Log in

View Full Version : Authorization from floppy disk


bestobest
December 3rd, 2004, 12:59
First time That I have encountered a program that in order to register you need authorization from a floppy disk, if you don't have that disk, how can you tackle this application....

JMI
December 3rd, 2004, 13:05
Have you done what your are supposed to do FIRST and tried to find an answer to your own question? Have you used the search function here at all?

Thinking conceptually, there is not to much different from a protection searching for a file on your HD or your CD or your Floppy. The API may be different for each but it has to read something, confirm that it is the "right" something, and then tell the program which demanded the check that you are a good boy and not a bad cracker. So you have several ways to approach your problem. You can find the correct call to "read" from where it wants to find the file, you can then attempt to intercept the comparison of the file which is found, or where it branches if it is not found, and determine whether you can "fool" the program into thinking it did find the correct file.

One other option, which makes the process much more difficult is that it reads something from this "file" to decrypt part of the program and, if it does not find it, that part of the program is non-functional.

Now it's up to you to go study up on how some of these actions can be accomplished.

Regards,

bestobest
December 3rd, 2004, 15:23
jmi you always have good answers

FrankRizzo
December 8th, 2004, 00:50
What does it say if the disk isn't in there? (I'm old school, and floppy based protection used to be my bag).

Clandestiny
December 8th, 2004, 12:01
Do not forget that what it's looking for may not be found in a "file" per se. There are other places where data can be hidden. Bad sectors (that are not really bad), for example, or in file / RAM slack (the empty space at the end of a clustor / sector). Floppies are usually FAT 12, btw.

Cheers,
Clandestiny

0xf001
December 8th, 2004, 12:39
hence imagine the decryption routine itself is started from disc and you do not have the algorhitm available as well - that would be a challenge

JMI
December 8th, 2004, 12:58
Clandestiny's comment reminded me that there were, indeed, some copy protections for floppy based systems that also used "bad sectors" as a method of attempting to prevent the copying of the floppy itself. Standard copy programs would not copy the disk when it discovered the "bad sectors." As I recall, this was common on music software and was sometimes referred to as the "key disk" protection. You had to "prove" your possession of the software, by inserting the key disk, much as you have described.

You now have several possibilities to investigate. That's part of what makes it all interesting.

Regards,

bestobest
December 8th, 2004, 17:00
Quote:
[Originally Posted by FrankRizzo]What does it say if the disk isn't in there? (I'm old school, and floppy based protection used to be my bag).


It simply say authorization key not found on floppy, even tho I had no floppy inserted, but from all you guys suggestion I bpx on int13 with no luck, I tried getdive, well everything I could think that reference a drive, could not get the program to break, if it at least break, I could find out what it is looking for, anyway thanks all. I will keep trying

FrankRizzo
December 9th, 2004, 00:18
There were ALL manner of disk protections. There were "bad sectors", there was one that reformatted track 1 so that it had 1 extra sector, and most copy programs would only read the normal number. There was monkeying with the intra-sector gaps, and my personal favorite, Rob Northen's Copylock used to reformat track 1 as 1 big sector. When the copy programs read it, they chopped off the gaps, thus funking up the data.

(It also generated 4 checksums of the data in that track, and used them to unencrypt the program before it ran. His downfall was that he spent an inordinate amount of time on his "wrapper", so, when I found a SIMPLE way through it, and wrote a dumper, he had nothing.. So, he went off and started writing compressors for the SNES).

So, let me ask some questions here. Are you saying that the program runs, and then you have to put the disk in to get it registered? Or, does it start, access the floppy, and then just drop back to DOS with an error message?

BTW, it SOUNDS like you are looking at Everlock by AZ-Tech in Missouri. They tried hard, but most of their stuff was easy to crack.

TBone
December 9th, 2004, 12:46
I seem to remember that all the old Sierra games like Space Quest 1 and King's Quest 1 used the old intrasector gap trick you mentioned. Of course, if you did a raw copy of the disk instead of a FS copy, then it would work. But DOS didn't come with a raw writing utility like dd. I could be remembering incorrectly, though. I think was 5 years old when my father brought home a mega1337 IBM XT clone and a copy of Space Quest one Christmas. Ahhh, the memories. Are the two guys from Andromeda doing anything these days? Or, for that matter, any of the old Sierra staff like Ken and Roberta? I haven't heard anything about any of them since they sold the company.

Anyway, I think it's kind of funny how copy protection schemes sort of repeat themselves over the long haul. A lot of those old schemes came back in a modified form as CD copy protections. SafeDisc is a pretty good example of the bad sector trick with a new twist. Deliberately write bad sectors to the disc, and then use the pattern of good and bad sectors as a binary code to encrypt the executable.

bestobest
December 9th, 2004, 13:46
Quote:
[Originally Posted by FrankRizzo]There were ALL manner of disk protections. There were "bad sectors", there was one that reformatted track 1 so that it had 1 extra sector, and most copy programs would only read the normal number. There was monkeying with the intra-sector gaps, and my personal favorite, Rob Northen's Copylock used to reformat track 1 as 1 big sector. When the copy programs read it, they chopped off the gaps, thus funking up the data.

(It also generated 4 checksums of the data in that track, and used them to unencrypt the program before it ran. His downfall was that he spent an inordinate amount of time on his "wrapper", so, when I found a SIMPLE way through it, and wrote a dumper, he had nothing.. So, he went off and started writing compressors for the SNES).

So, let me ask some questions here. Are you saying that the program runs, and then you have to put the disk in to get it registered? Or, does it start, access the floppy, and then just drop back to DOS with an error message?

BTW, it SOUNDS like you are looking at Everlock by AZ-Tech in Missouri. They tried hard, but most of their stuff was easy to crack.

Well the program run with a lot of options disabled, if you want them enabled, you will have to enter an authorization key. You enter a key and say authorization not found on floppy disk.....my problem is not being able to break. I checked with peid, and as far as it go it it not packed with anything.
Also say compiled with vb5 or vb6..

FrankRizzo
December 9th, 2004, 20:39
The more you tell me about this app, the more it DOESN'T sound like a real floppy protection. It sounds like it's looking for a file on the disk, not some hijinx. Is it possible that it's trying to open a file, and read a serial number out of it? I've seen such done before. You might want to run this under smartcheck, and see if it's a "FileOpen" or something weird.

I BET it's a FileOpen kinda situation. If not, I might offer to look at this, and give you some hints about it.