Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!gatech!bloom-beacon!think!ames!ptsfa!well!ewhac From: ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab) Newsgroups: comp.sys.amiga Subject: Software Theft Deterrents Message-ID: <3576@well.UUCP> Date: Sun, 19-Jul-87 05:55:09 EDT Article-I.D.: well.3576 Posted: Sun Jul 19 05:55:09 1987 Date-Received: Sun, 19-Jul-87 19:42:31 EDT References: <207@cc5.bbn.com.BBN.COM> Reply-To: ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab) Distribution: na Organization: The CIA. Third-world Governments Destabilized While-U-Wait. Lines: 146 [ O Great Line Eater, please accept this humble sacrifice... ] Ok. I can squash this argument with logic or nonsense. Your choice. Right. Logic it is. It has been suggested that the best of all copy-protection worlds is The Gizmo (hereinafter referred to by its proper name, "dongle".). It was suggested that this method of protection is virtually unbreakable. I would counter-suggest that this is not so. A dongle is plugged into a hardware port. This port always has a fixed address. All I need to do, as a pirate, is to look for all CPU references to this address. I then write some stub code in my debugger to check what the correct response from the dongle would be. I then NOP over the dongle-checking code, and patch the branch to go to the correct location. A good debugger will allow me to do this easily. Some pirates are very dedicated. Witness in the past: Pirates purchased 6502 in-circuit emulators and single-stepped through Apple ][ programs, discovering how the CP scheme worked. I submit that all programs, no matter how obfuscated, would submit to analysis under an ICE. It was also suggested that the industry needs to foster new forms of software theft deterrents. I would suggest the following: A scheme that does not impair the useability or copyability of the program in any way. However, should the scheme detect that the copy was unlawfully obtained, an inflammatory message from the author would appear. Such messages might accuse the user in no uncertain terms of being a thief, that s/he should be ashamed of themselves, that their mother wears combat boots, etc. The vendor would decide what was appropriate. It was also satirically suggested in a long paragraph that software piracy can be, in an obtuse way, be likened to car theft, after replacing the stolen car with 2400 lbs of random steel. I submit that this is not an accurate parallel. A more accurate parallel can be drawn by likening software piracy with the Xeroxing of a highly specialized newsletter. The type of newsletter to which I'm referring is usually published on a bi-monthly basis, quite small (under 20 pages), contains highly specialized and field-specific information, and usually is sold at anywhere between $75-$300 a year. Piracy can be likened to Xeroxing a newsletter of this type and handing the copy to a friend. I would also contend that software piracy has largely been a matter of attitude on the part of the public. As an innocent party to the birth of the micro industry (I was only 12 then), everyone seemed to have the attitude that software was free. This seemed largely supported by the fact that most people who owned computers were highly computer-literate. They generated their own software to suit their specific needs. If a friend liked it, they would make a copy for them (on cassette tape). There were some commercial packages available then. In particular, I remember the GAMEPAC series from Processor Technology, written by Steve Dompier. Very good software. Widely pirated. Everyone with a SOL-20 had a copy of this program. In fact, I think it was distributed with the machine. Everyone also had a copy of a BASIC interpreter, either BASIC-5, EBASIC, or Altair BASIC. These were also widely copied. My point: It is my belief that, in the "old days," people viewed software as free. I suspect this view was held because everyone who owned a computer was competent enough to write his own software, and didn't need to buy anything. Therefore, anyone who was actually selling something other than hardware was probably regarded with disdain. There is probably some question as to whether this view, in that time period, was justified (Bill Gates certainly didn't think so). Then, thanks largely to Steve {Wozniak,Jobs}, computers became a mass-market item. People purchasing computers were no longer confined to the population of the computer-literate. Ordinary people were beginning to buy them. They had to learn about computers from someone. They turned to those who owned computers before them. They learned from them that computer software was "free." However, because these new users could not effectively write their own programs, this view was no longer accurate. In my view, trade is defined in terms of relative worth. If I have something that worth something to you, you may wish to buy it. If, however, you have the ability and resources to create the same thing on your own, then its value to you is reduced. The unsophisticated users are unable to effectively create their own software. Therefore, anyone who sells software is satisfying the conditions of trade for unsophisticated computer users. They are obliged to look upon my program as valuable to them, if they cannot create the same or similar program themselves. Nevertheless, computer software was viewed as free. I would surmise that, eventually, someone who was selling software got irritated with all the non-purchased copies of his program running around, and got the idea to make his program difficult to copy, probably by creating a file on the disk with control characters in the filename. Unsophisticated users would be thwarted by this method, since many of them probably had no idea what a control character was. I suspect that this was the audience our hypothetical vendor was addressing. The educated audience, however, would probably scratch their head for a moment at the odd-looking disk catalog, then quickly write a progam to reveal the true filename. Unsophisticated users would contact the sophisticated ones, asking what was going on. The sophisticated audience, being very forthcoming (as most hackers are), explained what was going on, probably offering to make a copy of the disk for them. From here, no doubt, the protection technology escalated. One need only briefly look around them to discover the state of the art in Software Theft Deterrents. Zapped sector technology. Encoded manual technology. Dongle technology. Security code technology (There exists a form of protection whereby the computer asks you for a clearance code. You punch a button on a hand-held pseudo-random code generator to discover the code, and enter it in.). This technology was developed in response to the audience of unsophisticated users who erroneously believed that software was free. Now then. I also contend that attitudes (at least in the people I associate with) are changing. People are, in my estimation, beginning to realize that the software they are using is indeed valuable to them. They use the programs every day, and know the anguish of having to live without it (when the machine becomes unavailable for some reason). They are beginning to realize that they would be hard pressed to create a similar program on their own. They may still balk at some of the prices on some programs, but I believe that they are more inclined to pay for it today than they would have been, say, three years ago. It is also my contention that many software vendors are regcognizing this trend, and starting to remove software theft deterrents from their products. As a member of FAUG, I see software vendors get applauded when they announce that their software will be released without copy protection, and I see vendors get resoundly hissed when they say that it has some form, any form, of copy protection on it. I contend that people are beginning to view their software as valuable tools, which is why they are pleased when a new tool becomes available for their use that has not been made cumbersome to use by copy protection. I believe that people are beginning to foster respect for programmers who produce quality products. I hold that people are attaching value to software, and are now more apt to buy their own copy of a program rather than borrow or steal one. I would not suggest that this transition in attitudes is by any means complete. Indeed, we have quite a way to go. However, I would, as my final suggestion, ask that software vendors reeaxmine the attitudes held by the computing public at large, where these attitudes are leading, and act as they see fit. There. How'd I do? _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Leo L. Schwab -- The Guy in The Cape ihnp4!ptsfa -\ \_ -_ Bike shrunk by popular demand, dual ---> !{well,unicom}!ewhac O----^o But it's still the only way to fly. hplabs / (pronounced "AE-wack") "Work FOR? I don't work FOR anybody! I'm just having fun." -- The Doctor