Thursday, November 7, 2019

*35th Anniversary of cracking/reversing*

Has it really been that long?  This post will be different from my normal posts, in that it'll contain very little technical content.

I'd like to take this opportunity to thank the people who nurtured my obsession along the way, and remember the fallen friends that I met as a result.

As detailed elsewhere on this blog, I fell into cracking copy protection literally by accident.  A well timed "Run/Stop Restore" press on my late best friend's Commodore 64 got me past the disk check on "Scrolls of Abadon" by Access software.  A short while later, Darren "Dr. Who" from Donelson Tennessee showed me how to crack Raid on Bungling Bay by NOP'ing a couple of bytes, and the ball was rolling.  Here we are 35 years later.  I've cracked software on all sorts of platforms.  C-64, Amiga, TRS-80, DOS, Windows, Linux, some embedded products that ran NO OS.  It's been a helluva ride, and I've MOSTLY enjoyed the experiences.  It's amazing to me that we've come to the point that cracks on new Denuvo protected games can only be done by a couple of people, and in some cases can take A YEAR.  When I first cracked Rob Northen's Copylock, it took me a MONTH, and that seemed to be both forever, and the lamest thing in the history of the world.  So much so that I wrote a tool to automatically remove it from all titles in the future.  And I remember when cracking Ultima 6 took ALL DAY.  A full 8 hours at work was spent crawling through the code until I finally found a single "TEST" instruction that made the difference.  If the test failed, it would ask you the doc check question, whereas a pass would skip it.

My most recent crack was last night.  I did an E-Commerce management app.  It was a trial that would pop up a nag every X seconds.  It fully worked, but it just nagged you.  Written in one of the Borland languages, it was a slight challenge as the string handling wasn't normal.  It didn't use static strings in the executable, nor did it use strings in the resource section either.  It was some weird Borland specific DKLang thing.  But ultimately, it was the call to MessageBox that did them in.  That lead me right back to the code that was showing the box, which was in a function triggered by a timer message arriving on the main thread.  A quick RETN, and all was right in the world again.

So, in closing, I'd like to call out my departed friends who meant so much to me during this run.

Michael Todd Jackson - Had it not been your willingness to let me hack around on your C-64, your encouragement, and your friendship, none of this would ever have happened.  I miss you as much today as I did the day you passed.  I'm still dancing my friend.

Dave Francis (Candyman) - Had it not been for your connections, THG would never have happened, and no one would know who I am, or care.  Thanks for all the time, and money you spent on this hobby that we did "so that we could be popular with 15 year olds using daddy's PC."

Rick Cook (Mongo) - Thanks for your constant friendship and encouragement through the years my friend.  I hope everything is better for you now.  The ghosts of traumas past are finally gone, and you can be at peace.  See you (relatively) soon my friend.

Pierre Barkett (PieMaN) - Thanks for your friendship, dedication to THG, and for taking one for the team with the Novell raid.  You were a good dude, and I'll never forget you.

And now, on to the next 35 years!
-Fab