Pattern matching

Back in the day, it was quite common to work with floppy disks as data storage. The first and foremost rule was to work only with a copy.  So the command on a DOS (Disk Operating System) “Diskcopy.exe A: B:” was used to make copies from disks to work with. However, the rule was difficult to apply when the disks came with copy protection which prevented making backup copies.

Driven by the need of the market to make backups a company delivered solution software named “Copy II PC” which overcame this obstacle. Copy II PC was able to make backup copies from a copy protected disks in a way that was not feasible with Diskcopy or other copy software.

 

What was the alternative to get around of software restrictions

  • Understanding the mechanism of disk based copy protection, the structure of an unformatted and formatted disk and logical characteristics.
  • Using a debugger (debug.exe), one of the easier ways to analyze the logical structure of a disk, memory or written software.
  • Comparing HEX by HEX the copy with the original disk to discover the differences.

 

Replicate the difference when it’s detected

Sometimes the disk volume number, disk label name, entries on sector 0 (zero) or other sectors which are not generically readable were used to validate the software. Replicating any detected differences manually solved most of the time these issues. Sometimes however it was necessary to run a trace to see where in the code the validation runs. Disassembling and changing the key (validation pattern) to empty was one way another was to pipe the entire validation process to NOP (No Operation).

The same approach was used when the software came with password protection; back in the days passwords were stored often as clear text in the executable files, readable with any simple hex editor.

Software and information developers are always developing new ideas to prevent ideas, information and software from being shared. The parallel and serial-port dongles; once thought to be the most secure way to restrict software, but once the protocol was understood it was only a matter of time before it was reversed and broken down to later emulate the validations request from dongles. Would you call this process hacking or reverse engineering?

Since then, lots of things have changed. Things become seemingly more advanced, complex and sophisticated. With all the innovations certain things remained and used since than end ever, pattern matching. To speed up the detection of similar patterns, clusters of computer with all kind of algorithms are used to predict trends, yet these trends are read and interpreted by the most advanced computer, the human brain.

Engineering in reverse, replication and validation can be unarguably considered as the fundaments and proof of comprehension. Maybe it is the inborn curiosity about how things work which leads to analyze, disassemble and reverse engineer.

It is safe to say that what is built can be destroyed, what is secured can be lost, what is hidden can be found and what is encrypted can be decrypted. The aim should not be to prevent the impossible, but to postpone the inevitable long enough for the attempt to not seem worth the challenge.

Whether you are siding the assembler (constructor) or dissembler (demolisher) in both cases there is much more than what meets the eye. To see things outside and above one must detect and see the pattern in the matrix, do you see it?

Submit a Comment

Your email address will not be published. Required fields are marked *