ATARI SOFTWARE PROTECTION TECHNIQUES

ATARI SOFTWARE PROTECTION TECHNIQES by George Morrison Forward by Ed Stewart (Athor of Letterman) AN ALPHA SYSTEMS PRODCT

SOFTWARE PROTECTION TECHNIQES DISK TILITIES (C) COPYWRITE 1983 FROM ALPHA SYSTEMS ATARI is a registered trademark of Atari, Inc. Atari Software Protections Techinqes Disk tilities is a tility package designed for se by software writers to help protect yor software from, illegal copying. The theory is described in the book (Atari Software Protection Techniqes) that is inclded in this package, bt this disk tility shold help een the beginner se some of the methods described. A men of options will atomatically appear on yor screen when the disk is loaded (with the BASIC cartridge in), or jst type RN "D:MEN" from BASIC. Each of the tilities and options contain instrctions which appear on the screen when the program is rn. For yor conenience, most of the programs are listable, and are well docmented to help yo nderstand them. I sggest yo LIST or RN each one to see the instrctions, bt type NO when asked ~f yo wish to execte the program. Also all the program listings from the book are contained on this disk. For example, Figre 4.4 from the booj{ is called "FIG44" on the disk. The following information will help yo better nderstand some of the programs on the disk Directory Hider (called H~DER on the disk) The directory Hider is sed to help preent DOS copies. It is especially sefl for men drien programs, or programs which mst epe-a files or rn other programs from the disk. The Directory Hider hides yor disk directory in a new locattonon the disk. Yor programs will atomatically se the hidden directory (becase this program changes DOS to point to it). Bt others trying to copy yor programs will see 707 free sectors. WARNING - Make a back-p of the disk yo wish to protect before rnning this program. SETSCAN - Th i s program wi 11 scan the sec tors on the di s~{ for bad or misassigned sectors. It asks for the starting and ending sectors yo wish to scan, and then displays a message for each sector. SECTLOOK - This displays the contents of a sector in character format. Jst enter the sector yo wish to read, and it will be displayed on the screen. VTOCER - This program has two parts. Option One shows yo which sectors on the disk are sed and which are free (according to the VTOC) Option Two is sed to resere space on a disk for a hidden directory. As indicated in the book, the directory shold be hidden in a certain range of sectors. If HIDER can/t find the space to hide yor directory, a message will be displayed telling yo to rn this program. Complete instrctions are displayed on the screen. BADWRITE - This program enables yo to protect yor disks with bad-sectoring. The methods sed to hae yor program check' for the bad sectors are explained in the book. This tility lets yo create bad sectors on yor disk. There are two simple ways to create a bad sector on a disk sing only standard hardware.

This tility will do both. Bad Sector Writer Option One reqires that yo slow down yor disk speed, bt is mch qicker than Option Two. Som~ types of disk dries cannot be slowed down enogh to wrlte bad sectors, so if yors is one of those, yo mst se Option Two. SING OPTION 1. The first step in sing Option 1 is to adjst yor drie speed down to 220 +-10 RPMS. Before changing yor drie speed, go to option 3 - ADJST DRIVE SPEED. This option will help yo get yor speed properly adjsted. To write bad sectors adjst yor speed to aprox. 220 +-10 RPMs. Try to write the bad sectors at the slowest possible speed withot getting I/O errors. To get the best bad sectors, yor disk shold jst barely be able to write. Adjsting Yor Drie Speed To adjst yor disk drie speed, it is necessary to remoe the top coer and adjst one screw. To remoe the coer, jst pry off the for little tabs on the top of the drie with any sharp instrment. Then with a standard phillips head screwdrier, loosen the for screws (nder the tabs) that hold the coer on, and gen t 1 y 1 if t off the coer. There are- two basi c types of ATARI 810 disk dries arond. The newer dries hae a circit board across the top (see diagram DAn). The older dries hae no circit board across the top and hae a large white plastic screw in the back left corner of the drie (see diagram "B"). This large white screw can be trned by hand to adjst yor speed. It is ery sensitie so a qarter trn may be all yo need. The newer dries are a bit trickier to adjst. To find the speed adjstment, look for a small green box with a tiny siler screw on it. It is located in toward the rear and a little left of center in the drie. I t is ery sm~.,ll bt can be ~jsfed sing a micro-screwdrier. The speed adjstment on the newer drie is not ery precise. It may take as many as 8 complete reoltions to properly adjst yor speed. The next step is to write the sectors. se option 1 to do this. Jst enter the sectors yo wish to create then press retrn. After all yor bad sectors are complete, retrn to option 3 to adjst yor speed back to normal. SING OPTION 2 This method proides an alternate method of writing bad sectors. I still recommend option 1 as a faster and easier method, howeer if yor disk drie was prchased after Jan 83, or yo own a non-atari disk drie, yo may need to se option 2. To se this method, yo mst attach two long pieces of tape (fol ded oer on to themsel es) f i rml y to the top of the di sk >-'o wish to write bad sectors on (see Diagram 1). Then insert the disk in yor drie, so that the tape sticks ot when the door is closed (be sre tape is long enogh to get a grip on when the disk door is closed). Next, enter the destination disk drie nmber (the disk drie yo wish to write bad sectors on) and the sector nmber. Then be sre eerything is set and type retrn. The screen will now prompt yo to shake the tape. Yo can gently moe the tape back and forth, and alternately psh on one piece while plling on the other. The compter will beep and signal yo when the bad sector is written. Then stop plling while it rechecks the sector. Note that ntil yo Qet Qood at it, it can take 10 mintes or more to write a single bad sector. So Keep at it, and wait for the compter to signal yo that it is done. yo wish to abort the process, hit any key. If

DIAGRAM A 0 0 o \ ~\ @ 0 _' DIAGRAM ORO._." R J J I J C,O {) I r; ~ ~ / ~ '\.J.-,-. -. ;.. - ::..: ---. -- _... ---. -,. ~:,",.-,-,~,,"... ". \ - -d DIAGRAM 1 @

WARRANTY ALPHA SYSTEMS warrants to the original consmer/prchaser that this program disk (not inclding the compter programs) shall be free of any defects in material or workmanship for a period of 60 days from the date of prchase. If a the disk "fails to load dring this 60 day warranty period, Alpha Systems will repair or replace the disk at Alpha Systems option, proided the disk and proof of prchase is deliered or mailed, postage prepaid, to Alpha Systems. This warranty shall not apply if the disk (1) has be~n missed or shows signs of excessie wear, (2) has been damaged by playback eqipment, or (3) if the prchaser cases or permits the disk to be sericed or modified by anyone other than Alpha Systems. Any applicable implied warranties, inclding warranties of merchantabillty and fitness are hereby limited to 60 days from the date of prchase. Conseqential or incidental damages reslting from a breach of any applicable express or implied warranties are hereby exclded. NOTICE As with most compter software, all Alpha Systems compter programs are distribted on an Has is" basis withot warranty of any Kind. The entire risk as to the qality and performance of sch program.s is wi th the prchaser. Shol d the porgrams proe -~ ~~:~;t"-,o-t"frtrtr pf~,~~~" ff\~~~it~~.. ~pt,~, ~~ manfactrer, distrlbli't'br-, orretart~... as~mestilil,e enre cost of all necessary sericing or repair. Alpha Systems shall hae no liability or responsibility to a prchaser, cstomer, or any other person or entity with respect to any liability, loss or damage cased or alleged to be cased directly or indirectly by compter programs sold throgh Alpha Systems. This incldes bt is not limited to any interrption of serice, loss of bsiness or anticipatory profits or conseqential damages reslting from the se or operation of sch compter programs. The proisions of the foregoing warranty are sbject to the laws of the state in which th disk is prchased. Sch laws may broaden the warranty protection aailable to the prchaser of the disk.

ATARI SOFTWARE PROfECTION TECHNIQES by George Morrison Forward by Ed Stewart {Athor of Letterman} AN ALPHA SYSTEMS PRODCT

Atari, Atari 400 Compter, Atari 410 Program Recorder, Atari 800 Compter, Atari 810 Disk Drie are all trademarks of Atari, Inc. Apple is a trademark of Apple, Inc. IBM-PC is a trademark of IBM, Inc. (c) Copyright 1983 by Alpha Systems, Stow, Ohio, 44224. Printing 116 batch 2, Jan 1985 All rights resered. No part of this book may be reprodced by any means withot permission in writing from Alpha Systems. Printed in the nited States of America 10 9 8 7 6 5 4 3 Coer design by Richard M. Morrison --- - V

FORE WARD The need for software athors to protect their property from theft is increasing. The nathorized dplication" of compter programs has become sch a widespread actiity as to threaten the ery existence of the element that has helped to poplarize the home compter most, namely the independent software entreprene"r. The phenomenal growth of the compter market has opened p ast new horizons of possibility for both the creator and the thief. It is therefore important for programmers to hae at their disposal all of the aailable techniqes to inhibit a potential pirate. This book proides the fel" necessary to make an informed decision on what protection schemes wold be most appropriate to employ and as sch fills a oid in the literatre. It may be arged that disclosre of this information will only encorage piracy. I do not agree with this argment for two reasons. First, an adanced pirate is already aware of the contents of this book and wold not benefit in the least from a reiew of it. Secondly, the wold-be pirate does not hae the technical acmen to break the protection techniqes sggested herein. This book is therefore a alable asset to yo, the software athor, in identifying the strong points and shortcomings of the arios methods a ailable today. I fond this book to be well wcitten and athoritatie in its approach to the i

problem. I feel that most readers will find it both informatie and helpfl in their endeaor to protect their inestment. Ed Stewart, April, 1983 Honeybear Software V ~- ii

ACKNOWLEDGEMENTS Alpha Systems wold like to thank John Liang for the encoragement to market the book. Ed Stewart (the athor of letterman) for his technical help. Helen Proiialeck for doing all the little things that helped to get the book written. Richard and Ethel Morrison for their help in making this book a reality. iii

PREFACE This book is written with the aerage software writer in mind. Most of the software protection techniqes presented here can be sed by anyone with een a small amont of experience with Atari compters. Some topics coered do reqire a good amont of expertise to really nderstand, so small programs are inclded in the book. Some sample programs that make the techniqes easy to se are on the optional software disk. Be sre to se the glossary in the back of the book, since some technical terms are needed to describe the protection processes. Also, it is adised that yo read the chapters in order so that yo can gain a working knowledge before reaching the difficlt sections. " / i

TABLE OF CONTENTS Foreward.. i Acknowledgements iii Preface...... i Chapter 1: INTRODCTION TO SOFTWARE PROTECTION '.. 1 What is Software Protection? The Concentration of the Book. Pros and Cons of Software Protection Problems of Piracy Need for Back-.ps The Responsibility of the Vendor Totally ncopyable Software? Chapter 2: GENERAL PROTECTION OF PROGRAMS WRITTEN IN BASIC 6 Disabling the Break Key Disabling the System Reset Key -. Preenting an Error Break Preenting a LOAD and SAVE Combination Protecting Against LIST Special Cases Chapter 3: CASSETTE PROTECTION... 12

Chapter 4: GENERAL DISK PROTECTION. 15 An ATORN.SYS File Preenting DOS Copies Disk Directories VTOCs Hiding Disk Directories and VTOCs ", Chapter 5: BAD SECTORING 28 What is a Bad Sector? How Bad Sectors Protect Software Creating Bad Sectors Conclsion Chapter 6: HIDING PROTECTION CODE., 38 Breaking Code by Hand Hiding Protection Codes Self Modifying Code Layering Yor Protection Wild Goose Chases Conclsion Chapter 7: MISASSIGNED SECTORS. What are Misassigned Sectors? How Misassigned Sectors Protect Software Creating Mis.assigned Sectors How Pirates CopY.Misassigned Sectors Protecting Misassigned Sectors 46 i

Chapter 8: ROM AND EPROM CARl'RIDGES 56 ROM Copy Techniqe I ~ Protecting Against Techniqe I ROM Copy Techniqe II ~ Preenting ROM Copy Techniqe II ~ Chapter 9: HARDWARE DATA-KEYS 61 ~ How Data-~eys Protect Programs Bilding Data-Keys "~ Copying Data-Key Protected Software Preenting the Data-Key Copy Techniqes ~ Conclsions ~ Chapter 10: LEGAL PROTECTION TECHNIQES 67 Patents Copyrights T"rade Secrets Conclsion Chapter 11: COERCIVE PROTECTION TECHNIQES 74 Serial Nmbered Software Protection Throgh Intimidation Self-Destrcting Code Freeware Selling nprotected Software Chapter 12: RECOMMENDED METHODS OF PROTECTION 81 ti Chapter 13: THE FTRE OF SOFTWARE PROTECTION AND PIRACY 85 ii

~ Appendix A. 89 -, Glossary..'. 92 " G - V -, - - '-. - - iii V,,~ V

CHAPTER 1 INTRODCTION TO SOFTWARE PROTECTION Talk abot bootleg record albms. tapes and moies has been increasing for seeral years. Copyright infringements by people who tape teleision programs has also been a growing problem. One fast growing area that hasn I t seen mch media coerage is software copying. It is estimated that there are two illegal copies of Visicalc (a poplar spread sheet program) distribted for each one legally prchased. With the growing problem of software piracy. more people are writing abot ways to preent it. Sorces that try to deal with the topic seem to focs only on legal protection techniqes. They mention copyrighting or patents. bt sally neglect to. say that these methods hae not been effectie in stopping or een slowing down the problem. The reason for the failre of legal protection is the type of people who are pirating software. While record piraters may be big operators taking in millions. most software pirating is done. by indiidals. Catching them is almost impossible. let alone trying to legally prosecte each one. WHAT IS SOFfWARE PROTECTION? Software protection refers to techniqes which discorage or preent people from making copies. The techniqes sed can -1-

take many different forms. The software prodcers can threaten legal prosection of pirates; make a moral plea against copying; gie idle threats; make software physically difficlt to copy; or attempt to bypass the problem throgh the se of new marketing or distribtion methods. The goal of software protection shold be to maximize the retrn on the inestment of the prodcers, not preent piracy at any cost. If the protection method preents the prodct from being broght to the market at a reasonable price or makes the prodct too difficlt or tedios to se, then. the prodcers hae oerlooked this goal. There are people so, obsessed with protecting their software that it preents them from selling their programs. Keep the goal of maximizing the retrn on yor inestment in mind when considering any software protection method. THE CONCENfRATION OF THE BOOK This book is written to help software prodcers deal with the problems of piracy. Legal protection and ways to discorage copying are dealt with in a good amont of detail, bt the primary focs of the book is on methods that make copying physically more difficlt. As mentioned aboe, the majority of copying is done by indiidals who make copies for a few of their friends. Sch people are not worried abot the police coming to their door with search warrants, and the scope of the problem shows that pleading with -2-

~ them not to copy, has little effect on the ast majority of software pirates. ~ Protecting software shold be like a bank protecting its money. To be effectie, ~ software protection mst try to physically preent piraters from being able to steal Ii the software. Legal and coersie techniqes may discorage some, bt I feel the best Ii protection makes copying so difficlt that only a few people hae enogh expertise to Ii copy it, and is so time consming and tedios that those expert pirates gie p Ii before breaking the protection codes. The majority of this book deals with methods to Ii achiee these goals. Ii THE PROS AND CONS OF SOFfWARE PROTECfION fhe problems of piracy. Eery bootleg ~ program made depries the prod<;:ers. of some of their earnings. Some programs can ti take months or years to write, so it is only natral that the writer wishes to get ~ financial rewards for his efforts. The problem of piracy is so bad that many Ii times the person receies an illegal copy of a program before he has een seen ads for ti the prodct. Loosely knit national software trading rings are making the bootleg Ii software a aila ble een in the most remote areas. Obiosly, something mst be done Ii abot software copying, bt for a moment, consider the other side to the problem. ti fhe need for backps. nfortnately, software is a fragile and olatile prodct. -3-

Software can be destroyed by heat, hmidity, wear, magnetic fields, falty reading. deices or een dirt. Jst toching the exposed srface of a disk can destroy it. Most compter owners hae learned that the only reasonably sre way to presere yor software is to make backps. Many people hae come to rely on their software for balancing checkbooks and keeping their phone lists, etc., and wold hae serios problems shold their software fail to work. In fact, many bsinesses hae come to rely so heaily on their software that they cold not fnction withot it. nfortna tely, well protected software is intentionally ery difficlt to back p. On one hand we hae the need to protect manfactrers from pirates and on the other, the need for the ser to be able to back p his software. The responsibility of the endor. Althogh backing p game software is obiosly not as important as home filing or bsiness software, all software shold hae proisions for backps. Some of the techniqes that will be discssed later are well sited to deal with the back p problem, bt at the ery least, it is the res.ponsibility of the endor to proide qick and inexpensie back p serice by mail. This can be as simple as an offer to replace malfnctioning software by mail for a small handling charge. Keep in mind that proiding for backps remoes one of the reasons for people to spend their time breaking software protection and may prodce good will toward yor prodct and company. -4-

TO"fALLY NCOPYABLE SOFTWARE? Can any program be made totally ncopyable? This qestion gets a qalified no. For most practical prposes, any software.can be pirated. No matter how complex the protection techniqe, there are people who can break it. Any protection techniqe inented by man can be broken by man. Let s say for a moment that trly ndplicatable software is inented at some point in the ftre. If it is trly ncopyable, then een the manfactrer cannot copy it for distribtion prposes. As yo can see, trly ncopyable code is not good nless yo only wish to sell that one copy. fhe trick to protecting software is not to make it completely ncopyable, bt to make it difficlt enogh to discorage all bt the most adanced and persistent wold-be pirates. I hate to qalify my original statement, bt I can think of one case where software dplication is almost impossible. The case that comes to mind is the software aailable only on an information serice like fhe Sorce or Compsere. This is software which yo neer get possession of becase yor responses are transmitted to the compter which contains the software. Chis may be fine for adentre type gclmes, bt for the real time arcade graphics type games, it is irtally nsable. Presently the cost is high and the response slow, bt maybe the ftre will show some hope for this method. -5-

CHAPTER 2 GENERAL PROfECTION OF PROGRAMS WRITTEN IN BASIC Protecting programs written in BASIC reqires seeral protection techniqes. In the following chapters, the specifics of dealing with tape and disk software are coered, howeer, certain protection is needed no matter how BASIC programs are stored. The real problem protecting BASIC code is the SAVE command. Protecting against the SAVE is probably more difficlt than at first yo wold expect. This is becase there are many different ways of stopping a programs exection and then saing it ia a SAVE"D :program" or SAVE"C:" command. The topics that one mst nderstand to stop this possibility are: 1. Disabling the break key 2. Disabling the system reset key 3. Preenting an error break 4. Preenting LOAD and SAVE com- binations 5. Special cases where control mst be gien to the program ser. All these problems come p with BASIC programs becase once loaded ihto memory, they are ery simple to sae to disk or tape if the program ser is gien the opportnity. The trick is not to gie them the chance. In other words, yor program mst not lose control of the compter. -6- --

DISABLING THE BREAK KEY Hitting the break key stops the exection of a program withot clearing memory. fhis allows simple saing of the program. To disable the break key ta kes only two pokes.fhey are: POKE 16,112 POKE 53774,112 Technically, yo. are changing the POKEY interrpt ector bt sffice it to say that these pokes will disable the break key. It is important to note that these pokes mst be repeated after each GRAPHICS command. fhis is becase the GRAPHICS command refreshes those memory locations. Other commands can clear these locations also. To be on the safe s ide, it is good to repeat these pokes seeral times throghot the program. Since the break key is sometimes hit accidentally. these pokes are a good idea een in nprotected BASIC programs. DISABLING fhe SYSTEM RESET KEY The system reset key is similar to the ~ break key in that it stops exection withot clearing the program from memory. There ~ are two simple ways to disable this key. The first is: POKE 580, 1 This POKE cases what is called a cold ~ start. In other words, if system reset is pressed after this POKE, the system will ~ -~

restart itself in the same way it wold if yo trned the compter off and then back on again, and all program memory is cleared. Another way to disable the system reset key is: POKE 9,255 This will case the system to lock p (keys won't work) if system reset is pressed. Either of these two methods is acceptable for disabling the system reset key, howeer, the first is preferable for disk based software becase it will case the disk to reboot. PREVENTING AN ERROR BREAK As yo probably know, when an error is encontered in a BASIC program, exection is stopped and an error message is displayed. This proides anyone the opportnity to sae yor program. Of corse, a well written program shold not hae errors in it, bt often nsal inpt can case them. For example, if the program asks for a n mber bt the person enters a letter, it may case an error. Also, nsal circmstances may arise that were not foreseen by the programmer. To help preent these types of breaks, the BASIC command TRAP can be sed. For those not familiar with this, it cases the program togo to a specifi~d line nmber if an error is encontered. A complete explan- -8-

ation is in yor BASIC manal. It shold be noted that once a TRAP is sed, another TRAP statement mst be issed if yo want to contine s topping errors. PREVENTING A LOAD AND SAVE COMBINATION If yor program reqires the ser to "LOAD" it or to "RN" it, it is more difficlt to protect. This procedre gies the ser the opportnity to sae it before it is rn. One good way to preent this is by haing an atomatically booting disk or cassette. The details of this method will be presented in the sections on disk and cassette protection, bt essentially an atoboot system cases yor program to rn atomatically when the system is started. PROTECfING AGAINSf LIST I~ fhere are seeral ways to preent someone from being able to LIST yor program. The one I feel is best cases the compter to lock p if a LIST (or any ther command) is gien with yor program loaded in memory. Be sre to hae a bac k p before sing this procedre so yo will ha e a listable ersion to work with shold yo decide to pdate yor program. To se this procedre, jst insert this line as the last line in yor program: 32500 POKE PEEK(l38)+256*PEEK039)+2,O: SAVE "D: program": NEW -9-

For disk sage, change where it says "program" to the name yo wish to sae yor program as. For cassettes, change the SAVE to a SAVE "C:". Type GOTO 32500 to sae the protected ersion to the disk. This procedre changes the crrent statement pointer to 0 and will allow yor program to rn normally een thogh it cannot be V listed. SPECIAL CASES At times, it is necessary or desirable to let the ser hae control of the compter and LIST or MODIFY yor program. Een in these cases, it is still possible to protect yor programs from copying. The trick here is to make yor program need some conditions preset before it will rn. One way to do this is to hae yor atoboot procedre point to a small initialization program that will then load yor program. An example wold be to hae this initialization program roke a small machine langage sbrotine into memory and then rn yor main program. For those not familiar with assembly langage, here is a simple example that can be sed: POKE 1680.104: POKE 1681,96 \-...J fhis assembly langage roline will j~t clear the s tack and retrn to yor program when called with a statement "like this: -10-

X=SR ( 1680) This call can be pt in arios locations throghot yor main program. These are sed to make yor compter lock p shold it try to rn withot haing POKED the sbrotine into place. In other words, yo can let yor program ser copy and modify yor main program, bt it will not work withot rnning yor initialization program which is protected. Yo may point ot that the. person can jst remoe these statements and then the program will rn correctly. This is tre, bt hopeflly they will think the statement seres some prpose other than jst protection and not jst remoe it. One way to preent the program ser from being able to remoe it. is to make the sbrotine perform some alid fnction needed by yor program. Then, the program will not rn (with or withot statemenls) if yor initialization program is not rn ~ first. -11-

CHAPTER 3 CASSETTE PROTECTION fhere are major problems with techniq es sed to protect cassettes. 1 n fact, many companies hae stopped releasing cassette based software becase of this. Varios methods are aailable that make cassettes harder to copy, bt none offer protection against a copy system called "Adio Dping". Adio dping is a techniqe sed by large scale software prodcers to dplicate their tapes. It is also sed by software pirates. Adio dping is done by directly recording one cassette from the other sing two high qality cassette recorders. A cord is rn from the otpt (or earphone) jack of one recorder to the inpt (sally ax in) of the other, and the cassette is copied with all filters and noise redction systems trned off. This yields a working copy of the cassette. This software protection problem arises from the fact that standard cassettes are sed for software. With all the high qality stereo systems arond, almost eeryone can get access to a cassette recorder good enogh to dplicate tapes sed for software. Althogh the se of this method by pirates, stops the software manfactrer from preenting copying altogether, certain techniqes are aailable which at least help protect the program against simple BASIC copies and tape to disk copies. They can a Iso help preent others from trying to -12-

market yor programs with only minor r) modifications and a different name. First, the methods discssed in the ~ preios chapter on general BASIC protection shold be employed on cassettes r) sing BASIC. One simple way to protect a program against the LOAD and SAVE r) combination is to make yor program nlistable. The techniqe presented earlier r) to preent the list command (see chapter 2) also protects against a simple sae (') command. In this case, yo mst instrct the prchaser (in the docmentation) to (') type; r) RN "C:" r) A load wold not work becase on\..e the program is loaded, the protection wold r) preent a rn command from working. This techniqe also helps preent a pirate from r) transferring the tape program to disk or modifying the program for resale. r) Machine langage programs offer different protection problems. Seeral r) companies market programs which transfer machine langage programs from tape to r) disk. Fortnately, these programs are not effectie a t copying mltistage loads. A r) mlti-stage load program is one which loads in seeral parts. The program ses r) the standard boot procedre to load a rotine, which then loads the rest of the r) pl"ogram, or the program can be broken into seeral segments that load each other in r) trn. The se of these mlti-stage loads is ery effectie against standard tape to -13-

tape and tape to disk tilities. Only the first segment of a mlti-stage program is copied by these tilities becase they se the boot info from the beginning of the tape. As stated earlier, these techniqes can make copying or modifying cassette programs harder, bt they are ineffectie aga inst adio dplicating systems. Some companies deal with this problem by prodcing two ersions of their programs. One scaled down ersion on cassette, and a higher qality ersion on disk. This encorages disk owners to by the disk ersion rather than jst copying the cassette. The manfactrers also cont on the fact that cassette owners a re less likely to be familiar with copy techniqes. Cassette based programs do offer a wider market than disks and are mch easier to prodce than cartridges. Howeer, from a software protection standpoint, cassette based programs hae serios problems. The final decision on the se of cassettes shold be made only after examining yor objecties for yor program careflly. -14-

CHAPTER 4 GENERAL DISK PROTECTION This chapter will coer disk protection in general. If the programs yo wish to protect are in BASIC, then the techniqes presented here shold be sed in combination with those presented in Chapter 2. The methods presented here are the first step to disk protection. The chapters on bad sectors, misassigned sectors, and hiding protection code, deal with more adanced forms of disk 'protection. ArORN. SYS File If yor program reqires the ser to LOAD it before rnning (in BASIC or assembled, it can sally be copied ery easily. A good way arond this is with the se of an AfORN.SYS file or an atoboot disk. The name ATORN.SYS has special meaning to DOS. When a file with that name is on a disk, it will be loaded atomatically when the compter is trned on (with the disk drie on, of corse). sing an ATORN.SYS file is ery easy for assembler programmers. Any machine langage program can be set p with a "RN AT ADDRESS" (DOS option K) and renamed to ATORN.SYS. Then it will rn atomatically when the disk is booted. Another option for assembler programmers is creating an atoboot disk. This is a disk that carries the information to load yor program in the boot sectors (sectors 1 and -15-

2). See Atari fechnical ser's Notes for complete details on this method. Creating an ATORN.SYS file is mch more difficlt for a BASIC programmer, since the file has to be a machine langage program. Figre 4.1 shows a simple BASIC program that will create an ATORN.SYS file for yo. When the program is rn, it will create a file called ArORN.SYS that will atomatically rn yor BASIC program for yo. The BASIC program mst be named "FI RSTPGM" for it to work. Also, the disk mst hae DOS.SYS on it. Besides helping to protect yor V program, an ATORN disk has another adantage. It is mch easier for beginners to se since it loads and rns yor program atomatically. Preenting DOS Copies The protection methods presented p to now are sfficient to preent copies from BASIC. This section focses on preenting DOS copies. From the Atari DOS men, the ser..:an dplicate a file (option 0), copy a file (option C) or dplicate a disk (option J). Preenting these types of copies reqires a knowledge of directories and VTOC's. Disk Directories: The disk directory is probably the most heaily sed part of the disk. Wheneer a file is accessed (loaded, deleted, read, copied, etc.) DOS ses the directory. The directory contains the names, locations and lengths of all files on -16-

FIGRE 4.1 18 REM )1)1 THI S PROGRAM CREATES AN ATORN.SYS FILE, WHICH WILL ATCI1ATICALLY 28 REM )1)1 RN PROGRAM - D I F I RSTPGH- WHEN DISK IS LOADED 38 OPEN.4,S,8,-D:ATORN.SYS- 48 FOR J=1 TO 153 58 READ A;PT.4,A 68 NEXT J 78 CLOSE.4 S8 DATA 255,255,8,6,138,6,162,8,189,26,3,281,69,248,5 98 DATA 232,232,232,288,244,232,142,18 5,6,189,26,3,133,285,169 188 DATA 187,157,26,3,232,189,26,3,133,286,169,6,157,26,3 118 DATA 168,8,162,16,177,285,153~187, 6,288,282,288,247,169,67 128 DATA 141,111,6,169,6,141,112,6,169,15,141,186,6,96,172 138 DATA 186,6,248,9,185,123,6,286,186,6,168,1,96,138,72 148 DATA 174,185,6,165,285,157,26,3,23 2,165,286,157,26,3,184 158 DATA 178,169,155,168,1,96,8,8,8,8, 8,8,8,8,8 168 DATA 8,8,8,8,8,76,8,8,8,34,77,71,8 8,84,83 178 DATA 82,73,78,58,68,34,32,78,85,82,255,255,226,2,227 188 DATA 2,8,6-17-

the disk. The directory is loaded in the ap- proximate center of the disk, in sectors 361 throgh 368, inclsie. It is created when the disk is formatted with DOS. A machine langage program can do away with the directory all together if it is atobootir:lg and doesn't need to access files. In general thogh, the directory is a reqired part of the disk. Figre 4.2 shows how the directory is stored on the disk. This diagram is inclded for adanced sers bt its nderstanding is not reqired. VTOC' s: VTOC stands for "olme table of contents" and is sed to keep track of which sectors on a disk are fll and which are free. Wheneer a file is added or deleted from the directory, the VTOC is pdated to show which sectors are now sed or free. The VTOC is stored on sector 360 and its layot is shown in diagram 4.3. nderstanding this diagram is not reqired bt is inclded as an aid for adanced sers. Hiding Disk Directories and VTOC' s Hiding disk directories is a ery effectie techniqe for stopping noice copiers. It is ery widely sed and will preent simple DOS copies. To be most effectie in BASIC, this techniqe shold be combined with stopping program breaks, system resets and other methods d"iscssed in Chapter 2. This method is especially good for programs which atomatically rn -18-

FIGRE 4.2 A DIRECTORY SECTOR LAYOT Director Entry o 1 3 5 13 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ : F : CNT: SSN: FILE NAME : EXT : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-- Starting sector nmber Two Bytes Points to first sector of a f i Ie +------ Cont - Two bytes The nmber of sectors in the file +--------- Flag - One byte- $81 -File opened for otpt $82 -File created by DOS $88 -Entry neer sed $28 -File locv.ed $48 -File in se $88 -File deleted FIGRE 4.3 VTOC SECTOR LAYOT (Sector 369) $168 Hex BYTES 8 1-2 3-4 5 6-9 18-99 Type Code (9=00S 2.9> Total nmber of sectors Nmber of nsed sectors Resered nsed Each bit in this area represents a spacific sector (8=sed,l=nsed) -19-

other programs, and programs where the ser may need to access specific listings or files. After it is sed, a normal directory listing will show 707 free sectors (or whateer yo want it to show), bt yor programs can still se the hidden directory as they please. Also, some files can be pt in the hidden directory and the real directory, letting the ser access certain files bt not others. The optional program disk has a program that will hide yor directory atomdtically for yo. If yo did not prchase this disk, bt wold like to, see the back of the book for ordering informa tion. The rotines to search for yor file in the directory are part of DOS and are loaded when yo trn on yor compter. A method I deeloped to hide yor directory inoles altering part of DOS to point to a new directory in a different location. A warning shold be gien at this point: BEFORE SING THIS (OR ANY OTHER PROTECTION METHOD), BE SRE YO HAVE MADE A BACK-P. The back-p seres two prposes. First, the nprotected back-p gies yo the means to change yor program in the ftre (to modify it or jst fix bgs, etc.). Secondly, the back-p is needed in case yo accidentally damage or destroy yor disk dring the protection process. Hiding the directory inoles fie steps. They are: 1. Back p yor completed disk. 2. Copy the directory to a new location. 3. Alter DOS to point to yor new directory. -20-

4. Write the altered DOS files to yor disk. 5. Destroy or change the old dir::!ctory, VTOC and DP.SYS file..~ Step 1: Back p yor completed disk. Before yo protect yor disk, yo shold hae it finished and complete becase once protected, it will be hard to modify. Also, be sre to keep an nprotected back-p for the reasons mentioned aboe. One reqirement of this techniqe is that yo hae the DOS files on the disk. If they are not there now, se DOS option H to write them. Step 2: Copy the directory to a new location. It was stated earlier that the directory ri des a t sec tors 361-368. Normally, DOS looks to these sectors to access files. ['0 hide the directory, we will copy the directory to a new location ~ then later delete (or jst alter) the old directory to trick a normal DOS. In other words, yor program can se yor hidden directory as sal, een thogh the real directory shows the disk to be different or empty. ['0 moe the directory reqires a sector moer. Figre 4.4 contains a basic program that can moe a sector of da ta from one location on the disk to another. In this case, we will moe the eight sectors (which make p the directory) to a new location. "fo keep this protection method simp Ie, yo mst stay within certain restrictions. In this case, yo can moe yor directory to anywhere between sector 255 and 510 (the -21-

FIGRE 4_4 18 REM JOE ROTINE TO MOVE A SECTOR FR(Jot ll'ie LOCAT I ~ TO ANOTHER 28 REM JOE SET P C 10 CALL JOE 38 FOR 1=1536 TO 1548:READ X:POKE I,X: NEXT I 48 DATA 184,32,83,228,96 58 DIM A$( 128),B$( 1) 68 REM ~~ SET DRIVE ~~ 78 DRIVE=I:POKE 769,DRIVE 88 REM ~~ SET COMMANDS ~~ 98 RREAD=82:WWRITE=87:POKE 778,RREAD ~ 188 REM ~~ GET SECTOR NMBERS ~~ 118? " FR(Jot SECTORD;:INPT FRHSEC 126? :? " TO SECTOR";:INPT TOSEC 138 POKE 778,FRHSEC-(INT(FRHSEC/256)~2 ~ 56):POKE 779,INT(FRHSEC/256) 148 REM ~~ SET ADDRESS TO STORE READ ~ ~ 158 ADRA=ADR(A$) :POKE 772,ADRA-(INT(AD RA/256)~256):POKE 773,INT(ADRA/256) 168 REM 178 REM ~~ EXECTE CALL-CIO ROTINE ~~ 188? "HIT RETRN TO READ SECTOR.. ;FRM ~ SEC: INPT 8$ 198 Z=SR ( 1536) 0 288 REM ~~ SET WRITE SECTOR ~~ 218 POKE 778,TOSEC-(INT(TOSEC/256)*256 ) :POKE 779,INT(TOSEC/256) 228? "HIT RETRN TO WRITE SECTOR It ;TO SEC: INPT 8$ 238 POKE 778,WWRITE ~ 248 Z=SR( 1536) -22- ~

reason for this will be explained lated. Where yo moe yor directory in this range is not important, bt it mst be to nsed sectors. Figre 4.5 contains a program that will tell yo if the sector is free. For the sake of simplicity, let's say yo decide to moe yor directory to sector 501 throgh 508. To do this, yo wold rn the sector moer (figre 4.4) and moe sector 361 to 501. Then, rn again and moe 362 to 502, etc. ntil yo reach 368 to 508. Yo are then ready for step 3. Step 3: Alter DOS to point to yor new directory. Changing DOS is ery easy if yo know what to do. In this case, we will change DOS to point to or new ditectory with jst one POKE. Since DOS is stored in memory, we can change it by changing these memory locations. To case DOS to look a t or hidden directory. we will POK E location 4226 with a new ale. It normally contains 105. and this tells DOS to look to sector 361 for the directory. To compte the new ale to POKE into this location, jst se t hi s form la : New POKE ale = 105 + (hidden directory sector nmber - 361) In or example we moed the directory to start in sector 501, so or new ale to POKE wold eqal 245 (= 105 + (501-361)). -23-

FIGRE 4.5 18 REM ~~ ROTINE TO CHECK IF SECTOR IS SED ~~ 28 REM 38 REM ~ NOTE; TO CLEAR NSED SECTORS 48 REM ~ START WITH FORMATTED DISK 58 REM ~ AND COpy YOR FILES TO IT 68 FOR 1=1536 TO 1548:READ X:POKE I,X: NEXT I 78 DATA 184,32,83,228,96 88 DIM A$(128),9$(128) 98 REM ~~ CLEAR STRINGS ~~ 188 A$( 1, 1>=CHR$(8):A$( 128, 128)=A$:A$( 2,128)=A$ 118 8$(1,1)=- -:8$(128,128)=8$:8$(2,12 8)=9$ 128 DRIVE=I:POKE 769,DRIVE 138 RREAD=82:POKE 778,RREAD 148? :? - WHAT SECTOR-;:INPT SECN 158 POKE 778,SECN-(INT(SECNV256)~256) : POKE 779,INT(SECNV256) 168 ADRA=ADR(8$):POKE 772,ADRA-(INT(AO RA/256)~256):POKE 773,INT(ADRA/256) 178 Z=SR( 1536) 188 IF A$=BS THEN? - SECTOR IS FREED: GOTO 148 198? -SECTOR IS FLL-:GOTO 148-24-

So yo wold se this statement to change DOS to point to or hidden directory: POK E 4226, 245 fhe reason why we can only moe the directory to a certain range of ales, is becase of this POKE. rhe minimm ale yo can POKE is 0 and the maximm is 255, that is why or directory has to be hidden within these 256 sectors. Step 4: Write altered DOS files to disk. In order to ma ke the modification to DOS permanent, we mst rewrite the DOS files. To do this, jst type DOS and press retrn. if yor direct.ory was moed properly, the DOS men shold appear. if the men does not appear, go back to step 2 and try aga in. For those who made it to DOS, type H (write DOS files). fhis will write yor modified DOS to the disk, so yor programs can find the hidden directory. Step 5: Destroy or change old directory, roc and DP.SYS file. Now comes the time to brn or bridges behind s. First trn yor compter off and then back on iind thoroghly test yor programs. rhey now se the hidden directory. Next, we will delete or alter the old directory, roc find DP.SYS files. if yo are not familiar with the D P. SYS file, this file is c rea ted when yo write DOS files, and mst be deleted in order to protect yor programs. The D P.SYS is sed to load t he DOS me n. The -25-

DOS men cold point a pirate directly to yor hidden directory. 'fo delete it, load the DOS men from another disk, then retrn yor disk to the drie. se option D to delete the DP.SYS file.. Next, let's get rid of the old (real) dire:tory' so others won't be a ble to find yor programs. The easiest way to protect it is to delete it. Once again, se the sector moer (figre 4.4). This time, copy sector 720 (or a ny blank sector> to sectors 361-368. This will delete the old directory. Adanced sers may wish to jst delete certain files and leae others intact so that yor sers cold list or copy them. To de this', yo wold need to nderstand and modify the old directory. Figre 4.2 shold be a big help in dcing thi.s. Keep in mind that the directory is not sed by yor programs, yor programs se only the hidden directory. The final step is to change yor roc. l'he V foc is sed when a DOS command J (dplica te disk) is issed. This command copies all sectors which the V'fOC shows to be fll. Fortnately, there is a ery simp Ie way to make the VTOC say 707 free sectors (a blank disk). Again, we need or sector moer (figre 4.4). fhe trick is to copy the V'fOC from a blank, formatted disk onto or disk's VTOC. The V'fOC is stored in sector 360, so jst insert a blank formatted disk in the drie and tell the sector moer to moe sector 360 to sector 360. fhen read sector 360 from yor blank disk, and switch disks to write it to yor- program disk. Now yor disk is comp lete. I recommend -26-

r-"\ that yo thoroghly test it again. Now boot p another disk in yor drie and go to r-"\ DOS. Then insert yor protected disk into the drie and type A (display disk r-"\ directory). Srprise! Yor disk says there are no files and 707 free sectors. bt it fi still rns yor programs perfectly. -27-

CHAP fer 5 BAD SECTOR ING WHAT IS A BAD SECTOR? A bad sector is a term often sed by software prodcers trying to protect their software and by pirates. A. bad sector is basically a sector on a disk which cannot be read accrately by the disk drie. This can be an nformatted sector, a sector that was written with a misaligned disk, a sector that was partially oerlaid (sally cased by incorrect disk speed) or a sector that was physically or magnetically damaged. 1 will go into these frther, bt first, let me deal with the most common misconception abot bad sectors and creating bad sectors. The most often asked qestion abot bad sectors is, "Can't yo jst store bad or random da ta in a sector to create a bad sector?" The answer is, "No", since the da ta on a disk is stored as binary 0' s and l's, any pattern of them i3 alid and can be read by a disk as long as they are properly placed. In other '.'ltords, it makes no difference to the disk drie what data is stored in a sector. If it c an be read accra tely, it is considered to be a good sector. Another common misconception deals with creating bad sectors. People nderstand that an nformatted sector is bad (this is correct), and say that they can jst format the sectors they want to be -28-

good, and leae the others nformatted (to be bad sectors). nfortnately, this cannot be done with the standard ATARI disk drie. The standard ATARI disk drie accepts only for commands. They are: READ SECTOR, WRITE SECTOR, CHECK SfATS and FORMA f DISK. Becase the drie has its own 6507 microprocessor, it controls the actal fnctions inoled with the for commands. The details of how to perform these fnctions is stored on a ROM chip in the disk drie. When a format disk command is sent to the drie, it takes oer arid formats the entire disk. Een trnin.~ off the compter will not affect the forma Hi ng. Abot the on ly way not to format the entire disk with an nmodified drie is to trn off the disk droie dring the formatting process. l'his is difficlt to control, bt is sometimes ~ffectie in creating bad sectors. 1I0W BAD SECrORS PROl'ECr SOFfWAI~E Most ATARI sers aloe aware that bad sectors are sed to preent the copying of disks, bt wonder how they achiee this. A little history of protection techniqes w.old help clear this p. For a long time, hidden directories and other disk protection methods explained earlier were the only methods aailable (and for that matter, needed) to preent disk piracy. As sector copiers began to be readily aailable, it became ob ios that some new method of copy protection was needed. It was known that the sector copier wold dplicate all -29-

readable data on a disk (at that time), so the problem became how to stop a copy from rnning. It was reasoned that the program had to hae some way of telling if it resided on the original disk or a copy. The original disk had to hae some characteristic that cold distingish it from a copy. Bad sectors fit the bi 11 perfectly. The original disk cold hae a bad sector that cold be checked by the program. In other words, the program wold be able to tell if it resided on the original disk by checking for the bad sector. The program wold rn as sal if the bad sector was fond, bt.if it didn't find the bad sector, it wold know that it was on a copy disk and take some appropriate action (e. g. lock p the compter, attempt to format the dis k, e.tc.). CREA fing BAD SECfORS For a medim to large scale software prodcer, the best way to create bad sectors is to prchase cstom hardware or special modifications for the 810 disk drie (See appendix "A" for a list of companies). For small scale software prodcers, there are seeral ways to create bad sectors withot special hardware. Also, one shold know of the techniqes presented below becase they are sometimes sed by software pirates to create bad sectors. Once a bad sector is created on the original disk. most disk dplicating companies can -30-

make batches of them easily (see appendix "A") which saes the small software company from haing to recreate the bad sectors on all their disks to be distribted. As mentioned earlier, there is no way to create bad sectors with the standard 810 disk drie from software alone, howeer, there are some special techniqes that can be sed. One ery good method is to se other small compters to write bad sectors and tracks. Some compters like the APPLE and I BM-PC allow yo to format single sectors and tracks. l'heir formats are not compatible with AfAR [' s, ths reslting in bad sectors. Howeer, this techniqe is not effectie if precise control of the bad sectqrs is needed, and yo mst hae access to and knowledge of the other compters to se this method. Another method is to physically damage the disk. I hae seen this techniqe sed sccessflly, bt it has major drawbacks. Basically, yo map ot the disk, and sing a pin or other sharp object, physically damage the sectors that shold be bad. Needless to say, hitting the right sector is ery difficlt. and permanent damage to the disk mst be done. A ery similar techniqe is to magnetically damage sectors on the disk sing a powerfl magnet or a picoelectric deice. This saes the disk from permanent damage. bt it is een harder to place the bad sectors precisely where yo want them. -31-

Another techniqe sometimes sed is to alter the read/write head alignment on yor disk drie. This techniqe works bt I strongly' warn against sing it becase readjsting yor alignment properly reqires an oscilloscope, and a disk with improper alignment is sally incompatible with a properly aligned disk drie. Finally, there are two techniqes which are effectie and relatiely easy to se to create bad sectors. The first techniqe inoles attaching a piece of tape to yor disk jacket so that when the disk is inserted in the drie, the tape sticks ot the door. Essentially, yo shake the tape (which is a ttached to yor disk coer) while a program is continally writing and reading the sector yo wish to destroy. This techniqe works bt can take as long as 10 mintes to write a single bad sector. The other techniqe inoles adjsting the speed of yor disk drie. This method is fast and ery precise. It enables yo to write as many bad sectors as yo wish withot doin ermanent damage to yor disk. Yor dne mst be slowed to approximately 220 RPMs (so yo can jst barely write a sector withot an error). Then, yo hae the disk write the sector yo wish to destroy. When yor drie is adjsted back to normal speed, those sectors will be read as bad sectors. The optional software disk (ordering -32-

information in back of book) that goes with this book contains programs which makes writing bad sectors by these methods easier. CHECKING FOR BAD SECTORS Obiosly, to se bad sectors as a protection techn iq e, the program mst ha e some way to check for them. Fortnately, this is a simple process. Figre 5.1 shows a simple BASlC program that will help with this. All it does is read a sector, check the stats byte and display a message saying if it got an error or not. Figre 5.2 contains a modification to the program that wi II case the compter to lock p if the sector is good, bt contine if reading the sector, retrned an error code. This rotine can be sed in yor pl"ogram to erify a bad sector. To se it, jst insert this rotine at the beginning of the program yo wish to protect, then create a bad sector on the disk al the location checked in the program (crrently set to sector 710 bt can be changed to whateer sector yo wish). Now the program will rn only on disks that get an error trying to read the specified sector. Note that this program will register any error in the a ttempt to read the sector. I'his means that if the disk drie is trned off or the disk is remoed before the read, the program will contine to rn as sal. -33-

FIGRE 5.1 18 REM II ROTINE TO CHECK BAD SECTORS 28 DIM A$( 12B) 38 REM 48 R8H II SET DRIVE II 58 DRIVE=I:POKE 769,DRIVE 68 REM 78 REM II SET Cm+1AND TO READ I I B8 RREAD=B2:POKE 778,RREAD 98 REM 188 REM II GET SECTOR NtJotBER II 118? -WHAT SECTOR -;:INPT SECN 128 POKE 77B,SECN-(INT(SEONV256)1256): POKE 779,INTCSEONV256) 138 REM 148 REM II SET ADDRESS TO STORE SECTOR AT II 158 ADRA=ADRCAS):POKE 772,ADRA-(INTCAD RA/256)1256):POKE 773,INTCADRA/256) 168 REM 178 REM II SET P CALL-CIO ROTINE II lb8 FOR 1=1536 TO 1548:R~D X:POKE I,X :NEXT I 198 DATA 184,32,B3,22B,96 288 REM 218 REM II EXECTE CALL-CIO ROTINE II 228 Z=SRC 153cS) 238 REM 248 REM II CHECK STATS. CODE II 258 STTS=PEEK(771):IF STTS=1 THEN PR I NT - SECTOR WAS GOOD-: END 268 PRINT SECTOR WAS BAP- : END -34-

FIGRE 5.2 18 REM ~~ ROTINE TO LOCK-P COMPTER I F CHECKED SECTOR NOT BAD 28 DIM AS( 128> 38 REM 48 REM ~~ SET DRIVE ~~ 58 DRIVE=I:POKE 769,DRIVE 68 REM 78 REM ~~ SET CCH1AND TO READ ~~ 88 RREAD=82:POKE 778,RREAD 98 REM 188 REM ~~ SET SECTOR NMBER TO 718 ~~ 118 SElN=718:POKE 778,SECN-(INT(SECN/2 56)~256) :POKE 779,INT(SECNV256) 128 REM 138 REM ~~ SET ADDRESS TO STORE SECTOR AT ~~ 148 ADRA=ADR(AS):POKE 772,ADRA-(INT(AD RA/256)~256):POKE 773,INT(ADRA/256) 158 REM 168 REM ~~ SET P CALL-CIO ROTINE ~~ 178 FOR 1=1536 TO 1548:READ X:POKE I,X :NEXT I 189 DATA 184,32,83,228,96 199 REM 289 REM ~~ EXECTE CALL-CIO ROTINE ~3E 219 Z=SR( 1536) 229 REM 238 REM ~3E CHECK STATS CODE 3E~ 248 STTS=PEEK(771):lF STTS=l TH~? COpy DISK DETECTED-:X=SR(8) 258 PRINT -PROGRAM RLNS NORMALLY" : END -35-

To preent a pira te from sing this techniq e to trick yor program, it is a good idea to read a good sector after checking for the bad sector and bomb the program if this sector is not good. Essentially then, yo first check the bad sector and bom b if it is not a n error, then check the good sector and bomb if it is an error. Now is a good time to mention hiding the protection code. Hiding protection code comprises a set of techniqes which disgise yor protection fnctions to help preent a pirate from finding and remoing the protection code. These techniqes are discssed in detail in the next chapter. fhe importance of these methods cannot be oeremphasized becase if a software pirate can find and disable the protection in the program, this nprotected ersion can qh:kly spread throgh pirate circles. CONCLS IONS Althogh bad sectoring is the most widely sed protection techniqe, it has a major drawback. The drawback is that bad sectors can be created by anyone who knows how with jst a s tanda rd 810 disk drie. This means that a pirate can copy the original disk (with a sector copier) and then create bad sectors on the copy whereer they were on the original. This wold create a working copy, becase all 36-

the checks for bad sectors wold yield the same reslts as the original. Needless to say, this techniqe is spreading fast throgh the pirate commnity and will soon make bad sectoring only effectie against noice pirates. Howeer, keep in mind that this protection techniqe can be applied by een the smallest software prodcers with the most limited resorces, and when combined with some of the other methods discssed, is still effectie against many pirates. -37-

CHAPTER 6 HIDING PROTECTION CODE In order to adeqately protect software yo mst nderstand the techniqes sed by software pirates. One of the main techniqes is called "hand breaking of the protection code". Breaking Code by Hand Hand breaking of software is one of the most powerfl software copying techniqes. fhis techniqe can copy programs sing irtally any protection scheme and is considered practically impossible to stop. Breaking the code by hand is a Iso the most difficlt and time consming copy techniqe sed, and reqires adanced knowledge of 6502 assembler and software protection techniqes. The first step in sing this techniqe inoles listing the BASIC code or disassembling the machine langage program. A disassembler takes a program (or section of a program) from disk, tape, or memory and conerts it into assembler langage. Conertin~ the machine langage into assembler langage makes it mch easier to read and nderstand, bt it is sti 11 ery difficlt to find the protection instrctions. Some disassembler and debgger packages hae adanced featres which can make the process easier. A string search can be a great help in finding things like disk reads or stats checks. A string -38-

r'i r'i search, searches memory (or disk, etc.) for a selected nmber or string of nmbers. A sector editor lets yo read a sector from a disk and change the contents of it. A tracer lets yo follow the program step by step. There are also many other tilities and tools that aid the pirater in finding and eliminating the protection techniqes. Once t he code is listed and the protection steps fond, the software pirate makes a "fix" to the program to bypass the protection. There are many ways to eliminate the protection once the code is fond. Let' s say the program checks for a bad sector in sector 700. One way to "fix" this wold be to make it read sector 1,000 (a sector that does not exist) instead. This wold retrn an error no matter what disk it reads. Another way wold be to jmp oer the protection instrctions, bypassing the check altogether. Still another way is to pt a break in the code that wold wait for a keystroke before contining. Then, while rnning, the program wold stop at the break and pase ntil a key is hit. This wold gie yo time to trn off yor disk drie so that it wold get a bad sector stats no matter what sector the program reads. Althol,lgh stopping an experienced and determined software pirate who can break programs by hand is extremely difficlt. it mst be attempted becase this kind of copy is the most costly to sales. Once a program is handbroken to eliminate the protection techniqes, anyone with a sector copier can copy it. In other words, once broken, any -39-

nmber of copies can be made ery easily and this nprotected pirated ersion can spread throgh circles of pirates extremely fast. Hiding Protection Codes Becase hai:ld breaking of protection is sch a dangeros weapon in the pirate arsenal, it warrants major measres to stop it. The best way a software prodcer can do this is by making it ery difficlt to find and "fix" the protection code. This section will coer ways of hiding the protection code. This process disgises portions of the program in order to lead the wold-be pirate astray and to make his job mch harder. Protection code is best hidden in an assembly langage program, howeer, it is possible to se some of these methods in BASIC also. This section is geared mainly to those who are familiar with assembly langage programming. The first goal is to stop a simple string search from finding yor protection and to preent the disassembled program t s protection methods from being obios. A good example to demonstrate this is in checking for a bad sector. Normally, when a program checks a bad sector, it wold call the CIO fnction of the operating system. A simple assembly langage statement to do this is: JSR $E453-40-,--

Chis instrction shows p as a series of hexidecimal nmbers in memory (which is the machine langage eqialent of the instrctions). A pirate searching for instrctions that check for bad sectors, wold see this instrction in the disassembled code and immediately stdy it to see if it is the protection code. The techniqes presented below show how to hide this and other instrctions so that they don't show p in a disassembly or string search. In general, these methods create the instrctions only after the program begins execting. This process is referred to as "self modifying code". Self Modifying Code: There are many ways to make programs self modifying. Perhaps the simplest is by oerlaying yor instrctions. sing this method, the program cold hae an innocent instrction like STA $0000 that wold be conerted to a disk read (a CIO call) after the program begins execting. To do this, the program cold store the nmbers representing the disk access call (32,83,228 decimal) into the memory locations where the STA $0000 crrently resides. These store instrctions cold be mixed in with other rotines and separated from each other to help hide what they are doing. Only after the program begins rnning wold the innocent STA instrction be transformed by the program into the call CIO instrction. sing this simple techniqe to disgise a few of the protection instrctions makes the pirate's job a lot harder. -41-

Another way to make yor program's protection harder to decipher is throgh indirect addressing. Indirect addressing is where the instrctions point to an address which in trn points to another address to complete the instrction. Heay se of indirect addressing can help make the program mch more complex for the pirate. A tricky method to hae yor program create its own instrctions is called "adding instrctions". As yo know, all instrctions are stored in the compter as binary nmbers. There is nothing forcing yo to jst moe them to their locations. The instrctions can be created by adding nmbers together and st<;>ring them in their proper locations. A ariation of this wold be adding (or sbtracting) nmbers to other instrctions to transform them to new instrctions. In this way the code for a particlar instrction or address is not een in the program ntil the instrctions which create it are exected. Probably the trickiest and hardest to decipher method of making self modifying code is combining areas of memory or disk sectors. This method ses two separate sets of meaningless nmbers and combines them to create the program instrctions. This combination can be done by ORing, ANDing, Exclsie ORing, etc. (these terms refer to assembler langage instrctions). Let's say for example, that two sectors on a disk contain what appears to be meaningless da tao The program cold read them into memory and then Exclsie OR (see glossary for definition) them together to -create a -42-

, ~, whole sector of instrctions atone time. To se this method, the programmer mst careflly set the sectors p so that they will combine to form. the proper instrctions. If yo wish to get really deios, yo wold disgise the instrctions that do the combining also. Needless to say, these techniqes make finding the protection in a program mch harder for the pirate. To the aerage reader it may seem that the techniqes presented aboe wold preent anyone from deciphering and remoing the protection from a program. If yo beliee this, yo are nderestimating the skill and determination of adanced software pirates. To discorage the tre diehards reqires additional measres 'designed especially to wear, down and antagonize yor pirate adersary. Layering Yor Protection: This techniqe is similar to methods sed to keep prisoners in jail. The bars on the cell represent only the first layer of protection. The wold-be escaper mst then get past the gards, get ot of the b ildi ng and finally, past the main wall. Software protection can se a simila I' form of layering. After the pirate breathes a sigh of relief, coninced he has finally fond and disa bled the protection, it can be ery discoraging to find that the program still won't rn. Instead the pirate mst deal with layer 2 of protection. etc. A good way to layer yor protection is with "checksms". Checksms refer to adding p -43-

certain areas of memory and comparing them to a stored ale. To se this method, yo cold add p the memory locations which store yor protection instrctions and store the nmber in yor program. Then, when the program rns, it cold add these locations and compare it to the nmber yo stored. If the pirate changes the protection instrctions, they wold no longer add p to the reqired nmber and the program cold bomb. In other words, this method protects against someone changing yor protection code. Of corse, the pirate cold then alter the checked ale to reflect his changes, bt this wold add a whole new layer of protection which he wold hae to disable. Yo shold now be coninced that hand breaking of yor protection can be made ery difficlt, bt here is one last techniqe to harass the pirate. Wild Goose Chases: Different forms of this techniqe hae been sed effectiely for centries. It inoles planting extra code in yor program to deliberately lead the pirate on a wild goose chase. This cold also be sed to disgise the program frtj-.er or jst to lead the pirate astray. Conclsion: All this probably seems like a lot of work to protect yor program, it is. Bt, if it's any consolation, remember that the pirate may hae an een harder.time deciphering yor work than yo had creating it. Also, hiding the protection code fights the most dangeros form of -44-

piracy. As stated earlier, if the protection is remoed from a program jst once, that copy can spread throgh the pirate commnity at a ery rapid pace. Again, remember that no matter how cleer yo are in protecting yor program, there will be someone who c an break it. -45-

CHAPTER 7 MISASSIGNED SECTORS WHAT ARE MISASSIGNED SECTORS? Misassigned sectoring is one of the most powerfl disk copy protection techniqes \...J a ailable today. There are ery few people and almost no tilities (short of major disk drie modifications) that can sccessflly copy software protected by this method. Misassigned sectors (also known as cstom formatting or dplicate sectors) are sectors \...J with incorrect sector I D da ta assigned to them. This is a difficlt concept, so I will start by explaining the normal disk format. Each normally formatted disk has 40 tracks which are concentric circles or bands of data (see diagram 7.1). Each track has 18 sectors on it arranged in arios orders, depending on the disk ~ drie. A track also contains a 19th slice that seres as an index to define the start of each of the 40 tracks. (see diagram 7.2) Each sector contains 128 bytes of ser data that can be read and written throgh the normal programming methods. In addition, each sector contains 44 bytes of ID data that can only be' sed internally by the disk drie. This 10 data is written and maintained by the drie's Floppy Disk Controller or FDC (the disk drie's internal controller> and is the key to misassigned sectors. The 44 bytes contain the following information: 1. a sector nmber -46-

I'i (j () FIIRE z.a ~ ~ ~ (j Ii I'i (j (j I'i fllre 7.2 I'i I'i I'i (j I'i 'i 'i 'i i j i i -47-

2. a track nmber 3. CRC's (cyclic redndancy checks) 4. a data mark 5. filler data Misassigned sectors work by altering the sector ID data in ways that cannot be done on a standard 810 disk drie. Normally, the sector and track nmbers are written when the disk is formatted and cannot be changed. The CRCs are atomatically generated by the controller dring eery write operation and are sed to erify the data when the sector is read (it works mch like a checksm). Similarly, the data mark (normally a hex $FB) which is sed to mark the start of the ser data (the 128 bytes yo are familiar with) is created atomatically by the controller. There are three basic types of misassigned sectors and all can be created by changing selected parts of the sector ID data. The types of misassigned sectors are: forced CRC errors, bad data marks and dplicate sectors. As their name sggests, forced CRC errors are sectors in which the CRC bytes do not match the data.,normally, this wold signal what is called a soft error. When a soft error occrs, the system reads the data again to see if it can get a matching CRC. The disk drie does not grind (as with bad sectors) bt will sally read the sector for times and seem to s low down. A bad da ta mark is a data mark other than the standard $FB and also cases a soft error. Dplicate sectors are the trickiest to se and detect. Normally, the sectors on a track are nmbered 1-48-

throgh 18, howeer, a disk sing dplica te sectors might hae 2 sector 17' s for example. When a track has more than one sector with the same sector nmber, it is referred to as a dplicate sector. HOW MISASSIGNED SECTORS PROTECT SOFTWARE As with bad sectors, misassigned sectors allow the program to identify the original disk s. a normally formatted copy disk. Bt the misassigned sector can also go frther by casing copies to be missing whole sectors of da tao The program can check for the presence of a CRC or bad da ta mark error in a specific sector. If the error is not fond, the program wold bomb becase it knows it resides on a copied disk (jst like with bad 'sectors). Howeer, with both CRC and da ta mark errors the data of the sector can remain intact. This means that the program can check the error and check (or make se of) the data on the sector as well. Een the most creatie software pirate can't create a sector with a bad data mark or CRC which also has good data sing a standard 810 disk drie. Figre 7.3 shows one way a program can check the data on a sector as well as its stats. Dplicate sectors are a bit harder to nderstand, so here is a simple example of how they might be sed to protect a disk. Say the original. disk is cstom forinatted to contain two sector 17' s. One of them has data and one is all zeros. A simple way for -49-

l FIGRE 7'.3 18 REM 3E ROTINE TO CHECK DATA AND STATS OF A SECTOR ~~ 28 REM 38 REM ~~ SET P CALL-CIO ROTINE ~~ 48 FOR 1=1536 TO 1548:READ X:POKE I,X: NEXT I 58 DATA 184,32,S3,22S,96 68 DIM A$(12S),B$(12S) 78 A$:- -:A$(12S)=- -:A$(2)=A$ S8 REM 98 REM ~~ SET DRIVE ~~ 188 DRIVE=I:POKE 769,DRIVE 118 REM 128 REM ~~ SET CCH1AND TO READ ~~ 138 RREAD=S2:POKE 778,RREAD 148 REM 1"58 REM ~ ~ SET SECTOR NlI1BER ~ ~ 168? - WHAT SECTOR-;:INPT SECN 178 POKE 77S,SECN-(INT(SEONV256)~256): POKE 779,INT(SEONV256) ls8 REM 198 RE11 ~~ SET ADDRESS TO READ ~~ 288 ADRA=ADR(A$) :POKE 772,ADRA-(INT(AD RA/256)~256):POKE 773,INT(ADRA/256) 218 REM 228 REM ~~ EXECTE CALL -CI 0 ROTINE ~~ 238 Z=SR ( 1536) 248 IF PEEK(771)=1 THEN 278 258 IF A$(l,27)(>-SECTOR MST HATCH TH IS DATA- THEN 278 268? -PROGRAM RNS BECASE SECTOR I S BAD BT DATA I S GOOD-: END 278? -PROGRAM COLD BOMB BECASE SECTOR IS NOT RIGHT-:END -50-

the program to be sre it resides on the orignal disk is to read sector 17 twice in a row and compare the reslts. On the original cstom formatted disk, the first read wold get one sector 17 and the second read wold contine on the disk and get the other. Comparing them wold show they are not the same, and the program wold proceed as normal. On a normally formatted disk (with the program copied on it), howeer, there is on ly one sector 17, so reading it twice wold get the same sector both times. If the program finds the two reads are the same, it cold end or lock p the keyboard, becase it wold know tl:1at it resides on a copied disk. Figre 7.4 contains a simple BASIC program that can check for a dplicate sector. CREATING MISASSlGNED SEC rors Misassigned sectors. cannot be created sing a standard, nmodified 810 disk drie. Althogh this makes the techniqe harder for a small software writer to se, it also means that this techniqe is ery difficlt to break. Special hardware or major modifications to an 810 disk drie are needed to create misassigned sectors. There are seeral adanced programming systems costing anywhere from $225.00 to $5,000.00 for the ATARI that hae the capability to create, or at least copy the misassigned sectors. There are a few companies that make inexpensie 810 modifications that allow this. See appendix "A" for a partial list of companies that sell -51-

FIGRE 7_4 18 REM ~~ ROTINE TO CHECK MISSASIGNED SECTORS ~* 28 DIM A$(128),9$(128) 38 A$(I,I)=-X-:A$(128, 128)=A$ 489$(I,I)=-X-:9$(128,128)=B$ 58 DRIVE=I:POKE 769,DRIVE 68 RREAD=82:POKE 778,RREAD 78? - WHAT SECTOR-;:INPT SEeN 88 POKE 778,SECN-(INT(SECN/256)~256):P OKE 779,INT(SECNV256) 98 REM 188 REM ~~ SET ADDRESS TO STORE FIRST READ ~~ 118 ADRA=ADR(A$) :ADRAL=ADRA-( INT(ADRA/ 256)~256):ADRAH=INT(ADRA/256) 128 POKE 772,ADRAL:POKE 773,ADRAH 138 REM 148 REM ~~ CALC POKES FOR 2ED READ ~~ 158 ADRB=ADR(B$):ADRBL=ADRB-(INT(ADRB/ 256)~256):ADRBH=INT(ADRB/256) 168 POKE 772,ADRAL:POKE 773,ADRAH 178 REM ~~ SET P CALL-CIO ROTINE ~~ 188 FOR 1=1536 TO 1548:READ X:POKE I,X :NEXT I 198 DATA 184,32,83,228,96 288 REM ~~ EXECTE CALL-CIO ROTINE ~~ 218 Z=SR(1536) 228 POKE 772,ADRBL:POKE 773,ADRBH 238 Z=SR( 1536) 248 IF A$()8$ THEN 288 258 Z=SR ( 1536) 268 REM ~~ CHECK IF READS ARE EQAL ~~ 278 IF A$=9$ THEN PRINT -SECTOR WAS GO OD-:END 288 PRINT SECTOR WAS MISSASIGNED-:END -52-

hardware, serices, or modifications that can be sed for rilisassigned or bad sectors. One note to large scale software prodcers, althogh misassigned sectors are tricky to create in itially, most disl( dplicating companies can copy them for yo with no problems. So this techniqe doesn I t slow down large scale prodction. HOW P I RATES COPY MISASSIGNED SECTORS Since special hardware is needed to create misassigned sectors, software protected by this method is sally broken by hand. In other words, manally breaking the protection codes (see breaking codes by hand in Ch apter 6). There a r.e seeral special techniqes that help in hand breaking misassigned sectors. First, the wold-be pirate determines the location of the misassigned and bad sectors. rhe dplicate sectors can be fond by writing a program that reads all the sectors on a track in different orders, and compares the reslts. In other words, fir.st they may read sector 1 and store it. Then read sector 1 again and compare it to what was jst stored. If they are different, this sector is flagged as a dplicate sector. Sometimes the dplicate sectors are right next to each other and ca n be mi ssed, so t he sectors mst be read in different orders to be sre all the misassigned sectors are fond. Also, the program does a stats check on bad sectors to see if they hae data mark or CRC errors. Once all the misassigned sectors are fond, the program is disas- -53-

sembled and debgged with the basic handbreaking methods discssed in Chapter 6. Once again, note that breaking by hand yields a program that is nprotected and can be copied by anyone as many times as they wish. Another techniqe sed to copy programs protected with misassigned sectors is by sing special hardware or major disk drie modifications. In this case, the hardware enables the ser to make an exact dplicate of the original disk (misassigned and bad sectors inclded). This techniqe reqires no special expertise by the ser, bt yields an ncopya ble copy. fhis techniqe makes an exact copy of the original, so the copy itself is protected from being copied. As mentioned earlier, the special hardware can cost anywhere from $225.00 to $5,000.00. l'here is a Iso a techniq e which is not crrently sed bt may be a ailable in the ftre. A company whose name 1 won 't mention, adertised that their tility will copy all ATARl software aailable before it specified date. They hae not yet deliered on their promise, bt basically, their techniqe is this. After someone laboriosly breaks each program by hand, the program fixes are saed on disk. Next, a program is written which identifies the program to be copied by the location of bad and misassigned sectors. So, when a copy is made, the fixes are pt in to make the copy work. Essentially, they are selling the way to break the protection techniqes on specific programs. fhis is close to selling -54-

the program itself, bt is a difficlt thing to proe in cort. As stated earlier, the company has not deliered on their promise (and has essentially ripped off many prchasers) bt it will be interesting to see what the legal conseqences are if they do. PRO rect I NG MISASSIGNED SECTOI~S Protecting mi sa ssigned sectors is mch like protecting bad sector code. The major threat here is that someone will break yor protection scheme by hand and distribte nprotected copies which wi 11 spread qickly throgh the pirate commnity. The best way to preent hand breaking of codes is by sing the techniqes presented in the preios chapter, Hiding Yor Protection Code. Hopeflly, this will make it as difficlt as possible to break the code by hand so that yo will discorage all bt the most talented and diehard pirates. -55-

'0 CHAPTER 8 ROM AND EPROM CARTRIDGES ROMs are Read OnLy Memories. As yo know. the ATARl operating system is on a 10K ROM board, and cartridge games are on ROM chips arying from 4K to 16K. There are two cartridge slots on the ATARl 800 and one on the ATAR 1 400 and 1200XL. The right hand cartridge slot on the 800 ses memory locations $8000 throgh $9FFF (HEX). The left cartridge slot ses memory locations $AOOO throgh $BFFF for 4K and 8K cartridges and $8000 throgh $BFFF for 16K cartridges. When a cartridge is present, it will disable the I~AM (on a 48K system) that ses the same addresses a s the cartridge. At first glance, ROM cartridge software is a na tral at being difficlt to copy since no simple dplicate tape or sector copier wold work here. Howeer, reading ATARI's technical ser notes will tell yo most of what yo need to know to sae the cartridge data to disk or tape. There are also seeral programs floating arond that do most of the work for yo. Another way is by sing an EPI~OM brner tmore details on this later}. ROM COpy fechniqe Essentially, to sae a cartridge to disk or tape, a program dmps the memory locationf (where the cartridge is stored) to the disk or ta pe. This da ta is then sally conerted into a binary load file (some -56- '0

cartridge copy programs create these atomatically) and loaded sing the binary load option of DOS. Some programs also need a special rotine to clear ot screen memory before rnning. Althogh this sonds complicated, keep in mind that once properly saed to disk or tape, an nlimited nmber of copies can be made, jst by sing DOS, and these spread arond ery fast. PROTECTING AGAINST TECHNIQE 1 The copy techniqe mentioned aboe was effectie on all cartridges p ntil abot the time AfARI came ot with Asteroids and Missile Command. Fortnately for cartridge makers, a good techniqe to thwart this copy method was fond. This techniqe works by storing nmbers into the memory locations where the program resides, which make the program bomb (or case some error like a backgrond with no player, etc. ). As yo know, yo cannot store nmbers into a ROM (Read Only Memory) so this process has no effect on the original cartridge. Howeer, since the copy is loaded in from tape ()r disk and stored in RAM, this techniqe will stop it from rnning. Here is an example of how this techniqe might be sed. Note that this example reqires knowledge of assembly langage and so is geared toward the more technically adanced ser. Sppose that in memory location $AOOS a ]SR $CD (assembly langage statement meaning jmp to sbrotine) is stored. Remember that $ -57-

means the nmber is in hexadecimal. This command wold be represented by a $20 in location $A005, a $00 in location $A006 and a $CD in location $A007. With this instrction, the program wold rn correctly. fo protect this program, one of the instrctions in the pr:ogram might store zeros in location $A007, so that when it reached this instrction, the program wold jmp there and bomb. So if the program is on a ROM cartridge, the instrction to store zeros in location $A007 wold be ignored becase yo can I t store the nmbers in ROM, and the program wold execte normally. If, howeer, the program was loaded into RAM from a disk or tape, this store instrction wold alter the program in RAM and when it hit the j5r (jmp to sbrotine) it wold born b becase there wold be no sbrotine there. sing this protection techniqe makes copying the ROM cartridge mch more difficlt becase yo wold need a good assembly programmer to find the instrction casing the error. Of corse, this methoc can be made een more effectie by hiding the protection instrctions. fhe techniqes to hide the instrctions are ery similar to those sed to hide disk protection instrctions, and as always, the more complicated and conolted they become. the better yor chances are of them not being broken. ROM COPY TECHNIQE 11 This copy method has some drawbacks -58-

bt, all in all, is the simplest and most effectie ROM copy techniqe being sed by software pirates today. fo explain this techniqe, I will introdce a new term - EPROM chip. An EPROM chip is an Erasable, Programmable, Read Only Memory (also PROM, Programma ble Read Only Memory chips can be sed bt cannot later be erased and reised). EPROMs are jst like ROMs except that the instrctions can be altered sing a deice called an EPROM brner. [his, figratiely speaking, brns instrctions into the chip and makes it operate jst like a ROM. To erase an EPROM, jst pt it nder an ltraiolet light and it is ready for reprogramming. An EPROM brner with the proper software can also read the contents of a ROM (or EPROM, etc.) and store those instrctions to disk or tape. This permits one to strip off the contents of a ROM cartridge and then reprodce a dplicate EPROM or PROM cartridge. This EPROM' will operate exactly like the original. Een the protection techniq e mentioned aboe is totally ineffecti e against the EPROM copy. EPROM brners range in price from $20.00 (in kit form withot. software) to seeral thosand dollars, bt one that wold adeqately do the job for AT AR I cartridges wold cost abot $120.00 to $200.00. That pts an EPROM brner within the grasp of most serios compter owners. PREVENTING ROM COpy TECHNIQE II This is a good news/bad news sit- ~ ation. fhe good news is that to se an EPROM brner takes a certain amont of -59-

expertise not eeryone has, and the cost per copy can be qite high. For example, for a two chip, BK cartridge, chips themseles can cost between $3.00 and $9.00 and the board to mont them on can cost $10.00 to $20.00, not to mention the cost of the EPROM brner itself. fhe bad news, howeer, is that for those with the time, money, and expertise to make EPROM cartridges, ther'e is no effectie techniqe to stop them crrently aailable. Note thogh that the cartridges made by this method are exact copies, and so offer the same leel of protection as the original. In conclsion, ROM cartridges remain one of the best ways to di stribte yor program from a protection iewpoi.nt. -60-

CHAPTER 9 HARDWARE DATA-KEYS As its name implies, a hardware da ta-key is a hardware deice. It sally plgs into the joystick port and can be "read" by the compter like a joystick or paddle. A hardware data-key accompanies a program and mst be plgged in for the program to operate properly. Its sole prpose. is to protect the program from bei ng copied by software pirates. An added fnction of the data-key cold be toa llow the prchaser protection of his files from others. Fer example, if a data base program is protected by sch a I(ey, the ser can se the key to help preent nathorized access to his files. Hardware da ta-keys hae the ljotential to be one of the safest and best protection techniqes sed. The prchaser can be allowed to back p the program as many times as is needed, bt withot the data key, copies are worthless. This means that da ta-keys potentially sole one of the biggest problems with software protection becase they preent copies from fnctioning for pirates, bt they allow the prchaser to hae fnctional backps. Hew Data-Keys Protect Programs The simplest way for hardware da ta-keys to work is by haing the program check the ale passed from the key and compare it to a ale stored in the -61-

program. If the ales passed from the key are incorrect (meaning no key or a conterfeit key is present) the program bombs or self-destrcts. A more complex system might hae the key pass seeral ales or een se a few separate keys p lgged into joystick ports or the serial interface port. To hae the program checked for the presence of the key is ery simp Ie. Here is an examt>le of a basic statement that will check for a simp Ie data-key: IF PADDLE (1) NOT = 100 THEN NEW If paddle (1) or a da ta-key pal:;sing in eqal ale is not set to 100, then the program will erase itself from memory. A more complex key might reqire statements like this: 10 IF PADDLE (0) 210 AND PADDLE (1) = 80 AND STRIG (0) = 1 THEN XX = 1 20 IF XX<) 1 THEN NEW fhese statements wold check a data key for three separate ales before allowing the program to proceed. As yo see,...:hecking a da ta-key (in a joystick port) is jst like reading ales from paddles and joysticks, bt a data-key can pass seeral alcs a t once t ha t wold be impossible to dplicate with the standard controllers. B i Iding Data-Keys Constrction of a da ta-key aries -62-

depending on the desired fnctions. To nderstand data-key constrction, yo mst nderstand how ales are read from the controller jack. Diagram 9.1 shows the pin arrangement of a controller jack. As yo can see, the different pins can be sed to read separate ales from whateer is plgged into the jack. The joystick and trigger pins can only be sed for a simple on or off inpt, bt potentiometer A or B (the paddle inpts) can read a resistance ale between 0 and 228. sing all joystick and paddle inpts together gie a total of 1,611,504 possible combinations from each controller jack. A typical data-key might be two resistors encased in plastic and attached to a standard joystick or paddle plg (see diagram 9.2). These resistors wold act like a pair of paddles permanently set to certain ales. Wires cold be rn to the joystick pins if yo wish to check for additional ales from the data-key. As diagram 9.1 shows, a single joystick port can check many separate ales at the same time. For added protection, the software cold reqire two or more data-keys plgged into separate ports simltaneosly. The key shold be constrcted in sch a way that it is difficlt to take apart and stdy. Encasing the parts in plastic or a permanently sealed casing is ery good for this. If mass prodced, these keys shold cost nder SOt to make. Keeping the cost low is important, since these costs wind p being passed on to the consmer. -63-

FIGRE 9,1 Controller Jack Pin Fnctions 2 3 4 6 7 8 9 1) Joystick Forward 6) Trigger Inpt 2) Joystick Back 7) +5 Volts 3) Joystick Le+t B) Grond 4) Joystick Hi ght 9) Pot A Inpt 5) Potentiometer B Inpt -- FIGRE 9.2-64-

Copying Data-Key Protected Software A single da ta-key is like a lock with 1,611,504 possible combinations. For a pirate to determine the correct one by trial and error wold take years. fhis fact has lead many to beliee that the da ta-key is an ideal soltion to preent piracy. Howeer, this logic has a serios flaw. It is tre that trial and error methods wold be ftile, bt a software pirate has an easier way to break the code. All the pirate has to do to determine the proper combination of ales on a da ta-key is rn a simple BASIC program with the data-key plgged into a joystick port. fhe program cold easily read the joystick and paddle ales and display them on the screen. This techniqe wold immediately gie away the key's combination. Fortnately, knowing the combination alone is not sfficient to prodce working copies of the pwgram becase something is needed to pass these ales to the compter for each copy. The pirate wold either hae to bild his own da ta-key or modify his paddle controllers to also pass joystick ales. Keep in mind that a pirate cold bild one key with switches on it that cold be sed on any program reqiring a da ta-key key of this type. Another possible way to copy a program protected by a data key is by breaking the code by hand (see chapter 6). Once again, this menacing techniqe sed by pirates cold yield a completely nprotected -65-

program that cold be copied with no need for dplicate data-keys. The pirate wold find and remoe the portions of the program which check for the presence of the da ta-key, then the program wold rn as sal. Preenting the Data-Key Copy Techniqes As mentioned earlier, most data-keys can be simply decoded by a software pirate, bt he still mst somehow reprodce that key or change the software to bypass the protection. Once again, hiding the protection code is the best way to discorage pirates from r.ernoing the protection. In this case, well hidden protection code is made more alable by the lack of easy alternaties aailable to the pirate. No special hardware or software is aailable which makes it easy to copy software protected by data-keys. So, anyone a ttempting to copy the software, mst hae a good amont of technical knowledge. Hardware data-keys also hae good potential for improement. If a simple and inexpensie key is bilt that can accept a signal from the comptet' and respond only after a certain time interal, it wold make the key mch more difficlt to copy. Attempts by pirates to read the key' s combination with a program wold not work becase the key wold not respond ntil it got the proper inpt. An een more promising techniq e wold be the se of a microprocessor in the key. This wold -66-

enable the key to perform a complex "handshake" type of commnication with the compter, and this cold stop all bt a ery few adanced software pirates. Conclsions The se of hardware da ta-keys for software protection inoles some trade-offs. It does offer a relatiely high leel of copy protection, bt it adds cost to the program and is disliked and inconenient for the prchaser. Yor decision on these trade-offs depends on the particlar prodct and market being considered, bt da ta-keys shold not be oerlooked as a possible protection method. -67-

CHAPTER 10 LEGAL PROTECTION TECHNIQES There are three methods aailable to legally protect yor program. Of corse. they do not s top someone from copying yor programs. bt they do gie yo legal recorse shold yo find a company copying yor ideas or bootleggers selling yor programs. The three methods are patents, copyrights and trade secrets.. Each has arios reqirements and gies different a monts of protection. Patents. As of March, 1981, in the.s. Spreme Cort decision of Diamond. Diehl', the.s. Patent Office J:>egan iss ing patents for software program inentions. Before that time, the Office said that software inentions were npatentable. bt since then, seeral software patents hae been issed. These are the first patents issed in the nited States for software and offer the opportnity for software writers to license their software for income and get the tax benefits of long term capital gains. Basically, a patent is a contract between the goernment and the inentor. A patent gies the inentor the right to exclde other members of the pbl ic from making, sing or selling the inention. In general, this right lasts for 17 years. After this period the inentor is powerless to exclde the pblic from sing or selling the inention. fhe patentor mst make pblic (in the -68-

patent) enogh information to enable one with "ordinary skill in the art of inention" to make and se the patented inention. This is called the "enabling disclosre", and its prpose is to enhance the pblic's awareness of new inentions. The patent for a software program inention has three parts. The specification; a set of drawing figres, and one or many claims. The specification is the main body of the text and explains what field the inention is in and what problems it soles. The specification sally emphasizes the adantage of sing the inention sch as redced costs, greater accracy, increased speed, or enhanced prodctiity. It also describes how the inention achiees these things and shold teach the readers a bot its se. The drawing figre section has drawings and charts which help the specifications explain the inention's importance. For software patents, this section sally incldes a listing of the program and flow charts explaining it. It also contains other charts and diagrams which help explain the originality or se of the inention. The claims section defines exactly what it is the pblic is exclded from making, sing or selling. The claims shold be a clear and concise explanation that defines the inention. The claims are what allow the inentor to license others to make, se or sell his inention. Also, they permit the inentor to obtain licensing fees (royalties) -69-

that are recorded as long term capital gains and taxed at a lower rate than ordinary income. Almost anyone who writes software, either independently or for a corporation, cold ~enefit from the new patent rles. Keep in mind that only featres of programs and not the programs themseles are patentable. Also, the featre mst be new and achiee adantages oer crrently existing systems. fhe.s. Patent Code contains the exact criteria that determine newness. Besides being new, the Patent Cde states that it mst be "non-obios". [f yor idea has significant adantages oer crrent systems, it can be arged that It is non-obios. Records showing when the idea was conceied and when it was pt into practice.,if it was pt in to practice) mst be kept. All records shold be properly witnessed and kept safely. For more details on patents, see the book, How to Protect and Benefit from yor Ideas which can be ordered from the American Patent Law Association, 2001 Jefferson Dais Highway,.,\riingt<)n, Virginia. n002. Copyrights. St'tware copyrighting is anothel area that has become mch more effectie in the past few years. The bondacies and inlerpretatin of the law hae been changing ery fast. Basically, software copywriting is ery similar to copywn ting books or songs. If yo can proe that someone is copying yor -70-

copywrited program, yo can stop them from copying and recoer damages. Yo are eligible to receie stattory damages and attorneys fees, een if yo cannot proe actal damages. If yor program is properly registered and yor copyright is in order, yo can collect p to $50,000.00 in stattory damages. A copyright coers anyone who sees the work and receies proper notice. To gie notice, jst clearly display the copyright in the program and docmentation. nder old copyright laws, the work had to be pblished before it can receie copyright protection, bt now copyright protection begins when the work is fixed or completed. To apply for a copyright, the work mst be registered with the copyrigh t office. Yo mst send them a copy of the sorce code and docmentation. I t is a Iso a good idea to send a copy to yorself and a lawyer or friend by registered mail. Leae these sealed so that the date yo did the work can be erified. Copyrights hae. proen themseles effecti e recently when MicroPro 1 nternational won a $250,000.00 sit against Data Eqipment Corporation. They claimed that Data Eqipment iolated their copyright by distribting nathorized copies of their programs to cstomers. In another case, ATARl was able to show a copyright iolation, een thogh the program had been completely rewritten. The cort decided that K.C. Mnchkin (North American Phillips Company) was close enogh to Pac-Man to be a copyright iolation, een thogh it was by no means -71-

an exact copy. Trade Secrets. A trade secret is defined as something of ale that gies the owner an edge oer the competition. It is generally something not known to the pblic. A trade secret can be ideas, know-how, software or een jst information that the owners can benefit from. The forml" for Coca Cola or McDonald I s recipe for french fries are examples of trade secrets. Trade secrets are sally state protected as opposed to patents and copyrights which are protected Federally. This means that laws pertaining to trade secrets can ary from state to state. Fortnately, all states afford some protection to software nder the laws that goern nfair competition or breach of a confidential relationship. To claim someone iolated yor trade secret, yo mst show that they disclosed or sed the information which they agreed to keep confidential. If a third party gains knowledge of yor information and the information is not part of a confidential agreement, yo cannot stop or seek damages from the third party. In other words, trade secret protection can be sed against another party proided they agree to keep yor information confidential. Conclsions. The legal protection techniq es c an offer yo compensation shold yo find yor program being pirated or copied. One great problem, howeer, is finding the bootleg copies. Someone -72-

adertising yor software in a national magazine may be an easy target, bt try finding the 14 year old kid who makes a copy for a friend. Een if yo cold find him, wold yo want to prosecte a J4 year old? If so, how mch do yo think yo can col1ect? In conclsion, legal protection techniqes are good protection against another company attempting to profit from yor programs. For this, I highly recommend their se, bt keep in mind that they do little to stop the ast majority of small-time software pirates. -73-

CHAPTER 11 COERCIVE PROTECTION TECHNIQES In this day and age, most wold agree that the best protection methods are ones that physically preent copying. The majority of this book deals with these methods, howeer, another major area of software protection exists. This miscellaneos grop of techniqes hope to preent illegal copying in a nmber of ways. I refer to these as coercie protection methods since most try to preent piracy throgh psychological means. Some hae had a good deal of sccess and are certainly worth sing in addition to the "real" protection methods. Serial Nmbered Software Serial nmbered software is software that has serial nmbers in the code. The serial nmbers are registered to the prchaser either at the time of sale or when the prchaser sends in his warranty or registration card. The nmbers are sed to identify the sorce of bootleg copies of the program. If a pirated copy of the program is discoered, the serial nmbers shold lead yo back to the original prchaser. By telling the prchaser (in the docmentation or program) that he will be responsible for pirated copies fond with his serial nmbers, he is hopeflly discoraged from allowing the program to be copied. The se of this' techniqe to -74-

discorage software piracy has met with some sccess. I know of cases where een a hard-core pirate wold not let some of his serial n mbered software be copied. The serial nmbers shold be displayed and also hidden in the software to be effectie. It is relatiely easy for a pirate to delete the displayed nmbers, bt the hidden and/or encoded serial nmbers wold be difficlt to find. Probably the biggest problem with this method is registering the prchasers to the software. Yo can be sre that a pirate intent on spreading copies of the software won't send in a registration card. The manfactrer can keep track of those copies shipped directly to the prchasers, bt it is nearly impossible to keep track of all copies sold retail or throgh large distribtors. Yo may try to indce the prchaser into registering by offering ftre pdates or enhancements, bt een honest prchasers freqently neglect warranty and reg istra Hon cards. Protection Throgh Intimidation In this techniqe, the program and docmentation contain warnings to the ser sally saying that this program is copywritten and that nathorized copiers will be prosected. The docmentation can remind the prchaser that pirating is pnishable by p to $50,000.00 in fines and 5 years in prison. Sometimes software manfactrers go as far as to say that a ttempts to copy their programs may case -75-

damage to the program or the copier's compter. This can backfire thogh becase if the prchaser's compter does break, he may beliee that yor software is to blame and case problems for yor company. In general, pirates draw the line at selling bootleg programs, bt don't fear the conseqences of making free copies for their friends. Self-Destrcting Code Self-destrcting code is sed mainly for bsiness software when the seller wants to allow the potential prchaser to try the program before bying it. The program is set p to rn only a gien nmber of times and then it atomatically self-destrcts (erases or formats itself). The idea is that the ser will try the program and like it enogh to by it, bt if he tries to keep the sample withot paying, the program will self-destrct. Another se of self-destrcting code is to make copies that a ppear to work, bt after seeral ses, the copy self-destrcts. This method is best sited for disk software and is relatiely simple to implement. Essentially, the program pdates a conter on the disk each time it is sed, and formats itself when t he limit is reached. Of corse, the program mst check to be sre that the disk is not write protected, as this wold stop it from being able to format or pdate itself. Writing a sector then checking the stats is all that is needed to check for write protection.,, -76-

Then, if the stats is bad, the program shold end and display a message telling the ser to remoe the write protect tab before rnning. nfortnately, there are loopholes in this method. If the ser can copy the program, he cold sae one with seeral ses left (before self destrction). Then only rn copies of this disk, and when they near self destrction, he cold jst recopy his saed disk again, ad infinitm. I don't recommend this method becase een a legitimate prchaser can inadertently destroy his non-write protected disk. Freeware Freeware is a niqe marketing concept inented by Andrew Flegelman of Tibrn, California. Essentially, he gies his prodcts away free and actiely encorages yo to make copies for all yor friends. The catch is that the first thing yo see when yo rn the programs is a notice asking for a $25.00 contribtion if yo like the program. Since yo are nder no obligation to make a contribtion, he relies on the good faith he has created by giing away the program and on the gilt feelings he can inspire with the notice at the start of the program. Flegelman has three basic principles of freeware, they are: 1. The ale and tility of software is best assessed by the ser on his/her own system. Only after sing a program can one really determine -77-

whether it seres personal applications, needs and techniqes. 2. The creation of independent personal compter software can and shold be spported by the compting commnity. 3. Copying and networking programs shold be encoraged, rather than restricted. The ease with which software can be distribted otside traditional commercial channels reflects the strength, rather than the weakness of electronic i nforma tion. If the freeware concept is to be sed, certain legal precations shold still be taken. The program shold still be copyrighted to preent others from selling it, bt yo shold probably isse a limited license in it that allows the recipient to se and copy the program for others, proided that they do not change the notice asking for contribtions. The legal conseq ences are not certain, so cation shold be taken in this form of marketing. The real qestion regarding the iability of the freeware concept pertains to its profitability. Flegelman claims that abot 2/3 of the people sending him a blank disk and reqesting his program, end p sending the contribtion and he estimates a bot 15% of the people who recei e the program second hand do the same. Depending on the size of the market, -78-

this cold be a significant income and wold easily ri al that of protected programs after pirated ersions hae spread. Howeer, many experienced software prodcers are skeptical of Flegelman's claims a nd beliee the concept has no ftre. ndeterred, Flegelman plans on contining and expanding his.line of freeware prodcts. Anyone wishing more information on freeware can commnicate with Andrew Flegelman and can reach him c/o The Headlands Press, Inc., P.O. 862, Tibron, California, 94920. His compsere ID is #71435,1235. Selling nprotected Software Seeral companies (mainly spplying Apple software) adertise their software as being nprotected, and/or modifiable by the ser. Some take the iew that pirates cannot be stopped, so why waste time protecting yor programs. Others se this as a marketing techniqe to encorage sales. Some jst wish to allow sers to make back-ps of their programs. There are also seeral ariations of selling nprotected software. Infocomm sells minimally protected software bt sells some of their programs with extensie and well done docmentation packages that some people by een if they can get a copy of the software free. Other companies jst plead with the prchasers not to copy their software by explaining the amont of work that went into making it, etc. The sccess of selling nprotected -79-

software is difficlt to gage. bt some companies claim that they increased sales by adertising that their software is nprotected. This also offers a marketing opportnity for those who a re not willing or capable of protecting their software. One sre way to make yor profit een writing completely nprotected software is to write for magazines. Yo get paid for the article and program and do not hae to worry abot copying. This is also good for programs withot the market potential to warrant spending money on a sales promotion, and it can help bild a programmer I s reptation. Compter magazines crrently pay abot $50.00 - $120.00 per page for articles and programs. and offer a software writer ao good way to get started withot the worries of prodction and marketing. -80-

CHAPTER 12 RECOMMENDED METHODS OF PROTECTION The protection methods yo choose are dependent on many factors. These factors inclde yor intended market, the price of yor prodct, expected sales olme, yor methods of marketing yor prodct, and yor personal tastes and preferences. Howeer, certain techniqes stand ot as being more secre and hae adantages if they meet yor particlar needs. Most often a combination of techniqes is best. Legal methods sch as copyrights and cohersie methods like serial nmbered software can be combined with physical protection methods like bad sectoring and hidden directories. This section will discss the best of these physical protection methods. Crrently, one of the most secre methods to sell yor software is on ROM cartridges. Althogh they can be copied by EPROM brners, this copy techniqe is expensie and creates copies that are as protected as the originals. Also, if the ROM cartridge protection techniqes (explained earlier> are employed, then abot the only way to make copies (withot an EPROM brner> is to break the protection code by hand. sing this,method also redces the problem of haing to proide back-ps becase of the high reliability of the ROM's, and don't forget that the market for the cartridges is potentially larger than that for disks. Keep in mind, howeer, that ROM cartridges pose certain restrictions.,-" -81-

The program mst fit in 16K of memory and yor expected sales olme mst be qite large, to offset the high prodction costs. If yo can handle these restrictions withot significantly downgrading yor prodct, I beliee that ROMs are an excellent distribtion method from the standpoint of protection. If yo do not wish to fit yor programs on 16K or do not like ROMs for other reasons, I beliee misassigned sectors is the next best alternatie. Althogh the cost of special hardware to pirate software protected with misassigned sectors is coming down, and its aailability is going p, it is still better than most other alternaties. Keep in mind that people who pirate programs sing special hardware, create copies that are still protected. Next down the line I wold place bad sectoring. There are many people who can copy programs protected by bad sectoring, bt it is better than nothing and relatiely easy for the software prodcer to se. If this method is employed, the bad sectors shold be scattered. arond the disk to help discorage people from copying it. Also, be sre the program only checks for one or two bad sectors, becase any more, and the disk will load ery slow and can really bother the prchasers. Probably the easiest to se protection method is to hide the disk directory and wipe ot the VTOC. Althogh this only stops the ery noice copiers, it is the easiest way to create and reprodce disks for a small software maker since no special -82-01

hardware or hardware adjstments are needed. Also, this techniqe at least helps preent others from selling yor program with jst minor modifications. The hardware data-key can be somewhat effectie if sed with a combination of other methods, bt they add cost to yor program and create an inconenience for the prchaser. If yor program is so good that yo feel yor prchasers will not mind the extra cost and inconenience, then hardware da ta-keys offer a relatiely good degree of protection for yor software. As stated earlier, a combination of legal, cohersie and physical protection techniqes is probably yor best soltion, bt there are certainly cases where it is ery desirable to allow the prchasers to copy, list and een modify yor code. Don't forget a bot the possibility that by modifying yor program, others may market it nder their own name with minor modifications. There is a major warning that shold be gien at this point. Some of the most well protected programs created are in widespread circlation among the pirate commnity becase of internal company leaks and nprotected copies gien to dealers as demos, etc. By giing a dealer an n protec ted copy a sad emo, software prodcers are defeating their own protection schemes. These copies ineitably wind p in the hands of a software pirate who distribtes them. Many of the best protected programs become aailable to pirates from this sorce. -83-

,- Another way for a company to defeat its own protection methods is by software leaks. Many companies (most notably Atari) hae inadertently allowed nprotected programs (some still nder deelopment) to leak ot throgh their employees or isitors. One well known case was Atari I s Centipede which was easily aailable to many pirates on nprotected disks almost a year before Atari I s official release of the cartridge. The point is - don I t make it easy on pirates by releasing nprotected ersions to anyone, and be ery carefl abot internal leaks. / -84- --

CHAPTER 13 THE FTRE OF SOFTWARE PROTECTION AND PIRACY Predicting the ftre is always hard, bt gien the size and scope of the piracy problem, yo can be sre that many new protection schemes will be deeloped and sed. One area which has ftre potential is hardware data-keys. Althogh the crrent ones are not ery effectie, with the cost of chips falling, yo will eentally see cheap mass-prodced data-keys which can gie a high amont of protection. The da ta-keys of the ftre may be microprocessors that hae a complex handshake signal with the compter that can be ery hard to break. Data-keys or a new generation of ROM cartridges cold contain memory and een their own microprocessors that wold perform some of the work needed by the program. These steps wold make the programs extremely difficlt to copy. Some of the new micro and mini compters (like Apple's LISA) contain serial nmbers bilt into the hardware, which can be checked by the software. Thi s means that programs cold be set to rn only on a specific machine. Serial nmbers are widely sed in large main frame compter systems and will probably become a ailable in smaller machines. Althogh tm.s techniqe seems to hae great promise, there are problems with it. First, it is not -85-

necessarily in the interest of micro manfactrers to se this method since they benefit from haing a lot of cheap software aailable for their compters. Secondly, the software still can be hand broken to ignore the serial nmber, and lastly, this method is not ery good for mass marketing items like games becase each piece of software mst be coded with the prchaser's serial nmber at the time of the sale. The ftre will also see new directions in dealing with the piracy problem. We may see sch a large market for software that it cold be distribted so cheaply (mch like paperback books) that it pays to by originals jst for the conenience. The software cold be broadcast oer radio or cable r channels for a low enogh price that it wold be boght rather than copied (most people prchase cable TV serice een thogh they can hae friends record the shows for them). Another area that may grow is data base software. This is software that is a aila ble only on an info serice (like Sorce or Compsere). The ftre may see fiber optic links giing sch fast response that een certain arcade type games are possible on these systems. Other changes may come in the legal area. There may be a significant strengthening of the laws dealing with software, and possibly a crack-down on pirates. The whole field of software prodction on micros will see significant changes along with the changing compter enironment. The best a software prodcer can do is stay p with the most crrent -86-

copy and protection techniqes and hope to stay ahead of the game. Althogh the information aboe points to a brighter ftre for software prodcers, keep in mind that pirates are not standing still either. Falling hardware prices hae pt sophisticated eqipment to dplicate tapes, disks or cartridges within the reach of the slightly well-to-do pirate. In fact, a few hndred dollars can by pirates the eq ipment to make exact copies of any tape, disk or cartridge crrently aailable. Also, the ranks of the pirate grops are growing fast. Many loosly knit pirate clbs hae contacts all oer the contry, meaning that bootleg software can spread een faster than most prodcers can make it. Een people with no connections can pick p any compter magazine and find ads for tilities that can copy most crrently sed tape and disk protection schemes (except misassigned sectoring and a few others). Other specters will emerge in the near ftre also. The AfARl 1200XL allows sers to change the operating system, meaning that adanced programmers may come p with a way to dmp memory to tape or disk, after a program has been loaded, and the protection checks are done. This also offers the opportnity to copy ROM cartridges and alter the operating system to make them rn properly from RAM. Althogh the 1200XL makes these.methods easier, they can be done on an ATARl 800 with hardware modifications. And so the battle goes on. Software -87-

prodcers and pirates will contine to adance their arts with neither being the clear ictor. Only by actiely sing state of the art protection methods can software prodcers hope to stay ahead. I am confident this book can help yo achiee that goal. / -88-

~ APPENDIX A ~ Companies selling hardware and/or serices to create or dplicate protected disks, ~ cassette, EPROM and ROM Ii ALF COPY SERVICE 1448 Estes Ii Dener, Colorado 80215 ( 303) 234-0871 Ii Disk dplication or serice for Atari, Apple and TRS 80 Ii Ii Ii ALPHA SOFTWARE PROTECTION CONSLTING 4435 Maplepark Road Stow, Ohio 44224 Serice specializes in protection techniqes inclding bad sectoring and misassigned sectoring. Also disk dplication serice. Ii CAMELON COMPTING Department of Physics & Astronomy Ii Box 119A Dickenson College ~ Carlisle, Pennsylania 17013 (717) 245-1717 ~ ROM and EPROM cartridge boards Ii EASTERN HOSE 3239 Linda Drie ~ Winston-Salem, North Carolina 27106 (919) 924-2889 Ii EPROM brners, software, cartridge boards and cases. -89-

ELCOMP PBLISHING, INC. 53 Redrock Lane P amona, California 91766 (714) 623-8314 EPROM brners and boards for cartrige prodction. EXPANSION PRODCTS CO. P.O. Box.+217 Montain View, California 94040 Tape dplication, disk dplication serice. HAPPY COMPTING P.O. Box 32331 San Jose, California 95152 (408)251-6603 Sell~ inexpensie disk drie modification packages "and software capable of creation and dplication of disks with bad and/or misassigned sectors. HONEYBEAR SOFTWARE Ed Stewart, Programmer/Consltant 1840 Orchard Lane Akron, Ohio 44312 (216) 877-4166 Consltant for creation' and distribtion of software. L. E. SYSTEMS, INC. 8642A Spicewood Springs Road #532 Astin, Texas 78759 (512) 258-3828 or 258-0867 V Hardware spplies for professional Atari cstom disk prodction, inclding misassigned and bad sectoring, etc. Also hardware for large scale dplication of cstom disks in qanity. -90-

~ MICROSETTE COMPANY 475 Ellis Street ~ Mt. View, California 94043 (415) 962-0220 Cassette dplication serice MPC PERIPHERALS CORPORATION 9424 Chesapeake Drie San Diego, California 92123 (714) 278-0630 Cartridge EPROM brners/software RECORDED PBLICATION LABORATORIES 1100 State Street Camden, New Jersey 08105 ( 609) 963-3000 Disk copy serice -91-

GLOSSARY Back-ps: A copy of a program kept for safekeeping In case the original is accidentally damaged, lost or destroyed. Bad Sector: A sector on a disk that cannot be read withot errors. Bomb: When a program stops fnctioning TillIS can reslt in a locked.keyboard, etc.). Other similar terms inclde: crashed, blow-p, abended, died, blew. Breaking by Hand: Refers to copying protected software by manally determining the protection scheme and changing the program to remoe it or bypass it. This sally inoles LISTING or disassembling the program. Breaking Software: The act of dplicating protected software. Yo figratiely break the protection code. Code: Refers to the program, commands or instrctions (in any programming langage). Writing a program is often referred to as coding. Coercie Protection Techniqes: Protecting programs by trying to conince people not to copy them. Controller Jack: The socket where the joystick or paddle is plgged in. -92-

Copy Protection Method or Techniqe: A method sed to help preent people from dplicating software. Data-Key: See Hardware data-key Disassembler: A program that reads machine langage data and conerts it to assembler code that can be more easily nderstood. EPROM: Erasable programable read-only memory. Can be sed to make or dplicate cartridges. Exclsie OR's: Comparing nmbers and ptting ot a 1 the nmbers compared is a 1 is a o. two binary only if one of and the other Freeware: A niqe marketing concept where programs are gien away bt a contribtion is asked for. Han"d Breaking Software: hand. See breaking by Hardware-Data-Ke~: A deice sed to preent a copie program from rnning. sally small and fits into a joystick port. sally mst be plgged in for the program to rn properly. Joystick Port: See controller jack. Legal Protection Techniqes: sing the law to protect yor programs. -93-

Pirate: Someone who tries to illegally copy software. Pirating: The" act of dplicating software for illegal se or distribtion. Prodcers: See software prodcers. RAM: Random access memory. ROM: Read only memory. RPM: Reoltions per minte. An Atari disk' s normal speed is 288 RPM. Sector: A 128 byte area of a disk. There are 18 sectors on a track and 720 sectors on a disk. Software Pirate: See pirate. Software Prodcers: People who write, manfactre or finance software. Track: A complete circle on a disk. There are 40 tracks on a disk and 18 sectors in a track. ser: Anyone who ses the program or compter serice. Write-Protect: A m~thod to preent accidentally writing on a disk or tape. If the notch on the right side of a disk is coered, the disk drie will not write to the disk. -94-

NEW RELEASE ATARI SOFTWARE PROTECTION TECHNIQES BOOK " + DISK " - Adanced Software Protection Also written by George Morrison For those who hae this book and wish to contine and learn more abot Software protection and back-p methods, this ALL NEW seqel brings yo the latest innoations in this fast moing field. It explains the new protection methods sed by sch companies as Synapse* and Electronic Arts*. It also incldes complete reiews and explanations of prodcts sch as; The Happy Enhancement* The Impossible* The Scanalyzer The Chip* The Pill + Sper Pill* many others Explaining specifically what they copy, what they won't, how they are sed, and the details of how they work. Book /I also incldes sch topics as; transmitting protected programs copying disks with more than 19 sectors/track data encrypt ion phreaking methods Program worms logic bombs bank-select cartridges Random Access codes new trends in software law sample BASIC + Assembler programs on-line secrity The Adanced software protection disk (inclded with Book II) contains more do-it-yorself protection and analysis programs inclding; atomat ic program protector cstom format detector newest protection demos forced password appender data encrypter and more Check yor local compter store or order directly from Alpha Systems * denotes prodcts and companies not related to Alpha Systems. ALPHA SYSTEMS 4435 Maplepark Road Slow. Ohio 44224