It only took ten minutes with a dissassembler to find the JGT (Jump if greater than) and convert it to a JLT so the software would stop running if the date was before a certain date rather than after. I created a patching tool that simply flipped one bit that was sent out to all the sites and everything was good again. I don't think I'll ever beat the elegance of a single bit flip hack.
Many of them disappeared in the y2k dot com bust, but then seem to have reappeared in SF after 2008.
In the late 1990's, my second ever Flash app development client stiffed me on a $10k invoice.
He finally figured out 6 months later that he didn't have the source material to make changes and paid the full invoice in order to get it.
So I took precautions with the next client. It was a small agency that was serving a much larger business.
We were on 30 days net payment terms and I submitted the invoice when the project was done.
They didn't pay and within a couple weeks of gentle reminders, they stopped responding.
I smiled.
Exactly 30 days from the due date, I got a panicked call shrieking about their largest client website being down and did I have anything to do with it?!
I asked them what the hell they were talking about, they don't own a website. They never paid for any websites. I happen to own a website and I would be happy to give them access to it if they want to submit a payment.
They started to threaten legal nonsense, and how they had a "no time bombs clause in the contract."
I laughed because my contract had no such clause. If they signed such a contract with the client, that's not my problem.
I told them I wouldn't release the source files until the check cleared my bank, which could be weeks. A cashier's check arrived that morning and their source files were delivered.
By the end of it, the folks at the agency thanked me because that client wasn't planning to pay them and they hired me for other work (which, they had to prepay for).
Of course I don't know about the OP, but I'd bet the company was trying to stiff that contractor on their last check.
Wait, you mean they used your little ruse as a means to be paid themselves??
So, you know, in the program.cs startup I checked the username vs a hardcoded list of people in the relevant teams, and if it wasn't crashed out with an error and a support email address.
About 18 months after I had moved on, I got an email with a screenshot of that error message. it would appear the Milan (something like that) office had got their hands on a copy but it just wouldn't work for them...
Trivial to undo of course, but I did enjoy the throwback!
One, the developers spend more time running this code than we do, and they have to get the program working before we can even use it. So any parts of the program that are hostile to the developers risks killing the entire project. Obfuscating the copy protection can hit a point where it makes bug fixing difficult.
Two, lack of training. If you, me, and Steve each have a bag of tricks we all use to crack games, whichever one of us figures it out gets bragging rights but the game remains cracked. Meanwhile Developer Dan has to be aware of all the tricks in all of our bags together if he wants to keep the three of us out. Only there's not three of us, there's 300. Or today, probably more like 30,000.
Three, lack of motivation, which is itself several different situations. There's a certain amount of passive aggression you can put into a feature you don't even really want to work on. You can lean into any of the other explanations to defend why your code didn't protect from cracking all that much, but it's a checkbox that's trying to prove a negative, and nobody is going to give you any credit for getting it to work right in the same way they give you credit for fixing that corner glitch that the QA people keep bitching about. Or getting that particle animation to work that makes the AOE spells look badass.
This works because some programs use a hashing algorithm to calculate the key based on the name, do a strcmp, and pop a messagebox if the keys don't match, without zeroizing the valid key buffer first. If the key buffers are on the stack (or if the two mallocs just happen to use the same region in memory), it is often easy to find a valid key if you know where the invalid one is.
I guess software that derives keys this way is far less common than it once was, but I know of somebody who cracked something using this method just a few years ago, so it still pops up from time to time.
Input a unique string I could watch for, fire up SoftICE, watch for the string, and then step through until the == comparison happened, then either grab the calculated key and input it, or patch the comparison from == to != or just return true, depending on the implementation.
I did a massive crack that involved a program and it’s inf/dll hardware driver package.
Some of the most rewarding work I’ve done and also just so tedious!
Having to stop the OS like that and accidentally getting to the kernel but then not wanting to lose my position so having to hit step over and step out until just the right place… whew.
The whole automation system including machinery costs anywhere from 200k to 1M yet Vendor™ tries to milk the customers dry with a 1.5k software license that lets you manage up to 254 physically* connected systems. I'm pretty sure the license dongle is in reality designed to prevent casual tinkering of parameters, which is something only service techs should do.
*You can circumvent this with serial-over-Ethernet converters, which has resulted in an Industrial Internet of Shit-level security nightmare as companies happily expose their systems over the internet, thinking that license dongles are a substitute for authentication.
(I did go on to pay for the software)
I did that with dBASE III, which used ProLok "laser protection" from Vault Corporation - a signature burned onto the diskette with a laser. Back then, I found it amazing that Ashton-Tate actually spent money to contract with a copy protection company for something that could be so easily defeated by a teenager reading assembler.
They could have easily just written the same kind of code themselves. An example of the power of marketing over substance.
I was able to replicate that protection mechanism just by scratching a diskette with a pin. The "laser" was a meaninglessly advanced-sounding solution that added no value compared to any other means of damaging a diskette.
Made me feel like such a badass hacker at 15 years old.
This was one of those things you really really wanted but once you toyed with it, it sucked the fun out of games and they felt pointless.
How did you figure out where to scratch it? Was the laser mark visible on the original disk, or did you have to read the code and orient based on the diskette's index hole?
But as I mentioned in a sibling comment, I’m not sure it was ever confirmed that it was really a laser that made that mark.
Defeating the protection didn't involve knowing anything about the laser mark - as the comment I replied to described, it just involved changing a conditional jump to an unconditional one.
Replicating the protection involved causing minor damage on the diskette - the details don't really matter, laser, pin scratch, whatever - then formatting the disk, and registering the pattern of bad sectors created by the damage. A normal copy of the disk didn't replicate those bad sectors exactly, which made it possible to detect that the original disk was not present.
Similar stuff was later used for CDs IIRC.
I would guess (more or less) identically damaging multiple floppy disks in the same way would be easier with a laser than with something mechanical (e.g. a knife or a drill) (it is fairly easy to control power and duration of a burn), so it might well have been a laser.
On the other hand, disk tracks weren’t exactly tiny at that time in history.