This type of thing was also commonly done in hardware back in the day. For example, DEC VAX microprocessors sometimes had etchings that taunted Soviets reverse-engineering their technology (src: http://micro.magnet.fsu.edu/creatures/pages/russians.html ).
This was a common practice back in the days of easily-copyable ROM firmware and boards that were mostly off-the-shelf TTL chips. Companies could copyright the firmware, but not the board design (which is how companies like Franklin and Compaq got to survive).
A lot of arcade videogames have similar things, like the ones that were in Robotron:2084 and Sinistar. Popular arcade titles were counterfeited all the time, this was done as a safety measure if it ever came down to a courtroom verification of the code.
Konami for example saw that pirates usually erased their logo from the boot sequence so what they did is insert some code that detected when this happened and modified the game accordingly.
One case was the TMNT game for the NES which when pirated set itself in a ultra-hard mode that was impossible to beat since the final boss keep replenishing its energy.
The article claims that it would only happen to experienced ROM hackers, but I could easily see some lazy bootleggers only fixing the first copy protection check without completely testing the game and selling the half-broken result to some hapless kid.
Atari (old Atari, pre-layoff days) had an 8 byte sequence that they copyrighted, and that we were supposed to embed in our games. The idea was you could find the sequence in a pirated ROM and ask in court, "What does this do?" Since the bytes weren't executable code, or useful data, it'd be hard to support their presence in any technical way.
I heard a story from the days of the Game Boy Advance, which supposedly had a similar feature.
Physically, custom carts could easily be made. To prevent this (from a purely legal standpoint) Nintendo made it so the GBA internal ROM was looking for specific data (validated by hash of sorts) on the cart, or it would reject it and refuse to boot. This data happened to be the (copyrighted) logo displayed on boot, hence it made unapproved carts either unbootable or illegal.
Reminds me of how, back in the day, software would look for the letters "IBM" at a specific ROM address (it was in their copyright message) in order to identify the video card as a VGA card (or maybe it was back in the EGA days, can't remember). One of the clever clone card manufactures put in the ROM "There are various pieces of software that expect the letters IBM to appear here".
There were still boatloads of counterfeit GBA games, particularly Pokemon. If you bought any used Pokemon games, odds are very good they were counterfeit.
That's an open-and-shut case (provided they catch the bootleggers). This was meant more to (theoretically) stymie something like Tengen's 3rd party NES carts. Nintendo wants a cut on all the games that play on its consoles.
My father bought a Franklin Ace and we used it for 5-6 years. It was a great computer (better than the Apple IIe) but mainly because I was running CP/M on the Z80 adapter card that came with it. Why use the Apple's 40 character mode when there was the CP/M 80 character mode handy? And CP/M had WordStar!
In any case, thanks for reviving some great memories!
Microsoft did something similar in BASIC, and for the same reason: http://www.pagetable.com/?p=43 The link contains the asm code and explains the obfuscation.
I imagine hardware manufacturers similarly incorporate some form of identifying macros these days. Of course, most people who buy clones wouldn't really care, but at least the publishers of those clones would be wise to avoid bringing too much attention... Unless they're in a country that has very lax copyright enforcement.
Not sure if this is still present, but the first intel release had this mapped into ever process's address space:
$ cat dsmos.c
main()
{
puts(-16 * 4096 + 0x1600);
}
$ gcc -o dsmos dsmos.c
$ ./dsmos
Your karma check for today:
There once was was a user that whined
his existing OS was so blind,
he'd do better to pirate
an OS that ran great
but found his hardware declined.
Please don't steal Mac OS!
Really, that's way uncool.
(C) Apple Computer, Inc.U??VWS?5P
cat "/System/Library/Extensions/Dont Steal Mac OS X.kext/LICENSE"
Copyright (c) 2006,2009 Apple Inc. All rights reserved.
The purpose of this Apple software is to protect Apple copyrighted
materials from unauthorized copying and use. You may not copy, modify,
reverse engineer, publicly display, publicly perform, sublicense,
transfer or redistribute this software, in whole or in part. If you have
obtained a copy of this Apple software and do not have a valid license
from Apple to use it, please immediately destroy or delete it
from your computer.
> You may not copy, modify, reverse engineer, publicly display, publicly perform, sublicense, transfer or redistribute this software, in whole or in part.
I think you actually can do some of those things legally, right?
In 1980, a company called Franklin Computer produced a clone of the Apple II called the Franklin Ace, designed to run the same software. They copied almost every detail of the Apple II, including all of its ROM based software and all the documentation, and sold it at a lower price than Apple. We even found a place in the manual where they forgot to change "Apple" to "Ace". Apple was infuriated, and sued Franklin. They eventually won, and forced Franklin to withdraw the Ace from the market.
Even though Apple won the case, it was pretty scary for a while, and it wasn't clear until the end that the judge would rule in Apple's favor - Franklin argued that they had a right to copy the Apple II ROMs, since it was just a "functional mechanism" necessary for software compatibility. We anticipated that someone might try a similar trick with the Macintosh someday. If they were clever enough (which Franklin wasn't), they could disguise the code (say by systematically permuting some registers) so it wouldn't look that similar at the binary level. We thought that we better take some precautions.
Steve decided that if a company copied the Mac ROM into their computer, he would like to be able to do a demo during the trial, where he could type a few keystokes into an unmodified infringing machine, and have a large "Stolen From Apple" icon appear on its screen. The routines and data to accomplish that would have to be incorporated into our ROM in a stealthy fashion, so the cloners wouldn't know how to find or remove it.
It was tricky enough to be a fun project. Susan designed a nice "Stolen from Apple" icon, featuring prison bars. Steve Capps had recently come up with a simple scheme for compressing ROM-based icons to save space, so we compressed the icon using his technique, which not only reduced the overhead but also made it much harder to detect the icon. Finally, we wrote a tiny routine to decompress the icon, scale it up and display it on the screen. We hid it in the middle of some data tables, so it would be hard to spot when disassembling the ROM.
All you had to do to invoke it is enter the debugger and type a 6 digit hexadecimal address followed by a "G", which meant execute the routine at that address. We demoed it for Steve and he liked it. We were kind of hoping someone would copy the ROM just so we could show off our foresight.
As far as I know, no one ever did copy the ROM in a commercial project, so it wasn't really necessary, but it did create some intrigue for a while. We let it slip that there was a "stolen from Apple" icon hidden in there somewhere, partially to deter people from copying the ROM. At least one hacker became moderately obsessed with trying to find it.
Steve Jasik was the author of the MacNosy disassembler/debugger, which could be used to create pseudo-source for the ROM. He found out about the "stolen from Apple" icon pretty early on, and became determined to isolate it. He lived in Palo Alto, so I would occasionally bump into him, and he would ask me for hints or tell me his latest theory about how it was concealed, which was invariably wrong.
This went on for two or three years, before he finally cracked it: I ran into him and he had it nailed, telling me about the compressed icon and the address of the display routine. I congratulated him, but was never sure if he figured it out himself or if someone with access to the source code told him.
I have smoke detectors in my house. I've never had a fire, so they've done bugger all, but the fact that they're there means if there was a fire, I would be notified.
Useless doesn't mean the same thing as never used.
Anyone can grab my cell phone from my desk. But if I log into the website, I can lock and remotely wipe it, as well as tell the police where to look for it. I can even take pictures of the person who stole it, completely unbeknownst to the thief.
Some might say the best security systems are the ones the thieves don't know are there.
The only reason those thieves don't know they're there is because they aren't very knowledgable (if they weren't thieves I'd give them the benefit of the doubt, but you called it...)
Some might say that thieves should know what security systems may be there... I know if I was a thief I'd avoid stealing smart phones all together!
The best thieves already know what security systems are in place, the real battle is making sure they are actually secure.
So useless to everyone else... It's basically an ad-hoc DRM solution that gains no advantage to the end-user, while triggering un-known actions in an otherwise trusted piece of software.
Yes, that's why it's clever. The end user isn't aware it is there and it isn't harming them, but it's stopping other companies such as Franklin profiting from directly ripping off your work without your permission.
I'm not sure it was meant to be useful to an end-user. An end-user doesn't care if the computer he's using was stolen, counterfeited, etc. The company making the equipment and software does, and this is useful to them.
In fact, people /were/ copying Mac ROMs so they could run them on the Atari ST, using David Small's "Magic Sac" cartridge and emulation software.
Not really all that paranoid. Not a large investment for a possible huge payoff later. Also, this was the kind of thing that Capps loved to do; probably took him an hour or two one evening.
The Magic Sac wasn't supposed to run with EEPROMs -- in theory you had to obtain a real Mac ROM from somewhere -- but all you really had to do was clip a pin on a 27256 and the 'Sac wouldn't know the difference.
It's a cute story, but if a cloner was dumb, he'd copy the the ROM as is and wouldn't care if the icon was hidden or not. A smarter cloner would tweak the code and the resulting ROM image would've likely had different offsets, so typing "<hex-address> G" in front of a judge simply wouldn't work. It doesn't really smacks of paranoia, but it does look like something Steve Jobs would've insisted on.
I guess the Apple engineers would have prepared the demo and analysed the copied ROM, before going to the court. Then, they would have found the routine (somewhere else, as you point it out) and easy to activate.
I could see a really compelling demo where they bring out the machine still in the shrinkwrapped box, open it in front of the court, turn it on, and hit the register.
unless the cloner did major modifications the code to display the icon would still be there and recognizable. It wouldn't take any half competent engineer very long to find the new address to run knowing the exact block of code they were looking for.
He meant a knowledgeable Apple engineer, who would presumably have some time to determine where the routine had moved while the lawsuit against the copier was wending it's way through court.
So, once the modified clone(s) start to get a foothold in the market, release a new version of the OS which checks for the existence of the copyrighted marker:
In other news, the locks on my door are useless because nobody has ever broken in, and password protection on my online accounts achieved bugger all because nobody has ever hacked into them. Right.
How is it paranoia when the previous apple II's ROMs were copied and used in a competing machine. Apple then went to court and won but it was not a clear cut victory so they decided to 'digitally watermark' the ROM so if it ever happened again they could easily prove in a court of law a competitor copied the rom. It doesn't sound like paranoia so much as a reasonable action to prevent something that had already happened to a previous product.
> exactly the sort of response I expected of Jobs.
> this smacks of paranoia
Counterpoint: Isn't company-wide email randomization similarly paranoid or self-defeating? If so, at least he's in good company (Mark Zuckerberg and Elon Musk have used this tactic).
"UPDATE: In a version of the memo I first posted, there was a repeated paragraph, with slight differences. This might have been a software error–several versions I got of this entire memo had different punctuation in various places." --http://allthingsd.com/20090402/the-entire-facebook-goodbye-g...
As well as a real "APPLE ][", we had a clone which displayed "GALAGA" on boot, bought from Singapore I think. It was otherwise identical to the real one, including the rest of the EPROM image. So there really were clones "Stolen from Apple".
Being able to pull up a graphic on an cloned machine isn't something anyone would think of as security. Maybe I misread but I took it as a "hey, if you can do this it would be funny" kind of project.
You have to give it a few minutes for people to get their replies out before you get antsy about downvotes. The same time you posted this, multiple replies were pouring in.
Thanks freehunter, I tend to react quickly to these things... Not sure why, as it's just another forum, but HN tends to mean more to me than the other online discussions.
I will certainly take time to refresh, and reflect on other's input from now on, at least for 5 or 10 minutes.
