gnu@hoptoad.uucp (John Gilmore) (12/30/86)
[If this turns into a full blown discussion, it should move to comp.misc, since there is little or no cryptography being discussed.] In article <1148@ptsfb.UUCP> rpf@ptsfb.UUCP (Roy Falk) writes: >>ATTENTION HACKERS!!! >>PRIDE has established a new form of Copy Protection. They intend >>to offer 25000 big bucks to the first one to break it. >>PS- Wouldn't it make more sense to break it and NOT sell it back to PRIDE, >> After it could cost a brave company like PRIDE a whole lot more than >> just 25000 if there was a product on the market that allows multiple >> copies of their software to run. > >I am *outraged* at the suggestion that it makes "more sense" to profit >from the criminal activity suggested by the author than to accept the >innocent, although admittedly naive, challenge made by PRIDE. In effect, someone who broke their code WOULD be accepting the company's challenge. What the company wants is that any defects in their copy protection scheme be brought to their attention. I'm sure that if someone marketed a program to copy their product, that it would come to their attention. Note that the original poster did not suggest that the cracker "get rich" from selling copy programs -- just that the company would probably lose more than $25,000 in revenues if the security hole remained unfixed. As far as I can see, there is no criminal intent in the original message. There is no law against decoding a program you buy, nor against selling programs that automate this process. The interesting part would be: The company would have to decode the copying program in order to see what their weakness is. The copying program could be made arbitrarily convoluted to make this tough. In effect, the tables are turned -- the company knows it has a security hole, and it has to break the security on the copy program to find out what the hole is. The worm re-turns! I think building such a situation would be a lot more fun than just claiming a $25,000 prize (which is probably awarded at the discretion of PRIDE anyway, e.g. can't be relied upon). Though I must admit I'm glad to see companies treating copy breaking as a contest rather than as a matter for litigation. PS: I broke copy protection on an Apple II "Asteroids" game a few years ago when I was messing with Apples. The authors sold me the game personally from a booth at the Computer Faire. They said they thought it was unbreakable. It's like the amateur cryptographers who invent a great new unbreakable cipher that was broken before 1000 AD. It took about 3 days and the method of breaking it was trivial -- you just start from the boot sequence, disassemble, understand, and patch the code to read in the next stage and then trap to you. Lather, rinse, repeat. It gets a bit tedious at times but it's not hard, just takes a lot of detail work. Since you are in complete control of the machine, there is nothing the software can do -- it is DATA until you jump to it, and while it's DATA you can understand what it's doing. While doing this, I thought up 5 or 10 other tricks that the authors could have played to make my life harder, but didn't. (A great one is to put a little code in the video pages -- if the screen scrolls, it jumbles!) Unless PRIDE is doing something with external keys, their copy protection is breakable by the same method -- after all, the computer can read the program into memory to run it, so I can too. -- John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa I forsee a day when there are two kinds of C compilers: standard ones and useful ones ... just like Pascal and Fortran. Are we making progress yet? -- ASC:GUTHERY%slb-test.csnet
ken@argus.UUCP (Kenneth Ng) (01/07/87)
In article <1597@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) writes: > While > doing this, I thought up 5 or 10 other tricks that the authors could > have played to make my life harder, but didn't. (A great one is to put > a little code in the video pages -- if the screen scrolls, it jumbles!) > John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa What you need here is the equivalent of VM for the PC. Redefine where the screen is, bingo, no more jumble problems. -- Kenneth Ng: Post office: NJIT - CCCC, Newark New Jersey 07102 uucp !ihnp4!allegra!bellcore!argus!ken *** WARNING: NOT ken@bellcore.uucp *** bitnet(prefered) ken@orion.bitnet Gillian: "Are you sure you won't change your mind?" Spock: "Is there something wrong with the one I have?"