Posted by zdw 5 days ago
As a young intern, I arrived early one morning to find the PCB layout software (PADS PowerPCB) on our "design PC" wasn’t working. (I use quotes because it was just the beefiest machine we had, naturally our boss’s PC, which he kindly shared)
Obviously the dongle. I tried unplugging and replugging it, with and without the printer daisy-chained. Nothing.
So I begrudgingly asked my colleague who’d just arrived. He looked at the dongle, looked at me, looked at the dongle again, and started laughing.
Turns out our Boss had stayed late the previous night processing customer complaints. One customer had sent back a "broken" dongle for the product we were selling. Boss tested it on his PC, found it worked fine, and mailed it back on his way home.
Except he didn’t send our dongle back. He had sent my PowerPCB dongle. More fun was had when the rest of the team and finally our boss arrived. Luckily he took it with good humor.
While I was reading the OP I kept thinking about how an accounting firm's entire ability to do business rested on the continued functioning of a parallel-port dongle. I just have to imagine that they had a box full of these.
It only took ten minutes with a dissassembler to find the JGT (Jump if greater than) and convert it to a JLT so the software would stop running if the date was before a certain date rather than after. I created a patching tool that simply flipped one bit that was sent out to all the sites and everything was good again. I don't think I'll ever beat the elegance of a single bit flip hack.
Many of them disappeared in the y2k dot com bust, but then seem to have reappeared in SF after 2008.
In the late 1990's, my second ever Flash app development client stiffed me on a $10k invoice.
He finally figured out 6 months later that he didn't have the source material to make changes and paid the full invoice in order to get it.
So I took precautions with the next client. It was a small agency that was serving a much larger business.
We were on 30 days net payment terms and I submitted the invoice when the project was done.
They didn't pay and within a couple weeks of gentle reminders, they stopped responding.
I smiled.
Exactly 30 days from the due date, I got a panicked call shrieking about their largest client website being down and did I have anything to do with it?!
I asked them what the hell they were talking about, they don't own a website. They never paid for any websites. I happen to own a website and I would be happy to give them access to it if they want to submit a payment.
They started to threaten legal nonsense, and how they had a "no time bombs clause in the contract."
I laughed because my contract had no such clause. If they signed such a contract with the client, that's not my problem.
I told them I wouldn't release the source files until the check cleared my bank, which could be weeks. A cashier's check arrived that morning and their source files were delivered.
By the end of it, the folks at the agency thanked me because that client wasn't planning to pay them and they hired me for other work (which, they had to prepay for).
Of course I don't know about the OP, but I'd bet the company was trying to stiff that contractor on their last check.
Wait, you mean they used your little ruse as a means to be paid themselves??
So, you know, in the program.cs startup I checked the username vs a hardcoded list of people in the relevant teams, and if it wasn't crashed out with an error and a support email address.
About 18 months after I had moved on, I got an email with a screenshot of that error message. it would appear the Milan (something like that) office had got their hands on a copy but it just wouldn't work for them...
Trivial to undo of course, but I did enjoy the throwback!
One, the developers spend more time running this code than we do, and they have to get the program working before we can even use it. So any parts of the program that are hostile to the developers risks killing the entire project. Obfuscating the copy protection can hit a point where it makes bug fixing difficult.
Two, lack of training. If you, me, and Steve each have a bag of tricks we all use to crack games, whichever one of us figures it out gets bragging rights but the game remains cracked. Meanwhile Developer Dan has to be aware of all the tricks in all of our bags together if he wants to keep the three of us out. Only there's not three of us, there's 300. Or today, probably more like 30,000.
Three, lack of motivation, which is itself several different situations. There's a certain amount of passive aggression you can put into a feature you don't even really want to work on. You can lean into any of the other explanations to defend why your code didn't protect from cracking all that much, but it's a checkbox that's trying to prove a negative, and nobody is going to give you any credit for getting it to work right in the same way they give you credit for fixing that corner glitch that the QA people keep bitching about. Or getting that particle animation to work that makes the AOE spells look badass.
This works because some programs use a hashing algorithm to calculate the key based on the name, do a strcmp, and pop a messagebox if the keys don't match, without zeroizing the valid key buffer first. If the key buffers are on the stack (or if the two mallocs just happen to use the same region in memory), it is often easy to find a valid key if you know where the invalid one is.
I guess software that derives keys this way is far less common than it once was, but I know of somebody who cracked something using this method just a few years ago, so it still pops up from time to time.
Input a unique string I could watch for, fire up SoftICE, watch for the string, and then step through until the == comparison happened, then either grab the calculated key and input it, or patch the comparison from == to != or just return true, depending on the implementation.
I did a massive crack that involved a program and it’s inf/dll hardware driver package.
Some of the most rewarding work I’ve done and also just so tedious!
Having to stop the OS like that and accidentally getting to the kernel but then not wanting to lose my position so having to hit step over and step out until just the right place… whew.
Cracking and RE were just gateways into a career in (defensive) security for me.
To prevent vendor A from creating licenses for vendor B's products, each DEC-issued PAKGEN license only authorized license generation for a specific named vendor's products.
As with all other DEC-supplied VMS software, PAKGEN was licensed through the VMS license management facility.
Thus if you could somehow get a PAKGEN license for the vendor name "DEC", you could use it to generate licenses for arbitrary DEC products.
Including PAKGEN itself.
And you could therefore generate licenses authorizing PAKGEN to generate licenses for arbitrary vendors' products.
These days, I guess you could make the key an ECDSA signature for a public key embedded in the binary if you were willing to accept such long keys.
I did that with dBASE III, which used ProLok "laser protection" from Vault Corporation - a signature burned onto the diskette with a laser. Back then, I found it amazing that Ashton-Tate actually spent money to contract with a copy protection company for something that could be so easily defeated by a teenager reading assembler.
They could have easily just written the same kind of code themselves. An example of the power of marketing over substance.
I was able to replicate that protection mechanism just by scratching a diskette with a pin. The "laser" was a meaninglessly advanced-sounding solution that added no value compared to any other means of damaging a diskette.
Made me feel like such a badass hacker at 15 years old.
This was one of those things you really really wanted but once you toyed with it, it sucked the fun out of games and they felt pointless.
How did you figure out where to scratch it? Was the laser mark visible on the original disk, or did you have to read the code and orient based on the diskette's index hole?
But as I mentioned in a sibling comment, I’m not sure it was ever confirmed that it was really a laser that made that mark.
Defeating the protection didn't involve knowing anything about the laser mark - as the comment I replied to described, it just involved changing a conditional jump to an unconditional one.
Replicating the protection involved causing minor damage on the diskette - the details don't really matter, laser, pin scratch, whatever - then formatting the disk, and registering the pattern of bad sectors created by the damage. A normal copy of the disk didn't replicate those bad sectors exactly, which made it possible to detect that the original disk was not present.
Similar stuff was later used for CDs IIRC.
I would guess (more or less) identically damaging multiple floppy disks in the same way would be easier with a laser than with something mechanical (e.g. a knife or a drill) (it is fairly easy to control power and duration of a burn), so it might well have been a laser.
On the other hand, disk tracks weren’t exactly tiny at that time in history.
I have almost no doubt that it could be a laser, it’s just unfortunate (and maybe a little bit suspicious) that I haven’t found it confirmed anyway. Almost like they wanted it to be a laser (hence the folklore around it), but had to use a less cool method to do it. But of course it might as well just have been a laser, and they for some reason declined to market or even just document it that way, for whatever reason.
The whole automation system including machinery costs anywhere from 200k to 1M yet Vendor™ tries to milk the customers dry with a 1.5k software license that lets you manage up to 254 physically* connected systems. I'm pretty sure the license dongle is in reality designed to prevent casual tinkering of parameters, which is something only service techs should do.
*You can circumvent this with serial-over-Ethernet converters, which has resulted in an Industrial Internet of Shit-level security nightmare as companies happily expose their systems over the internet, thinking that license dongles are a substitute for authentication.
(I did go on to pay for the software)
So I first decompressed the executable program (Windows executable were often packed at that time [0]), then I opened a binary editor, looked for that specific number in hexadecimal notation in the binary and changed to something much higher. I was than able to burn CDs without limitation.
Hope she enjoys the full version of life better than the trial we live in :’)
However, their usage accounting software wasn't great. I had it setup to reconnect if the connection dropped, and they didn't do a great job seeing this, so they accused me of using 2-3k hours during those 2 months (should be impossible if always coming from the same #) and sent me a large bill (for the hours used over 1500). They eventually gave in when I showed them it was impossible and they could validate that the calls were coming from the same line due to the connection dropping and being simple reconnections.
So... this kid whipped up a little bit of code which let you force the topmost window to the back, and proceeded to spend impressive quantities of time online doing apparently nothing in the online service's free support area.
I noticed it created a windows dial up connection. When you launched the browser the login info worked on this. I could just dial their server and save the username and password and use any browser or game normally.
otherwise you could have gifted a very nasty trial time of -1 minute! a pretty nice anti-addiction feature :-)
So yeah, my actual fix was to mash buttons until I got a big enough number :D
Since we sold (and still sell) perpetual licenses, it becomes a problem when a dongle breaks and replacement parts are no longer available. Not all users want to upgrade. Also, you may hate cloud licensing, but it is precisely cloud licensing that makes subscriptions possible and, therefore, recurring revenue—which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Also, despite investing a lot of effort into programming the dongle, we can still usually find cracked versions floating online, even on legitimate platforms like Shopee or Lazada. You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected. It’s not as if we have the legal resources to pursue pirates.
[0]: https://mes100.com
I understand you might feel this way, but it seems to me customers are mostly business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability (i.e: Someone to hold liable for problems in said software.). In fact, having no copy protection would probably have saved you the problem you mentioned where a dongle breaks and replacement parts are no longer available; this is one of the talking points that anti-drm/copy protection people advocate for, software lost to time and unable to be archived when the entities who made such protections go out of business or no longer want to support older software.
> even on legitimate platforms like Shopee or Lazada.
On a slight tangent, but I personally don't find either platform legitimate (Better than say, wish[.]com or temu, but not as "legitimate" as other platforms, though I can't think of a single fully legitimate e-commerce platform). Shopee collects a ton of tracking information (Just turn on your adblocked, or inspect your network calls. It's even more than Amazon!), is full of intrusive ads, sketchy deals, and scammers. You yourself said you can easily find cracked versions of the dongle there, which doesn't speak well for the platform. And Lazada is owned by Alibaba Group, which speaks for itself. I'm not sure why consumers in South East Asian regions aren't more outspoken about this, since they seem to be the some of the more popular e-commerce platforms there.
This is a nice idea but the reality is that there's MANY corporate customers who are happy to get away with casual piracy. Sometimes it's a holdover from when the company was small enough that every business expense is realistically coming out of their own pocket, sometimes they're trying to obfuscate how much their department actually costs to the company at large.
You think individual consumers lie to themselves to justify software piracy? Corporate self-deception is a WHOLE new kettle of fish.
Dongles were pretty commonplace on your more expensive software products from mid 90s through the early 00s. If I was publishing software that was a >$1000 a license, I damn sure would have used them.
One found someone installed a cracked Adobe Photoshop on a work PC. Probably a stupid one/off task. We were not graphic artists. Not 100% sure who did it but it was in an area only a few people had access.
The risk management team was not amused…
Unity is getting way too cheeky considering how they started out. =3
I'd agree that between Unreal and Godot, Unity doesn't look very attractive right now. But inertia will carry them for a long time
This goes out the window for polished end products but that's a different argument... but by then the ship has often already sailed and you're already using Unity.
Those assets end up being a liability later after publishing, can get your content DMCA flagged, and a firm sued (you will 100% lose in court if you don't settle.)
The Unity store does not prevent this issue, and kit bashing fun became dangerous to a publisher on the platform. It was impossible to determine what is safe with the new LLM tools, so the board banned the platform and engine.
Firms do make this mistake everyday, or just license generic Reallusion content. =3
"There is a bear in the woods. For some people, the bear is easy to see. Others don't see it at all. Some people say the bear is tame. Others say it's vicious and dangerous. Since no one can really be sure who's right, isn't it smart to be as strong as the bear? If there is a bear." (Hal Riney)
This was true of all software they used, but MSDN was the most expensive and blatant. If it didn't have copy protection, they weren't buying more than one copy.
We were a software company. Our own software shipped with a Sentinel SuperPro protection dongle. I guess they assumed their customers were just as unscrupulous as them. Probably right.
Every employer I've worked for since then has actually purchased the proper licenses. Is it because the industry started using online activation and it wasn't so easy to copy any more? I've got a sneaky feeling.
During roughly the same time period I worked for a company with similar practices. When a director realised what was going on, and the implications for personal liability, I was given the job of physically securing the MSDN CD binder, and tracking installations.
This resulted in everyone hating me, to the extent of my having stand-up, public arguments with people who felt they absolutely needed Visual J++, or whatever. Eventually I told the business that I wasn't prepared to be their gatekeeper anymore. I suspect practices lapsed back to what they'd been before, but its been a while.
They often need to "purchase" the license themselves in the sense of convincing someone higher up to buy it - so they're spending their time, which is still a sort of expense.
Also, piracy in companies is often just honest people who are in a bit of a hurry and need this software running on some other PC right now, or just want their colleague to give it a quick go (but then they end up using it all the time). Copy protection helps keep those honest people honest.
I always thought that selling B2B. Then I started checking and it was much worse than I expected. Big corporates were mostly fine but small to medium sized business were pretty bad. Also Asia was much worse than Europe and the US.
Trust the people whose paychecks depend on it, it was extremely common. I knew multiple people at different companies who had endless stories about customers buying a couple of copies for a large department to “share”, and they expected the vendor to support everything because it was “business critical”. This was also a problem for things like student licenses where people would expect enterprise-level support despite the massively-discounted copy they had clearly stating it was only for educational usage.
This has a lot of negative aspects for preservation, downtime due to issues with licensing, challenges around virtualization or hardware replacement, etc. so I don’t love the situation we ended up in but it’s entirely understandable given how pervasive theft was – there were a ton of small businesses which ran entirely on bootlegged software. Software developers have high leverage but if you aren’t in a mainstream market you’re not going to get over the threshold where you’re no longer worried about making payroll.
“Spare the money” is probably what you mean. That is to part with the money, to avoid having it, for example by spending it. Or by giving it away - As in “can you spare a dime.” The is the inverse of sparing the expense, just as an expense is the inverse of money.
The big boys in the industry won't risk problems, and anyway, that's a small price for them. However, the many smaller companies? They may absolutely need the software, but that's a substantial price for them. If they can get a cracked version online, they do.
And the cracked versions? They are made by companies out of legal reach: Russia, Belarus, Pakistan, India. They crack the software, and either put it online for free, or even have the cheek to sell it for a reduced price.
I've told my friend/acquaintance that he really needs to put the software in the cloud, accessible only via browser. However, this would be a massive undertaking, so he hasn't done it (yet).
In my experience this continues to this day due to people who require drawing on air-gapped computers, because the drawings/simulations they work on are highly sensitive (nuclear, military, and other sensitive infrastructure).
But I'm sure there are also old-fashioned people who like the portability/sovereignty of not having to rely on a third-party license server as you suggest.
Why should users upgrade or keep paying you when they already bought what they need and don't need anything else?
1. Physical dongle tends to break, and when it does, they expect us to give them replacing parts
2. They do expect bug fixes-- especially calculation bug fixes-- as the bugs are discovered. It's hard to leave their production critical apps broken like that once you know that the bugs can cause monetary or even life loss.
Maybe I'm the weird one to expect reasonably bug-free software, and if a bug is found, an eventual bugfix "for free"? ESPECIALLY if they cause monetary or life loss!
A bug means the developer did not do their job. Let's not pretend this is OK.
But the actual dongle... look, something like that should have a 30+ year warranty. There should be a plan for how to replace it a couple times before making the initial sale.
Then users are suddenly all over the developer to provide an update "so I can use this on Tahoe" or whatever, and unless the application is in its honeymoon period where new sales suffice to keep money flowing, the developer is gonna need recurring revenue in order to do recurring development.
The fairest thing to do is when a customer buys the software, they're entitled to that exact version forever. Or maybe 1 year of updates and bug fixes if you're feeling nice. If they want the next version that supports the next OS, it's fair to charge some more.
This what IntelliJ does. When I buy their IDE I can use it forever, and then they offer discounts for renewing. Pricing seems reasonable even though I'm currently generating $0 from my software development so I keep paying.
Sure. And if the audience is very broad that could be perpetually sustaining -- they're each year selling new licenses to people who just became old enough to want that type of software. You can see how a major IDE can afford to do that, right?
What it is really bad for is more niche software. This software often reaches its whole addressable audience in just a few years, and then revenue dips toward zero until the random occurrence of an OS breakage, which may take 1 year or 5 years. And some people even expect that "unbreaking" update to be free.
Obviously everyone has a right to refuse to buy under any business model other than a perpetual license if they wish. But I think that refusal to consider paying for subscription-based software under any circumstances greatly decreases the options that are going to be made at all, as the perpetual license model is absolutely unsustainable to all but the largest developers, and the apps with a very broad, naturally-replenishing audience. Everyone else will either quit or make ad-supported crap.
Because things evolve and inevitably, hardware dies, and you can't get a replacement.
With an old "dumb" piece of machinery, when something breaks you can either repair the broken part itself (i.e. weld it back together, re-wind motor coils), make a new part from scratch, have a new part be made from scratch by a machining shop, or you adapt a new but not-fitting part. It can be a shitload of work, but theoretically, there is no limits.
With anything involving electronics - ranging from very simple circuitry to highly complex computer controls - the situation is much, much different. With stuff based on "common" technology, aka a good old x86 computer with RS232/DB25 interfaces, virtualization plus an I/O board can go a long way ensuring at least the hardware doesn't die, but if it's anything based on, say, Windows CE and an old Hitachi CPU? Good fucking luck - either you find a donor machine or you have to recreate it, and good luck doing that without spec sheets detailing what exactly needs to be done in which timings for a specific action in the machine. If you're in really bad luck, even the manufacturer doesn't have the records any more, or the manufacturer has long since gone out of business (e.g. during the dotcom era crash).
And for stuff that's purely software... well, eventually you will not find people experienced enough to troubleshoot and fix issues, or make sure the software runs after any sort of change.
This take is diametrically opposite to what end users need. In a world where "if it ain't broke, don't fix it" is perfectly fine for the end user, buying a one off license for a software seems much more sane then SaaS. SaaS is like a plague for end users.
I don't condone piracy, but I also don't condone SaaS.
But in an imperfect world whereby our dependencies ( software components that we use) and platforms that we need to build/rely on ( like Civil 3D) do charge us on annual basis, and that some of users expect perpetual bug fixes from us, with or without a support contract of sorts, SaaS seems to only way to go for our sustainability.
We've all got to push back against these bloated saas models that don't bring tangible benefits to end users and serve only to pad company valuations. Make new versions of your software with features meaningful enough to encourage people to upgrade and outline support periods for existing software sales after they buy a one-time license. There's gotta be a better way. For everyone (except big tech CEOs).
That's why software keep adding bloat fancy buttons and change color scheme every few years. This is anti-productive.
No support contract? Pound sand.
The problem exists from both sides of the coin. Firstly the bulk of customers don't purchase a support contract. So there is very little income to pay staff. So the "support" department has very few people. They're also not very good because low wages means staff turnover.
Then Betty phones with a problem. Significant time is spent explaining to Betty that we can't help her because she (or more accurately her company) doesn't have a contract. She's fighting back because an annual contract seems a lot for this piddly question. Plus to procure the contract will take days (or weeks or months) on her side. And it's not I any budget, making things harder. Betty is very unhappy.
The junior tech doesn't want to be an arsehole and it's a trivial question, and is stuck in the middle.
We switched to a SaaS model in 2011. Users fell over themselves thanking us. They don't have to justify it to procurement. The amount can be budgeted for. No sudden upgrade or support fees. Users get support when they need it. The support department is funded and pays well, resulting in low staff turnover, and consequently better service.
Plus, new sales can stop tomorrow and service continues. Funding for support remains even if sales saturate the market.
Consumers may dislike SaaS, but for business, it absolutely matches their model, provides predictability, and allows for great service, which results in happy Users.
In the companies I've worked for so far since SaaS became a thing you absolutely need to go through procurement for a big enough purchase. You actually need to negotiate the contract each time it expires, which is IMO more burden on the end user than buying a one-off license.
The problem with support contracts, or support requests solved by an upgrade, is that the User needs it now, not after a procurement process.
Doing procurement annually is easier because it can be planned for, budgeted for etc, and happens on a separate thread to the actual support.
Even when they overlap there's enough grace to keep the User happy while waiting on the customer.
That's okay, but in say, 2 years when Mac OS 28 completely bricks the app, the developer will not be there to give you an updated one (even if you're willing to pay), since most of the addressible market already bought the app in 2025, and after 2 years with almost no revenue, the developer stopped working on it, deleted the repo and moved onto another project. The developer can't even rely on a future OS update "encouraging" people to buy "App (N+1)" since it might be "ain't broke" for 1 year, or for 5.
The point of a subscription is not to rip you off, it's to acknowledge a few realities:
1. For reasons beyond developers' control, platform vendors do not provide a "permanent" platform, but a shifting one without any long-term guarantees. You can put a 100-year certificate into your app, but the OS vendor might decide that only certs with expiration less than 45 days are okay and your app no longer works unless you're around to (A) keep abreast of the platform's rules and changes, and (B) ship an update.
2. Many software offerings need to provide a server-side component, which is never a one-time cost.
3. Relying on upgrade purchases to sustain a product gives developers perverse incentives to shove a ton of new features just to be able to pitch "Upgrade to Appitron 2!" with a ton of bullet points, whereas subscription pricing incentivizes them simply to keep users loving the app forever, including adopting new technologies but also just improving the core experience.
Due to 1 and 2, it makes sense to let users who stop using the program after a short time pay very little, and to let users who rely on the continued operation of the program, pay a little bit each year, instead of paying $500 once and using it for a few years, and maybe upgrading for $250.
What's wrong with SaaS?
If we didn't sell our desktop software to ~1000 companies as a SaaS then few would afford it. We could sell one-off/perpetual licenses for maybe $1M but only our biggest customers would manage that expense, while smaller competitors would not. And if that means we sold only 300 licenses, then the price would be even higher because the number of licenses sold would be even smaller. The SaaS is basically what the customers ask for. They can cancel and switch to competing software when they want to. In fact, customers who use the software rarely feel the SaaS yearly cost is too high so ask for even more SaaS-y functionality such as paying by minute of use or per specific action like "run simulation", instead of having a yearly subscription. Because they might just use it a few days per year so they feel that (say) $10/yr is too much.
Reality is that many modern software developments have plenty in common with designing a toilet. You spend time identifying the problem statement, how you can differentiate yourself, prototype it, work out the bugs, ship the final product, and let sales teams move the product. The difference is the toilet can't be turned into a SaaS (yet) and, if it ever could, that would break functionality because you're supposed to poop in it, not have it poop on you.
A. Release security updates independently from feature updates
B. Stop adding random features that hook you up to more unwanted landscapes, or landscapes at all (software that could run entirely locally without network access but have network access anyway, updates that force ads, the updater itself, etc.)
but they don't because that's not the actual reason they have automatic updates.
If I have "Ajax" brand leather shoes sown by an East Asian sweatshop worker, who is the "creator" of the shoes, for purposes of benefiting from this system?
We are agreed that the company "Ajax" is not a creator, yes? Companies don't create - people create. Patented inventions are created by people, though patent ownership may be transferred to companies.
So does the monthly fee go to the skilled laborer who sewed the pieces together to give the final form? And also the laborers who turned cow hide into leather? As well as everyone involved in the shoe design? Does it also pass to their inheritors? For how long?
The house I owned was built in the 1950s by a local construction firm which is still around. There were several owners before me, including ones who remodeled and renovated it. Do all of them get part of my monthly fee? Or does it go to the woodworkers and plumbers and other builders who did the actual work?
I have books in my personal collection from authors who died decades ago. How do I reward Robert Heinlein in this "keep paying" scheme? Some of these books I bought used, so neither Heinlein nor his estate ever got a penny from me.
But that's fine, as the price point for the original sale already factored in the effect of the First Sale Doctrine.
Just like how the price of a car, house, bike, shows, etc. already factors in the reward for everyone involved, without needed an entirely new system to determine who the "creators" are, and how they get paid monthly.
And that's all assuming the fee distribution system itself is fair. We need only look to academic publishing to see unfair things can be once a system is entrenched.
Mercedes restricts the performance of some cars if you don't pay $1200 a year for the “Acceleration Increase”. You have to pay more if you want to use the power you already paid for.
BMW offer heated seats for £10 a month. The car has heated seats that work fine, and you paid for the hardware already, but they are turned off if you don't pay more.
Neither of these are anything to do with ongoing costs to the company, like support or mobile connection, they just want ongoing revenue.
For cars maybe, but not for houses. Property law for land is very old and very well established. If someone else is able to lock you out of your house then they are the title owner, not you. If you are the title owner then you’re well within your rights to have a locksmith replace the lock on the door.
The issue is a mismatch of incentives - customers wanting things for free - even if they aren’t actually customers. Vs businesses need/want for ongoing revenue (ideally for free too!).
Both sides are never going to be perfectly happy, but there are reasonable compromises. There are also extractive abusive psychos, of course.
Free customers can store 3 hours of sound. This former paying customer had more than 3 hours of sound stored.
The comment said SoundCloud was a terrible company holding their data hostage, by not letting them do anything with it except delete things to get it under 3 hours, and threatening to delete all of it if they didn't.
This part is left out in modern software development.
Bugs ? What bugs ? We just (re)wrote a new version. This one should be better.
The IT department restructures the license server or it goes down.
The vendor changes their license technology every few years.
If you have a physical dongle, the vendor will beg you to send it in and receive a soft license. The few remaining users with dongles refuse. The hardware is more reliable.
Sometimes, there are network interuptions. Then it is the right time to work because youtube isn't available.
1) a hardware and software solution implies that hardware will stop working at some point. Customers should understand it 2) you could sell them a new dongle every time support contract ends which is what I’ve experienced with Xways as an example. Even if you’re air gapped once a year usage data upload and new dongle seems fine. 3) why should users receive free upgrades and bug fixes? No software is bug free.
Finally there are several brand protection shops that fight fakes and work well with Shopee, Lazada, Facebook etc. It’s not five dollars but they will take these down effectively
Which is not uncommon.
It’s also one that is typically pretty good for customers that like to do an investment and then continue to reap benefits from it. The capitalization model.
The ‘lease’ model (SaaS) is good for customers with highly variable licensing/software needs or that expect extremely high turnover, and prefer to see these costs as, essentially ‘cost of production’. The cash flow model. It does require a lot of trust, however, that when the lease comes up for renewal the fees won’t be usurious.
Neither is necessarily wrong. A whole lot of folks are starting to realize the downsides of expenses coming out of cashflow though! And losing a lot of trust.
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
To expand on the saying, they're not there to be insurmountable. Just to be hard enough to make it easier to do things the right way.
I’d guess it’s something similar with this dongle. You can’t “accidentally” run the software without the dongle.
More to the point the guy didn't even open the dongle, which in all likelihood was a simple set of logic gates in this case.
I'm assuming he did have a careful look at the caller to the function because his reasoning that the communicating function took no inputs is faulty.
What if the hardware has a LFSR in it and returns changing responses, and the caller can check them with a verify function else where that maintains a state and knows to expect the next in the sequence?
We have far better tools today for sure, but we understood the system better back then. The right tool is sometimes better than a sharper tool as they say.
Edit : I should add I'm aware it's very likely the actual reversing involved more steps and checks than Dimitrys blog which is narrowed to what worked.
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
In most cases it was not much more difficult than what OP described.
The protection just needs suficirntly complex.
I think he ended up pirating a 3.x install from a friend and running the upgrade on to of that; felt pretty morally clear given what the box had advertised.
The code decrypted itself, which confused debuggers, and then loaded a special sector from disk. It was a small sector buried in the payload of a larger sector, so the track was too big to copy with standard tools. The data in the sector was just the start address of the program. My fix was to change executable header to point to the correct start address.
Apparently there is important stuff still running in emulated PDP-11s, almost double the age.
https://www.reddit.com/r/windows/comments/1n1no1k/august_202...
Win95 complains about needing REAL mode compatibility for a RAM disk though. I wonder how much performance degradation is noticeable with a RAM disk though.
The crack is a little bit harder these days as there is a special compiler that encrypts the binary using an on-dongle key, decrypting it after it's loaded.
A big reason for the dongle is to regionally control features (e.g. users in country A must not have feature X but users in country B should) and able to "expire" offline desktop software.
These measures typically work well against piracy in the markets the game is officially distributed in (mainly Japan), but end up being cracked anyway once the game is popular enough that foreign arcades and private owners start importing older decommissioned cabinets and create demand for a way to get them running again without depending on the manufacturer's servers.