It may sound strange to people who were born later.
But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine. Software was cracked the moment it came out and it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it -- late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.
There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Windows security mechanism was no better and there were copies distributed so much that probably many people remember "standard" CD Keys even to this day.
And it was pretty much safe because most software did not have ability to phone home so the software developer would have no way of knowing that somebody used an illegal copy.
The business model was mostly companies paying for software (fearing an ex-employee reported illegal use). I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video. The only exception was sometimes people bought OEM software with their hardware.
It's weird reading about my life as if it's history.
Everyone was doing it. I remember my teachers, friends, and family all giving me pirated software at some point. I remember my friends and I getting excited when someone got a ripped copy of some game and we couldn't wait to burn new CD-ROMs to share. If one of us got our hands on the copy of some game, we all got copies. It was kind of like a free-for-all in the world was starving for cool applications. Computers were starting to live up to their promises and software was just like recipe cards.
I've personally seen people who choose to pirate everything from movies, to OSes and IDEs, and have no problem with doing that whatsoever. That said, I can kind of understand it, due to many not exactly having lots of money to throw around.
Personally, I live a bit more ethically, but it kind of sucks: I'm not sure what I'd do without JetBrains offering student licenses, followed by a graduation discount and recurring discounts. I've also not bought a AAA game on release in years, it's always sometime later on sale etc. The same goes for server hosting, most PaaS solutions are too expensive and vendors like AWS and GCP are outside of my price point.
But hey, OSes like Linux and software like LibreOffice are a godsend. As are free IDEs and text editors as well, sometimes.
It was so common that "something cd key" was a common search term. And people would put that in the wrong input box/window such that they would end up typing that in chat rooms. In some of those, people would reply with the same "something cd key" followed with "to you too", as if it were some form of greetings. Later on, people would show up saying "something random cd key" as an actual form of greeting, not a mistake.
When I was a kid it was an actual thing to know how to lift postage stamps off of envelopes with rubbing alcohol so they could be reused to mail pirate floppy disks to your friends. Try explaining that to a kid today and they'll think you had a stroke.
The revelation for me was when a school friend of mine in the early 2000s told me about a site called crack.cd which had serials or keygens for practically any software I wanted. It was a whole new world, I loved it. Only had to nuke my computer once after a keygen turned out to be a virus! (The other occasion on which I lost everything was when I was installing Ubuntu 5.10 ‘Breezy Badger’ for dual booting with Windows on the family computer and accidentally wiped the entire disk instead of just the old Linux partition - that was a bit more awkward because it had all our family photos on it ever since digital cameras started coming out, but luckily I found a CD backup of them all and also tried my hand at downloading and using a cracked file restoration program. Definitely took some time to rebuild trust and explain that I know what I did wrong and wouldn’t do something like that again.)
I had lots of learning experiences with this kind of stuff that I’m very glad I could have in my little years of first being online, when it wasn’t tied to anything really important, it was all just for fun. Everything would be different for me today if I didn’t have the opportunity to play with non-zero but relatively little risk.
My friend from school basically got his entire PC upgrades for good 5-6 years paid because he "invested" in CD burner (then-expensive devices requiring SCSI card to even work) and profited off copying business. Think it was around age of 10.
Between my freshman and sophomore years in high school I: a) convinced the reluctant phone company to install a dedicated phone line in my bedroom (apparently a very uncommon setup) of my parent's house. b) hooked up a 9600 baud modem I'd found in a dumpster to it and my 386-33mhz computer c) ran a BBS for the sole purpose of having people upload pirated software.
That said, when I do recall that period of time I do feel a bit guilty about the piracy angle. But I'm also reminded of how the original premise (having people give me software) was eclipsed by all of the other things the BBS provided. Within about a month of getting it up and running I'd joined a network of other BBSes that'd automatically call up other BBSes to distribute "packets" (I don't recall the terms used) that'd contain emails, forum posts, and more, of all the other BBSes in the network. It was like having a (very slow) internet connection in my bedroom in 1991, which was not a thing a typical high school skater kid with, at best, a 2.0 GPA, would have, let alone even know existed at the time.
Suggesting that what I learned from that experience was the foundation of my career is a massive understatement. It got me my first tech job, gave me confidence in starting a dot-com (which survived the dot-com-bubble-burst), and built relationships that have lasted over 30 years.
As a kid my main source of new games was to hire it from the video store overnight, install it and then download a no-cd crack. I dont recall ever running into issues finding one.
I remember buying games that would come with a huge "don't copy that floppy" booklet. I remember it even argued selling the game when I was done with it was unethical and would likely lead to jail.
In many cases, disassembling and modding was often necessary to get software working on your system. We all shared executables that patched bugs, added features, and improved performance back in the 90s and 00s.
Very true, there are a lot of sites out there back in the day that a lot of oldtimers would remember.
My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
Actually I take that back, my favourite site was +fravia's reverse engineering pages. Mostly because the legitimate crack-sites were safe, but there was always a risk of downloading something with a virus, or a trojan instead. So it was more rewarding to read up on the reversing techniques and do the job myself.
Happy days using Numega's soft-ice (kernel mode debugger) to remove the protection it shipped with.
When I switched to Linux one of the first "problems" was that there were few commercial binaries which required a license key, so there were fewer reasons to actual get into reverse engineering / decompiling & patching linux binaries.
Phew that takes me back. And it's huge list of cracks and other things is what got me started looking into reverse engineering and security analysis haha
Your post really brought back memories of softice and w32dasm. Incidentally one of the websites from that era (gamecopyworld) is still alive! Mind blown.
>It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.
To be fair, this is specifically to do with personal computers of the time; MS-DOS, Windows 3x, and Windows 9x were all single user operating systems: They simply had no concept of multiple users at all. The concept was bolted on later as an afterthought, but it was really janky and paled in usability and security to proper multi user environments like that seen in Windows NT.
Incidentally, this lack of understanding multi users is also why it's a royal pain in the arcane arse to join a Windows 3x or 9x machine to a Windows NT network. A network is fundamentally a multi user environment, something Windows 3x and 9x don't understand.
As for memory access, this too was simply a thing of the times. MS-DOS, Windows 3x, and Windows 9x all simply did not have the concept of segregating and securing memory access between kernel and userland and between each process. All the BSODs that traumatized us back then stemmed from this architecture, and the BSODs quickly diminished once Windows NT became mainstream because the NT kernel operated on the concept of segregated and secured memory access for better security and reliability.
I distinctly remember having lots BSODs with IRQ_NOT_LESS_OR_EQUAL errors due to shoddy drivers all the time on XP (which is the first consumer NT kernel windows version), especially in the early days. Maybe not related to shared memory but overall not great either.
Multi-user seems to have been something which was dropped when MS/DOS was CP/M inspired by CP/M. CP/M (and I do mean CP/M, not just MP/M) had the concept of user areas. These were a different concept from Unix users: there were 16 user areas numbered 0..15, and one could change between them with the USER command. I believe that user area 0 was in some sense shared, possibly only as a place to load .COM files from. There was no security boundary: it was just an organisational tool.
I always thought the password was for the network shares only. You could perfectly log in without a username and password, except networking partially fails. The login dialog only appeared after installing win9x networking components.
A windows password would have been silly, pressing F8 at boot would drop you in msdos
Couldn't that be disabled? I vaguely remember bypassing the login using the little help icon, then opening the help and/or (not sure) printer dialog and finally using the file open dialog to run explorer.exe :-)
> it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it
With windows specifically a factor is that it is/was almost impossible to get a computer (PC/Desktop) without Windows license. Compared to that the number of potentially illegal copies was neglectable. And even for Office it was probably better that people use a copy from dubious source than a competitor so they don't find out that alternatives are good enough.
>was normal for computers to auto-login and have no password
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).
Devils0wn Windows XP Final serial key, yeah baby! Seared into my mind forever after entering it so much:
FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker?
Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.
At the very least, no tools were ever made widely available, and don't seem to be even to this day.
That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.
The activation process relies on public key cryptography. The private keys, held by Microsoft, are amongst their most well-protected assets. Much more so than their source code, for instance, which is developed with the expectation that it will be leaked in part or in whole.
I really really miss the 90s computing environment. I was young but it was a total wild west and the internet was beautiful and totally open. For a curious kid without a lot of friends it was amazing.
This is the main reason for the simplicity of key checks.
If you copied someone elses windows installation (cd burners were very expensive, but a floppy version existed), you'd also copy the serial number, and just use that. Even if the serial verification algorithm was complicated, noone would really have to crack it at all, because they'd just use the original serial for all the copies.
Piracy was (and still is) rampant with home users, but business users still needed some kind of a simple check (so.. a simple serial) to match the installation to an actual licence, which was more "protected" than the actual medium (cd, floppy), by using holograms, microprint, etc: https://media.karousell.com/media/photos/products/2018/09/13...
> (cd burners were very expensive, but a floppy version existed)
You just borrowed the install CD. The only time you needed it was for the install and (sometimes) installing drivers after installing new hardware.
You could actually copy one of the folders from the windows CD onto your HDD and use that instead of the install CD for device drivers. From memory, you could actually complete a full install from a folder copied onto the HDD.
>I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video.
I don't think it's true that "most people who used computers" were teens or young adults. Since we're talking about Windows 95, here is some mostly contemporary usage data from the 1997 US Census[0]. A few of the strongest predictors of computer usage for a household are income, education, and using a computer at work. Being older (55+) is a pretty strong negative correlation (along with some correlated characteristics like being widowed).
I don't see a direct statistics tying computer usage to number of children, although the household size does indicate that houses with children probably are more likely to use a computer. Even just looking at the sample, about a third of households use a computer at work, at third don't, and a third don't work, which gives you a very large pool of people using computers who aren't teens or young people.
I suspect it's more likely that many of the people on this board were a young person in the 90s if they were a person at all, and so it felt like many computer users were like them. In fact, plenty of not so young adults were using computers.
PS: if by young person you just mean "under 50", I retract everything above and instead am confused by your definition.
>It may sound strange to people who were born later. But in 90s...
Your remembrances are valid, and fun to read, but people gotta temper their memories with how old they were. You're not describing "the 90s" as much as describing "being a teen and up to the usual teen highjinks"... in the 90's. I'm sure teens today have many equivalent sorts of hustles, but that's not how everybody lives. I had jobs with high bandwidth uplinks and could've downloaded boatloads of stuff. But I didn't because who needs the hassle of getting your employer a nasty call from the ISP, and I could generally buy the things I wanted. a lot of software downloads had trojans and other malware.
not trying to be a buzzkill, just accurate to the history. by way of signing off, let me say
Microsoft tried a lot of weird things preventing piracy or refunds.
I remember the Windows cd cases were protected by this seal. If you opened the cd case to install Windows the seal broke and that was kinda your agreement you were not eligble for any refund. However, it was very possible to click open the hinges of the plastic jewel case, use the cd and put it back on its case, so the seal did not break.
What may prevent more of it today is that "cracked" software has been found to be a handy delivery mechanism for malware so, especially after the spread of cryptocurrency and ransomware utilizing it for payment, there is a reasonable fear of your download coming with an extremely costly payload.
So, oddly enough, the transnational criminal gangs are helping the corporations in a way they never could do for themselves.
These were generally useless at the time, at least as it pertains to online piracy.
Enough to keep honest people honest and not copy the software to their immediate friends, but if the software had people interested in pirating it someone would disassemble it and just jump over the part that looked for the dongle while keeping all the software functionality intact and these patched versions would be readily available online to anyone who knew where to look.
At the end of the day not really any more secure than various software-based copy protection schemes, just more wasteful due to the extra hardware.
Prior to W95/NT4 windows didn't even have a license key, scary warning text was the upper limit of enforcement. In some companies part of the IT departments job was to find unlicensed software and delete or pay for it.
Letting people pirate your software early on is a valid business strategy. Enterprise users pay, students/hobbyists find a simple crack. Once those students enter the workforce they decide the market.
I know that a few pieces of software distributed on floppy showed a warning if it detected it was previously installed (which wrote to some file on the disk, given it wasn't write protected). Which basically amounted to a sternly-written paragraph to say that they're using honor system to make sure you follow the rules.
> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.
Only in the home computing world, which is why people on Real Computers thought home computers were toys back then. Real Computers, running Linux/Unix and VMS and MVS, damn well did have the protections Wintendo didn't, and didn't mandate a reboot every forty-odd days, either. Microsoft didn't even begin to achieve parity until Windows XP or later, and Apple didn't until MacOS X.
> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all.
Indeed, Windows 98 and earlier did not require a username/password pair by default. However, it was stupid easy to log into computers and steal stuff.
Processes could read from each other's pages, but it was also stupid easy to download warez and viruses that took advantage of that. Remember, this was the age of HTTP and plain text all day every day (because computers were too slow to do client-side encryption).
Antivirus reviews and comparisons were really valid, as virus databases were also in their infancy, and some companies had better data that others.
> There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Yup. Which is why Photoshop cost $600 and a non-gimped version of Office cost $400. They baked piracy into the price and had the big companies that thought nothing of these prices pay.
Also, downloading cracks was a super easy way of getting viruses, doubly so if you didn't have AV running (many didn't). Doubly also, finding them was hard(er) before the days of WinMX, BitTorrent, etc. You had to know IRC and newsgroups. Not super friendly places.
That didn't stop people creating hard-to-crack copy-protected software.
Since disk drives existed, games makers created floppy disks that industrial disk duplicators that standard computers could read, but couldn't write, and ensured their games had code to check for that. It generally wasn't feasible to replicate these special tracks with a normal floppy drive, so instead people had to reverse engineer the game and remove the copy protection checks.
This could be easy or hard, depending on how devious the programmers were. One of the legendary games for this was Dungeon Master on the Amiga or Atari ST which took crackers about a year to find _all_ the copy protection checks [0]
This wasn't the only form of copy protection.
* Games since their earliest day had things like "enter word 7 on page 5 of the manual". Some games had a red-on-red "copy protection sheet", designed so that it would be very difficult to replicate with a standard black-and-white photocopier. Monkey Island came with a two-piece "Dial-a-pirate" code wheel [1]
* To thwart third party software developers, and to distort fair trade and give themselves lucrative pricing monopolies, the Nintendo NES had a "lockout chip", the 10NES [2]
* Sony Playstation games had a "wobble" built into the groove of their pressed discs that normal CD-Rs didn't have, and the frequency of the wobble indicated which region the game was sold to, preventing free and fair international trade by foul means [3]
* Products like AutoCAD came with a dongle, [4] it connected to the parallel port because USB hadn't been invented.
But yes, for software like Windows, where the entire product has to be installed on a hard drive, it wasn't within customer expectations to have to permanently attach a dongle or have media in a drive, and there wasn't commonplace network access with which to "phone home", the serial key or CD key was used to limit distribution. As you say, Microsoft enforced this mainly with licence audits - the BSA not only offered a reward for employees to rat out their companies [5] but they also generally acted as a front for Microsoft; Microsoft would drop their lawsuit for your minor infringement of some of their software, if you agreed to stop using Microsoft's competitors' software and convert your business to becoming a Microsoft-only shop.
Microsoft also got paid by doing deals with OEMs. If you bought a PC in the 1990s, you likely paid a "Windows tax", where every PC sold, even ones which will only run Linux, gave a portion of the sales price to Microsoft. They illegally used their exclusive agreements with OEMs to prevent BeOS entering the PC operating system market. Microsoft was found guilty of using illegal anticompetitive tactics to crush their rivals in the x86 operating system market. [7]
I remember a text adventure game on Amstrad CPC ("Le passager du temps" in french, roughly translating as "Time passenger") which I had a pirated copy.
You could play the adventure until you found the time travel machine (could take 1 to 3 hours depending).
You start the machine and then it went on infinite loop text :
"tired of piracy
tired of piracy
tired of piracy..." !
Highly frustrating, but you couldn't help to admire the developper.
If I remember correctly, it was something about the way that a floppy track was formated, with the wrong number of sectors, which was readable by the disk drive, but it couldn't write it using normal copy mode.
I'm pretty sure I remember a pirated version of Metal Gear solid on the original play station where the fact you where using a pirated version came up in the gameplay at some point.
Everyone used pirated software, Bill still got rich, software developers did make a living, and software prices did not cripple companies. Good old times.
While it seems like a lost battle, Bill Gates chiding letter about software sharing being bad, versus the FSF/Stallman philosophy that hiding what the program does from the user is morally wrong is still being fought out. People need to earn a living, but as Cory Doctorow says, these are computers we put out bodies in and put in our bodies, hiding the flaws behind license contracts hurts us all long term. We all build on each others tools so grabbing all that value for yourself seems wrong. I personally don't know how we allow copyright on software without some kind of source code escrow at the library of congress level. Enforcing these license contracts is a waste of time in the free software paradigm, that could be better used perhaps, but Bill Gates owns a yacht and Richard Stallman doesn't, so I suppose the question depends on your point of view.
When I was young we had a family friend who regularly flew to Hong Kong for work. Whenever we wanted software that was expensive he would kindly pick it up for us there on one of his business trips. He must have known all the right places to look, because he never let us down! I still have a pirated copy of Macromedia Studio MX in a cupboard somewhere. The idea of installing pirate software you bought at an open market in Hong Kong seems absolutely insane in today's world, but 2002 was a very different time! For anyone wondering, we had dial-up internet back then, so even if I'd known the right places to look for pirated software, there was no way we could reasonably download it! I was using Getright download manager to download things over the course of weeks!
Microsoft software (and borland) were easy to copy, but it was not the case before. There were many tricks to protect software like "weak bits", "laser holes", fancy sector layout. We had special software to copy protected disks.
I still remember that all 7s and IIRC all 8s works in Quake 3 Arena as a CD key too. I found this out button-mashing as a kid after my actual CD key wouldn’t take. Probably something screwy with their CD key verification algo that probably just passes stuff around internally as 1 or something. I’m sure this is some whole sub-genre of cryptography — finding inputs that break the verification calculations — but I don’t know the name of it beyond “cracking”, albeit “non-patching-based”.
Software is still widely "cracked" and tons of people still want to not break the law. In some case telemetry is removed. Otherwise you run it in a VM without network access. This has little to do with autologin and lack of efficient memory protection: if you are root: you can still read everything in most cases. The only exception is if some kind of "trusted" enclave is used, but I don't think this is very common.
Being able to just do anything you want was so incredible, though. For example, the Google Assistant DING is one of the most ear-splittingly obnoxious sounds I've ever heard and there's not a damn thing I can do about it besides stop using Google Assistant. When I had similar problems in the 90s I could just go find the audio file in question and quiet or replace it with whatever I wanted.
This. As a teenager those days, I never bought software and always cracked them. I grew up learning to use Photoshop, Visual Studio, 3ds max etc. cracked.
Now I'm an adult who learned some of those tools profesionally, and paying for them (or services around some of them) legally.
If I didn't use them cracked in my teenage years, perhaps I would have never become a paying user in the first place.
Computing and software dev definitely was much more fun back then. No worries about security and systems way less complex. I often shake my head when I get a PR that adds one fields to the data model and you have ten different files changes in UI layer and possibly several services. Can't wait until AI writes that code and verifies it works across all layers.
We also had p2p file sharing before the internet or any networking existed. Files were shared physically, literally from peer to peer. You would meet with your friends and exchange floppies or CDs, take them home, copy and return back. No IP addresses, no VPNs, nobody could take us down. True decentralization.
The goal is to not have it immediately cracked on release, so for that the copy protection does work. To protect it indefinitely isn't the main objective. The copy protection should be called malware though, because it basically is. Same goes for some anti-cheat tools.
I think it should be made more transparent if a game uses such tools.
Interesting! I once lost my original StarCraft CD Key. In a desperate attempt to simply install and play the game I tried converting “StarCraft” to numbers using A1Z26 cipher. Honesty didn’t know it at the time what to call what I was doing. I was just a kid! But, guess what? It worked! It only worked for local play. BattleNet did not see it as a valid key. I like to think some SWE somewhere hid that in there on purpose. Whoever you are, if you see this, thank you!
My brother bought CorelDRAW for Win95 and only kept the CD, forgetting how important the paper with the key was. On a reinstall he than entered 11223344556677889900 and it worked. I used that method multiple times as a teen on software from different manufacturers. It worked quite often. Though sometimes you had to play with the numbers at the end. (sometimes 000 other times 011 etc.)
My standard strategy for installing StarCraft (at LAN parties I often had to do it a few times in a row) was just to mash the keyboard a few times until I got through. It usually took somewhere between five and ten tries, in my experience.
StarCraft was my first attempt and success at "cracking" a game!
Apparently it had a bug where it didn't recognize the CD on Windows 98 but it worked on Windows 95!
Didn't have internet, so I fired up Visual Studio, stepped through the .exe, and tried flipping each JE/JNE or JZ/JNZ instruction that came before the copy protection error showed up.
It worked!! I searched for the sequence of instructions in a hex editor and modified the exe. And it led me to one of the best games ever to this date. :)
So my last name is Key, and my initials are C D, so in the mid-late 90s any time I was prompted to enter a CD Key I would always try “yes”. It worked at least half a dozen times.
In the Renegade BBS system, for like one minor version or so, you could authenticate to any account, including SysOp, by hitting Enter instead of providing a password. Of course, in Renegade and many BBSes, you could login with either your account name or ID, which was an auto-incrementing (the manual way) integer starting at "0", the Sysop. And I'm fairly certain that the problem wasn't triggered unless you logged in by ID, which few ever did.
On one Saturday nearly every BBS in my area code running that software was restoring from backup.
I stumbled upon it because I was "1" on another BBS[0] and accidentally popped "Enter" aiming for Shift when typing my password. After picking my jaw up from the table I called my buddy and told him to unplug the phone line. :)
[0] Actually, I had hacked up and substantially re-written from the leaked Telegard 2.5 source (whichever was the origin of Renegade's code) and the password validation code was insanity -- I was young enough to see hacking as mystical and suspected I'd found a cleverly hidden back-door so I rewrote the entire thing to be as "dumb as the rest of the password handling logic was"; I had heard, later, that there was something funny going on but I stopped playing with that code by then and the Internet quickly ended that world. In all likelihood, the original developers were doing something novel that I was totally unfamiliar with and I made it worse, but I like to think I "locked that up". :)
000-0000000 was the key I kept in my memory in case I needed to install Visual Basic 6.0 on a new computer back in my middle school days :) great memory I forgot about, thank you for sharing the link.
I recently wanted to use a program for a short amount of time for personal use, but the trial period was only 7 days.
I used strace to find that it kept the timestamp of its first run in a text file, and would read that on startup. Deleting that completely reset the trial period.
I was pretty amazed - I know most people aren't computer savvy to bypass trial periods, but I figured there'd be third-party libraries a developer could use to effortlessly guard against this sort of thing?
(If I ever need it again I will buy it. I just literally needed it a couple of times for something personal and will likely never need it again)
Meh, it's common to let pirates get away with it because it helps adoption
Also good antipiracy software is like Financial/business software, usually surprisingly expensive
I think there’s an interesting parallel with “supercookies” on the web, or the long-running battle on iOS to permanently, uniquely identify phones.
Should the user be able to control their machine, and delete data that the app has written? Should they be able to ‘look like a new user’?
Or should companies/apps have the ability to keep persistent data on the user’s machine, and/or link them to a previously collected set of data about that user?
Most Mac-native apps operate pretty much (usually with binary plist, but MacOS includes CLI tools to operate them) like that today, and likely for ever. https://twitter.com/panic/status/679094045768073216
Ableton live used to give out 90 trials with a new “live” account. I used it for about half a year with various different emails. They stopped this from working on live 11 and I decided that the software wasn’t for me :)
I even used that on a piece of software last year to extend the trial period. It was good software, so I brought it afterward. But I was surprised that the old trick still worked.
I remember using this key to install hundreds (possibly thousands?) of school PCs back in the 1990s since I couldn't remember our volume license key. And Microsoft's terms explicitly stated the key we used didn't matter as long as an audit revealed that the number of installed systems matched the number of purchased licenses.
Similarly, 111-1111112 was a valid key for Office.
That practice never stopped: even today, the current version of Visual Studio 2022 Enterprise available for download from MSDN (well, "Visual Studio Subscription") has an option to use a static product-key (which I believe is the same for everyone, considering the search-results I get for the first 5 digits...) - but for some reason the lower SKUs (Community, Standard (rip), and Professional) switched to _only_ supporting MSA-based online activation, so if you have an air-gapped or disconnected dev situation you have to shell-out for the full-fat edition - but at least you get to use it indefinitely.
...which is always really important considering the 20-30+ year lifecycle of actual software - whereas Adobe and their Creative Cloud service is copying Apple's strategy of pretending all their software older than 5-6 years simply never existed in the first place. "Adobe Flash/Fireworks/FreeHand? Never heard of it." - which is a huge PITA for people who might have old source files in those lovely propreitary binary file-formats that can't be opened in newer versions of Adobe software - so what on earth does Adobe expect them to do? This is insane...
This gives me some serious nostalgia for those simple and naive days. Around 95' is when I accomplished my one and only successful attempt at cracking. Some company had their software downloads in password protected StuffIt archives, anyone could download the software but you had to buy it to get the password so you could decompress the archive. I really wanted to use that software and I searched everywhere on the net and on BBSs for that program or the password with no luck, so I set out to crack the archive. I made two archives, one with password protection and one without and then opened them in ResEdit, turns out the only difference between them was that the protected file had a second resource other than the data, delete that extra resource and it became a normal unprotected StuffIt archive.
I shared my findings to the community and within days it was all over the web and on every BBS, people where pretending they were the ones who made the hack, it was everywhere. Within weeks StufIt released a free update to fix this and I felt quite powerful at the effect I had caused. Years later I realized that my crack was banal and probably common knowledge to anyone but an ignorant teenager, most were just smart enough to not share it and ruin a good thing. So I inadvertently made the digital world a safer place.
Edit: thinking on it more, I doubt I was even the first person to share this information, I was just the first person stupid enough to share it on an easy to find warez/cracking site that everyone had access too. I also seem to recall that Stuffit explicitly said that this password protection was not a safe or reliable way to protect your data, if you wanted that you had to upgrade to the paid version. I probably had no real effect on anything and the new password protection StuffIt rolled out was probably already in the works when I showed up.
Readit News
But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine. Software was cracked the moment it came out and it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it -- late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.
There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Windows security mechanism was no better and there were copies distributed so much that probably many people remember "standard" CD Keys even to this day.
And it was pretty much safe because most software did not have ability to phone home so the software developer would have no way of knowing that somebody used an illegal copy.
The business model was mostly companies paying for software (fearing an ex-employee reported illegal use). I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video. The only exception was sometimes people bought OEM software with their hardware.
Everyone was doing it. I remember my teachers, friends, and family all giving me pirated software at some point. I remember my friends and I getting excited when someone got a ripped copy of some game and we couldn't wait to burn new CD-ROMs to share. If one of us got our hands on the copy of some game, we all got copies. It was kind of like a free-for-all in the world was starving for cool applications. Computers were starting to live up to their promises and software was just like recipe cards.
Here in Latvia that's still somewhat the case, at least according to statistics like these: https://eng.lsm.lv/article/society/society/latvia-leading-in...
I've personally seen people who choose to pirate everything from movies, to OSes and IDEs, and have no problem with doing that whatsoever. That said, I can kind of understand it, due to many not exactly having lots of money to throw around.
Personally, I live a bit more ethically, but it kind of sucks: I'm not sure what I'd do without JetBrains offering student licenses, followed by a graduation discount and recurring discounts. I've also not bought a AAA game on release in years, it's always sometime later on sale etc. The same goes for server hosting, most PaaS solutions are too expensive and vendors like AWS and GCP are outside of my price point.
But hey, OSes like Linux and software like LibreOffice are a godsend. As are free IDEs and text editors as well, sometimes.
http://artscene.textfiles.com/intros/APPLEII/
I had lots of learning experiences with this kind of stuff that I’m very glad I could have in my little years of first being online, when it wasn’t tied to anything really important, it was all just for fun. Everything would be different for me today if I didn’t have the opportunity to play with non-zero but relatively little risk.
That said, when I do recall that period of time I do feel a bit guilty about the piracy angle. But I'm also reminded of how the original premise (having people give me software) was eclipsed by all of the other things the BBS provided. Within about a month of getting it up and running I'd joined a network of other BBSes that'd automatically call up other BBSes to distribute "packets" (I don't recall the terms used) that'd contain emails, forum posts, and more, of all the other BBSes in the network. It was like having a (very slow) internet connection in my bedroom in 1991, which was not a thing a typical high school skater kid with, at best, a 2.0 GPA, would have, let alone even know existed at the time.
Suggesting that what I learned from that experience was the foundation of my career is a massive understatement. It got me my first tech job, gave me confidence in starting a dot-com (which survived the dot-com-bubble-burst), and built relationships that have lasted over 30 years.
https://youtu.be/M3bezYerYxQ
My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
Actually I take that back, my favourite site was +fravia's reverse engineering pages. Mostly because the legitimate crack-sites were safe, but there was always a risk of downloading something with a virus, or a trojan instead. So it was more rewarding to read up on the reversing techniques and do the job myself.
Happy days using Numega's soft-ice (kernel mode debugger) to remove the protection it shipped with.
When I switched to Linux one of the first "problems" was that there were few commercial binaries which required a license key, so there were fewer reasons to actual get into reverse engineering / decompiling & patching linux binaries.
That name contains two very iconic pop culture references from the 90s: altavista and the terminator
The domain box.sk [1] hosted other interesting sites as well.
[1] https://web.archive.org/web/20000229151347/http://www.box.sk...
Phew that takes me back. And it's huge list of cracks and other things is what got me started looking into reverse engineering and security analysis haha
Wow.
https://www.richardharrison.pro/fravia/
To be fair, this is specifically to do with personal computers of the time; MS-DOS, Windows 3x, and Windows 9x were all single user operating systems: They simply had no concept of multiple users at all. The concept was bolted on later as an afterthought, but it was really janky and paled in usability and security to proper multi user environments like that seen in Windows NT.
Incidentally, this lack of understanding multi users is also why it's a royal pain in the arcane arse to join a Windows 3x or 9x machine to a Windows NT network. A network is fundamentally a multi user environment, something Windows 3x and 9x don't understand.
As for memory access, this too was simply a thing of the times. MS-DOS, Windows 3x, and Windows 9x all simply did not have the concept of segregating and securing memory access between kernel and userland and between each process. All the BSODs that traumatized us back then stemmed from this architecture, and the BSODs quickly diminished once Windows NT became mainstream because the NT kernel operated on the concept of segregated and secured memory access for better security and reliability.
A windows password would have been silly, pressing F8 at boot would drop you in msdos
With windows specifically a factor is that it is/was almost impossible to get a computer (PC/Desktop) without Windows license. Compared to that the number of potentially illegal copies was neglectable. And even for Office it was probably better that people use a copy from dubious source than a competitor so they don't find out that alternatives are good enough.
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).
FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.
That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.
This is the main reason for the simplicity of key checks.
If you copied someone elses windows installation (cd burners were very expensive, but a floppy version existed), you'd also copy the serial number, and just use that. Even if the serial verification algorithm was complicated, noone would really have to crack it at all, because they'd just use the original serial for all the copies.
Piracy was (and still is) rampant with home users, but business users still needed some kind of a simple check (so.. a simple serial) to match the installation to an actual licence, which was more "protected" than the actual medium (cd, floppy), by using holograms, microprint, etc: https://media.karousell.com/media/photos/products/2018/09/13...
You just borrowed the install CD. The only time you needed it was for the install and (sometimes) installing drivers after installing new hardware.
You could actually copy one of the folders from the windows CD onto your HDD and use that instead of the install CD for device drivers. From memory, you could actually complete a full install from a folder copied onto the HDD.
Worked for microsoft, worked for the people taking it home. Everyone was happy.
I don't think it's true that "most people who used computers" were teens or young adults. Since we're talking about Windows 95, here is some mostly contemporary usage data from the 1997 US Census[0]. A few of the strongest predictors of computer usage for a household are income, education, and using a computer at work. Being older (55+) is a pretty strong negative correlation (along with some correlated characteristics like being widowed).
I don't see a direct statistics tying computer usage to number of children, although the household size does indicate that houses with children probably are more likely to use a computer. Even just looking at the sample, about a third of households use a computer at work, at third don't, and a third don't work, which gives you a very large pool of people using computers who aren't teens or young people.
I suspect it's more likely that many of the people on this board were a young person in the 90s if they were a person at all, and so it felt like many computer users were like them. In fact, plenty of not so young adults were using computers.
PS: if by young person you just mean "under 50", I retract everything above and instead am confused by your definition.
[0] https://www2.census.gov/programs-surveys/demo/tables/compute... , https://www2.census.gov/programs-surveys/demo/tables/compute...
Your remembrances are valid, and fun to read, but people gotta temper their memories with how old they were. You're not describing "the 90s" as much as describing "being a teen and up to the usual teen highjinks"... in the 90's. I'm sure teens today have many equivalent sorts of hustles, but that's not how everybody lives. I had jobs with high bandwidth uplinks and could've downloaded boatloads of stuff. But I didn't because who needs the hassle of getting your employer a nasty call from the ISP, and I could generally buy the things I wanted. a lot of software downloads had trojans and other malware.
not trying to be a buzzkill, just accurate to the history. by way of signing off, let me say
astalavista
.box.sk
I remember the Windows cd cases were protected by this seal. If you opened the cd case to install Windows the seal broke and that was kinda your agreement you were not eligble for any refund. However, it was very possible to click open the hinges of the plastic jewel case, use the cd and put it back on its case, so the seal did not break.
This is still true today btw, but the broader user base includes a lot more people willing to pay
So, oddly enough, the transnational criminal gangs are helping the corporations in a way they never could do for themselves.
Enough to keep honest people honest and not copy the software to their immediate friends, but if the software had people interested in pirating it someone would disassemble it and just jump over the part that looked for the dongle while keeping all the software functionality intact and these patched versions would be readily available online to anyone who knew where to look.
At the end of the day not really any more secure than various software-based copy protection schemes, just more wasteful due to the extra hardware.
Only in the home computing world, which is why people on Real Computers thought home computers were toys back then. Real Computers, running Linux/Unix and VMS and MVS, damn well did have the protections Wintendo didn't, and didn't mandate a reboot every forty-odd days, either. Microsoft didn't even begin to achieve parity until Windows XP or later, and Apple didn't until MacOS X.
Indeed, Windows 98 and earlier did not require a username/password pair by default. However, it was stupid easy to log into computers and steal stuff.
Processes could read from each other's pages, but it was also stupid easy to download warez and viruses that took advantage of that. Remember, this was the age of HTTP and plain text all day every day (because computers were too slow to do client-side encryption).
Antivirus reviews and comparisons were really valid, as virus databases were also in their infancy, and some companies had better data that others.
> There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Yup. Which is why Photoshop cost $600 and a non-gimped version of Office cost $400. They baked piracy into the price and had the big companies that thought nothing of these prices pay.
Also, downloading cracks was a super easy way of getting viruses, doubly so if you didn't have AV running (many didn't). Doubly also, finding them was hard(er) before the days of WinMX, BitTorrent, etc. You had to know IRC and newsgroups. Not super friendly places.
Since disk drives existed, games makers created floppy disks that industrial disk duplicators that standard computers could read, but couldn't write, and ensured their games had code to check for that. It generally wasn't feasible to replicate these special tracks with a normal floppy drive, so instead people had to reverse engineer the game and remove the copy protection checks.
This could be easy or hard, depending on how devious the programmers were. One of the legendary games for this was Dungeon Master on the Amiga or Atari ST which took crackers about a year to find _all_ the copy protection checks [0]
This wasn't the only form of copy protection.
* Games since their earliest day had things like "enter word 7 on page 5 of the manual". Some games had a red-on-red "copy protection sheet", designed so that it would be very difficult to replicate with a standard black-and-white photocopier. Monkey Island came with a two-piece "Dial-a-pirate" code wheel [1]
* To thwart third party software developers, and to distort fair trade and give themselves lucrative pricing monopolies, the Nintendo NES had a "lockout chip", the 10NES [2]
* Sony Playstation games had a "wobble" built into the groove of their pressed discs that normal CD-Rs didn't have, and the frequency of the wobble indicated which region the game was sold to, preventing free and fair international trade by foul means [3]
* Products like AutoCAD came with a dongle, [4] it connected to the parallel port because USB hadn't been invented.
But yes, for software like Windows, where the entire product has to be installed on a hard drive, it wasn't within customer expectations to have to permanently attach a dongle or have media in a drive, and there wasn't commonplace network access with which to "phone home", the serial key or CD key was used to limit distribution. As you say, Microsoft enforced this mainly with licence audits - the BSA not only offered a reward for employees to rat out their companies [5] but they also generally acted as a front for Microsoft; Microsoft would drop their lawsuit for your minor infringement of some of their software, if you agreed to stop using Microsoft's competitors' software and convert your business to becoming a Microsoft-only shop.
Microsoft also got paid by doing deals with OEMs. If you bought a PC in the 1990s, you likely paid a "Windows tax", where every PC sold, even ones which will only run Linux, gave a portion of the sales price to Microsoft. They illegally used their exclusive agreements with OEMs to prevent BeOS entering the PC operating system market. Microsoft was found guilty of using illegal anticompetitive tactics to crush their rivals in the x86 operating system market. [7]
[0] https://www.youtube.com/watch?v=VheNpiSZxf0&t=489s
[1] https://oldgames.sk/codewheel/secret-of-monkey-island-dial-a...
[2] https://en.wikipedia.org/wiki/CIC_(Nintendo)#10NES
[3] https://en.wikipedia.org/wiki/PlayStation_(console)#Copy_pro...
[4] https://en.wikipedia.org/wiki/Software_protection_dongle
[5] https://en.wikipedia.org/wiki/Software_Alliance
[6] https://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#...
[7] https://law.justia.com/cases/federal/district-courts/FSupp2/...
You could play the adventure until you found the time travel machine (could take 1 to 3 hours depending).
You start the machine and then it went on infinite loop text : "tired of piracy tired of piracy tired of piracy..." !
Highly frustrating, but you couldn't help to admire the developper.
If I remember correctly, it was something about the way that a floppy track was formated, with the wrong number of sectors, which was readable by the disk drive, but it couldn't write it using normal copy mode.
But they picked any word in the book, even simple ones like "the". So just entering that 20x or so would get you in.
That's a name I haven't heard in a long time! It's still available! https://getright.com/
> How did he steal the source code? Sardu was running Windows 95 at the time. He made the mistake of leaving drive sharing on
Now I'm an adult who learned some of those tools profesionally, and paying for them (or services around some of them) legally.
If I didn't use them cracked in my teenage years, perhaps I would have never become a paying user in the first place.
Yes.
Okay sire here is your activation key.
Empress cracked Hogwarts Legacy in about 2 weeks to much fanfare[0].
Cracker efforts are now even crowd funded.
Maybe this is a Peter Pan moment, you grew up but the ever-child world of Piracy continues.
[0] https://nfomation.net/info/1677131115.EMPRESS.nfo
I think it should be made more transparent if a game uses such tools.
Yes, I still remember. Even after 12 years or so.
Apparently it had a bug where it didn't recognize the CD on Windows 98 but it worked on Windows 95!
Didn't have internet, so I fired up Visual Studio, stepped through the .exe, and tried flipping each JE/JNE or JZ/JNZ instruction that came before the copy protection error showed up.
It worked!! I searched for the sequence of instructions in a hex editor and modified the exe. And it led me to one of the best games ever to this date. :)
In the Renegade BBS system, for like one minor version or so, you could authenticate to any account, including SysOp, by hitting Enter instead of providing a password. Of course, in Renegade and many BBSes, you could login with either your account name or ID, which was an auto-incrementing (the manual way) integer starting at "0", the Sysop. And I'm fairly certain that the problem wasn't triggered unless you logged in by ID, which few ever did.
On one Saturday nearly every BBS in my area code running that software was restoring from backup.
I stumbled upon it because I was "1" on another BBS[0] and accidentally popped "Enter" aiming for Shift when typing my password. After picking my jaw up from the table I called my buddy and told him to unplug the phone line. :)
[0] Actually, I had hacked up and substantially re-written from the leaked Telegard 2.5 source (whichever was the origin of Renegade's code) and the password validation code was insanity -- I was young enough to see hacking as mystical and suspected I'd found a cleverly hidden back-door so I rewrote the entire thing to be as "dumb as the rest of the password handling logic was"; I had heard, later, that there was something funny going on but I stopped playing with that code by then and the Internet quickly ended that world. In all likelihood, the original developers were doing something novel that I was totally unfamiliar with and I made it worse, but I like to think I "locked that up". :)
I used strace to find that it kept the timestamp of its first run in a text file, and would read that on startup. Deleting that completely reset the trial period.
I was pretty amazed - I know most people aren't computer savvy to bypass trial periods, but I figured there'd be third-party libraries a developer could use to effortlessly guard against this sort of thing?
(If I ever need it again I will buy it. I just literally needed it a couple of times for something personal and will likely never need it again)
Should the user be able to control their machine, and delete data that the app has written? Should they be able to ‘look like a new user’?
Or should companies/apps have the ability to keep persistent data on the user’s machine, and/or link them to a previously collected set of data about that user?
Similarly, 111-1111112 was a valid key for Office.
...which is always really important considering the 20-30+ year lifecycle of actual software - whereas Adobe and their Creative Cloud service is copying Apple's strategy of pretending all their software older than 5-6 years simply never existed in the first place. "Adobe Flash/Fireworks/FreeHand? Never heard of it." - which is a huge PITA for people who might have old source files in those lovely propreitary binary file-formats that can't be opened in newer versions of Adobe software - so what on earth does Adobe expect them to do? This is insane...
I shared my findings to the community and within days it was all over the web and on every BBS, people where pretending they were the ones who made the hack, it was everywhere. Within weeks StufIt released a free update to fix this and I felt quite powerful at the effect I had caused. Years later I realized that my crack was banal and probably common knowledge to anyone but an ignorant teenager, most were just smart enough to not share it and ruin a good thing. So I inadvertently made the digital world a safer place.
Edit: thinking on it more, I doubt I was even the first person to share this information, I was just the first person stupid enough to share it on an easy to find warez/cracking site that everyone had access too. I also seem to recall that Stuffit explicitly said that this password protection was not a safe or reliable way to protect your data, if you wanted that you had to upgrade to the paid version. I probably had no real effect on anything and the new password protection StuffIt rolled out was probably already in the works when I showed up.