bwf@ihlpl.UUCP (Fecht) (07/07/86)
I'm interested in the state of the art (and perhaps a little history) on copy-protecting copyrighted software disks and tapes. Pointers to references, mail, etc greatly appreciated. -Bill Fecht ihlpl!bwf IH 6M-509 (312) 979-3856
kim@mips.UUCP (07/11/86)
> I'm interested in the state of the art (and perhaps > a little history) on copy-protecting copyrighted > software disks and tapes. > > Pointers to references, mail, etc greatly appreciated. First, a couple of references: There was a good "technical survey" article article in the December, 1985 issue of "PC Tech Journal" that covers the various CP techniques that are in use, the problems they create, and the methods available for combatting them. It also touches briefly on some of the legal issues and implications of CP and CP-busting programs. Good reading. The current (Jul/Aug) issue of "Micro/Systems Journal" has an excellent technical "how to" article on *creating* a protected program on a PClone using elementary techniques (futzing around with the disk-controller parms, sector-headers, etc.) Must reading, if you're looking for technical details. Now for a couple of recent news items on the subject (with editorial comments): On the positive side of things ... about a month ago, I read (in Electronic Engineering Times, I think) that Vault Corporation had filed for Chapter 11. Those are the folks who brought you Prolok ... the most "advanced" version of which purportedly could/would trash your hard-disk if *it* decided you were using an illegal/unauthorized copy. I don't *think* this version of Prolok was ever shipped ... possibly due to the legal liability they could have been subjected to; possibly due to the hue and cry that went up when news of this built-in time-bomb first came out; or possibly because no s/w vendor in their right mind would touch it. I wonder how this will affect their lawsuit against Quaid Software (the CopyWrite people)? As I understand it, Vault claims that Quaid had to have disassembled the Prolok code in order to break it ... and disassembly of the code is forbidden in their stupid shrink-wrap agreement. Anyway, it looks like the worm has turned on Vault (sorry, I just couldn't resist that one :-) )! On the negative side ... another recent article (from PC Week ?) mentioned that the Justice Dept. has ruled (decreed ?, decided ?, advised ?, stated ?) that the ADAPSO-developed and backed h/w protection mechanism (usually called a "dongle") will not violate anti-trust and/or trade-restraint laws. In case you don't know, a dongle is an insidious little device that plugs into your RS-232 (serial) port in a supposedly transparent fashion. A s/w vendor provides a "key" along with the s/w which plugs into the dongle. The s/w itself can then interrogate the (supposedly transparent) dongle, and make sure the key is present before it will run; or it can use the key's "action" as part of an operational algorithm, etc. Naturally, each key will be unique (or at least there will be many different keys), and each piece of s/w that uses this brain-damaged technology will require a key. This means you will need a dongle with dozens of key-slots (which you buy at your expense, of course) to support a good-sized s/w base *conveniently*. Of course, the keys will never break, nor will the dongle. And of course the dongle/keys/key-checking-software will all peacefully coexist together ... especially while you're multi-tasking several "donglized" programs together ... and you're using the serial-port to talk to your modem ... etc. Who is kidding whom, here? What is the bandwidth of your serial port? Supposedly, there will be "master-keys" for file-servers and network applications. And I suppose super-keys and sub-master-keys and ... The benifit of dongles (as with CP) is that the s/w vendors won't be getting ripped-off by unauthorized use of the products that they sell. Now they won't have to pass the costs of lost profits along to the legitimite user, and consequently their prices will be lowered, and we will all live happily everafter. And if you believe that, I have some property in Florida ... it's a really good investment deal ... Finally (if you're still reading this), I have a question for the s/w vendors who insist that I don't *buy* their product, but rather *license* it: If it is true that I don't *buy* your product, how come I have to pay *SALES* tax on it? I've always subscribed to the philosophy that "if it looks like a skunk, walks like a skunk, and smells like a skunk ... then it probably *is* a skunk." This in spite of any "paint" you may spray on the outside of the animal. Now aren't you glad you brought the subject up? /kim Disclaimer: I have no affiliation with any publication, organization, or company mentioned in this article, or with any competitor of the same. Prolok is probably a trademark of Vault Corporation. The views expressed herein are my own, and not necessarily those of my employer, my girlfried, or her cat. You are hereby granted a license to agree with these opinions, and may make back-up copies as necessary for your own personal use. You may even redistribute these opinions for a profit if you can find someone who'll pay you for them. You may not, however, "reverse-engineer" this work; any use of the individual words expressing these opinions outside of this context is prohibited, and will terminate your license. Etc, etc, etc. -- UUCP: {decvax,ucbvax,ihnp4}!decwrl!mips!kim DDD: 408-720-1700 x231 USPS: MIPS Computer Systems Inc, 930 E. Arques Av, Sunnyvale, CA 94086 CIS: 76535,25
brown@nicmad.UUCP (07/11/86)
In article <1066@ihlpl.UUCP> bwf@ihlpl.UUCP (Fecht) writes: >I'm interested in the state of the art (and perhaps >a little history) on copy-protecting copyrighted >software disks and tapes. If you are thinking of doing it, forget it. There hasn't been a product released, with protection, that hasn't been broken. If the big boys can't do it (Lotus 123 ver 2 and SoftGuard, as an example), then you won't be able too either. The trend is away from protection. Protection and hard disks just don't get along. I know, someone will flame and disagree with me. But it is my opinion. -- ihnp4------\ harvard-\ \ Mr. Video seismo!uwvax!nicmad!brown topaz-/ / decvax------/
lim@nprdc.arpa (07/11/86)
There was a nice article in IEEE's "SPECTRUM" June 1986 issue on copy-protection of software. It discussed copy-protection methods, and ways to break them. It also focused on the legal and ethical questions of copy-protection. It was titled "How Disk are 'padlocked.' Bill Lim (619)225-6434 lim@nprdc ihnp4 \ akgua \ decvax >---- !sdcsvax!sdics!nprdc!lim dcdwest / ucbvax /
rb@cci632.UUCP (07/17/86)
In article <770@nicmad.UUCP> brown@nicmad.UUCP (Mr. Video) writes: >In article <1066@ihlpl.UUCP> bwf@ihlpl.UUCP (Fecht) writes: >>I'm interested in the state of the art (and perhaps >>a little history) on copy-protecting copyrighted >>software disks and tapes. > >If you are thinking of doing it, forget it. There hasn't been a product >released, with protection, that hasn't been broken. If the big boys >can't do it (Lotus 123 ver 2 and SoftGuard, as an example), then you >won't be able too either. > >The trend is away from protection. Protection and hard disks just don't >get along. > Actually, one of the more popular trends is toward copy detection. The technique is quite simple, unobtrusive, and easy to do. All one has to do is put a unique serial number on each disk, where it won't get noticed, even by the software, usually as an unused static. If Joe T. Pirate takes off the copyright header, and prints up 1000 copies, or posts it to a bulletin board, the manufacturer knows at minimum, which dealer recieved the copy. If Joe T Pirate sent in his registration, they know exactly who to blame. The key to making this work, is to not tell anybody that it is there. This allows users to copy to hard disks, even circulate a few copies within the company, but when it goes "outside", the proof is quite easy to get. Which products have protection this way? As I said, the secret is to not tell anybody. One nice aspect is that BBS systems can be used to distribute "auto-registered" software. In this case, the BBS runs a "blind update" program provided by the manufacturer/author. This can be used to increment the "serial number". It can also record which user got the last serial number. The technique has been around for a while. Video and audio tapes often use similar encoding. You can't see/hear it, but the manufacturer can trace it.
dale@wucs.UUCP (07/18/86)
So far everybody has talked about software protection that is disk-based. Has anyone seen or heard how some of the other methods work? In particular, Clarion (and others) are using a little box that connects into the parallel port of a PC. This is fine as long as you have a parallel port however most of our machines around here only have serial. (They have old Seattle cards with just a serial port) Anybody know anything?? Dale Frye Washington University in St. Louis
hsu@eneevax.UUCP (07/19/86)
In article <229@cci632.UUCP> rb@ccird1.UUCP (Rex Ballard) writes: >In article <770@nicmad.UUCP> brown@nicmad.UUCP (Mr. Video) writes: >>In article <1066@ihlpl.UUCP> bwf@ihlpl.UUCP (Fecht) writes: >>>I'm interested in the state of the art (and perhaps >>>a little history) on copy-protecting copyrighted >>>software disks and tapes. >> >>The trend is away from protection. Protection and hard disks just don't >>get along. >> >Actually, one of the more popular trends is toward copy detection. The >technique is quite simple, unobtrusive, and easy to do. All one has >to do is put a unique serial number on each disk, where it won't get >noticed, even by the software, usually as an unused static. If Joe T. >Pirate takes off the copyright header, and prints up 1000 copies, or >posts it to a bulletin board, the manufacturer knows at minimum, which >dealer recieved the copy. If Joe T Pirate sent in his registration, >they know exactly who to blame. Firstly, let me say that I'm not familiar with the current state of IBM piracy, but that last time I looked, IBM pirates were rank amateurs next to even the most inexperienced of Apple pirates. The above technique would work well against such people. Let me now add that this would not work at all against any competent Apple pirate, as Apple pirates stood 4 years ago. It was once common practice to crack several copies of the same program in the same manner and to `diff' the results, as it were. Moreover, many programs were pirated and distributed either without any serial numbers at all, or before they were shipped to the dealer. As early as 1981, several pirate organizations had managed to infiltrate not only the major distribution facilities, but had also managed to infiltrate the workforces of many major software publishers. A non-trivial number of beta-testers for several firms moonlighted as pirates. And of course, many software authors gained their expertise through piracy, which may explain why that package you've been writing for years just never seems right to the publisher. Some packages were already in such wide distribution so early that officialrelease was cancelled. At least one package was eventually given away free when the manufacturer discovered that large numbers of people had been using it for months. I might add that a disproportionate number of former pirates are now making their fortunes as managers of computer stores, and are now fervent anti-pirates, as it interferes with their livelihood. Needless to say, even if you track a pirated package down to a specific dealer, it is entirely possible that he/she truly has no knowledge of the existence of a pirated copy, because it had been copied long before it reached his/her shelves. QED. It won't catch the good ones. -dave -- David Hsu (301) 454-1433 || -8798 "It was Dave, not me..honest!" -eneevax Communication & Signal Processing Lab / Engineering Computer Facility The University of Maryland -~- College Park, MD 20742 ARPA:hsu@eneevax.umd.edu UUCP:[seismo,allegra,rlgvax]!umcp-cs!eneevax!hsu "Who cometh to the bridge of death must answer me these questions three, 'ere the other side he see....aiggggh!"
rb@cci632.UUCP (Rex Ballard) (07/22/86)
In article <16@eneevax.UUCP> hsu@eneevax.UUCP (Dave Hsu) writes: >In article <229@cci632.UUCP> rb@ccird1.UUCP (Rex Ballard) writes: >>In article <770@nicmad.UUCP> brown@nicmad.UUCP (Mr. Video) writes: >>>In article <1066@ihlpl.UUCP> bwf@ihlpl.UUCP (Fecht) writes: >>>>I'm interested in the state of the art (and perhaps >>>>a little history) on copy-protecting copyrighted >>>>software disks and tapes. >>> >>>The trend is away from protection. Protection and hard disks just don't >>>get along. >>> >>Actually, one of the more popular trends is toward copy detection. The >>technique is quite simple, unobtrusive, and easy to do. > >Firstly, let me say that I'm not familiar with the current state of >IBM piracy, but that last time I looked, IBM pirates were rank amateurs >next to even the most inexperienced of Apple pirates. The above >technique would work well against such people. Well, there are two types of pirates. Amateur pirates are just that. They crack the protection so they can get a backup or get it on hard disk and in the process, give a copy to a friend. The professional is just that. He cracks the protection for the purpose of selling either the copies or the crack itself. Needless to say, protection schemes, no matter how good, are vulnerable. >Let me now add that this would not work at all against any competent >Apple pirate, as Apple pirates stood 4 years ago. It was once common >practice to crack several copies of the same program in the same manner >and to `diff' the results, as it were. The main problem with both detection and protection is that they "clue in" the pirate that the software may have detection. The professional will check anyway, the amateur is not likely to care, since he has unrestricted use (including giving away a "sample copy or two"). The amateur is also less likely to abuse the copy capability. Often a low-cost work will originally be obtained through a friend before it is purchased (to get the manual). A high cost work, with it's heavy protection, will often never be purchased. >Needless to say, even if you track a pirated package down to a specific >dealer, it is entirely possible that he/she truly has no knowledge >of the existence of a pirated copy, because it had been copied long >before it reached his/her shelves. There are some reliable methods of control. The dealer isn't necessarily the pirate, but is likely to know who purchased that package. >QED. It won't catch the good ones. >-dave Nothing will catch the good ones, especially the small scale professional. All one can hope for is that sufficient evedence can be obtained to get a settlement when illegal copies are "loaned out". Settlements and convictions will tend to make people more cautious, since they won't know what is detectable and what is not (most of the time). Rex.