Posted by zdw 5 days ago
I announced it on the Prime Usenet group and a guy wrote to say he was interested in using it for production, but had been burned before and wanted to make sure it worked. So I set him up a VM in my basement, he uploaded a bunch of his executables, and they all worked. I charged $1000/mo for the emulator. Since he was in the EU, I knew I wouldn't have a leg to stand on to get paid if they decided to stiff me, so I did some investigating into a Matrix dongle. It was pretty slick, and I coded up a copy protection scheme that allowed the emulator to run only when the dongle was inserted, and it contacted a license server in my basement to verify that it was allowed to run. To make sure my basement server wasn't a critical resource, I had the dongle setup like a battery that got periodically "charged": if the license server was down, the emulator kept running for up to N days on its local charge, giving me time to solve issues with the license server.
This went on for a few years, but they were never happy they had to actually keep paying for the technology. I heard every excuse in the book about why they needed a backup dongle. I knew the real reason they wanted one was to hire someone to hack it, but unfortunately, that would mean removing it, and that would halt the emulator within 5 minutes. So they came up with excuses like:
"Our state regulator requires us to have a backup computer system, so we need 2 dongles". No, you start computer 2, move the dongle, and you're fine.
One time I heard from a guy who said he heard about the emulator from a Prime parts guy in Chicago I knew, and wanted to try it out for a large EU bank. I asked where to send it, and surprise - it was the same city as my other customer! So I call R in Chicago and asked him how the conversation went with this "banking" customer, and R says "It was kinda weird. He said he had a Prime with a failing disk drive, but when I asked what model drive he had, he didn't know. He kept asking if there was any other solution for him besides hardware until R says "Well, there's a guy that has an emulator", which the banking guy jumped on immediately. So I go to Google and lookup this address the banker gives me to send the dongle to, and it's a massage parlor!
All in all, it was a good deal for me and a good deal for him, even if he wasn't happy about it. He was getting paid to support his own Prime software that he didn't have to port. But I learned my lesson as a youngin' about companies saying they will pay for something. I sold some printer/spooler minicomputer software in my early 20's and had a large investment bank (huge actually, as in everyone at the time would recognize their name) try it out for a month. They called and said they were processing the one-time license fee of $1500 but could I give them the access code early so they wouldn't have a disruption for a few days. I did it, and never got a dime from them. Hard lesson learned about being nice.
Has that been defeated yet?
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
I will check if I can find an image of it.
EDIT: here is an old listing of it: https://www.ebay.com/itm/187748130737
Sadly the lid isn't open so you can't see what modules are installed.
Starting in '97 I worked on some software that used Elan License Manager (elmd) that then moved on to FlexLM in a major release.
Requests for, and problems with, licensing were a considerable source of support tickets but I'm sure it also drove a reasonable amount of sales as customers wanted to play with component X but were prevented from doing so by a lack of license.
When we were acquired by IBM we replaced the licensing code with lawyers and (threats of) audits. It didn't seem to harm the revenue. The product is still being maintained and sold.
> ... if you could reverse one you could reverse the other.
I can confirm it was quite easy with gdb to either skip past the license checks or, in the case of Elan licensing at least, call the license generation function from within the binary to generate whatever licenses for whatever features you liked.
The "hardware identifiers" were a nightmare too. I ended up writing some code that would pull all of the necessary information (primary MAC, IP address, hostid for Sparc machines, hostname, etc) and give it to us in a base64 encoded blob, we also grabbed some CPU and memory information that proved quite useful in seeing how the software was deployed.
More common for games was to use the media itself for copy protection, using a variety of tricks to make copy more difficult. Other techniques involve printing some keys you have to enter using colors that don't render well in photocopies, or have you look at words a certain page of a thick user manual, the idea being that it is more expensive to go through the effort of copying this material than to buy the software legally.
One of my favorite is from Microprose games, for which the manual was a pretty good reference book on the subject of the game, that alone is worth buying. And the copy protection is about asking you about information contained in the book, for example, it may be some detail about a particular plane in a flight simulator, which means that a way to bypass copy protection is simply to be knowledgeable about planes!
Dongles were common, but mostly for expensive enterprise software. Also, dongles don't make cracking harder compared to all the other techniques, so for popular consumer software like games, it is likely to be a lot of inconvenience and a waste of money for limited results.
-- Only You Can Save Mankind, Terry Pratchett, 1992
As for enterprise software, pros usually don't want the potential legal trouble associated with cracked software, and dongles are just about not making is easy to violate the licence by accident.
This has many negative side effects, but if the game doesn't require twitchy reflexes it's usually not very noticable. It's also terrible for preservation.
I find it interesting that they didn't make it into the USB era where you could easily have something that does some actual processing on the device that makes it a serious challenge to reverse engineer.
When parallel ports were discontinued, they migrated to USB and network license servers.
The nature of our business was such that there was a lot of logic analyzers and signal tracing equipment in the lab and the dongle was reverse engineered and cloned after a couple of “where’d my dongle go” incidents.
I remember hearing a courier died overnighting a CAD dongle.