierra likely put in very little effort when implementing Softguard’s solution in their products, as Superlok supports changing the encryption key offset and other ways to make life hard for crackers.

Sierra was using version 2.3 of Superlok, but Softguard would also make a version 3.0. This is quite similar to 2.x, but has a gotcha in that it reads across the track index for the outer sector. This requires track wrapping to be implemented. Far from this kind of copy protection cracking being a recent thing, there was a thriving market for products that would circumvent these protections, all the way up to Central Point’s Copy II PC Option Board that would man-in-the-middle between the floppy disk drive and the CPU, intercepting data and render those copy protections pointless.

As for the fate of Softguard, by the end of the 1980s many of its customers were tiring of the cat-and-mouse game between crackers and Softguard, along with issues reported by legitimate users. Customers like Infographics Inc. dropped the Superlok protection by 1987 and by 1992 Softguard was out of business.

The Ultimate 1541 Talk by Michael Steil, presented at the Vintage Computer Festival West

The Ultimate Commodore 1541 Drive Talk: A Deep Dive Into Disks, Controllers, And Much More

September 19, 2021 by 18 Comments

When we think of retrocomputing, it’s very often the computers themselves that get all the glory.  There’s nothing wrong with this of course- the computers of the late 70’s and 80’s were incredible machines that were chock full of hacks in their own right. But some of the most interesting hacks of the day happened not in the computers, but rather in their peripherals. A devotee of such periphery is [Michael Steil], who was driven to compile years of research, knowledge, and hard data into The Ultimate Commodore 1541 Drive Talk which you can view below the break.

In the talk, [Michael] covers the physical disk composition and construction, the disk drives, controller hardware, and the evolution thereof. The bit-by-bit breakdown of the tracks, sectors, and header information on the disks themselves is fascinating, as is the discussion of various copy protection techniques used by vendors to prevent piracy at a time when sneakernet was in full swing.

The descent into the circuitry of the controller reveals a venerable 6502 CPU which powered many vintage computers. Further discussion divulges the secrets for getting higher performance from the 1541 drive using innovations that are as recent as 2013.

A computer historian and archaeologist, [Michael] discusses how using modified vintage hardware is sometimes enough to save your old floppy collection. He also shows how modern interfaces that read disks all the way down to the magnetic flux level can be used to reconstruct missing data.

[Michael] masterfully lays bare the complexity, engineering, and hackery that went into storing less than 200kb of data. Whether you’re a Commodore enthusiast or not, your appreciation for the 32GB USB stick collecting dust on your desk is bound to grow!

We’ve covered [Michael]’s exploits before, and you may wish to check out the Ultimate Apollo Guidance Computer Talk or the Ultimate Gameboy Talk. Do you have your own favorite retrocomputer hacks and insights to share? Be sure to let us know via the Tip Line!

Continue reading “The Ultimate Commodore 1541 Drive Talk: A Deep Dive Into Disks, Controllers, And Much More”

PlayStation Unlocked With New Software Hack

March 15, 2021 by 42 Comments

The original PlayStation might be pushing 30 years old now, but that doesn’t mean hackers have given up on chipping away at it. A new exploit released by [Marcos Del Sol Vives] allows users to run copied games on all but the earliest hardware revisions of this classic console, and all you need to trigger it is a copy of Tony Hawk’s Pro Skater 2.

Aptly named tonyhax, this exploit uses a classic buffer overflow found in the “Create Skater” mode in Tony Hawk 2, 3, and 4. When the game sees a custom character saved on the memory card it will automatically load the name field to show it on the screen, but it turns out the developers didn’t think to check the length of the name before loading it. Thanks to this oversight, a long and carefully crafted name can be used to load an executable payload into the console’s memory.

The name contains the memory address of the payload.

That payload could be anything, such as a homebrew game, but in this case [Marcos] went all in and developed a simple tool that unlocks the console’s optical drive so it will play games burned to CD-Rs. Once the tonyhax exploit has been loaded, you simply swap the authentic Tony Hawk disc for whatever burned title you want to play. So far every game tested has worked, even those that span across multiple discs.

[Marcos] is providing not only the save files ready to load on your PlayStation memory card (either through a PC tool, or with the help of a hacked PS2), as well as the complete source code for tonyhax. This opens the door to the exploit being used to load other tools, emulators, and indie games, but as the PlayStation homebrew scene is relatively limited when compared to newer consoles, the demand might be limited.

Compared to the traditional physical modifications used to play copied games on the PlayStation, this new software approach is far more accessible. Expect to see memory cards with this exploit preinstalled hit your favorite import site in the very near future.

Continue reading “PlayStation Unlocked With New Software Hack”

A Lowly 8-Bit Micro Busts Copy Protection From The 16-Bit Era

July 16, 2020 by 6 Comments

When floppy disks were the data storage medium of choice, software companies and in particular game developers came up with ever more inventive ways to make them difficult to copy. Tinkering at the edges of the disc format standards didn’t come cheap though, and for example the Dungeon Master game for the Atari ST was reported as using $40,000 worth of custom hardware to achieve its so-called “fuzzy bit” technique. [Chris Evans] set out to recreate it, not by building a modern version of the custom hardware, but by doing it the hard way, with an early-1980s 8-bit BBC Micro home computer.

One could be forgiven for thinking that a computer sporting a 2 MHz 6502 would be unable to manage this task without extra hardware, and were it simply the 6502 itself you would of course be right. So to get anywhere he had to get creative with the Beeb’s built-in peripherals. Eschewing the floppy controller it was hooked up directly to the parallel port, and after a voltage problem courtesy of the drive’s termination resistors we’re taken through some of the 6522 VIA’s different modes in order to achieve a higher speed data burst than would normally be possible. All of these approaches hit the buffers though, until he looks at the 6845 video chip and uses its video output as a very fast shift register. With a custom cable and some work on special video modes, a home computer that would have cost several hundred dollars in the early 1980s can do the work of $40,000 custom hardware from later in the decade. Colour us impressed!

If you’d like to know more about the Dungeon Master copy protection, we’ve been there in the past.

BBC Micro header image: StuartBrady / Public domain.

Copy Protection In The 80s, Showcased By Classic Game Dungeon Master

June 25, 2019 by 44 Comments

Making a copy of a purchased game used to be as simple as copying a disk. As the game industry grew, so did fear of revenue loss which drove investment in countermeasures. These mainly consisted of preventing the easy duplication of magnetic diskettes, or having users jump through tiresome hoops like entering specific words from the printed manual. These measures rarely posed much of a challenge to the dedicated efforts of crackers, but the copy protection in the classic 80s game Dungeon Master for the Atari ST and Amiga was next-level. It implemented measures that went well beyond its contemporaries, and while it was eventually defeated, it took about a year to happen. In an era where games were cracked within days or even hours of release, that was remarkable.

Dungeon Master was a smash hit at the time, and while the details of its own brand of what we would now call DRM may not be new, this video presentation by [Modern Vintage Gamer] (YouTube link) does a wonderful job of stepping through everything it did, and begins with an informative tour of copy protection efforts of the era for context.

The video is embedded below, but if you’d like to skip directly to the details about Dungeon Master, that all starts just past eight minutes in. What we now call DRM clearly had roots that preceded the digital world of today; an absurd timeline in which even cat litterboxes can have DRM.

Continue reading “Copy Protection In The 80s, Showcased By Classic Game Dungeon Master”