These dongles used to be ubiquitous and they broke all the time.
As a young intern, I arrived early one morning to find the PCB layout software (PADS PowerPCB) on our "design PC" wasn’t working. (I use quotes because it was just the beefiest machine we had, naturally our boss’s PC, which he kindly shared)
Obviously the dongle. I tried unplugging and replugging it, with and without the printer daisy-chained. Nothing.
So I begrudgingly asked my colleague who’d just arrived. He looked at the dongle, looked at me, looked at the dongle again, and started laughing.
Turns out our Boss had stayed late the previous night processing customer complaints. One customer had sent back a "broken" dongle for the product we were selling. Boss tested it on his PC, found it worked fine, and mailed it back on his way home.
Except he didn’t send our dongle back. He had sent my PowerPCB dongle. More fun was had when the rest of the team and finally our boss arrived. Luckily he took it with good humor.
While I was reading the OP I kept thinking about how an accounting firm's entire ability to do business rested on the continued functioning of a parallel-port dongle. I just have to imagine that they had a box full of these.
I remember when I worked in an electronics lab one of our EEs built several "dongle buses", a parallel port "bus" that you could plug up to about half a dozen dongles in, and it was frequently fully populated on the machines we used for CAD and PCB layout. An early version of PADS (PADS2000?) was one of the applications we used.
We had proper licenses for all PADS seats at my previous work, but all the users always installed the cracked versions because it was unusable with the dongle.
This reminds me the old days of Windows 95 when I found a software to burn CDs that had a trial version which was limited to 150MB of data or so. If you tried to create a CD bigger than that it would refuse to burn and it would instead open a popup and tell you that the image exceeded the limit of XYZ blocks allowed by the trial version.
So I first decompressed the executable program (Windows executable were often packed at that time [0]), then I opened a binary editor, looked for that specific number in hexadecimal notation in the binary and changed to something much higher. I was than able to burn CDs without limitation.
My grandma used to be playing casual games from a certain publisher on her PC. They were all trial versions, though, limited to 30 minutes or so. Turns out, the time left was stored in the registry, and didn’t have any validation – so when a 10 y.o. me made a quick edit, she was left with 4294967295 minutes of trial left.
back in the mid to late 90s, I got a trial for compuserve that was a free 2 month trial. I liked it as as they provided dialup PPP access so was able to use it as full time internet access. It wasn't quite "2 months" of access though. It was 1500 hours of access (which in practice > 24*62).
However, their usage accounting software wasn't great. I had it setup to reconnect if the connection dropped, and they didn't do a great job seeing this, so they accused me of using 2-3k hours during those 2 months (should be impossible if always coming from the same #) and sent me a large bill (for the hours used over 1500). They eventually gave in when I showed them it was impossible and they could validate that the calls were coming from the same line due to the connection dropping and being simple reconnections.
Heh there was some ad supported dial up Internet I found. you were supposed to download their browser and it'd dial in and work normal enough.
I noticed it created a windows dial up connection. When you launched the browser the login info worked on this. I could just dial their server and save the username and password and use any browser or game normally.
Many a crack back in the day was even more simple still, we'd just find and alter the right JE or JNE into a JMP and we're off to the races. As the author found, the tough part is just finding and interpreting where and how the protection was implemented. If throwing the exe in a hex editor gave you access to String Data References (not always the case, but more common than not) then you'd just fail the check you were trying to skip, find that string, hop over into assembly to see what triggered loading that, and then just alter the logic to jump over it when the time comes.
Many years ago I was a technician supporting a few custom programs on thousands of PCs. The developer of one of these programs had added a date check to his code so the program would refuse to run after a set date and each new release would increase this date by a few months so it would stop working after a few weeks if he ever stopped creating new releases. His contract ended and a few weeks later his software, now relied upon by hundreds of sites, stopped working. The contract for the software development was thoroughly checked and legal action against the developer was started but I asked to see if I could resolve the problem in the meantime.
It only took ten minutes with a dissassembler to find the JGT (Jump if greater than) and convert it to a JLT so the software would stop running if the date was before a certain date rather than after. I created a patching tool that simply flipped one bit that was sent out to all the sites and everything was good again. I don't think I'll ever beat the elegance of a single bit flip hack.
If you think it's bad now, the early days of the web were absolutely filled with scumbag grifters who made small fortunes hiring contractors and then refusing to pay.
Many of them disappeared in the y2k dot com bust, but then seem to have reappeared in SF after 2008.
In the late 1990's, my second ever Flash app development client stiffed me on a $10k invoice.
He finally figured out 6 months later that he didn't have the source material to make changes and paid the full invoice in order to get it.
So I took precautions with the next client. It was a small agency that was serving a much larger business.
We were on 30 days net payment terms and I submitted the invoice when the project was done.
They didn't pay and within a couple weeks of gentle reminders, they stopped responding.
I smiled.
Exactly 30 days from the due date, I got a panicked call shrieking about their largest client website being down and did I have anything to do with it?!
I asked them what the hell they were talking about, they don't own a website. They never paid for any websites. I happen to own a website and I would be happy to give them access to it if they want to submit a payment.
They started to threaten legal nonsense, and how they had a "no time bombs clause in the contract."
I laughed because my contract had no such clause. If they signed such a contract with the client, that's not my problem.
I told them I wouldn't release the source files until the check cleared my bank, which could be weeks. A cashier's check arrived that morning and their source files were delivered.
By the end of it, the folks at the agency thanked me because that client wasn't planning to pay them and they hired me for other work (which, they had to prepay for).
Of course I don't know about the OP, but I'd bet the company was trying to stiff that contractor on their last check.
Mostly non-malicious example... My employer asked me to write a UI to solve a problem for a handful of people until a proper (giant ever-delayed) migration was finished. Over a couple of weeks I made it work despite not having dealt with MVVM/XAML/Whatever before and I was pretty pleased with the outcome. But it was a hacked together thing! I'm not a real dev and given that I got a promise it wouldn't get distributed.
So, you know, in the program.cs startup I checked the username vs a hardcoded list of people in the relevant teams, and if it wasn't crashed out with an error and a support email address.
About 18 months after I had moved on, I got an email with a screenshot of that error message. it would appear the Milan (something like that) office had got their hands on a copy but it just wouldn't work for them...
Trivial to undo of course, but I did enjoy the throwback!
There's a lot of things going on that lead to this.
One, the developers spend more time running this code than we do, and they have to get the program working before we can even use it. So any parts of the program that are hostile to the developers risks killing the entire project. Obfuscating the copy protection can hit a point where it makes bug fixing difficult.
Two, lack of training. If you, me, and Steve each have a bag of tricks we all use to crack games, whichever one of us figures it out gets bragging rights but the game remains cracked. Meanwhile Developer Dan has to be aware of all the tricks in all of our bags together if he wants to keep the three of us out. Only there's not three of us, there's 300. Or today, probably more like 30,000.
Three, lack of motivation, which is itself several different situations. There's a certain amount of passive aggression you can put into a feature you don't even really want to work on. You can lean into any of the other explanations to defend why your code didn't protect from cracking all that much, but it's a checkbox that's trying to prove a negative, and nobody is going to give you any credit for getting it to work right in the same way they give you credit for fixing that corner glitch that the QA people keep bitching about. Or getting that particle animation to work that makes the AOE spells look badass.
Another method (much more common for software that asks for two pieces of information, like a name and a key) is to take a memdump of the process at the "your key is invalid" dialog, find the invalid key you just typed, and hope that a valid key is somewhere nearby in memory. Unlike the assembly trick, this requires 0 programming expertise beyond the ability to type `strings` on the command line.
This works because some programs use a hashing algorithm to calculate the key based on the name, do a strcmp, and pop a messagebox if the keys don't match, without zeroizing the valid key buffer first. If the key buffers are on the stack (or if the two mallocs just happen to use the same region in memory), it is often easy to find a valid key if you know where the invalid one is.
I guess software that derives keys this way is far less common than it once was, but I know of somebody who cracked something using this method just a few years ago, so it still pops up from time to time.
When I was a child, in the 90s, I did this all of the time.
Input a unique string I could watch for, fire up SoftICE, watch for the string, and then step through until the == comparison happened, then either grab the calculated key and input it, or patch the comparison from == to != or just return true, depending on the implementation.
I did a massive crack that involved a program and it’s inf/dll hardware driver package.
Some of the most rewarding work I’ve done and also just so tedious!
Having to stop the OS like that and accidentally getting to the kernel but then not wanting to lose my position so having to hit step over and step out until just the right place… whew.
The proper thing to do is not to zeroize the correct string memory before comparing. The proper thing is to only store the hash in the binary in the first place, not the correct string. (Although having a 2nd layer of hashing before comparing might also be a good idea, and in that case you would want to zeroize the 1st hash before comparing the 2nd hash.)
mellanox switches included an executable keygen in their firmware bundle. It could be used to both generate a key (given feature set) combined with a secret, but could also be used to validate what features a given key gave you (using the secret). Hence, the secret was stored in the binary and was easily visible with strings and one could then just use the tool itself to generate keys.
A certain automation system vendor uses proper USB license dongles in their PC software but they do not do challenge-response authentication. Instead they send a hardcoded string to the dongle and compare the response against a list that contains various software feature levels.
The whole automation system including machinery costs anywhere from 200k to 1M yet Vendor™ tries to milk the customers dry with a 1.5k software license that lets you manage up to 254 physically* connected systems. I'm pretty sure the license dongle is in reality designed to prevent casual tinkering of parameters, which is something only service techs should do.
*You can circumvent this with serial-over-Ethernet converters, which has resulted in an Industrial Internet of Shit-level security nightmare as companies happily expose their systems over the internet, thinking that license dongles are a substitute for authentication.
I remember I had some demo software that could be enabled with a code. I was just curious and at the code prompt, I entered the debugger. I dumped the process space and there was a nul-terminated string of letters and numbers. I restarted the process and entered them at the prompt and voila, it was enabled.
I remember an icon editor (or something similar) for Windows 3.1, it was a shareware where you could enter a code to remove the nag screen. No crack was necessary, I basically managed to enter valid registration codes by just typing random numbers. In the end I had enough valid numbers that I could figure out the logic, it was something about the sums of digit groups.
> Many a crack back in the day was even more simple still, we'd just find and alter the right JE or JNE into a JMP and we're off to the races.
I did that with dBASE III, which used ProLok "laser protection" from Vault Corporation - a signature burned onto the diskette with a laser. Back then, I found it amazing that Ashton-Tate actually spent money to contract with a copy protection company for something that could be so easily defeated by a teenager reading assembler.
They could have easily just written the same kind of code themselves. An example of the power of marketing over substance.
I was able to replicate that protection mechanism just by scratching a diskette with a pin. The "laser" was a meaninglessly advanced-sounding solution that added no value compared to any other means of damaging a diskette.
When I was 10 or so, I "cracked" Slam! Air Hockey for Windows 3.1 by opening the exe in EDIT.COM and replacing some random binary garbage with spaces. After a few attempts, I managed to bypass the shareware dialog but also introduced some weird bugs that I don't recall the details of.
> I was able to replicate that protection mechanism just by scratching a diskette with a pin.
How did you figure out where to scratch it? Was the laser mark visible on the original disk, or did you have to read the code and orient based on the diskette's index hole?
I described two different scenarios: defeating the protection, and replicating it, e.g. to protect your own software without paying Vault for their "laser" protection.
Defeating the protection didn't involve knowing anything about the laser mark - as the comment I replied to described, it just involved changing a conditional jump to an unconditional one.
Replicating the protection involved causing minor damage on the diskette - the details don't really matter, laser, pin scratch, whatever - then formatting the disk, and registering the pattern of bad sectors created by the damage. A normal copy of the disk didn't replicate those bad sectors exactly, which made it possible to detect that the original disk was not present.
Ha! I remember disk copy programs which read these bad sector patterns and then replicated the error pattern in software (not on physical disk obviously).
Was ist ever confirmed that it was in fact a laser? I wanted to make a trivia question out of this ProLok protection, because “lasers for copy protection” sounds just weird enough to potentially be a nonsense answer without context, but I couldn’t confirm that the holes were indeed made with lasers, and not with other means.
I would guess (more or less) identically damaging multiple floppy disks in the same way would be easier with a laser than with something mechanical (e.g. a knife or a drill) (it is fairly easy to control power and duration of a burn), so it might well have been a laser.
On the other hand, disk tracks weren’t exactly tiny at that time in history.
Good question. I don't know the answer, but I'm quite certain that it didn't really matter what mechanism was used to mark a diskette. Any damage would be equally strong as a way to detect copying.
I write civil engineering software [0] and am familiar with this kind of dongle. Yes, even today there are users who want this kind of dongle instead of, say, cloud-based validation. They feel secure only if they have something tangible in hand.
Since we sold (and still sell) perpetual licenses, it becomes a problem when a dongle breaks and replacement parts are no longer available. Not all users want to upgrade. Also, you may hate cloud licensing, but it is precisely cloud licensing that makes subscriptions possible and, therefore, recurring revenue—which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Also, despite investing a lot of effort into programming the dongle, we can still usually find cracked versions floating online, even on legitimate platforms like Shopee or Lazada. You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected. It’s not as if we have the legal resources to pursue pirates.
> You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected.
I understand you might feel this way, but it seems to me customers are mostly business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability (i.e: Someone to hold liable for problems in said software.). In fact, having no copy protection would probably have saved you the problem you mentioned where a dongle breaks and replacement parts are no longer available; this is one of the talking points that anti-drm/copy protection people advocate for, software lost to time and unable to be archived when the entities who made such protections go out of business or no longer want to support older software.
> even on legitimate platforms like Shopee or Lazada.
On a slight tangent, but I personally don't find either platform legitimate (Better than say, wish[.]com or temu, but not as "legitimate" as other platforms, though I can't think of a single fully legitimate e-commerce platform). Shopee collects a ton of tracking information (Just turn on your adblocked, or inspect your network calls. It's even more than Amazon!), is full of intrusive ads, sketchy deals, and scammers. You yourself said you can easily find cracked versions of the dongle there, which doesn't speak well for the platform. And Lazada is owned by Alibaba Group, which speaks for itself. I'm not sure why consumers in South East Asian regions aren't more outspoken about this, since they seem to be the some of the more popular e-commerce platforms there.
>business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability (i.e: Someone to hold liable for problems in said software.)
This is a nice idea but the reality is that there's MANY corporate customers who are happy to get away with casual piracy. Sometimes it's a holdover from when the company was small enough that every business expense is realistically coming out of their own pocket, sometimes they're trying to obfuscate how much their department actually costs to the company at large.
You think individual consumers lie to themselves to justify software piracy? Corporate self-deception is a WHOLE new kettle of fish.
I can tell you that piracy in the corporate world was RAMPANT in the ‘90s. I made a nice sum of money back in the day as a freelance auditor for companies trying to get their legal ducks in a row. Productivity software like Lotus, WordPerfect, Word, Excel were just mass installed off one license because there was no product activation keys or any sort of license validation methods.
Dongles were pretty commonplace on your more expensive software products from mid 90s through the early 00s. If I was publishing software that was a >$1000 a license, I damn sure would have used them.
Even at a simple level, if it's between spending weeks going through purchasing or not asking too many questions and getting on with it. I can see a lot of people choosing option B.
Yeah case in point - how many people actually pay for Visual Studio? You're supposed to if you're using it for commercial purposes but I don't think I've ever seen a commercial license used (though I don't do a lot of Windows work tbf).
VS is actually one of the cheaper tools in our stack; Unity (the game engine) is probably the most expensive one at the moment, and it's going to get much more so with their recent changes to licensing structure for embedded hardware.
For anything smaller than AAA, C# is just generally much more pleasant to work in than C++. That's Unity's edge. And Godot is the "new" kid on the block
I'd agree that between Unreal and Godot, Unity doesn't look very attractive right now. But inertia will carry them for a long time
In the late 90s/early 00s, I worked at a company that bought a single license of Visual Studio + MSDN and shared it with every single employee. In those days, MSDN shipped binders full of CDs with every Microsoft product, and we had 56k modems; it was hard to pirate. I don't think that company ever seriously considered buying a license for each person. There was no copy protection so they just went nuts. That MSDN copy of Windows NT Server 4 went on our server, too.
This was true of all software they used, but MSDN was the most expensive and blatant. If it didn't have copy protection, they weren't buying more than one copy.
We were a software company. Our own software shipped with a Sentinel SuperPro protection dongle. I guess they assumed their customers were just as unscrupulous as them. Probably right.
Every employer I've worked for since then has actually purchased the proper licenses. Is it because the industry started using online activation and it wasn't so easy to copy any more? I've got a sneaky feeling.
> In the late 90s/early 00s, I worked at a company that bought a single license of Visual Studio + MSDN and shared it with every single employee.
During roughly the same time period I worked for a company with similar practices. When a director realised what was going on, and the implications for personal liability, I was given the job of physically securing the MSDN CD binder, and tracking installations.
This resulted in everyone hating me, to the extent of my having stand-up, public arguments with people who felt they absolutely needed Visual J++, or whatever. Eventually I told the business that I wasn't prepared to be their gatekeeper anymore. I suspect practices lapsed back to what they'd been before, but its been a while.
Yeah, there is a reason why Adobe, Autodesk, Oracle, IBM, etc., are notorious for weirdly draconian and idiotic-sounding licensing enforcement. Many corporate managers show very little sympathy to the concept of IP laws if they did understand superiority of laws over convenience in the first place.
> it seems to me customers are mostly business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability
Trust the people whose paychecks depend on it, it was extremely common. I knew multiple people at different companies who had endless stories about customers buying a couple of copies for a large department to “share”, and they expected the vendor to support everything because it was “business critical”. This was also a problem for things like student licenses where people would expect enterprise-level support despite the massively-discounted copy they had clearly stating it was only for educational usage.
This has a lot of negative aspects for preservation, downtime due to issues with licensing, challenges around virtualization or hardware replacement, etc. so I don’t love the situation we ended up in but it’s entirely understandable given how pervasive theft was – there were a ton of small businesses which ran entirely on bootlegged software. Software developers have high leverage but if you aren’t in a mainstream market you’re not going to get over the threshold where you’re no longer worried about making payroll.
> I understand you might feel this way, but it seems to me...
I always thought that selling B2B. Then I started checking and it was much worse than I expected. Big corporates were mostly fine but small to medium sized business were pretty bad. Also Asia was much worse than Europe and the US.
> who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves
They often need to "purchase" the license themselves in the sense of convincing someone higher up to buy it - so they're spending their time, which is still a sort of expense.
Also, piracy in companies is often just honest people who are in a bit of a hurry and need this software running on some other PC right now, or just want their colleague to give it a quick go (but then they end up using it all the time). Copy protection helps keep those honest people honest.
The honestly of clients, even businesses, is...questionable. I have an acquaintance who sells a very expensive software suite that is absolutely needed in a particular industry. Price for a perpetual license is 6 digits.
The big boys in the industry won't risk problems, and anyway, that's a small price for them. However, the many smaller companies? They may absolutely need the software, but that's a substantial price for them. If they can get a cracked version online, they do.
And the cracked versions? They are made by companies out of legal reach: Russia, Belarus, Pakistan, India. They crack the software, and either put it online for free, or even have the cheek to sell it for a reduced price.
I've told my friend/acquaintance that he really needs to put the software in the cloud, accessible only via browser. However, this would be a massive undertaking, so he hasn't done it (yet).
You’re using “spare” incorrectly. It means to avoid. “Spare the expense” means to avoid having to pay for the license. Which seems to be the opposite of what you are saying.
“Spare the money” is probably what you mean. That is to part with the money, to avoid having it, for example by spending it. Or by giving it away - As in “can you spare a dime.” The is the inverse of sparing the expense, just as an expense is the inverse of money.
> Yes, even today there are users who want this kind of dongle instead of, say, cloud-based validation. They feel secure only if they have something tangible in hand.
In my experience this continues to this day due to people who require drawing on air-gapped computers, because the drawings/simulations they work on are highly sensitive (nuclear, military, and other sensitive infrastructure).
But I'm sure there are also old-fashioned people who like the portability/sovereignty of not having to rely on a third-party license server as you suggest.
Hardware dongles are incredibly rare now. Even on airgapped machines, you'll see a local Flex license server running. This is especially true when you have a small network of multiple machines that may require the use of a network license. Dongles are just too delicate, they get lost or break. Or you end up with overzealous security software that decides to block anything that isn't a mouse or keyboard. There are plenty of modern day solutions for a transferable license.
In my small corner of technology (AV) I regularly use three products with physical USB license keys: Crestron VC-4, Scala Digital Signage, and Dataton Watchout. Two of them have a "virtual license key" option that costs extra, intended for use with a VM. I wish they were more rare...
> from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Why should users upgrade or keep paying you when they already bought what they need and don't need anything else?
1. Physical dongle tends to break, and when it does, they expect us to give them replacing parts
2. They do expect bug fixes-- especially calculation bug fixes-- as the bugs are discovered. It's hard to leave their production critical apps broken like that once you know that the bugs can cause monetary or even life loss.
> They do expect bug fixes-- especially calculation bug fixes-- as the bugs are discovered.
Maybe I'm the weird one to expect reasonably bug-free software, and if a bug is found, an eventual bugfix "for free"? ESPECIALLY if they cause monetary or life loss!
A bug means the developer did not do their job. Let's not pretend this is OK.
Wanting to say in business makes sense, bug fixes make sense.
But the actual dongle... look, something like that should have a 30+ year warranty. There should be a plan for how to replace it a couple times before making the initial sale.
They actually have this solved with iLok... You can move the license to new dongles at will. And they have a relatively inexpensive annual service where they'll issue you temporary licenses for what was on the ilok while you ship it back the defective dongle to them. Mostly used for DAW software and plugins, but apparently a few other things have used it for licensing.
Honestly, if they never need anything more from the developer, a perpetual license and never spending another dime seems fine. However, in modern times, OS vendors (especially one named after fruit) tend to break a ton of APIs and change rules with every "major release," meaning developers have to invest a ton of effort to at minimum meet all those new requirements every year (!) or else the app will at best look out of place, more likely look totally screwed up and exhibit sudden "bugs" due to the unexpected OS changes, or at worst, crash.
Then users are suddenly all over the developer to provide an update "so I can use this on Tahoe" or whatever, and unless the application is in its honeymoon period where new sales suffice to keep money flowing, the developer is gonna need recurring revenue in order to do recurring development.
Right, but then you're providing tangible value to the customer and thus it's warranted to charge again.
The fairest thing to do is when a customer buys the software, they're entitled to that exact version forever. Or maybe 1 year of updates and bug fixes if you're feeling nice. If they want the next version that supports the next OS, it's fair to charge some more.
This what IntelliJ does. When I buy their IDE I can use it forever, and then they offer discounts for renewing. Pricing seems reasonable even though I'm currently generating $0 from my software development so I keep paying.
> Why should users upgrade or keep paying you when they already bought what they need and don't need anything else?
Because things evolve and inevitably, hardware dies, and you can't get a replacement.
With an old "dumb" piece of machinery, when something breaks you can either repair the broken part itself (i.e. weld it back together, re-wind motor coils), make a new part from scratch, have a new part be made from scratch by a machining shop, or you adapt a new but not-fitting part. It can be a shitload of work, but theoretically, there is no limits.
With anything involving electronics - ranging from very simple circuitry to highly complex computer controls - the situation is much, much different. With stuff based on "common" technology, aka a good old x86 computer with RS232/DB25 interfaces, virtualization plus an I/O board can go a long way ensuring at least the hardware doesn't die, but if it's anything based on, say, Windows CE and an old Hitachi CPU? Good fucking luck - either you find a donor machine or you have to recreate it, and good luck doing that without spec sheets detailing what exactly needs to be done in which timings for a specific action in the machine. If you're in really bad luck, even the manufacturer doesn't have the records any more, or the manufacturer has long since gone out of business (e.g. during the dotcom era crash).
And for stuff that's purely software... well, eventually you will not find people experienced enough to troubleshoot and fix issues, or make sure the software runs after any sort of change.
I use one engineering app that has a "soft" license. It has a lot of failure modes, all of which are essentially administrative not technological. A fair number of departments have to work together: IT, purchasing, and accounts payable (in case the company is on credit hold for non-payment of a previous license renewal) across multiple corporate divisions. It can eat up a few days of my life, and sometimes I lose access to the software for a few days.
The IT department restructures the license server or it goes down.
The vendor changes their license technology every few years.
If you have a physical dongle, the vendor will beg you to send it in and receive a soft license. The few remaining users with dongles refuse. The hardware is more reliable.
We use Flex license server for so many pieces of software. It works well as long as everything is up and running. Several years ago, we merged with another company and slowly began to consolidate IT infrastructure. The license server was moved many times without giving proper notification to users until it eventually settled at the main DC we use. Then came the issue of renewing the license. Previously, license renewal was managed at the department level which means the users only need to go to their boss if there's an issue and only had to send one email to our local IT to apply a new license. Funding for licenses came out of a special budget so department heads didn't have to beg. Very simple and it worked fine for years. Now, everything is centralized which sounds great except that the people that manage the license server are so far removed from where we are that it can take months for a license renewal. You're not talking to people you have an email address for, you're submitting tickets to our central system where they forward it onto the license group somewhere. It used to be incredibly painful but has gotten better now that the license group is more aware of the entire division of employees that now require their services too.
With the low cost & power of modern microcontrollers, instead of having the dongle act purely for licensing purposes you could offload some of your "secret sauce" to it (I assume your software does a lot of calculations with some hardcoded, industry-specific constants). This makes it somewhat crack-proof because cracking it would involve replicating your secret sauce - at which point they may as well just make and sell their own software instead of distributing cracks.
My dad used to use this kind of dongle for a civil engineering program called 'Cosmos'. Just wild to see it, it was so annoying to because sometimes it would simply not be detected on our 80386.
> which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade
This take is diametrically opposite to what end users need. In a world where "if it ain't broke, don't fix it" is perfectly fine for the end user, buying a one off license for a software seems much more sane then SaaS. SaaS is like a plague for end users.
I don't condone piracy, but I also don't condone SaaS.
In a perfect world, I would have agreed with you, even if it's diametrically opposite to my interest as a software developer cum business owner.
But in an imperfect world whereby our dependencies ( software components that we use) and platforms that we need to build/rely on ( like Civil 3D) do charge us on annual basis, and that some of users expect perpetual bug fixes from us, with or without a support contract of sorts, SaaS seems to only way to go for our sustainability.
There's gotta be better middle ground. Release something polished and only fix major bugs/vulnerabilities for free (because that's a liability). Minor bugs are accepted for a one off cost (I'm still using Microsoft 2016, e.g.).
We've all got to push back against these bloated saas models that don't bring tangible benefits to end users and serve only to pad company valuations. Make new versions of your software with features meaningful enough to encourage people to upgrade and outline support periods for existing software sales after they buy a one-time license. There's gotta be a better way. For everyone (except big tech CEOs).
Just charge for support, or if that is too harsh. If that is too harsh, charge for upgrades (but give point/minor bug fixes for the version they have for free).
This sounds good, but in the real world it leads to massively upset customers.
The problem exists from both sides of the coin. Firstly the bulk of customers don't purchase a support contract. So there is very little income to pay staff. So the "support" department has very few people. They're also not very good because low wages means staff turnover.
Then Betty phones with a problem. Significant time is spent explaining to Betty that we can't help her because she (or more accurately her company) doesn't have a contract. She's fighting back because an annual contract seems a lot for this piddly question. Plus to procure the contract will take days (or weeks or months) on her side. And it's not I any budget, making things harder. Betty is very unhappy.
The junior tech doesn't want to be an arsehole and it's a trivial question, and is stuck in the middle.
We switched to a SaaS model in 2011. Users fell over themselves thanking us. They don't have to justify it to procurement. The amount can be budgeted for. No sudden upgrade or support fees. Users get support when they need it. The support department is funded and pays well, resulting in low staff turnover, and consequently better service.
Plus, new sales can stop tomorrow and service continues. Funding for support remains even if sales saturate the market.
Consumers may dislike SaaS, but for business, it absolutely matches their model, provides predictability, and allows for great service, which results in happy Users.
> We switched to a SaaS model in 2011. Users fell over themselves thanking us. They don't have to justify it to procurement.
In the companies I've worked for so far since SaaS became a thing you absolutely need to go through procurement for a big enough purchase. You actually need to negotiate the contract each time it expires, which is IMO more burden on the end user than buying a one-off license.
> I don't condone piracy, but I also don't condone SaaS.
What's wrong with SaaS?
If we didn't sell our desktop software to ~1000 companies as a SaaS then few would afford it. We could sell one-off/perpetual licenses for maybe $1M but only our biggest customers would manage that expense, while smaller competitors would not. And if that means we sold only 300 licenses, then the price would be even higher because the number of licenses sold would be even smaller. The SaaS is basically what the customers ask for. They can cancel and switch to competing software when they want to. In fact, customers who use the software rarely feel the SaaS yearly cost is too high so ask for even more SaaS-y functionality such as paying by minute of use or per specific action like "run simulation", instead of having a yearly subscription. Because they might just use it a few days per year so they feel that (say) $10/yr is too much.
> "if it ain't broke, don't fix it" is perfectly fine for the end user
That's okay, but in say, 2 years when Mac OS 28 completely bricks the app, the developer will not be there to give you an updated one (even if you're willing to pay), since most of the addressible market already bought the app in 2025, and after 2 years with almost no revenue, the developer stopped working on it, deleted the repo and moved onto another project. The developer can't even rely on a future OS update "encouraging" people to buy "App (N+1)" since it might be "ain't broke" for 1 year, or for 5.
The point of a subscription is not to rip you off, it's to acknowledge a few realities:
1. For reasons beyond developers' control, platform vendors do not provide a "permanent" platform, but a shifting one without any long-term guarantees. You can put a 100-year certificate into your app, but the OS vendor might decide that only certs with expiration less than 45 days are okay and your app no longer works unless you're around to (A) keep abreast of the platform's rules and changes, and (B) ship an update.
2. Many software offerings need to provide a server-side component, which is never a one-time cost.
3. Relying on upgrade purchases to sustain a product gives developers perverse incentives to shove a ton of new features just to be able to pitch "Upgrade to Appitron 2!" with a ton of bullet points, whereas subscription pricing incentivizes them simply to keep users loving the app forever, including adopting new technologies but also just improving the core experience.
Due to 1 and 2, it makes sense to let users who stop using the program after a short time pay very little, and to let users who rely on the continued operation of the program, pay a little bit each year, instead of paying $500 once and using it for a few years, and maybe upgrading for $250.
If a user gets ongoing value from software it makes sense for them to be willing to pay ongoing for that value. What users need is that the value they get from a product is more than the money they are trading for it. A one off license would be the result of a race to the bottom due to competition.
Because I ate food each day between 1 July 2013 – 31 July 2013, I didn't starve and die. I am receiving ongoing benefit from not being dead. Should I continue paying for all that food?
No, since that food no longer exists. There's nothing the food creator can do. They can't cause it to spoil after you ate it. The massive benefit of not dying allows the price ceiling of food to be very high. But within society there is a lot of competition for nutrients which prevents food from reaching such heights.
If I get ongoing value from my fully paid off car, should I keep paying the OEM? How about my house or my bike or my shoes? My toilet (huge ROI on this one)? My fridge?? Why do we feel that software gets to impose this ridiculous SaaS model? The only real answer is "because they can", not because it's helping anyone.
Reality is that many modern software developments have plenty in common with designing a toilet. You spend time identifying the problem statement, how you can differentiate yourself, prototype it, work out the bugs, ship the final product, and let sales teams move the product. The difference is the toilet can't be turned into a SaaS (yet) and, if it ever could, that would break functionality because you're supposed to poop in it, not have it poop on you.
The funny thing is SAAS frequently provides less value because of automatic updates. If your toilet could change its shape at a moment's notice because of some study on a sample of people who are entirely unlike you or even just because some random PM wanted a promotion, and you could not stop it from doing so, it would be incredibly obvious how bad that was. Yet many people in the software field try to convince users that mandatory automatic updates on their devices are a good thing.
Seriously, I have a house full of appliances, tools, clothing, and so on, that I get "ongoing value" from and whose manufacturers don't have the gall to try to charge me monthly for. Totally unacceptable business model.
If you were given the choice of buying a fridge for $0 and paying $10/mo for using it, or paying $1k and $0/mo those are both entirely valid pricing models. If you are a homeowner you probably don't want the hassle of managing subscriptions but if you are starting a business where you need fridges but don't have a lot of capital it might be worth looking into. It's basically just financing + service etc.
As long as no one expects updates and ongoing support beyond some pre-agreed time.
The issue is a mismatch of incentives - customers wanting things for free - even if they aren’t actually customers. Vs businesses need/want for ongoing revenue (ideally for free too!).
Both sides are never going to be perfectly happy, but there are reasonable compromises. There are also extractive abusive psychos, of course.
There was a comment here recently — someone complained that SoundCloud doesn't treat "former paying customers" well. This complainant was a "former paying customer".
Free customers can store 3 hours of sound. This former paying customer had more than 3 hours of sound stored.
The comment said SoundCloud was a terrible company holding their data hostage, by not letting them do anything with it except delete things to get it under 3 hours, and threatening to delete all of it if they didn't.
I think it would be fair to keep paying for a car, house, bike, shoes, toilet, and fridge. If I'm still using such great products, why not reward the creators of them. But as a consumer I am also price conscious so if a competitor can offer an equivalent product for cheaper I will go with them.
There are arrangements where you continue to pay for cars and houses without owning them. They're called leases and rental agreements. They typically cost a lot less for the consumer than outright purchases and at the conclusion of the lease/rental term the consumer is free to return the car/house to its owner without compensation for depreciation or wear & tear (though car leases usually impose mileage restrictions and routine maintenance requirements).
Rental cars and houses do exist, but you could still have fully owned cars and houses whose doors lock without paying a subscription. It doesn't have to be the full thing either. Certain tiers could disable only air conditioning for example.
This is happening right now with cars. Regular payments or some features on the car you bought outright stop working.
Mercedes restricts the performance of some cars if you don't pay $1200 a year for the “Acceleration Increase”. You have to pay more if you want to use the power you already paid for.
BMW offer heated seats for £10 a month. The car has heated seats that work fine, and you paid for the hardware already, but they are turned off if you don't pay more.
Neither of these are anything to do with ongoing costs to the company, like support or mobile connection, they just want ongoing revenue.
If I have "Ajax" brand leather shoes sown by an East Asian sweatshop worker, who is the "creator" of the shoes, for purposes of benefiting from this system?
We are agreed that the company "Ajax" is not a creator, yes? Companies don't create - people create. Patented inventions are created by people, though patent ownership may be transferred to companies.
So does the monthly fee go to the skilled laborer who sewed the pieces together to give the final form? And also the laborers who turned cow hide into leather? As well as everyone involved in the shoe design? Does it also pass to their inheritors? For how long?
The house I owned was built in the 1950s by a local construction firm which is still around. There were several owners before me, including ones who remodeled and renovated it. Do all of them get part of my monthly fee? Or does it go to the woodworkers and plumbers and other builders who did the actual work?
I have books in my personal collection from authors who died decades ago. How do I reward Robert Heinlein in this "keep paying" scheme? Some of these books I bought used, so neither Heinlein nor his estate ever got a penny from me.
But that's fine, as the price point for the original sale already factored in the effect of the First Sale Doctrine.
Just like how the price of a car, house, bike, shows, etc. already factors in the reward for everyone involved, without needed an entirely new system to determine who the "creators" are, and how they get paid monthly.
And that's all assuming the fee distribution system itself is fair. We need only look to academic publishing to see unfair things can be once a system is entrenched.
The problem seems the sales model rather than the dongle:
1) a hardware and software solution implies that hardware will stop working at some point. Customers should understand it
2) you could sell them a new dongle every time support contract ends which is what I’ve experienced with Xways as an example. Even if you’re air gapped once a year usage data upload and new dongle seems fine.
3) why should users receive free upgrades and bug fixes? No software is bug free.
Finally there are several brand protection shops that fight fakes and work well with Shopee, Lazada, Facebook etc. It’s not five dollars but they will take these down effectively
The model you are referring to works fine when the industry is expanding and/or legal entities turn over eventually.
Which is not uncommon.
It’s also one that is typically pretty good for customers that like to do an investment and then continue to reap benefits from it. The capitalization model.
The ‘lease’ model (SaaS) is good for customers with highly variable licensing/software needs or that expect extremely high turnover, and prefer to see these costs as, essentially ‘cost of production’. The cash flow model. It does require a lot of trust, however, that when the lease comes up for renewal the fees won’t be usurious.
Neither is necessarily wrong. A whole lot of folks are starting to realize the downsides of expenses coming out of cashflow though! And losing a lot of trust.
> For some reason, Reko was not able to decompile this code into a C representation, but it still produced a disassembly, which will work just fine for our purposes.
Perhaps an indication that the code in that segment was hand-written in assembly language rather than C?
I did something similar decades ago: ran on debug with and without the dongle, then compared the execution path to identify where exactly it deviated.
Then replaced the "jump" with "nop" to prevent it from branching out when the dongle was absent.
This was with an early version of Visual C++ and I knew only a little 8086 Assembly.
Yeah, Software protection was very naive in the beginning. Fun fact: I owned a windows 3.11 for workgroup UPGRADE disc collection, it was clearly explained and also enforced from the setup installer. So, no previous installed win 3.0 == upgrade installer will fail. The fix: just create an empty Textfile named win.com at any place - the installer simple scans the WHOLE disk just for this existing filename. Next fun fact: in reality, the Upgrade contained the full installation, no only a delta. Men, software was so simple these days....
I have a childhood memory of my dad buying a shrink-wrapped copy of the Windows 3.1 Upgrade that was supposed to allow any installation of "3.0 or earlier" to become Win 3.1. it turned out when we actually tried it it only accepted 3.x though. [1]
I think he ended up pirating a 3.x install from a friend and running the upgrade on to of that; felt pretty morally clear given what the box had advertised.
> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number?
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
Audience matters. Something intended to stop legitimate business consumers in a non tech industry requires substantially less sophistication than something built to withstand professional reverse engineers.
And often they’re there so no one can plausibly say they didn’t know what they were doing or stumbled into it accidentally. You can’t “accidentally” go through a door with a padlock on it.
I’d guess it’s something similar with this dongle. You can’t “accidentally” run the software without the dongle.
Copy protection was also generally less robust for educational software, since it sold to generally law-abiding folks (parents, educators, etc.). Never saw Rapidlok or V-MAX! used for educational software on the Commodore 64, for example.
The tool of choice back then was SoftICE and it would have been trivial to trap even bios level LPT access.
More to the point the guy didn't even open the dongle, which in all likelihood was a simple set of logic gates in this case.
I'm assuming he did have a careful look at the caller to the function because his reasoning that the communicating function took no inputs is faulty.
What if the hardware has a LFSR in it and returns changing responses, and the caller can check them with a verify function else where that maintains a state and knows to expect the next in the sequence?
We have far better tools today for sure, but we understood the system better back then. The right tool is sometimes better than a sharper tool as they say.
Edit : I should add I'm aware it's very likely the actual reversing involved more steps and checks than Dimitrys blog which is narrowed to what worked.
In fairness, the decompiler didn't work on the protection method :)
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
I still develop software requiring hardware dongles. We moved from parallel to USB-A about 15 years ago and we're still on USB-A, much to the annoyance of anyone who has bought a new laptop in recent years.
The crack is a little bit harder these days as there is a special compiler that encrypts the binary using an on-dongle key, decrypting it after it's loaded.
A big reason for the dongle is to regionally control features (e.g. users in country A must not have feature X but users in country B should) and able to "expire" offline desktop software.
Plenty of low-volume industrial software has never really moved on from security dongles. Most modern arcade games for instance still rely on a USB dongle to decrypt game files [1], though nowadays they typically also come with an additional layer of TPM-backed encryption as well as always online DRM (many of them are region locked and operate on a revenue share contract, where the owner has to pay a per-play fee to the game manufacturer).
These measures typically work well against piracy in the markets the game is officially distributed in (mainly Japan), but end up being cracked anyway once the game is popular enough that foreign arcades and private owners start importing older decommissioned cabinets and create demand for a way to get them running again without depending on the manufacturer's servers.
Kind of related: I own and still use an HP laptop that came with 8 GB of DDR4 SDRAM and 16 GB of Intel Optane memory. When MS told all of us that Win 10 was moving away from support, I decided to format and install Ubuntu. I have lots of experience with Linux, so it was gonna be a piece of cake.
Wrong! To my great surprise Linux wouldn't load, even after trying three different versions of Linux. After doing a massive search on the internet, I finally found a post that said I should crack open the case and remove the Optane chip, which I did. Presto, Linux was loaded and working fine!
Back when I was a kid in the 80's. I cracked one of the Ultima games. I had it on my hard drive and didn't want to stick a floppy in every time I ran it.
The code decrypted itself, which confused debuggers, and then loaded a special sector from disk. It was a small sector buried in the payload of a larger sector, so the track was too big to copy with standard tools. The data in the sector was just the start address of the program. My fix was to change executable header to point to the correct start address.
my story of this is Atari Macro Assembler. The floppy had a specific sector that was damaged, and the loader would test this sector to ensure it was in fact damaged. this was obvious becuase whenever loading the floppy, you had to wait for one of those big "BZZT....BZZT" things where the 810 drive was trying to access a bad sector and giving up. I was able to disassemble maybe the first 30 bytes of the boot to see it checking this and doing the jmp. I just overwrote it with a single jmp and got not just a copy but much faster loading without the BZZTBZZT part.
Very cool to read an article about windows 95 still being used in production - a nice contrast to the infinite AI hype cycle over everything.
Tech may move fast in flashy areas but not in the more "boring" parts of the industry.
I knew of a Windows 95 host running virtualized in a corp environment until at least 2014 or so. It was surprisingly sturdy, I only had to remote into it once or twice when the old software it was running hung up on something. It was old medical software and we apparently had a couple clients still interfaced to it.
Ya, RPG assumed character based IO so probably a safe bet that they just ported stuff that ran on IBM character based terminals and just made it run in DOS. (I worked in RPG in the 80's)
Yes certain software for Canadian made nuclear power plants, comes to mind. Was a post on the VCF forums about a job listing that required PDP-11 knowledge.
At a time where games have shit like always online DRM, it's a bit reassuring to remember that software developers making the experience worse for their customers isn't new.
You pay for software? You need to keep that big dongle plugged in your computer all the time! You pirate the same software? No need for any dongle!
I worked in a research lab that had dongle protected software and it achieved its commercial purpose. It was installed on every computer but would only work with the dongle. Eventually people started fighting over the dongle so much that we got another license (and dongle).
USB license dongles are still very common in industrial automation, I work for a company that uses it. You don't want an internet outage (or an AWS outage) to take down a production line for a day. You also expect to set up a system once and then have it just work for a decade or so.
In our case, the copy protection would still be as easy to bypass as the one in the article.
UnRaid does a variant of this; license is tied to the serial of the USB drive. It barely writes to the drive, so wear isn't meant to be much of an issue.
The company i work at has the same problem. We have some old mission-critical windows 2000 pc that runs the rpg compiler, with attached dongle. This gave me some clues on where to start - thanks author!
I was hired in the early 90's by a collection of franchises for a home care company. The privately owned head office self-developed and distributed required monthly updates to the only software franchises were permitted to run their business. The monthly updates (floppies) reset the license for another month at each location. After years of problems, poor support, and in a couple cases offices getting shut down because head office just "didn't like them anymore", they banded together to sue the owners (one of which developed the software). I did IT work for a couple of the offices and was already familiar with maintaining the software / systems. They hired me to bypass the licensing code which was a lot of fun to figure out. In the end I wrote a DOS based license generator each office had that could update their software by just getting a code over the phone for the upcoming month (or any date for 365 days). A few years later once the lawsuit settled and the company broke apart we issued a patch for the software to remove the license check completely. I should fire up DOSBox sometime so I can play with that old software again.
Of course it used to be simple in the earlier days. It got way better and fast with HASP and alike in the mid 90’s. I specifically remember software that kept a portion of its data in the dongle memory with good anti-debugging techniques too. But even the hardest protection would take a week to break at most.
Out of curiosity googled for Sentinel (which was one of the other dongles back then), seems somebody is now providing a bypass/emulation service: https://sentineldongle.com/
(not affiliated with this, just googled Sentinel like 5 minutes ago and this showed up).
Tell that to the crackers who worked for over a year to simulate a social network in order to finally crack the game Red Dead Redemption 2, which had a very custom game protection implemented by Rockstar. Also to this day there is no crack to Diablo 3, famous for being single player but with online verification. You can create very hard to crack protections quite easy if you employ self-modifying code techniques. Do you have any idea how hard is to debug code that overwrites itself in memory and that cannot be patched by modifying the existing code from disk? The reason why this is not more common is because the more iterations you do, the harder is to create those iterations, which means you add a lot of time to create the protection which means that you need to have a finished code, and code is always modified by production team, so managers see this overtime unnecessary.
The real reason is that executable modifying its own code is often flagged by AV, or the OS itself, as an "insecure" activity. Since self-modification is used in attacks and exploits, good protections rarely use it now. It's impossible to use codesigns with self-modified code.
Looking into Issues, reading 48 and just scrolling at beginning: "Local and LAN systems talk, but will not authenticate" / "Multiplayer Game Problem" / "cannot restore DB" / "Items stats do not reflect the game class"...etc, just to name a few.
Yeah, I really like to get frustration when I am gaming due to unsupported and canceled project /s
> If we look at segment 0800, we see the smoking gun: in and out instructions, meaning that the copy-protection routine is definitely here, and best of all, the entire code segment is a mere 0x90 bytes, which suggests that the entire routine should be pretty easy to unravel and understand. For some reason, Reko was not able to decompile this code into a C representation, but it still produced a disassembly, which will work just fine for our purposes. Maybe this was a primitive form of obfuscation from those early days, which is now confusing Reko and preventing it from associating this chunk of code with the rest of the program… who knows.
in/out instructions wouldn't have a C equivalent. My assumption would be it only translates instructions that a C compiler would typically create.
I would still hope for it to translate most of the code with a couple of asm blocks. But maybe the density of them was too high and some heuristic decided against it?
For some reason, Reko was not able to decompile this code into a C representation
That's likely because it's one of those (of which many existed) which attempt to dumbly pattern-match against what a typical C compiler of the time (with equally dumb and extremely inefficient code generation) would do, but that routine clearly looks like handwritten Asm. I've never seen a C compiler from that era generate a LOOP instruction, for example, and of course "cli" nor the I/O instructions are not expressable except perhaps as intrinsics. Ghidra might be a bit better at this, as it's a generalised decompiler.
In fact, when the compiler (RPGC.EXE) compiles some RPG source code, it seems to copy the parallel port routine from itself into the compiled program.
This reminds me of the classic Ken Thompson attack.
The fact that the software and hardware is evidently still in use at some companies gives me pause about whether releasing it in a cracked form publicly after having published it on a personal website would be a good idea.
Software companies love to milk enterprises for all their worth, because they're the entities who will pay the most amount of money if it means that the software they use can still work - and a big part of how they do this is via vendor lock-in. We can see in this article that this company was still using Windows 98 - they're clearly locked-in!
All of which is to say that this intellectual property might actually still be owned by a company who'll be able to sue.
If you haven't already checked whether the patent and other intellectual property is still owned by any company, OP, I would strongly suggest doing so first.
Another poster found grabs of the company's website on archive.org. The last date it existed to be grabbed was in 2001. I think the OP is fine on this one.
Other than that, there's virtually no mention of the company or software anywhere online. Just to put that in context, I'm in the vintage computer / software community where thousands of amateur historians and archivists scour obscure corners looking for old, unknown software apps to preserve. Software sold for Windows 98 up to 2001 (so recent as to barely be considered 'vintage') with so little online footprint means it must have been incredibly obscure. No ads or reviews from magazines or even newsletters means there's a good chance it was a one or two person part-time, home-based business and the product had hundreds or maybe even just dozens of users.
1998-2001 was the hottest time ever for PC software. I worked in marketing Windows software during this period. To have any commercial Windows software product actively available for sale in the late 90s with no surviving footprint would almost require intentional effort to stay unknown. No press releases mailed. No review copies sent. No shows or conferences attended (exhibitor listings are searchable online now). There were much older niche vertical software programs for much more obscure platforms which we know sold less than a hundred copies ever, yet still have a larger online footprint than this program. The OP de-protecting and archiving this previously unknown commercial program represents quite a notable find in the preservation community.
They could have been bought by a bigger company. You never know until you get sued. If the copyright isn't registered, and often even if it is, there's no way to know who owns it now.
If you're legally daring, and you get sued, you can try to force them to prove they own the copyright. There's often not enough documentation of this sort of thing. People have gotten away with not paying their car loans because after several loan sales and company mergers, the company that owns it can't prove they do, so effectively nobody owns it and it doesn't exist.
Is defeating a 40-year-old copy protection mechanism still illegal under Section 1201 of the DMCA, or have they changed the law to make an exception for "very old" software?
Once it hits 70 years from the lifetime of the author (so probably another 80 or 90 years from now) and is in public domain, that might change things since there will no longer be copyright being protected.
In terms of copyright terms, this software is still pretty young, not even halfway to public domain. It's disrespectful to call it "very old".
> I must say, this copy protection mechanism seems a bit… simplistic? A hardware dongle that just passes back a constant number? Defeatable with a four-byte patch?
Nowadays we don't bother with copyright protection other than a license key, because we know enterprises generally will pay their bills if you put up any indication at all that a bill is required to be paid.
I mean, we used to turn single-sided 5 1/4" disks for the C64 into double-sided disks through the use of cutting-edge technology. Literally. I was fancy and got a $5 hole punch built for the job, but scissors worked too. Fast Hack'em may still be my favorite piece of software ever.
This takes me back. There exist emulators for these dongles as well, you run the a dumper with the dongle attached and load the program and it makes a dump file which you then use in the emulator.
I had to do this for a company so they could continue to use their old specialised Win98 software on modern computers using Dosbox and an emulator.
It is interesting that the vendor adapts the hardware token and then makes it weak on the software side.
I recently did similar thing for the FineReader 6 using a hardware dongle [0]. It was surprisingly easy, no disassembly at all, just injecting srand(0) and a hardcoding the responses from the dongle. I had no prior reverse-engineering experience at all.
I wrote RPG II code in the 80s and helped the company I was working part-time for transition to another one of these S/36 emulation environments on the PC in the 90s. The software we used was made by the very generically named California Software Products.
It worked well enough and allowed the company to run until the founder retired and folded the business.
Tangential to this was the existence of California Software Product's "Baby/36" software. My father was a 36/400 programmer and sysadmin, and in his spare time used Baby/36 to write software for local businesses. I have vague memories of parallel port dongles being involved back then too. Don't think he mandated their use, was more a "framework" requirement.
Just a few months back I worked in embedded development on a project and there was a physical dongle to unlock the compiler, which was surprising during on-boarding as I've spent years doing commercial embedded work relying on GCC. :)
well done.
this brought up fond memories of crackme communities in the early web... looking at asm callgraphs in ollydbg ...
I just found my +20y old patch.exe that 'NOP's the correct address of a popular windows archive handling software just to get rid of its nag screen ;-)
>The only evidence for the existence of this company is this record of them exhibiting their wares at SIGGRAPH conferences in the early 1990s, as well as several patents issued to them, relating to software protection.
There is also their webpage for ordering PC RPG II. The company address is a residential house.
Apparently there is a Noel Vasquez, now in his late 80s, living at that address. Might be the guy to contact for further information, if he's still around.
I think I remember hacking some of the copy-protection out of a version of Tetris using the Borland debugger. I definitely patched mouse support into a Chris Crawford "Battle of the Bulge" game using it (for my rather tricky platform). That was a good debugger, and probably the last one I have used much - prefer logging/printing for stuff I write myself.
I remember my Dragon 32 (6809, Color Computer clone) had a dongle you plugged into the joystick port to protect a really crap game - Jumping Knights? I never tried to defeat it.
General Availability
02-Nov-1981 , 281-999
No longer available for order, Withdrawn from Market
05-Dec-2022 , 922-053
Transition to Extended/Sustained or End of Support
30-Sep-2023 , 922-078
Completion of Extended, Sustained, Extension availability
30-Sep-2023
1981 to 2023 is a staggering run of support. That's why firms still buy IBM.
I remember reading an ad in one of the 90s PC magazines that attributed the dongle to an inventor named “Don Gull.” I was fortunate enough to never have to use a hardware dongle, but I remember hearing about their persistence into the twenty-first century. I would imagine that most of them were as ridiculously simple as this one was.
wow, the home accountant is basically the great-grandfather of everything we do in modern financial and actuarial modeling. dmitry's breakdown is like digital archeology.
it’s wild to think about the hardware risk people used to accept putting your entire household's financial history on a system that bricks itself the second a 40-year-old plastic dongle fails. really great read.
Yes, a neat follow-up would be to clone the copy protection device with a cheap microcontroller. A lot of these devices were filled with epoxy, but it would be funny to find out these were all just 1Kbit EEPROMs. Such an article could give some background on parallel port communication, EEPROMs, and how regular printer data was passed through.
So what hardware would be inside the dongle? Would a small PAL be enough? 22V10? Maybe use a few registers to delay the values written by a few cycles, mixing in some decode logic? (Something cheaper than a microcontroller, I'm guessing... due to cost)
I designed a security dongle a long time ago ... Used properly, it did rotations and XORs like a CRC. You could definitely make it hard to defeat but it was still ultimately deterministic.
I always thought the internals were encased in potting compound for these things to prevent exactly this scenario (certainly the ones I had for LightWave back in the day were)...
Today on "Hacker" News: a third of the commenters wring their hands and question the morality and legality of subverting copy protection on software almost half a century old.
To be fair, I might question the legality of it, although from a purely academic perspective. Like, exactly how illegal could it be, and are there any possible paths of it actually being enforced? That’s an interesting conversation to have.
In practice, I couldn’t care less and it’s obviously morally OK.
>Very importantly, there doesn’t seem to be any “input” into this routine. It doesn’t pop anything from the stack, nor does it care about any register values passed into it. Which can only mean that the result of this routine is completely constant!
This is not necessarily a fair assumption (though it worked this time). It could be some sort of a rolling code, where the reply is not constant but changes, and remains verifiable. Example: garge door openers have no input from the garage, but the sent signal differs every button click, and the garage can verify its correctness
This is circumventing an effective copy protection measure, a federal crime under 17 U.S.C. section 1201. I see the developer is from Boston, so falls under U.S. jurisdiction and thus has committed a felony under U.S. federal law.
Why wasn't (isn't) this more widely used? It was clearly more effective than a cdkey.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
Dongles were extremely widely used in the 1990s and early 2000s; for anything more advanced than consumer software you'd almost expect them? Almost every DAW, video editor, high-end compiler, engineering/CAD package, or 3D suite used them, certainly.
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
> I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion ...
Starting in '97 I worked on some software that used Elan License Manager (elmd) that then moved on to FlexLM in a major release.
Requests for, and problems with, licensing were a considerable source of support tickets but I'm sure it also drove a reasonable amount of sales as customers wanted to play with component X but were prevented from doing so by a lack of license.
When we were acquired by IBM we replaced the licensing code with lawyers and (threats of) audits. It didn't seem to harm the revenue. The product is still being maintained and sold.
> ... if you could reverse one you could reverse the other.
I can confirm it was quite easy with gdb to either skip past the license checks or, in the case of Elan licensing at least, call the license generation function from within the binary to generate whatever licenses for whatever features you liked.
The "hardware identifiers" were a nightmare too. I ended up writing some code that would pull all of the necessary information (primary MAC, IP address, hostid for Sparc machines, hostname, etc) and give it to us in a base64 encoded blob, we also grabbed some CPU and memory information that proved quite useful in seeing how the software was deployed.
Having to put a physical device on your parallel port at the back of the computer is kind of annoying, especially if every software you use has one.
More common for games was to use the media itself for copy protection, using a variety of tricks to make copy more difficult. Other techniques involve printing some keys you have to enter using colors that don't render well in photocopies, or have you look at words a certain page of a thick user manual, the idea being that it is more expensive to go through the effort of copying this material than to buy the software legally.
One of my favorite is from Microprose games, for which the manual was a pretty good reference book on the subject of the game, that alone is worth buying. And the copy protection is about asking you about information contained in the book, for example, it may be some detail about a particular plane in a flight simulator, which means that a way to bypass copy protection is simply to be knowledgeable about planes!
Dongles were common, but mostly for expensive enterprise software. Also, dongles don't make cracking harder compared to all the other techniques, so for popular consumer software like games, it is likely to be a lot of inconvenience and a waste of money for limited results.
Partly it was an anti-Wobbler thing. Someone in America or somewhere thought it was real clever to make the game ask you little questions, like “What’s the first word on line 23 on page 19 of the manual?" and then reset the machine if you didn’t answer them right, so they’d obviously never heard of Wobbler’s dad’s office’s photocopier.
-- Only You Can Save Mankind, Terry Pratchett, 1992
Makes me sad how many person-years of effort have been wasted over the years on futile dongle-engineering, copy-protection and DRM. They're pretty much all cracked. And the industry keeps insisting on trying!
The industry doesn't want to make software crack proof, they just want to make money. Typically, in the case of games, is is about "when", not "if", they know it will be cracked eventually, but they want to hold long enough to secure their launch sales, which is where they make most of the money. It is even common to remove DRM after a few months, because it is not worth it.
As for enterprise software, pros usually don't want the potential legal trouble associated with cracked software, and dongles are just about not making is easy to violate the licence by accident.
One problem is that they often couldn't be daisy chained, the connector on the back was only useful for an actual printer. So if everybody started doing it you would have to swap them constantly which is a headache. So they're mostly used for software where it's going to be the only thing running on the box.
I find it interesting that they didn't make it into the USB era where you could easily have something that does some actual processing on the device that makes it a serious challenge to reverse engineer.
I could have sworn, back in my day, on WinNT4 we successfully chained a red and white pair from Autodesk. One for AutoCad, and either Mechanical Desktop or 3ds Max.
It was widely used in engineering software because the license cost was equivalent to a large fraction of an engineer's salary. Anyone who used AutoCAD back in the 90s can remember.
When parallel ports were discontinued, they migrated to USB and network license servers.
A company I worked for in the mid-80’s used a PC based CAD package with this kind of copy protection. IIRC the cost of the software was about $5K, and engineers using it probably made around 50K/yr. This level of expense required a lengthy capex justification approval process. There was a category of users who didn’t need the software full time and since the software was tied to the dongle it was common to have the package installed on multiple workstations and borrow the dongle when needed.
The nature of our business was such that there was a lot of logic analyzers and signal tracing equipment in the lab and the dongle was reverse engineered and cloned after a couple of “where’d my dongle go” incidents.
As a young intern, I arrived early one morning to find the PCB layout software (PADS PowerPCB) on our "design PC" wasn’t working. (I use quotes because it was just the beefiest machine we had, naturally our boss’s PC, which he kindly shared)
Obviously the dongle. I tried unplugging and replugging it, with and without the printer daisy-chained. Nothing.
So I begrudgingly asked my colleague who’d just arrived. He looked at the dongle, looked at me, looked at the dongle again, and started laughing.
Turns out our Boss had stayed late the previous night processing customer complaints. One customer had sent back a "broken" dongle for the product we were selling. Boss tested it on his PC, found it worked fine, and mailed it back on his way home.
Except he didn’t send our dongle back. He had sent my PowerPCB dongle. More fun was had when the rest of the team and finally our boss arrived. Luckily he took it with good humor.
While I was reading the OP I kept thinking about how an accounting firm's entire ability to do business rested on the continued functioning of a parallel-port dongle. I just have to imagine that they had a box full of these.
So I first decompressed the executable program (Windows executable were often packed at that time [0]), then I opened a binary editor, looked for that specific number in hexadecimal notation in the binary and changed to something much higher. I was than able to burn CDs without limitation.
[0] https://en.wikipedia.org/wiki/Executable_compression
However, their usage accounting software wasn't great. I had it setup to reconnect if the connection dropped, and they didn't do a great job seeing this, so they accused me of using 2-3k hours during those 2 months (should be impossible if always coming from the same #) and sent me a large bill (for the hours used over 1500). They eventually gave in when I showed them it was impossible and they could validate that the calls were coming from the same line due to the connection dropping and being simple reconnections.
I noticed it created a windows dial up connection. When you launched the browser the login info worked on this. I could just dial their server and save the username and password and use any browser or game normally.
It only took ten minutes with a dissassembler to find the JGT (Jump if greater than) and convert it to a JLT so the software would stop running if the date was before a certain date rather than after. I created a patching tool that simply flipped one bit that was sent out to all the sites and everything was good again. I don't think I'll ever beat the elegance of a single bit flip hack.
Many of them disappeared in the y2k dot com bust, but then seem to have reappeared in SF after 2008.
In the late 1990's, my second ever Flash app development client stiffed me on a $10k invoice.
He finally figured out 6 months later that he didn't have the source material to make changes and paid the full invoice in order to get it.
So I took precautions with the next client. It was a small agency that was serving a much larger business.
We were on 30 days net payment terms and I submitted the invoice when the project was done.
They didn't pay and within a couple weeks of gentle reminders, they stopped responding.
I smiled.
Exactly 30 days from the due date, I got a panicked call shrieking about their largest client website being down and did I have anything to do with it?!
I asked them what the hell they were talking about, they don't own a website. They never paid for any websites. I happen to own a website and I would be happy to give them access to it if they want to submit a payment.
They started to threaten legal nonsense, and how they had a "no time bombs clause in the contract."
I laughed because my contract had no such clause. If they signed such a contract with the client, that's not my problem.
I told them I wouldn't release the source files until the check cleared my bank, which could be weeks. A cashier's check arrived that morning and their source files were delivered.
By the end of it, the folks at the agency thanked me because that client wasn't planning to pay them and they hired me for other work (which, they had to prepay for).
Of course I don't know about the OP, but I'd bet the company was trying to stiff that contractor on their last check.
Wait, you mean they used your little ruse as a means to be paid themselves??
So, you know, in the program.cs startup I checked the username vs a hardcoded list of people in the relevant teams, and if it wasn't crashed out with an error and a support email address.
About 18 months after I had moved on, I got an email with a screenshot of that error message. it would appear the Milan (something like that) office had got their hands on a copy but it just wouldn't work for them...
Trivial to undo of course, but I did enjoy the throwback!
One, the developers spend more time running this code than we do, and they have to get the program working before we can even use it. So any parts of the program that are hostile to the developers risks killing the entire project. Obfuscating the copy protection can hit a point where it makes bug fixing difficult.
Two, lack of training. If you, me, and Steve each have a bag of tricks we all use to crack games, whichever one of us figures it out gets bragging rights but the game remains cracked. Meanwhile Developer Dan has to be aware of all the tricks in all of our bags together if he wants to keep the three of us out. Only there's not three of us, there's 300. Or today, probably more like 30,000.
Three, lack of motivation, which is itself several different situations. There's a certain amount of passive aggression you can put into a feature you don't even really want to work on. You can lean into any of the other explanations to defend why your code didn't protect from cracking all that much, but it's a checkbox that's trying to prove a negative, and nobody is going to give you any credit for getting it to work right in the same way they give you credit for fixing that corner glitch that the QA people keep bitching about. Or getting that particle animation to work that makes the AOE spells look badass.
This works because some programs use a hashing algorithm to calculate the key based on the name, do a strcmp, and pop a messagebox if the keys don't match, without zeroizing the valid key buffer first. If the key buffers are on the stack (or if the two mallocs just happen to use the same region in memory), it is often easy to find a valid key if you know where the invalid one is.
I guess software that derives keys this way is far less common than it once was, but I know of somebody who cracked something using this method just a few years ago, so it still pops up from time to time.
Input a unique string I could watch for, fire up SoftICE, watch for the string, and then step through until the == comparison happened, then either grab the calculated key and input it, or patch the comparison from == to != or just return true, depending on the implementation.
I did a massive crack that involved a program and it’s inf/dll hardware driver package.
Some of the most rewarding work I’ve done and also just so tedious!
Having to stop the OS like that and accidentally getting to the kernel but then not wanting to lose my position so having to hit step over and step out until just the right place… whew.
The whole automation system including machinery costs anywhere from 200k to 1M yet Vendor™ tries to milk the customers dry with a 1.5k software license that lets you manage up to 254 physically* connected systems. I'm pretty sure the license dongle is in reality designed to prevent casual tinkering of parameters, which is something only service techs should do.
*You can circumvent this with serial-over-Ethernet converters, which has resulted in an Industrial Internet of Shit-level security nightmare as companies happily expose their systems over the internet, thinking that license dongles are a substitute for authentication.
(I did go on to pay for the software)
I did that with dBASE III, which used ProLok "laser protection" from Vault Corporation - a signature burned onto the diskette with a laser. Back then, I found it amazing that Ashton-Tate actually spent money to contract with a copy protection company for something that could be so easily defeated by a teenager reading assembler.
They could have easily just written the same kind of code themselves. An example of the power of marketing over substance.
I was able to replicate that protection mechanism just by scratching a diskette with a pin. The "laser" was a meaninglessly advanced-sounding solution that added no value compared to any other means of damaging a diskette.
Made me feel like such a badass hacker at 15 years old.
This was one of those things you really really wanted but once you toyed with it, it sucked the fun out of games and they felt pointless.
How did you figure out where to scratch it? Was the laser mark visible on the original disk, or did you have to read the code and orient based on the diskette's index hole?
But as I mentioned in a sibling comment, I’m not sure it was ever confirmed that it was really a laser that made that mark.
Defeating the protection didn't involve knowing anything about the laser mark - as the comment I replied to described, it just involved changing a conditional jump to an unconditional one.
Replicating the protection involved causing minor damage on the diskette - the details don't really matter, laser, pin scratch, whatever - then formatting the disk, and registering the pattern of bad sectors created by the damage. A normal copy of the disk didn't replicate those bad sectors exactly, which made it possible to detect that the original disk was not present.
Similar stuff was later used for CDs IIRC.
I would guess (more or less) identically damaging multiple floppy disks in the same way would be easier with a laser than with something mechanical (e.g. a knife or a drill) (it is fairly easy to control power and duration of a burn), so it might well have been a laser.
On the other hand, disk tracks weren’t exactly tiny at that time in history.
Since we sold (and still sell) perpetual licenses, it becomes a problem when a dongle breaks and replacement parts are no longer available. Not all users want to upgrade. Also, you may hate cloud licensing, but it is precisely cloud licensing that makes subscriptions possible and, therefore, recurring revenue—which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Also, despite investing a lot of effort into programming the dongle, we can still usually find cracked versions floating online, even on legitimate platforms like Shopee or Lazada. You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected. It’s not as if we have the legal resources to pursue pirates.
[0]: https://mes100.com
I understand you might feel this way, but it seems to me customers are mostly business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability (i.e: Someone to hold liable for problems in said software.). In fact, having no copy protection would probably have saved you the problem you mentioned where a dongle breaks and replacement parts are no longer available; this is one of the talking points that anti-drm/copy protection people advocate for, software lost to time and unable to be archived when the entities who made such protections go out of business or no longer want to support older software.
> even on legitimate platforms like Shopee or Lazada.
On a slight tangent, but I personally don't find either platform legitimate (Better than say, wish[.]com or temu, but not as "legitimate" as other platforms, though I can't think of a single fully legitimate e-commerce platform). Shopee collects a ton of tracking information (Just turn on your adblocked, or inspect your network calls. It's even more than Amazon!), is full of intrusive ads, sketchy deals, and scammers. You yourself said you can easily find cracked versions of the dongle there, which doesn't speak well for the platform. And Lazada is owned by Alibaba Group, which speaks for itself. I'm not sure why consumers in South East Asian regions aren't more outspoken about this, since they seem to be the some of the more popular e-commerce platforms there.
This is a nice idea but the reality is that there's MANY corporate customers who are happy to get away with casual piracy. Sometimes it's a holdover from when the company was small enough that every business expense is realistically coming out of their own pocket, sometimes they're trying to obfuscate how much their department actually costs to the company at large.
You think individual consumers lie to themselves to justify software piracy? Corporate self-deception is a WHOLE new kettle of fish.
Dongles were pretty commonplace on your more expensive software products from mid 90s through the early 00s. If I was publishing software that was a >$1000 a license, I damn sure would have used them.
Unity is getting way too cheeky considering how they started out. =3
I'd agree that between Unreal and Godot, Unity doesn't look very attractive right now. But inertia will carry them for a long time
This was true of all software they used, but MSDN was the most expensive and blatant. If it didn't have copy protection, they weren't buying more than one copy.
We were a software company. Our own software shipped with a Sentinel SuperPro protection dongle. I guess they assumed their customers were just as unscrupulous as them. Probably right.
Every employer I've worked for since then has actually purchased the proper licenses. Is it because the industry started using online activation and it wasn't so easy to copy any more? I've got a sneaky feeling.
During roughly the same time period I worked for a company with similar practices. When a director realised what was going on, and the implications for personal liability, I was given the job of physically securing the MSDN CD binder, and tracking installations.
This resulted in everyone hating me, to the extent of my having stand-up, public arguments with people who felt they absolutely needed Visual J++, or whatever. Eventually I told the business that I wasn't prepared to be their gatekeeper anymore. I suspect practices lapsed back to what they'd been before, but its been a while.
Trust the people whose paychecks depend on it, it was extremely common. I knew multiple people at different companies who had endless stories about customers buying a couple of copies for a large department to “share”, and they expected the vendor to support everything because it was “business critical”. This was also a problem for things like student licenses where people would expect enterprise-level support despite the massively-discounted copy they had clearly stating it was only for educational usage.
This has a lot of negative aspects for preservation, downtime due to issues with licensing, challenges around virtualization or hardware replacement, etc. so I don’t love the situation we ended up in but it’s entirely understandable given how pervasive theft was – there were a ton of small businesses which ran entirely on bootlegged software. Software developers have high leverage but if you aren’t in a mainstream market you’re not going to get over the threshold where you’re no longer worried about making payroll.
I always thought that selling B2B. Then I started checking and it was much worse than I expected. Big corporates were mostly fine but small to medium sized business were pretty bad. Also Asia was much worse than Europe and the US.
They often need to "purchase" the license themselves in the sense of convincing someone higher up to buy it - so they're spending their time, which is still a sort of expense.
Also, piracy in companies is often just honest people who are in a bit of a hurry and need this software running on some other PC right now, or just want their colleague to give it a quick go (but then they end up using it all the time). Copy protection helps keep those honest people honest.
The big boys in the industry won't risk problems, and anyway, that's a small price for them. However, the many smaller companies? They may absolutely need the software, but that's a substantial price for them. If they can get a cracked version online, they do.
And the cracked versions? They are made by companies out of legal reach: Russia, Belarus, Pakistan, India. They crack the software, and either put it online for free, or even have the cheek to sell it for a reduced price.
I've told my friend/acquaintance that he really needs to put the software in the cloud, accessible only via browser. However, this would be a massive undertaking, so he hasn't done it (yet).
“Spare the money” is probably what you mean. That is to part with the money, to avoid having it, for example by spending it. Or by giving it away - As in “can you spare a dime.” The is the inverse of sparing the expense, just as an expense is the inverse of money.
In my experience this continues to this day due to people who require drawing on air-gapped computers, because the drawings/simulations they work on are highly sensitive (nuclear, military, and other sensitive infrastructure).
But I'm sure there are also old-fashioned people who like the portability/sovereignty of not having to rely on a third-party license server as you suggest.
Why should users upgrade or keep paying you when they already bought what they need and don't need anything else?
1. Physical dongle tends to break, and when it does, they expect us to give them replacing parts
2. They do expect bug fixes-- especially calculation bug fixes-- as the bugs are discovered. It's hard to leave their production critical apps broken like that once you know that the bugs can cause monetary or even life loss.
Maybe I'm the weird one to expect reasonably bug-free software, and if a bug is found, an eventual bugfix "for free"? ESPECIALLY if they cause monetary or life loss!
A bug means the developer did not do their job. Let's not pretend this is OK.
But the actual dongle... look, something like that should have a 30+ year warranty. There should be a plan for how to replace it a couple times before making the initial sale.
Then users are suddenly all over the developer to provide an update "so I can use this on Tahoe" or whatever, and unless the application is in its honeymoon period where new sales suffice to keep money flowing, the developer is gonna need recurring revenue in order to do recurring development.
The fairest thing to do is when a customer buys the software, they're entitled to that exact version forever. Or maybe 1 year of updates and bug fixes if you're feeling nice. If they want the next version that supports the next OS, it's fair to charge some more.
This what IntelliJ does. When I buy their IDE I can use it forever, and then they offer discounts for renewing. Pricing seems reasonable even though I'm currently generating $0 from my software development so I keep paying.
Because things evolve and inevitably, hardware dies, and you can't get a replacement.
With an old "dumb" piece of machinery, when something breaks you can either repair the broken part itself (i.e. weld it back together, re-wind motor coils), make a new part from scratch, have a new part be made from scratch by a machining shop, or you adapt a new but not-fitting part. It can be a shitload of work, but theoretically, there is no limits.
With anything involving electronics - ranging from very simple circuitry to highly complex computer controls - the situation is much, much different. With stuff based on "common" technology, aka a good old x86 computer with RS232/DB25 interfaces, virtualization plus an I/O board can go a long way ensuring at least the hardware doesn't die, but if it's anything based on, say, Windows CE and an old Hitachi CPU? Good fucking luck - either you find a donor machine or you have to recreate it, and good luck doing that without spec sheets detailing what exactly needs to be done in which timings for a specific action in the machine. If you're in really bad luck, even the manufacturer doesn't have the records any more, or the manufacturer has long since gone out of business (e.g. during the dotcom era crash).
And for stuff that's purely software... well, eventually you will not find people experienced enough to troubleshoot and fix issues, or make sure the software runs after any sort of change.
The IT department restructures the license server or it goes down.
The vendor changes their license technology every few years.
If you have a physical dongle, the vendor will beg you to send it in and receive a soft license. The few remaining users with dongles refuse. The hardware is more reliable.
This take is diametrically opposite to what end users need. In a world where "if it ain't broke, don't fix it" is perfectly fine for the end user, buying a one off license for a software seems much more sane then SaaS. SaaS is like a plague for end users.
I don't condone piracy, but I also don't condone SaaS.
But in an imperfect world whereby our dependencies ( software components that we use) and platforms that we need to build/rely on ( like Civil 3D) do charge us on annual basis, and that some of users expect perpetual bug fixes from us, with or without a support contract of sorts, SaaS seems to only way to go for our sustainability.
We've all got to push back against these bloated saas models that don't bring tangible benefits to end users and serve only to pad company valuations. Make new versions of your software with features meaningful enough to encourage people to upgrade and outline support periods for existing software sales after they buy a one-time license. There's gotta be a better way. For everyone (except big tech CEOs).
That's why software keep adding bloat fancy buttons and change color scheme every few years. This is anti-productive.
No support contract? Pound sand.
The problem exists from both sides of the coin. Firstly the bulk of customers don't purchase a support contract. So there is very little income to pay staff. So the "support" department has very few people. They're also not very good because low wages means staff turnover.
Then Betty phones with a problem. Significant time is spent explaining to Betty that we can't help her because she (or more accurately her company) doesn't have a contract. She's fighting back because an annual contract seems a lot for this piddly question. Plus to procure the contract will take days (or weeks or months) on her side. And it's not I any budget, making things harder. Betty is very unhappy.
The junior tech doesn't want to be an arsehole and it's a trivial question, and is stuck in the middle.
We switched to a SaaS model in 2011. Users fell over themselves thanking us. They don't have to justify it to procurement. The amount can be budgeted for. No sudden upgrade or support fees. Users get support when they need it. The support department is funded and pays well, resulting in low staff turnover, and consequently better service.
Plus, new sales can stop tomorrow and service continues. Funding for support remains even if sales saturate the market.
Consumers may dislike SaaS, but for business, it absolutely matches their model, provides predictability, and allows for great service, which results in happy Users.
In the companies I've worked for so far since SaaS became a thing you absolutely need to go through procurement for a big enough purchase. You actually need to negotiate the contract each time it expires, which is IMO more burden on the end user than buying a one-off license.
The problem with support contracts, or support requests solved by an upgrade, is that the User needs it now, not after a procurement process.
Doing procurement annually is easier because it can be planned for, budgeted for etc, and happens on a separate thread to the actual support.
Even when they overlap there's enough grace to keep the User happy while waiting on the customer.
What's wrong with SaaS?
If we didn't sell our desktop software to ~1000 companies as a SaaS then few would afford it. We could sell one-off/perpetual licenses for maybe $1M but only our biggest customers would manage that expense, while smaller competitors would not. And if that means we sold only 300 licenses, then the price would be even higher because the number of licenses sold would be even smaller. The SaaS is basically what the customers ask for. They can cancel and switch to competing software when they want to. In fact, customers who use the software rarely feel the SaaS yearly cost is too high so ask for even more SaaS-y functionality such as paying by minute of use or per specific action like "run simulation", instead of having a yearly subscription. Because they might just use it a few days per year so they feel that (say) $10/yr is too much.
That's okay, but in say, 2 years when Mac OS 28 completely bricks the app, the developer will not be there to give you an updated one (even if you're willing to pay), since most of the addressible market already bought the app in 2025, and after 2 years with almost no revenue, the developer stopped working on it, deleted the repo and moved onto another project. The developer can't even rely on a future OS update "encouraging" people to buy "App (N+1)" since it might be "ain't broke" for 1 year, or for 5.
The point of a subscription is not to rip you off, it's to acknowledge a few realities:
1. For reasons beyond developers' control, platform vendors do not provide a "permanent" platform, but a shifting one without any long-term guarantees. You can put a 100-year certificate into your app, but the OS vendor might decide that only certs with expiration less than 45 days are okay and your app no longer works unless you're around to (A) keep abreast of the platform's rules and changes, and (B) ship an update.
2. Many software offerings need to provide a server-side component, which is never a one-time cost.
3. Relying on upgrade purchases to sustain a product gives developers perverse incentives to shove a ton of new features just to be able to pitch "Upgrade to Appitron 2!" with a ton of bullet points, whereas subscription pricing incentivizes them simply to keep users loving the app forever, including adopting new technologies but also just improving the core experience.
Due to 1 and 2, it makes sense to let users who stop using the program after a short time pay very little, and to let users who rely on the continued operation of the program, pay a little bit each year, instead of paying $500 once and using it for a few years, and maybe upgrading for $250.
Reality is that many modern software developments have plenty in common with designing a toilet. You spend time identifying the problem statement, how you can differentiate yourself, prototype it, work out the bugs, ship the final product, and let sales teams move the product. The difference is the toilet can't be turned into a SaaS (yet) and, if it ever could, that would break functionality because you're supposed to poop in it, not have it poop on you.
The issue is a mismatch of incentives - customers wanting things for free - even if they aren’t actually customers. Vs businesses need/want for ongoing revenue (ideally for free too!).
Both sides are never going to be perfectly happy, but there are reasonable compromises. There are also extractive abusive psychos, of course.
Free customers can store 3 hours of sound. This former paying customer had more than 3 hours of sound stored.
The comment said SoundCloud was a terrible company holding their data hostage, by not letting them do anything with it except delete things to get it under 3 hours, and threatening to delete all of it if they didn't.
https://news.ycombinator.com/item?id=46783575
Mercedes restricts the performance of some cars if you don't pay $1200 a year for the “Acceleration Increase”. You have to pay more if you want to use the power you already paid for.
BMW offer heated seats for £10 a month. The car has heated seats that work fine, and you paid for the hardware already, but they are turned off if you don't pay more.
Neither of these are anything to do with ongoing costs to the company, like support or mobile connection, they just want ongoing revenue.
If I have "Ajax" brand leather shoes sown by an East Asian sweatshop worker, who is the "creator" of the shoes, for purposes of benefiting from this system?
We are agreed that the company "Ajax" is not a creator, yes? Companies don't create - people create. Patented inventions are created by people, though patent ownership may be transferred to companies.
So does the monthly fee go to the skilled laborer who sewed the pieces together to give the final form? And also the laborers who turned cow hide into leather? As well as everyone involved in the shoe design? Does it also pass to their inheritors? For how long?
The house I owned was built in the 1950s by a local construction firm which is still around. There were several owners before me, including ones who remodeled and renovated it. Do all of them get part of my monthly fee? Or does it go to the woodworkers and plumbers and other builders who did the actual work?
I have books in my personal collection from authors who died decades ago. How do I reward Robert Heinlein in this "keep paying" scheme? Some of these books I bought used, so neither Heinlein nor his estate ever got a penny from me.
But that's fine, as the price point for the original sale already factored in the effect of the First Sale Doctrine.
Just like how the price of a car, house, bike, shows, etc. already factors in the reward for everyone involved, without needed an entirely new system to determine who the "creators" are, and how they get paid monthly.
And that's all assuming the fee distribution system itself is fair. We need only look to academic publishing to see unfair things can be once a system is entrenched.
This part is left out in modern software development.
Bugs ? What bugs ? We just (re)wrote a new version. This one should be better.
Sometimes, there are network interuptions. Then it is the right time to work because youtube isn't available.
1) a hardware and software solution implies that hardware will stop working at some point. Customers should understand it 2) you could sell them a new dongle every time support contract ends which is what I’ve experienced with Xways as an example. Even if you’re air gapped once a year usage data upload and new dongle seems fine. 3) why should users receive free upgrades and bug fixes? No software is bug free.
Finally there are several brand protection shops that fight fakes and work well with Shopee, Lazada, Facebook etc. It’s not five dollars but they will take these down effectively
Which is not uncommon.
It’s also one that is typically pretty good for customers that like to do an investment and then continue to reap benefits from it. The capitalization model.
The ‘lease’ model (SaaS) is good for customers with highly variable licensing/software needs or that expect extremely high turnover, and prefer to see these costs as, essentially ‘cost of production’. The cash flow model. It does require a lot of trust, however, that when the lease comes up for renewal the fees won’t be usurious.
Neither is necessarily wrong. A whole lot of folks are starting to realize the downsides of expenses coming out of cashflow though! And losing a lot of trust.
Perhaps an indication that the code in that segment was hand-written in assembly language rather than C?
I think he ended up pirating a 3.x install from a friend and running the upgrade on to of that; felt pretty morally clear given what the box had advertised.
[1]: eg https://www.ebay.com/itm/376080245422
> It required an input key that was unique to our dongle series & our own code that was whatever we wanted. The reply was a hash of both values.
> The last version we used was USB. They retired the parallel style long ago.
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
To expand on the saying, they're not there to be insurmountable. Just to be hard enough to make it easier to do things the right way.
I’d guess it’s something similar with this dongle. You can’t “accidentally” run the software without the dongle.
More to the point the guy didn't even open the dongle, which in all likelihood was a simple set of logic gates in this case.
I'm assuming he did have a careful look at the caller to the function because his reasoning that the communicating function took no inputs is faulty.
What if the hardware has a LFSR in it and returns changing responses, and the caller can check them with a verify function else where that maintains a state and knows to expect the next in the sequence?
We have far better tools today for sure, but we understood the system better back then. The right tool is sometimes better than a sharper tool as they say.
Edit : I should add I'm aware it's very likely the actual reversing involved more steps and checks than Dimitrys blog which is narrowed to what worked.
In most cases it was not much more difficult than what OP described.
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
The protection just needs suficirntly complex.
The crack is a little bit harder these days as there is a special compiler that encrypts the binary using an on-dongle key, decrypting it after it's loaded.
A big reason for the dongle is to regionally control features (e.g. users in country A must not have feature X but users in country B should) and able to "expire" offline desktop software.
These measures typically work well against piracy in the markets the game is officially distributed in (mainly Japan), but end up being cracked anyway once the game is popular enough that foreign arcades and private owners start importing older decommissioned cabinets and create demand for a way to get them running again without depending on the manufacturer's servers.
[1]: https://mon.im/2017/12/konami-arcade-drm
Wrong! To my great surprise Linux wouldn't load, even after trying three different versions of Linux. After doing a massive search on the internet, I finally found a post that said I should crack open the case and remove the Optane chip, which I did. Presto, Linux was loaded and working fine!
The code decrypted itself, which confused debuggers, and then loaded a special sector from disk. It was a small sector buried in the payload of a larger sector, so the track was too big to copy with standard tools. The data in the sector was just the start address of the program. My fix was to change executable header to point to the correct start address.
Apparently there is important stuff still running in emulated PDP-11s, almost double the age.
https://www.reddit.com/r/windows/comments/1n1no1k/august_202...
https://github.com/Baron-von-Riedesel/HimemSX
You pay for software? You need to keep that big dongle plugged in your computer all the time! You pirate the same software? No need for any dongle!
In our case, the copy protection would still be as easy to bypass as the one in the article.
Actual dongles with encryption and processor cost only $15 in batches of 100.
The real reason is that executable modifying its own code is often flagged by AV, or the OS itself, as an "insecure" activity. Since self-modification is used in attacks and exploits, good protections rarely use it now. It's impossible to use codesigns with self-modified code.
Look into Blizzless :-)
Yeah, I really like to get frustration when I am gaming due to unsupported and canceled project /s
in/out instructions wouldn't have a C equivalent. My assumption would be it only translates instructions that a C compiler would typically create.
That's likely because it's one of those (of which many existed) which attempt to dumbly pattern-match against what a typical C compiler of the time (with equally dumb and extremely inefficient code generation) would do, but that routine clearly looks like handwritten Asm. I've never seen a C compiler from that era generate a LOOP instruction, for example, and of course "cli" nor the I/O instructions are not expressable except perhaps as intrinsics. Ghidra might be a bit better at this, as it's a generalised decompiler.
In fact, when the compiler (RPGC.EXE) compiles some RPG source code, it seems to copy the parallel port routine from itself into the compiled program.
This reminds me of the classic Ken Thompson attack.
Software companies love to milk enterprises for all their worth, because they're the entities who will pay the most amount of money if it means that the software they use can still work - and a big part of how they do this is via vendor lock-in. We can see in this article that this company was still using Windows 98 - they're clearly locked-in!
All of which is to say that this intellectual property might actually still be owned by a company who'll be able to sue.
If you haven't already checked whether the patent and other intellectual property is still owned by any company, OP, I would strongly suggest doing so first.
The copyright may still apply but any patent must have expired (20years).
Other than that, there's virtually no mention of the company or software anywhere online. Just to put that in context, I'm in the vintage computer / software community where thousands of amateur historians and archivists scour obscure corners looking for old, unknown software apps to preserve. Software sold for Windows 98 up to 2001 (so recent as to barely be considered 'vintage') with so little online footprint means it must have been incredibly obscure. No ads or reviews from magazines or even newsletters means there's a good chance it was a one or two person part-time, home-based business and the product had hundreds or maybe even just dozens of users.
1998-2001 was the hottest time ever for PC software. I worked in marketing Windows software during this period. To have any commercial Windows software product actively available for sale in the late 90s with no surviving footprint would almost require intentional effort to stay unknown. No press releases mailed. No review copies sent. No shows or conferences attended (exhibitor listings are searchable online now). There were much older niche vertical software programs for much more obscure platforms which we know sold less than a hundred copies ever, yet still have a larger online footprint than this program. The OP de-protecting and archiving this previously unknown commercial program represents quite a notable find in the preservation community.
If you're legally daring, and you get sued, you can try to force them to prove they own the copyright. There's often not enough documentation of this sort of thing. People have gotten away with not paying their car loans because after several loan sales and company mergers, the company that owns it can't prove they do, so effectively nobody owns it and it doesn't exist.
I cannot cite the reliable sources for it, though.
In terms of copyright terms, this software is still pretty young, not even halfway to public domain. It's disrespectful to call it "very old".
Nowadays we don't bother with copyright protection other than a license key, because we know enterprises generally will pay their bills if you put up any indication at all that a bill is required to be paid.
This was basically the 80s version of that.
I had to do this for a company so they could continue to use their old specialised Win98 software on modern computers using Dosbox and an emulator.
I recently did similar thing for the FineReader 6 using a hardware dongle [0]. It was surprisingly easy, no disassembly at all, just injecting srand(0) and a hardcoding the responses from the dongle. I had no prior reverse-engineering experience at all.
[0] https://slomkowski.eu/abbyy-finereader-6-ikey-1000-hack/
It worked well enough and allowed the company to run until the founder retired and folded the business.
Not being snarky - genuine question! I am not from the US :-)
There is also their webpage for ordering PC RPG II. The company address is a residential house.
https://web.archive.org/web/20010802153755/http://home.netco...
I remember my Dragon 32 (6809, Color Computer clone) had a dongle you plugged into the joystick port to protect a really crap game - Jumping Knights? I never tried to defeat it.
it’s wild to think about the hardware risk people used to accept putting your entire household's financial history on a system that bricks itself the second a 40-year-old plastic dongle fails. really great read.
You have no idea how deep this rabbit hole goes.
Patents are barely better than copyright, as far as society net-positive.
In practice, I couldn’t care less and it’s obviously morally OK.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
I will check if I can find an image of it.
EDIT: here is an old listing of it: https://www.ebay.com/itm/187748130737
Sadly the lid isn't open so you can't see what modules are installed.
Starting in '97 I worked on some software that used Elan License Manager (elmd) that then moved on to FlexLM in a major release.
Requests for, and problems with, licensing were a considerable source of support tickets but I'm sure it also drove a reasonable amount of sales as customers wanted to play with component X but were prevented from doing so by a lack of license.
When we were acquired by IBM we replaced the licensing code with lawyers and (threats of) audits. It didn't seem to harm the revenue. The product is still being maintained and sold.
> ... if you could reverse one you could reverse the other.
I can confirm it was quite easy with gdb to either skip past the license checks or, in the case of Elan licensing at least, call the license generation function from within the binary to generate whatever licenses for whatever features you liked.
The "hardware identifiers" were a nightmare too. I ended up writing some code that would pull all of the necessary information (primary MAC, IP address, hostid for Sparc machines, hostname, etc) and give it to us in a base64 encoded blob, we also grabbed some CPU and memory information that proved quite useful in seeing how the software was deployed.
More common for games was to use the media itself for copy protection, using a variety of tricks to make copy more difficult. Other techniques involve printing some keys you have to enter using colors that don't render well in photocopies, or have you look at words a certain page of a thick user manual, the idea being that it is more expensive to go through the effort of copying this material than to buy the software legally.
One of my favorite is from Microprose games, for which the manual was a pretty good reference book on the subject of the game, that alone is worth buying. And the copy protection is about asking you about information contained in the book, for example, it may be some detail about a particular plane in a flight simulator, which means that a way to bypass copy protection is simply to be knowledgeable about planes!
Dongles were common, but mostly for expensive enterprise software. Also, dongles don't make cracking harder compared to all the other techniques, so for popular consumer software like games, it is likely to be a lot of inconvenience and a waste of money for limited results.
-- Only You Can Save Mankind, Terry Pratchett, 1992
As for enterprise software, pros usually don't want the potential legal trouble associated with cracked software, and dongles are just about not making is easy to violate the licence by accident.
I find it interesting that they didn't make it into the USB era where you could easily have something that does some actual processing on the device that makes it a serious challenge to reverse engineer.
When parallel ports were discontinued, they migrated to USB and network license servers.
The nature of our business was such that there was a lot of logic analyzers and signal tracing equipment in the lab and the dongle was reverse engineered and cloned after a couple of “where’d my dongle go” incidents.
I remember hearing a courier died overnighting a CAD dongle.