Saturday, September 13, 2008

Some more things that occured to me.  While working for a gaming company, I was asked to have a look at an FPGA design program from Xilinx.  We owned it and all, but they wanted to not have to use the dongle.  I didn't care the reason.  Anyway, when you ran the program, it checked to see that the dongle was there, and if it wasn't it just exited.  If it WAS there, it ran.  And never checked it again unless you stopped the program and started it over.  Really, what was the reason for this?  It was almost like the protection was an afterthought, or demanded by management.

I also did an app called SNMPc.  It had the typical run of the mill Sentinel Pro dongle.  Back in the "old days" the way the dongle worked was this:  You sent it a string (usually a short one), and it sent you back a 16-bit number.  So, SNMPc sent a bunch of strings that were lyrics from Pink Floyd's "Shine on you crazy diamond".  It looked like they used a library for calling the dongle functions, as all the code looked the same.  The way the dongle code existed, was in a .DLL.  Which makes sense, you can distribute it with any app, and not have to change it if you are the Rainbow (The dongle) people.  The problem with that, is that once you have cracked it, you know where everything is inside it, and the next crack is trivial to do.  The way that I did this one, was to look for the places that called the dongle check routine.  (The bytes were the same, so a simple hex search turned them all up).  Then, I looked at what the string was that they were sending to the dongle, and at the compare right after the call to see what they expected to get back, and made a table.  Then, I went into the .DLL, and gutted the dongle check function.  I replaced it with a look-up function that I wrote that compared the sent string to the strings in my table, when it found a match, it returned the corresponding 16-bit value.  DONE!

Sometime, when Google feels like it, if you search for my name "Fabulous Furlough", you'll find a text file "interview" written by some idiot from 1993 or so.  In this file, the interviewer is asking some guy with Razor about the best crackers on the PC.  (in that era).  He says that he wouldn't put me in the top 10 because I never did an interpreter, and I never cracked dongles.  I'd like to take a little space to clear both of these misconceptions up.

Ultima 6 was an interpreter, and I cracked it without help.  (It took 8 hours, but I did it).  I have also cracked VB apps, which are interpreted, and Deadbolt 64 (mentioned elsewhere on this blog).  (And probably a bunch of other stuff that currently slips my mind).  Now, on to the issue with dongles.  During the timeframe in question, what this idiot didn't know was that I was the "secret cracker" for a group called NTA.  (Nocturnal Trading Alliance) out of Phoenix.  Mikeysoft was the head.  They didn't have a cracker, and since THG wasn't interested in doing business apps officially*, we left them to Mikey.  So, during the timeframe that he speaks of, I cracked NUMEROUS copies of 3D Studio, and a bunch of other business apps that were dongled.  So, the Razor guy was a know-nothing idiot who was just shooting his mouth off.  

UPDATE:  TODAY Goggle felt like giving me the link to the idiot's post.  So, here you go:


*The reason we weren't interested in business apps was this:  We assumed that if a company lost sales of 1000 copies of a game at $30 each, it wasn't worth the time and hassle to come and find us.  But, on the other hand, if a company lost sales of 1000 copies of a $10,000 program, THEN you have a reason to hunt people down.  (I once downloaded a financial analysis app worth $750K.  No shit.)  Wasn't protected, and came on one (1)  720K floppy.  I have NO idea what it did, but it better have shit gold bars, and farted rainbows for that kind of money.

No comments: