Making
illegal copies of software has a history almost as old as that of the
personal computer–right from the time when programs were distributed on
audio cassettes, to the current distributions that are available on CD-ROMs.
Although the media on which software is distributed has changed, the age-old
fight is still the same. Software developers try to invent new and ingenious
ways to foil pirates, and the pirates in turn try to defeat this protection.
Unlike analogue copies, each digital copy is as good as the original.
Sometimes, a well-designed copy-protected software is separated from its
poorer cousin–the not so well-protected software–only by the amount of
time required to crack it.
History of copy protection
Let’s
briefly look at some of the methods that were used to prevent illegal
copying. When programs first started shipping on floppies, making copies of
software was as easy as using a diskcopy command to copy all the files onto
another disk. To get around this problem, software developers started
modifying their programs. Some of the methods used involved shifting the
location of the directory to another part of the disk to confuse DOS, using
hidden files, drilling a small hole in the floppy media to simulate a bad
sector or to deliberately mark a couple of sectors as bad. When the program
was run, it restored the directory to its correct place or searched for the
bad sector on the disk to verify that it was the original disk.
When software started to ship
on CDs, they seemed to be an effective deterrent to piracy; because copying
a CD wasn’t as easy as copying a set of floppies, due to its large storage
capacity. Unfortunately, this large storage capacity of CDs, coupled with
the advent of CD writers, has proved to be its undoing. Today, anyone can
make a collection of pirated software on a single CD-R for as low as Rs 60
or so, a fraction of what the original would cost.
Copy protection today can be
implemented in various ways. Key-based copy protection stands out from the
rest, as it’s more secure and easier to implement. Here, you have to use a
key, like a hardware lock, to invoke the program. We’ll classify copy
protection under two categories–key-based and other methods.
Implementing key-based
copy protection
There are
three legs on which any key-based copy protection solution stands on.
-
A unique key, which can’t
be easily duplicated. Examples include a key diskette, an original CD, a
smart card, a dongle, or any other proof of ownership that can be
verified by the guard module (we’ll explain this a little later). The
key diskette uses one of the above-discussed methods of copy protection
for floppies, or uses a non-standard format for storing data on the
disk. Smart cards and dongles have electronic chips to store data, which
can be used for key validation and program encryption. The CD key is
based on the fact that no two glass masters are alike. So, these minute
differences are recorded during manufacturing, enabling the guard module
to recognize them. The best keys will, however, be available when
digital fingerprinting and bio-recognition catch up.
-
A guard module–a
program that monitors and enables the protected program whenever it
detects a valid key. Except for the first few instructions that allow it
to be loaded by the operating system, this guard module must be
encrypted. It’s usually programmed to check for the key at a fixed
time interval, to ensure that the key is always present. It’s the duty
of the guard module to decrypt the protected program only upon
validation of the key.
-
A modification of the
original code, to make it dependent on the guard module. The
original code of the software must be changed so that when it’s run,
the guard module starts up in its place. The original code can also be
encrypted to prevent it from being unassembled, as it could be copied
and saved without the guard module in the form of a cracked program.
Key-based protection has a
number of advantages over other methods. The main advantage is that the
media for the software will remain unchanged and can be replicated without
any hassles at the manufacturing end. If the key is based on dongles or
smart cards, it’s close to impossible to replicate it. Key-based copy
protection can also be added to a working program by using third party
add-ons, so that the programmer can concentrate on writing a good program
instead of worrying about copy protection routines. Finally, as long as you
have the key, you shouldn’t face any problems making backup copies of the
program. However, this method also has some disadvantages. Any form of
hardware-based protection is expensive and pushes up the cost of the
software. The number of hardware devices that you can connect gets limited.
It also creates replacement problems–for example, if the dongle conks out
for some reason, the whole set (software plus the dongle) will have to be
replaced.
Other methods
The other
methods are based on the older methods of copy protection that basically
render the disk unrecognizable by standard copying programs. One way is to
edit the file sizes in the CD Table of contents (TOC) so that it shows a
total size of above 650 MB, so that the copying program refuses to duplicate
the disk, since there’s only space for 650 MB of data on a CD-R.
Another method, used even in
the days of DOS, was to write data between the tracks of a floppy and then
direct the application program to read them from there. A copying program
wouldn’t look for data between the tracks and would hence fail to copy the
data. It’s also possible to make CDs that are not compatible with any of
the CD recording standards, and hence wouldn’t be recognized by a CD
copying program. Some developers use another method based on the manual
accompanying the software. At regular intervals of time, the program asks
you for some information contained on a particular page of the manual. If
you can’t answer the question (because you don’t have the manual), the
program ceases to run. Users will no doubt find this a nuisance. No wonder
that this method didn’t find wide acceptance.
These
methods have their own shortcomings. Since most of these CDs don’t meet
the standard specifications laid down for disk reproduction, special
techniques and equipment have to be used during manufacturing, complicating
the manufacturing process. These very reasons also prevent legitimate users
from being able to make a backup copy of their software. The only advantage
is that the user doesn’t have to concern himself with additional hardware
such as keys.
All said and done, copy
protection is full of woes, both for the developer and the user. It’s no
wonder then that many developers choose not to copy-protect their software
in any way other than by a simple authentication code to be entered at the
time of program installation.
Alternatives to copy
protection
The most
common method uses Internet-based registration. Here, you’re prompted to
register yourself on the developer’s site after the installation and in
the process, receive free updates and support. Once you register, anyone
else using a copy of the software can’t register the same registration
code and hence misses out on the benefits that are provided for registered
users. Notable among products that use this method are anti-virus software,
for which periodic updates are necessary. Another method is to require an
account on an Internet server for the program to work, for example, an
online game or a chat program.
DVD-ROMs come with copy
protection too, but detailing these methods requires a complete article in
itself.
The ideal copy protection
solution is one which is easy to implement, difficult to crack, and
transparent to the end user. But when you improve on one of these aspects,
you have to sacrifice on the others. So, each developer has to weigh the
cost of copy protection methods, particularly in terms of the trouble faced
by the user, and opt for the best combination.