Cracking Abandonware DRM Like It’s 1999

As long as there have been games, there have been crackers breaking their copy protections. “Digital Rights Management” or DRM, is a phrase for copy protection coined near the end of the 1990s, and subverted shortly thereafter. But how? [Nathan Baggs] show us what it took to be a cracker in the year 2000, as the first step to get an old game going again turned out to be cracking it. 

The game in question is “Michelin Rally Masters: Race of Champions” by DICE, a studio that was later subsumed by EA and is today best known as the developers of the Battlefield franchise. The game as acquired from an abandonware site does not run in a virtual machine, and after a little de-obfuscation of the code causing the crash, [Nathan] discovers LaserLock is to blame. LaserLock was a DRM tool to lock down a game to its original CD-ROM that dates all the way back to 1995. Counters to LaserLock were probably well-known in the community back in the day, but in 2025, [Nathan] walks us through attempting to crack it it from first principles.

We won’t spoil the whole assembly-poking adventure, but the journey does involve unboxing an original CD to be able to compare what’s happening when the disc is physically present compared to running from the ISO. Its tedious work and can only be partially automated. Because it did prove so involved, [Nathan]’s original aim — getting the game to work in Windows 11 — remains unfulfilled so far.

Perhaps he’d have had better luck if he’d been listening to the appropriate music. Frustrating DRM isn’t always this hard; sometimes all you needed was a paperclip. Continue reading “Cracking Abandonware DRM Like It’s 1999”

Hackaday Links Column Banner

Hackaday Links: March 9, 2025

It’s been a busy week in space news, and very little of it was good. We’ll start with the one winner of the week, Firefly’s Blue Ghost Mission 1, which landed successfully on the Moon’s surface on March 2. The lander is part of NASA’s Commercial Lunar Payload Services program and carries ten scientific payloads, including a GPS/GNSS receiver that successfully tracked signals from Earth-orbiting satellites. All of the scientific payloads have completed their missions, which is good because the lander isn’t designed to withstand the long, cold lunar night only a few days away. The landing makes Firefly the first commercial outfit to successfully soft-land something on the Moon, and being the first at anything is always a big deal.

Continue reading “Hackaday Links: March 9, 2025”

A black and white image of a dark framed e-reader with a keyboard below its e-ink screen. It is on a piece of cloth.

Auto-Download Your Kindle Books Before February 26th Deadline

With the news that Amazon will no longer be allowing users to download their Kindle books after February 26th, many are scrambling to download their books before it’s too late. The most up-to-date project for automating this process appears to be Amazon Kindle Bulk Downloader.

As the company that famously removed 1984 from thousands of devices without users permission, this is a move that shouldn’t be surprising, but is still disappointing, especially for those of us that were somewhat early adopters of ebooks with Kindles that don’t have a WiFi connection. (Yes, you can tell us about how you bought a Sony reader before the Kindle even came out in the comments.)

The Typescript-coded tool runs inside bun which can be installed in any of the big three OSes and even has a handy Docker image if that’s more your speed. Whether you use this tool or not, if you have any Kindle books we’d implore you to download them now.

Once you’ve downloaded those books, how about cracking the DRM either with LEGO or with software like Calibre. You could load it on a completely Open Source Reader then.

Bambu Lab Tries To Clarify Its New “Beta” Authentication Scheme

Perhaps one of the most fascinating aspects of any developing tech scandal is the way that the target company handles criticism and feedback from the community. After announcing a new authentication scheme for cloud & LAN-based operations a few days ago, Bambu Lab today posted an update that’s supposed to address said criticism and feedback. This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that’s supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key.

In the new blog post, the Bambu Lab spokesperson takes a few paragraphs to get to the points which the community are most concerned about, which is interoperability between tools like OrcaSlicer and Bambu Lab printers. The above graphic is what they envision it will look like, with purportedly OrcaSlicer getting a network plugin that should provide direct access, but so far the Bambu Connect app remains required. It’s also noted that this new firmware is ‘just Beta firmware’.

As the flaming wreck that’s Bambu Lab’s PR efforts keeps hurtling down the highway of public opinion, we’d be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.

Apple Forces The Signing Of Applications In MacOS Sequoia 15.1

The dialogue that greets you when you try to open an unsigned application in MacOS Sequoia 15.1.

Many MacOS users are probably used by now to the annoyance that comes with unsigned applications, as they require a few extra steps to launch them. This feature is called Gatekeeper and checks for an Apple Developer ID certificate. Starting with MacOS Sequoia 15, the easy bypassing of this feature with e.g. holding Control when clicking the application icon is now no longer an option, with version 15.1 disabling ways to bypass this completely. Not unsurprisingly, this change has caught especially users of open source software like OpenSCAD by surprise, as evidenced by a range of forum posts and GitHub tickets.

The issue of having to sign applications you run on MacOS has been a longstanding point of contention, with HomeBrew applications affected and the looming threat for applications sourced from elsewhere, with OpenSCAD issue ticket #880 from 2014 covering the saga for one OSS project. Now it would seem that to distribute MacOS software you need to have an Apple Developer Program membership, costing $99/year.

So far it appears that this forcing is deliberate on Apple’s side, with the FOSS community still sorting through possible workarounds and the full impact.

Thanks to [Robert Piston] for the tip.

2View: The Self-Erasing VHS Tape With Paperclip Hack

The back of the 2View VHS box. The instructions are all in Dutch, as its (sole) launch market. (Credit: Techmoan, YouTube)
The back of the 2View VHS box. The instructions are all in Dutch, as its (sole) launch market. (Credit: Techmoan, YouTube)

Over the decades the video and music industries have tried a wide range of ways to get consumers to buy ‘cheaper’ versions of albums and music, but then limit the playback in some way. Perhaps one of the most fascinating ones is the 2View, as recently featured by [Matt] over at Techmoan on Youtube. This is a VHS tape which works in standard VHS players and offers you all the goodness that VHS offers, like up to 512 lines of PAL video and hard-coded ads and subtitles, but also is restricted to just playing twice. After this second playback and rewinding, the tape self-erases and is blank, leaving you with just an empty VHS tape you can use for your own recordings.

As a form of analog restrictions management (ARM) it’s pretty simple in how it works, with [Matt] taking the now thankfully erased Coyote Ugly tape apart for a demonstration of the inside mechanism. This consists out of effectively just two parts: one plastic, spring-loaded shape that moves against one of the tape spools and follows the amount of tape, meaning minutes watched, and a second arm featuring a permanent magnet that is retained by an inner track inside the first shape until after rewinding twice it is released and ends up against the second spool, erasing the tape until rewound, after which it catches in a neutral position. This then left an erased tape that could be safely recorded on again.

Although cheaper than a comparable VHS tape without this limit, 2View was released in 2001, when in the Netherlands and elsewhere DVDs were demolishing the VHS market. This, combined with the fact that a simple bent paperclip could be stuck inside to retain the erase arm in place to make it a regular VHS tape, meant that it was really a desperate attempt that quickly vanished off the market

Continue reading “2View: The Self-Erasing VHS Tape With Paperclip Hack”

Man-in-the-Middle PCB Unlocks HP Ink Cartridges

It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many of these third-party ones are so-called re-manufactured ones, where a third-party refills an empty OEM cartridge. This is increasingly being done due to digital rights management (DRM) reasons, with tracking chips added to each cartridge. These chip prohibit e.g. the manual refilling of empty cartridges with a syringe, but with the right tweak or attack can be bypassed, with [Jay Summet] showing off an interesting HP cartridge DRM bypass using a physical man-in-the-middle-attack.

This bypass takes the form of a flex PCB with contacts on both sides which align with those on the cartridge and those of the printer. What looks like a single IC in a QFN package is located on the cartridge side, with space for it created inside an apparently milled indentation in the cartridge’s plastic. This allows is to fit flush between the cartridge and HP inkjet printer, intercepting traffic and presumably telling the printer some sweet lies so that you can go on with that print job rather than dash out to the store to get some more overpriced Genuine HP-approved cartridges.

Not that HP isn’t aware or not ticked off about this, mind. Recently they threatened to brick HP printers that use third-party cartridges if detected, amidst vague handwaving about ‘hackers’ and ‘viruses’ and ‘protecting the users’ with their Dynamic Security DRM system. As the many lawsuits regarding this DRM system trickle their way through the legal system, it might be worth it to keep a monochrome laser printer standing by just in case the (HP) inkjet throws another vague error when all you want is to just print a text document.

Continue reading “Man-in-the-Middle PCB Unlocks HP Ink Cartridges”