Cracking
Cracking is the black art of removing copy protection from other people's programs. There are many "pirates" (people that use software without buying it) -- but far fewer crackers. Cracking requires enormous dedication and patience. It was far easier in yesteryear (systems were simpler) -- but now days there are better tools, so in some ways that makes it easier.
Cracking is often a battle of wits and patience, where the cracker removes all of the copy-protection code or figures out ways around it. At least it is a game for the cracker -- the companies that have their software cracked find it far from "fun" or "amusing".
Contents
My History of Cracking
The purpose of this article is not to glorify illegal actions, nor rationalize it -- just give some perspectives from what it was like when I was "on the other side". Also like my hacking days, my cracking days are long behind me -- most of my cracking was done early in the Commodore 64's life span.
Commodore (the early years)
Commodore had released the C64 in the fall of '82 (?). They sold it as having high-resolution graphics, but they didn't explain how it worked (Commodore was infamous for incomplete documentation and not very good Developer support). Around November, (thanksgiving vacation), I got a copy of a program that demonstrated a high-resolution image. So I disassembled the program and walked it, instruction by instruction, to figure out what characters sent to the "graphics chip" would turn the high-res mode "on". Once I could duplicate that, I wrote a small program that started poking values into memory until I figured out where the graphics memory started, and in what order it got filled. Fortunately it was easier and more logical than the Apple][ or Atari machines of the day. After a few long days of work, I was able to create a document for how High-Res worked on the C-64 -- I'd reverse engineered it (of sorts). I released my little "unauthorized" document to the geek circles and it became a hit. I got some fame and attention for being a cool dude. I was the geek that had cracked the puzzle on his own. A few months later (around February) Commodore released the Programmers Reference Guide, which explained things far better than I had -- and I had only figured out one "mode", and there were many. But it didn't matter, I was first, and I had high-res demo's out for months before anyone else could. That thrill, and geek fame is about all it takes to be sucked into the world of crackers -- and is what cracking is all about. (Even if it seems more like a feat of hacking, it is this thrill of reverse engineering, figuring out how they did something after the fact is the cracking part -- it was working someone else's code).
Why Crack?
There were some neat games for C64's, but at $50 a pop, high-schoolers couldn't afford as many games as they wanted to play (and neither could others). Besides, many games only looked cool, but were not very playable -- and that left you feeling ripped off for the month (about as often as I could afford to buy a game). So everyone wanted to copy (pirate) other people's programs. Software was stolen and passed around -- many didn't think it was wrong. Of course it was wrong, because if companies can't make money, then they will stop writing programs. Programmers deserve to be compensated for their work. But there is a balance, and many programs were just too expensive -- and ethics are not as much of concerns for kids (who have no money and lots of time).
Of course it wasn't much of a concern for adults either (who had choices and could afford programs) -- but that is a different topic. This is about how cracking is done, and why -- not about whether it is right or wrong.
|
Many people used specialized programs to defeat copy-protection and make duplicate disks. That was one way to do it. Crackers weren't as interested in pirating for the sake of getting the software -- crackers wanted to go in and remove the copy protection all together. It was a far more difficult than just copying or ripping things off. Most cracking was just done for the learning and the "I can beat you" syndrome. Crackers wanted to totally beat (and outsmart) another programmer at their own game. They also wanted to distribute the "crack" with their alias on it, with a big splash screen proudly proclaiming their genius.
It was not uncommon for Crackers to send a copy of the cracked software to the company who wrote the software (and had just spent lots of money on copy protection). It was a way to thumb your nose at them. This was not the acts of wizened felons (ignorant felons maybe) -- it was just a kids showing off that he had "won".
|
Brute Force
One way to crack was brute force. Just start at the beginning of someone else's program, and step through every instruction and figure out what it is doing. Eventually it will check something for copy protection, and the cracker just modifies ("patches") the program to jump over the offending test code. Some crackers released a patcher (an automated program that would remove the copy protection from any legitimate copy) --but it was far more common to make available the "cracked" program, with a little splash screen (or animation) proudly proclaiming, "Cracked by: X" -- with some cool handle in place of our names (since we knew it was legally wrong). No one was stupid enough to use their real names. I could give you the list of handles a went by, but then I'd have to kill you.
Actually, my most common handle was Zaphod Beeblebrox after an egomaniacal character out of Douglas Adams, "The Hitchhikers Guide to the Galaxy".
|
Evolution
At first, copy protection wasn't that sophisticated -- some simple test at the start of a program looking for an invisible file on the disk, or trying to write to a disk (if you didn't disable "writing" it would know the disk is a copy, and therefor it wouldn't run). Or companies made ROM cartridges, because they thought they were safe from cracking (they weren't). As time wore on, and more and more companies were losing revenues to crackers, copy protection grew more sophisticated. They started using special "bad" sectors on the disks, or companies writing an entirely new way of encoding information on a disk drive (in such a way that the drive couldn't duplicate that disk), and so on. But Crackers just got more sophisticated as well. The thing was there was always a few chips, locations or routines that controlled either the disk drive, or the memory map (for cartridges). So crackers could look for access to those routines. Early on I burned my own copy of the System's ROM code (its BIOS so to speak). This allowed me to snapshot a copy of anything in memory (once a game was loaded off disk or cartridge). So if it was in memory, I could nab it. I just had to make a "loader" (a program that would load my snapshot in, and continue where it had left off). Many dozens of games fell to this method -- and many more cartridges. Then companies decided they had better do something.
Since I was an early cracker, I probably single handedly drove companies to doing more and more copy-protection (there were only a few crackers at the start). Later on there were many more cracking as well (probably dozens). Commodore circles were smaller than other computers at the beginning -- there were probably hundreds of crackers in the Apple]['s. Few real geeks cared about the PC's (early on) since they had feeble monochrome screens, and were pathetically designed pieces of garbage. Later on the quality of the PC hardware didn't matter anymore -- since it was the software variety that mattered.
|
Companies were furious that their cartridges were not safe. Commodore was especially annoyed since they were paying serious royalties for their games (from Atari and the like), and I'd have them cracked within days of release. So they started making ROM cartridges (read-only memory) that would write all over themselves. If they were in a cartridge ROM, it wouldn't do anything (since writing on something that can't be written to, does nothing) -- but of course, if they were in RAM (as in illegal copies run from memory, like my snapshots were), the programs would crap on themselves, and crash. The game was afoot (and getting interesting). There were two solutions. The first was to have a RAM cartridge that you could load the program on, and then flip a read-only switch, so that it behaved like a ROM (until reloaded). The hardware hack documented how to make the modifications to a RAM cartridge, and the little loader still worked. If all that I (or other crackers) were interested in was piracy, then this would have been enough -- not need to crack. We could run all the cartridges out there. But we wanted fame, and to WIN, to beat them at their own coding game. It wasn't about piracy as much as many think. I went on to create my own tools (Modifications to my cracker ROMS) that would step through entire ROM cartridges looking for instructions that wrote to areas of memory that were supposed to be ROM, and "fix" them. A few dozen more cartridges fell to that little program. More fame, fun, and attention -- I had won again (and of course there were many others doing similar things as well). And so the battles continued -- the anti-pirates tried manually checking the processors mode, to make sure the memory map was pointing to ROM (it was a cartridge). But there was only one location that they could check, so it was very easy to find programs that were checking that. To fix them you just made the cracked version check to make sure it was NOT running from ROM, and so on. They moved, we counter moved. It was chess, where we were every bit as smart as they were, and we were doing it for free, and we had all the time in the world.
How far it went
Disk cracking could be harder -- and the Apple][ was out years before the Commodore 64. I cracked stuff mostly out of memory -- when programs were small enough to be all running at once. But later games (especially adventures) became large enough that they were scattered all over a floppy disk, and only parts would be in memory at one time. Companies decided that they would create uncrackable code, and devote tens of thousands of dollars to do so. They stuffed routines all over the disk to check for piracy. The height of it (to my knowledge) was when EOA (Electronic Arts) made a scheme that used entirely their own Disk Operating System that did spiral tracking (one continuous groove for the data, instead of concentric rings). Then they made their own language to create the game in (which had lots of piracy checks in the language engine). They figured no one could crack that! A friend of mine did. The mind boggles at how much money they poured into that scheme -- but he reverse engineered their entire language, documented it, then wrote his own satirical game/demo (making fun of theirs) in their language, on their disk format, and sent them a Disk with "You've been cracked". It was an insane amount of work, on both sides. But then this was the kind of guy who would create bizarre encryption algorithms and encrypt semi-random data (like pages from books) and send them on floppy disk to the Soviet Consulate -- just because he figured the American NSA (National Security Agency) would spend millions of dollars trying to crack his encryption scheme and try to figure out what it meant. Anyway, the point was after EOA lost that war, it seemed that they (and others) learned that they were never going to stop cracking, no matter how much they wasted on anti-piracy code. So they gave up (sort of) -- there has been a compromise where they put a fair amount in, and would make small new creative effort, but they didn't waste too much effort on it. Surprisingly the amount of crackers seemed to have gone down after that. Many of my generation got jobs, and lost interest -- piracy tools were much better (so the drive to crack went down a bit). But of course I was "out of the loop" so I don't know all of went on after that.
To date, if people are plugged in, they can still get anything they want. I don't hang on piracy boards, but I've plugged in now and again, and there are still sites-boards full of stuff. But the costs of software have been coming down, and so more people are willing to buy just to be legitimate -- and it seems to be a young mans sport (or those newer to computers). Once you realize you can have whatever you want, I just lost interest and I buy everything I use (on a regular basis).
|
Speed of light
Back in the late 70's and early 80's there wasn't really an Internet (there was, but most people weren't on it), instead people used 150 - 300 baud modems (quite a bit slower than 56,000 baud), and we all used BBS's (Bulletin Board Systems). Someone would dedicate a machine as a BBS server, and you could dial in, and download software or leave messages. Lots of fun. My first experience with what the Internet was going to become was when a friend and I stayed up one night cracking a program that was declared uncrackable on some BBS's. (Never believe what you read). We cracked it early, like midnight, and dropped in a quick splash screen, and I went home. The next morning I got up, and drove down to Carlsbad (50 miles) with another friend to visit his brother. We arrived at like 10:00 a.m. and he said, "Oh, you've got to see this cool game that was just cracked". I was depressed that someone else had beat me to the punch since this was the game I'd cracked the night before. But low and behold when he ran it, it was my crack (had my splash screen). I was amazed and asked him where he had gotten it (since I hadn't uploaded it yet) -- the answer was a New York BBS. After a little investigation, I found that my cohort from the night before had uploaded the crack locally, and it had already made the rounds, made it to New York, and back to California again in a few hours time. That kicked me in the head with the power of networks (and what was going to grow into the Internet). I told my parents that networked microcomputers were going to take over the world -- they both worked with mainframes and thought I was a completely naive kid (and a loony one at that), they claimed that little computers were never going to compete with the big ones, and that the little toy computers were just a fad. I still tease them about that to this day.
Conclusion
So the days of cracking seem to be a bit in decline. Software is getting cheaper and becoming more the commodity -- and distribution is better as well. With the prices coming down, availability going up, and copy-protection being reduced, there is less incentives (or reasons) to crack. Also I grew up -- I lost interest in wasting my time defeating other peoples software, when I can just write my own programs. Since I don't have the time or motivation, I am no longer "plugged in" so I don't see it as much (though I believe it has been happening less and less). As long as companies don't start going overboard with hardware keys, or complex copy-protection software, many won't have to crack. Academic pricing, competitive side-grades (where you can upgrade from one companies software to another's) and other deals mean that you don't have to "try before you buy" as much, since your investments aren't as large. Some companies offer money back guarantees so you don't have to pirate (to try things out). So I see a lot less cracking, and think it is a bit of a dying art. I'm sure there's some crackers out there -- but there is so much money in writing code, that it isn't worth it as much (anymore).
More on Cyber Security and threats : Hack, Crack or Phreak • Cracking • Easter Eggs • Firewalls • Hacking • How Secure are you? • Passwords • Phreaking • Privacy • Shopping • Virus, Worms, Trojans
|
1998.09.07