Confessions of a disk hacker for Apple II: secrets 4am
Interview with an infamous enthusiast collecting a collection of drives for the Apple II, about his goals and motivations
Why did you decide to actively hack, archive and distribute software for Apple II?
There is a temptation to rewrite history and ascribe to yourself some noble goal that motivated this hobby, but in this case the truth sounds better. My parents bought themselves an Apple // e [ they styled the Apple IIe / approx. trans. ] when I was 10 years old, and he quickly began to occupy all my free time. Piracy flourished, and I idealized crackers , whose names I saw as they swept across the screens of Cracow from those games that I was sharing with friends. I also admired people who described their methods in hacking tutorials, which were originally distributed as text files via BBSand then were collected and distributed on disk. As a teenager, I spent many evenings picking at the PEEK, POKE and CALL teams, but for some reason I couldn’t manage to bring it all together.
At the end of 2013, I purchased a real Apple // e and a few original discs on eBay - these were mostly arcade games that I had gotten dishonestly in childhood: Sneakers, Repton, Dino Eggs. To my surprise, there was more content in the original games than I remembered! In the game, the Sneakers had a loading animation. Repton had a multi-page introduction explaining the background to the game. Therefore, I decided to create “full” hacked versions that honestly reproduced the original content. I decided to record my attempts, because I like to write on technical topics, and because I admired the classic crackers who did this. I decided to abandon the screens reporting about hacking, although in several of my early cracks there are “Easter eggs” on which you can see the inscription “4am” if you know how to call them.
In one of the purchases with eBay was an educational game Ten Little Robots. After its hacking, I could not find its copies on the Internet, which was strange. Surely they hacked everything you can? Maybe her name was entered incorrectly, or incorrectly saved? Then I found another disk, which, apparently, also turned out to be uniquely preserved. And one more. Finally, I began to realize that maybe not everything had been hacked.
I told this to Jason Scott [ apparently, an American activist, technology historian, director and actor Jason Scott / trans.], and he explained everything to me. The preservation of the collections depends on the pirates, driven by the ego, but they are constrained by the technical limitations of their era. In the 1980s, these were memory sizes and data transfer rates. No one got recognition for hacking into the program “Irregular Spanish Verbs in Future Tense,” no BBS would spend space on a hard drive to store it, and none of the users would spend their phone line capacity to download it. Therefore, it is not preserved in any form.
But even those programs that were hacked are not fully preserved. The same technical limitations led to the emergence of a culture in which the smallest version of the game won. This meant the removal of animated downloads, the title screen, multi-page introduction, intermediate clips, everything that seemed to the pirates "optional." The holy grail was considered such a circumcision of the content, after which the game (or what was left of it) could be distributed in one file, which could be mixed with other, unrelated games on one diskette .
30 years later, I saw exactly that: half-preserved arcade toys, a bit of teaching software, and practically nothing more. I realized that I can seriously influence the situation, while receiving both pleasure and intellectual burden. In the process, I discovered that the tutorials are full of rich history, personality, humor, and technical advances. It was delicious.
Are you worried about copyright? Have you thought about the ethical side of how recovering lost software outweighs the owner’s right to limit its distribution?
All descriptions and software with protection removed are stored as disk images on archive.org . Site owners are always subject to requests from the DMCA to delete content. They have never received requests to remove anything from the 4am collection. On the contrary - several authors found their programs there and thanked me for their preservation. One of them even asked for forgiveness for copy protection. He understood that then she was a “necessary evil”, but he was very glad that someone had finally spent time turning it off. He said that he was very happy to meet the results of his work again, for the first time in several decades.
Since most of the high-level functionality of Disk II is based on software loaded from disk, this provided many possibilities for creating various protection schemes. How much did it prevent the preservation of software for Apple II?
We have not yet managed to make the perfect digital analogs of diskettes Apple II. Disks are analog, physical objects consisting of hundreds of thousands of magnetic flux changes. These changes are stored on the physical surface of the disk and read by physical drives that have their own options and limitations. Disk II drives gave most of the functionality to the software, and the software used any possible edge cases.
Where the copying software was losing bits, the protection circuits checked for the absence of bits. Where the programs had the wrong data on the tracks, the defense checked the consistency of the tracks. Your copy program cannot read data from a disk that are physically close to other data? Guess how we will put the data on the next disk! And so on. It was all a big cat-and-mouse game, an endless war, ending when everyone lost.
All these physical features are hard to display in a figure, and for decades no one has attempted to do this. In the 1990s, people came up with ways to digitize a certain approximation to the disk, processing different nibbles.and bits. This was enough to digitize the hacked software, since the crackers had already normalized the original disks so that they could be distributed through the BBS.
In the modern world there is a special equipment that can digitize a floppy disk at the level of changes in magnetic fluxes. For various reasons, manufacturers of this equipment have concentrated on platforms other than the Apple II, and several unsolved technical problems prevented the collectors community from using this equipment. There are advances on this front, and I believe that collectors will soon be able to create digital copies of Apple II diskettes at the level of magnetic fluxes, and users will be able to download original software in emulators.
What copy protection was the most common, and which was the most difficult, in your experience?
The most common protection schemes were those that were put on stream and sold to hundreds of publishers. This process was controlled by disc manufacturing factories that offered copy protection as an extra service in addition to preparing master discs. Publishers received all the benefits of the newest and best copy protection systems, without the need to play cat and mouse on their own.
The most popular circuit was the E7 [E7 bitstream] bit stream , known as “ universal bit skip protection"[generic bit slip protection]. It was a sequence of ones and zeros, specially made so that its first part reads“ in phase ”, and then the code specifically missed half bytes and read the second part“ out of phase. ”Bitwise copyists would have missed bits due to hardware limitations, and off-phase readings turned out to be wrong. It was brilliant.
E7 was invented in 1983 and immediately put into production. She defended Moptown Parade in 1984, Rocky's Boots in 1985 and Prince of Persia in 1989 I found it on Addison-Wesley, Advanced Ideas, DesignWare, Edu-Ware, Microcomputer Workshops, Mindscape, Scholastic, Scott Fore discs. sman and Company, The Learning Company, Unicorn Software, Broderbund, Data East, Epyx and Windham Classics.
The most sophisticated protections are those that are deeply integrated into the program itself, and not screwed on top of a third-party company. Some publishers decided to invest in copy protection themselves, and hired experts who worked within the company. So did the Gumball from Broderbund Software, in the development of which the author of the program worked together with the author of the defense. If you think that you have removed the copy protection, because you made the game load, a surprise is waiting for you on the third level, when the game deliberately starts to behave incorrectly.
What developer or vendor drives were the most difficult to crack?
The hardest part is deferred protection in games. This was different Sierra On-Line. If you bypass the challenge to the self-decrypting protection of the game Threshold, you can play, but your ship will only move to the right. If you change the protection check so that it always ends successfully, the game will allow you to play at the first level, but it will be buggy at the second. A separate hacking check was built into it, which starts only after the first level!
Scott Adams’s Strange Odyssey doesn’t run a protection check until you start the game, go down the stairs, and take a shovel. The Count does not run a check until you have climbed into the kitchen elevator, after about 15 moves in the game. And these are easy cases, because they just reboot or just crash. The Transylvania game has a deferred security check that removes a vital location from the map, which makes it impossible to win the game. Prince of Persia neutralizes the effect of the drug, which must be drunk to complete the 7th level. Conflict in Vietnam has 13 separate security checks that can cause an unrecoverable error even an hour after the start of the game!
The question “have I removed all copy protection” is equivalent to the “ stop problem ”". When we can prove that we have removed all protection from all disks, on this day the Universe will cease to exist.
You obviously prefer to hack software from scratch, but is there a place in the history of hacked disks that have undergone a change?
Everything has historical value. Pirates made their choice, guided by restrictions that are practically nonexistent today. None of those born in this millennium experienced 99% of the file download broken due to the fact that another family member picked up the telephone in another room. No one cares about the difference in file sizes of 1 KB or 1.1 KB. I never had to advertise the phone number of my BBS. I can read and search through all issues of Hardcore Computist on a supercomputer that I carry in my pocket. Classic pirates had to achieve more, with fewer opportunities.
You remove protection from many tutorials. Is it just to complete the collection, or because historical crackers have ignored this genre, or do you think that this software may still be useful for learning?
I have no illusions about the fact that someone will use this software for what it was created for. At best, it can be a technological demonstration of the fact that "we have reached such heights, but 1 + 1 is still equal to 2". But his original purpose was important! These were not just bits on disks. It was a training course. That is how we taught mathematics, exact sciences, grammar and history to a whole generation of children. It seems to me that it is worth keeping it.
You wrote a Passport utility that helps unprotect Apple II software so that other people can convert their disk collections into working emulator files. Can you explain in more detail what the utility is and how it works?
In those days there were several hacking tools. The most versatile was the Advanced Demuffin. She used a protected disk against him, reading each sector with the code of the disk itself (RWTS), and then writing data to an unprotected copy. Two problems: firstly, it was necessary to intercept or isolate RWTS on their own. Secondly, it was necessary to patch the code of the unprotected copy so that it could read itself.
Most of the early hacks went through three stages: capture RWTS, launch Advanced Demuffin, patch a copy. After 8 hacks, I wrote a program to automate the first step. After 152 hacks, I wrote a program to automate 3 steps. After 688 hacks, I wrote Passport.
Passport - an automation program for checking and copying a disk. And saying “automatic”, I mean it. In contrast to the classic bit copyists, it has no parameters, options, settings, except for the target slot and the drive. It either works or not.
Also, unlike the classic copyists, it immediately gives a completely unprotected copy. It handles all three steps of the mentioned process. No need to bother with tracking downloads, editing sectors. Everything is built in. Passport is a squeeze out of everything I learned about hacking, from all drives, all variants, all marginal cases.
Out of 688 of my hacks, 478 could be automated with Passport.
This program has completely changed my hobby. Passport guarantees consistent quality. I'm not worried about missing a patch or making a typo in hexadecimal. I do not spend time on the routine that computers can do for me. If I find two disks with the same protection system, I add a new module for Passport to automate the process. Protection was put on stream. If I found 2, there should be 20 of them. They exist somewhere, they rot on physical carriers.
Automation allows me to see the big picture behind the bits. I can spend more time writing deeper descriptions of protection schemes whose crawling cannot be automated. I can take screenshots and download videos to demonstrate great learning software. Copy protection is the least interesting part of these discs. It is just a part that did not allow us to study all the other parts.
The collection is stored at:
Most of the programs run directly in the browser thanks to an emulator from the Internet Archive.
As of February 2018, 4am removed protection from 1673 Apple II programs, and their number continues to grow.