Re: The Prolok Saga (Was: Applesauce FDC
Fred, a completely unrelated piece of information, but interesting nonetheless: Elnec device programmers are very famous for the number of devices it programs and its robustness. Also for their clones. If you open a cloned beeprog you cannot differ it from an original beeprog. I still haven't completely reverse engineered the protection, but it seems to be related to the serial number. If any host software beyond 2.63 detects a "fake programmer" it BRICKS the cloned prigrammer. Yes, rends it useless. You gotta reprogram a pair of eeproms and a pic to make it work back again. You told about the prolok plus erasing hds and I remembered of this atitude from elnec. And no, I know of no one that sued elnec for bricking their clone programmer. So bad. They are great programmers, I have an old beeprog. 73 de pu2sex Alexandre Enviado do meu Tele-Movel Em ter, 2 de nov de 2021 17:35, Fred Cisin via cctalk escreveu: > On Tue, 2 Nov 2021, dwight via cctalk wrote: > > The trickiest protection I've seen is where there is a hole punched > > through the disk on one track. The idea is that the protected program > > writes to that track and expects to see a failure to read that track. > It doesn'tneed to be a hole all the way through, merely any physical > defect that renders that spot unusable. > > The "Physical Defect" protection. > > Copy protected disks had already been made with flawed content to produce > an error on READ, and were easily circumvented by the "duplicate" copy > having flawed content. The next step was to have a physical defect, so > that the protection software would WRITE to the bad track, and confirm > that the track really was damaged. > So, they would scratch the disk. > In the case of Prolok, the check to confirm a physical defect consisted of > writing all zeroes to that area; verifying all zeroes; writing all ones; > and verifying all ones. > > > Vault Corporation produced "Prolok" with a physical defect. To make it > MUCH MORE IMPRESSIVE to investors and clients, instead of a roomful of > people scratching disks with paperclips, they used a "laser fingerprint" > (use a laser, instead of a paperclip). > > Since they gave the same or similar subroutines, that checked for the > defect, to every client, it was cracked with software that would locate > that subroutine, and replace the subroutine call with NOPs or gut the > innards of the subroutine. The cracks were often posted on Compuserve. > (Vault sued Quaid software for "CopyWrite"/"RAMKEY") > https://casetext.com/case/vault-corp-v-quaid-software-ltd ) > > For "cloning" (pirating copies, often with the Central Point Option > board (flux hardware)), software was developed that would > identify the location of the defect, the cloner would then attempt to > scratch the disk at that location, and then the software would locate the > defect and juggle stuff around to put the content in the right place(s) > relative to the defect. > > > But, Vault Corporation wasn't satisfied until they shot themselves in the > foot with very high caliber rounds. > They announced "Prlok PLUS". W. Krag Brotby (chairman of Vault) said that > it would, if it detected a "fake" copy, wipe out the user's hard disk! > Even at the announcement of Prolok PLUS, the computer marketing > community was aghast and enraged. It doesn't take much to realize the PR > nightmare, and the legal liabilities for damaging a customer computer, > even if it was NOT a false positive! > > Ashton-Tate, the largest Prolok client for dBase III, and part > owner of Vault, immediately cancelled their contracts. And announced > that they had done so, that they had never used Prolok Plus, never would, > and no longer used Vault Corporation products. > Almost all of Vault's other clients follwed suit. > > Prolok Plus never made it to market! > 'Course the "word was out". Few people realize that it was NEVER > actually put to use. In fact some of the more idiotic newspaper "solve > your computer problems" columnists, when stumped, would actually speculate > "maybe your computer was attacked by an out of control copy-protection > program." > > > So, we ended up with a mythical monster, and the creator of that mythical > monster was vanquished. > > If anybody can document an actual existence of Prolok Plus, I would like > to hear about it. > > > There is little mention of it on the web, but: > > https://tech.slashdot.org/story/08/06/09/1927205/a-history-of-copy-protection > "Re:Ahhh, holes burned in disks (Score:5, Informative)" > > > https://books.google.com/books?id=9y4EMBAJ=PA19=PA19=prolok+plus+copy+protection+vault+corporation=bl=9Y7SBcnFx9=ACfU3U3JDSEI-QjLjMi1V_gWdPq8gaHrHg=en=X=2ahUKEwjijpjCufrzAhX2TDABHXh2DBgQ6AF6BAgHEAM#v=onepage=prolok%20plus%20copy%20protection%20vault%20corporation=false > > https://www.pcjs.org/blog/2019/05/05/ > Kryoflux display of Prolok > > -- > Grumpy Ol' Fred >
Re: The Prolok Saga (Was: Applesauce FDC
Just as my first product was about to go to market, the company president decided we needed copy protection. He wanted Prolok. I objected, and proposed that if I could break it in 24 hours, we wouldn't use it. I took 25 hours, and we did use it (fair is fair). I finally found my notes and the unlock tool. The very cryptic notes included inline. I haven't decided where to post the source yet. If anyone has prolok'ed disks and want to try it out, I'll be happy to send it to you. I don't run physical DOS machines any more, so my ability to test is limited. If you want to just run a random EXE from 1983, you can try UNPROLOK.EXE here. https://drive.google.com/corp/drive/folders/1amoYi_fY6f2UYdYeTA1o86rmAtYpsLfF --- snip --- prolok.doc prolok information sheet How to Un-Prolok a file db xxx.exe A: g 20start up g =27 3bskip int 1 and int 3 steal r si 1 ruin debugger test g 443 t t t should be at 54b g =47d 481 AL is set to correct disk B: g 4a8 make sure AH is 0x10, Carry set at 4c3 the is a write interrupt that must succeed g 4c5 r f NC clear Carry bit r AX 0 set AH to 0 g 4d2 Carry should be on, AX = 1000 g 4ea make sure BX has 47 (from table at 870) C: repeat area from B to C for second entry in table D: g 51c trick decryption part t 700 t c0 t until SI = 533 (about 20 times) g 53e BX should be 0, g 54e r ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0 si = 45a, di = 54d, cs, ss, ds, es = 283e flags: NV UP EI PL ZR NA PE NC g 57e r f ZR g 58b r f ZR g 5b0 t g =5b6 5b9 skip steal of int 21 t g =5bf 5d3 g =5e4 5e6 skip steal of int 27h F: convert user program r BX = number of 512 byte PAGES in file g 5f4 ax has base segment of user code g 627 at this point we have the converted user program in main memory. G: write it to disk d 0 examine the first few bytes if the first two are 5a 4d or 4d 5a then it is a .EXE file else a .COM file. N outfile.com if it was .EXE you will have to rename it after compute PAGES * 0x200 r cx, bxthe above value w 970 q if you continue from this point bx, cx are set wrong H: if we continued rather than writing the file g 637 g =642 644 --- Data Areas (all in CS) Address (+100) What 78b 88b store initial int 21h vector IP (0:84) 78d 88d store initial int 21h vector CS (0:86) 78b 88b store initial int 21h vector IP (0:9c) 78b 88b store initial int 21h vector CS (0:9e) 78b 88b segment of base of user code (cs:970) ^L How to disassemble Un-Prolok.exe d 0 l 100 d cs:0 l 450 u 11 l 40 u 430 l 29 d 458 l 3 u 45b l 23 u 47d l 90 u 50d l f d cs:50d l f u 51c l 32 u 54e l 98 u 5e6 l 180 d cs:765 l b u 770 l 73 u 7e2 l 50 d cs:820 l 150 u 970 l 360 d cs:0800 l 800 d cs:1000 l 800 d cs:1800 l 800 d cs:2000 l 400 q prolok.doc prolok information sheet How to Un-Prolok a file db xxx.exe A: g 20start up g =27 3bskip int 1 and int 3 steal r si 1 ruin debugger test g 443 t t t should be at 54b g =47d 481 AL is set to correct disk B: g 4a8 make sure AH is 0x10, Carry set at 4c3 the is a write interrupt that must succeed g 4c5 r f NC clear Carry bit r AX 0 set AH to 0 g 4d2 Carry should be on, AX = 1000 g 4ea make sure BX has 47 (from table at 870) C: repeat area from B to C for second entry in table D: g 51c trick decryption part t 700 t c0 t until SI = 533 (about 20 times) g 53e BX should be 0, g 54e r ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0 si = 45a, di = 54d, cs, ss, ds, es = 283e flags: NV UP EI PL ZR NA PE NC g 57e r f ZR g
RE: The Prolok Saga (Was: Applesauce FDC
Another thing Prolok did was produce a small 3 disk set of sample disks with the Prolok protection. Somewhere around here I still have a set of those disks. As I recall, a program was included on each disk to copy the program to be copy protected to the special disk.
RE: The Prolok Saga (Was: Applesauce FDC
Vault Corporation produced "Prolok" with a physical defect. To make it On Tue, 2 Nov 2021, Ali wrote: Which could be defeated w/ the Copy II Plus Enhanced Option board: http://retro.icequake.net/dob/img/eob/ There were many ways around it. Because Vault didn't write a new software package for each client, it was fairly easy, after some [not always easy] disassembly to make a patch that cracked it. Those patches were widely distributed, and the end user only knew that it was a small patch. I find it important to note that the Vault VS Quaid lawsuit was before DMCA. Afterwards, Vault might have prevailed! At the time, disassembly and bypassing copy-protection was not illegaal. But, Vault tried to claim that Quaid's software infringed on Vault's copyright! The courts ruled that Quaid's software was in no way a copy of Vault's. There was no sftware by Vault included inside the Quaid software. The announcement of Prolok-PLUS was insane, and destroyed Vault. There were many other protection schemes. Early on, I noticed that the software with the Central Point Option Board could not work if it didn't see the index hole. As a proof of concept, I showed that one could write a disk disk without an index hole (indexing on spindle, or covering the hole (moving cookie to a flipped jacket)) that couldn't be copied by the Option Board, but could be copied by DISKCOPY.
RE: The Prolok Saga (Was: Applesauce FDC
> Vault Corporation produced "Prolok" with a physical defect. To make it > MUCH MORE IMPRESSIVE to investors and clients, instead of a roomful of > people scratching disks with paperclips, they used a "laser > fingerprint" > (use a laser, instead of a paperclip). Which could be defeated w/ the Copy II Plus Enhanced Option board: http://retro.icequake.net/dob/img/eob/ This board had a small bit of onboard RAM that would load info about the defect: "EOB has an extra circuitry that allows it to emulate a burn-hole in a diskette and cause a running application to think that the original diskette is present inside the drive. As it can be understood, the copy of a burn-hole protected diskette can only be executed on a computer equipped with the standard or deluxe EOB. In order to create a working copy of a diskette that is protected by a physically damaged media, the diskette has to be copied using the regular option board methods (TC/TCM), and then the EOB utility PK.COM must be executed in order to analyze the original diskette and locate the exact place of the burn-hole. Once the place has been found, PK saves the data in a file for future use. Every time before the copied diskette is used, the PK application must be executed with the filename that contains the information as a parameter. Then, PK will program the EPROM that is present on the EOB, according to the information inside that file. Whenever the copy protected application tests for the original diskette and tries to read from (or write to) the physically damaged sector, the EOB emulates the very exact behavior of a physically damaged media at the exact place where the burn-hole was, thus confusing the application to think that the original diskette is present inside the drive."
