COMPUTIST Magazine Articles

While I was in high school, I submitted a number of articles to COMPUTIST magazine (nee Hardcore Computist).  The magazine was devoted to removing the copy protection from commercial software.  One article defeated a fairly famous protection scheme.

Spiradisc

The "Spiradisc" copy protection system was developed by Sierra On-Line to defend its games.  In his book _Hackers_, Steven Levy wrote:

Mark [Duchaineau]'s scheme involved arranging data in spiraling paths on the disk, so information could not be accessed concentrically, like a needle following a record, but in several spiraling paths. That was why Mark called the scheme "Spiradisk." The different arrangement would thwart programs which broke copy protection and allowed pirates to copy disks. While not being totally pirate-proof (nothing is), Mark's scheme would defy Locksmith, and any other commercial scheme. And would take a hell of a long time for even a devoted hacker to crack.

Spiradisc was used on Sierra's "Frogger" and "Maze Craze Construction Set" titles.  It truly was state-of-the-art.  My favorite trick was the way they defeated NMI copy cards, which captured a snapshot of the computer's memory after the game had loaded.  The easiest trick -- corrupting your stack pointer when the game is idle, so the interrupt frame overwrites a valid return address -- was too obvious, and too easily circumvented.  Instead, Spiradisc collected some information about the computer's configuration as it was booting.  This was periodically re-checked.  If the computer had mysteriously gained or lost peripherals, the game knew it was running on a different computer, and would bail.  This meant that memory-image copies would appear to work until you tried using them somewhere else, which, as intended, had me running in circles for a few days (the copy card was in a friend's computer).

Since that wasn't working, I tried boot-tracing my way through it.  This turned out to be a very frustrating experience.  After peeling back several layers of self-modifying code, I gave up and tried a different approach.

It was possible to purchase a "Super Saver ROM" chip that made getting into games easier.  The replacement ROM provided a different way of handling the "reset" key that side-stepped the usual copy protection tricks.  My brother hacked our 16K "language card" to add a write-protect switch, which allowed us to do essentially the same thing without replacing any chips.  (This limited cracking attempts to games that fit in the main 48K of memory, but nearly all heavily-protected games fell into this category.)  I submitted an article describing how the hack should be performed, but it was rejected by the editors (scans of the submission here: 1 2 3 4 5 6).

Once I could break into the already-loaded game, finding the copy protection checks was straightforward.  I submitted a rather convoluted article to COMPUTIST magazine, but it was rejected by the editors (scans here: 1 2 3 4 5 6 7 8 9).  When I got a copy of Frogger, and discovered that it used the same scheme, I successfully applied the same techniques to crack it.  I submitted a somewhat shorter article for Frogger, which was accepted and published in COMPUTIST issue #41 in March 1987.  I did a nicer crack of the game for my own use, but there was something poetic about breaking the dreaded Spiradisc with a 4-byte change, so I left it as-is.

Scans of the COMPUTIST article are below.  The images were copied from computist.textfiles.com, which legally hosts a large collection of scanned issues.

frogger-1.jpg (220737 bytes) frogger-2.jpg (220864 bytes)

Spelling note: the game itself put the word "SPIRADISC" on the screen, though many people seem to spell it with a 'K' on the end.  I believe that computers use floppy disks, not floppy discs, but I feel compelled to use the author's chosen spelling.

Other Articles

Digging around a little, I have found the following:
  • Copying SSI/SSG games (Germany 1985, RDF 1985, Reach for the Stars, etc.) (issue 18, page 27).  This was later expanded to a ProDOS converter.
  • Cracking Twerps (issue 21, page 29).  Long article, demonstrates boot tracing.
  • Cracking Rescue at Rigel (issue 34, page 7).
  • Cracking five of SSI's games (issue 52, page 24).  This was actually a full re-implementation of SSI's proprietary RDOS operating system.  An updated version was published in issue #85, along with specific instructions for about 30 games.  This code and articles are available online.

There are some others, published after the magazine went into "tabloid" format, that aren't scanned (e.g. a small utility program that appears in issue #60).

For those who may be wondering: I do not advocate software piracy; in fact, as a software developer, I advocate against it.  I own well over 100 retail games for the PC, with not a single illegal copy among them.  I have, however, continued to explore copy protection technologies, and have provided analyses of a few in my CD-Recordable FAQ.

Back to "Early Copy Protection"