But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine. Software was cracked the moment it came out and it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it -- late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.
There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Windows security mechanism was no better and there were copies distributed so much that probably many people remember "standard" CD Keys even to this day.
And it was pretty much safe because most software did not have ability to phone home so the software developer would have no way of knowing that somebody used an illegal copy.
The business model was mostly companies paying for software (fearing an ex-employee reported illegal use). I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video. The only exception was sometimes people bought OEM software with their hardware.
Everyone was doing it. I remember my teachers, friends, and family all giving me pirated software at some point. I remember my friends and I getting excited when someone got a ripped copy of some game and we couldn't wait to burn new CD-ROMs to share. If one of us got our hands on the copy of some game, we all got copies. It was kind of like a free-for-all in the world was starving for cool applications. Computers were starting to live up to their promises and software was just like recipe cards.
Here in Latvia that's still somewhat the case, at least according to statistics like these: https://eng.lsm.lv/article/society/society/latvia-leading-in...
I've personally seen people who choose to pirate everything from movies, to OSes and IDEs, and have no problem with doing that whatsoever. That said, I can kind of understand it, due to many not exactly having lots of money to throw around.
Personally, I live a bit more ethically, but it kind of sucks: I'm not sure what I'd do without JetBrains offering student licenses, followed by a graduation discount and recurring discounts. I've also not bought a AAA game on release in years, it's always sometime later on sale etc. The same goes for server hosting, most PaaS solutions are too expensive and vendors like AWS and GCP are outside of my price point.
But hey, OSes like Linux and software like LibreOffice are a godsend. As are free IDEs and text editors as well, sometimes.
I had lots of learning experiences with this kind of stuff that I’m very glad I could have in my little years of first being online, when it wasn’t tied to anything really important, it was all just for fun. Everything would be different for me today if I didn’t have the opportunity to play with non-zero but relatively little risk.
That said, when I do recall that period of time I do feel a bit guilty about the piracy angle. But I'm also reminded of how the original premise (having people give me software) was eclipsed by all of the other things the BBS provided. Within about a month of getting it up and running I'd joined a network of other BBSes that'd automatically call up other BBSes to distribute "packets" (I don't recall the terms used) that'd contain emails, forum posts, and more, of all the other BBSes in the network. It was like having a (very slow) internet connection in my bedroom in 1991, which was not a thing a typical high school skater kid with, at best, a 2.0 GPA, would have, let alone even know existed at the time.
Suggesting that what I learned from that experience was the foundation of my career is a massive understatement. It got me my first tech job, gave me confidence in starting a dot-com (which survived the dot-com-bubble-burst), and built relationships that have lasted over 30 years.
My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.
Actually I take that back, my favourite site was +fravia's reverse engineering pages. Mostly because the legitimate crack-sites were safe, but there was always a risk of downloading something with a virus, or a trojan instead. So it was more rewarding to read up on the reversing techniques and do the job myself.
Happy days using Numega's soft-ice (kernel mode debugger) to remove the protection it shipped with.
When I switched to Linux one of the first "problems" was that there were few commercial binaries which required a license key, so there were fewer reasons to actual get into reverse engineering / decompiling & patching linux binaries.
That name contains two very iconic pop culture references from the 90s: altavista and the terminator
The domain box.sk [1] hosted other interesting sites as well.
[1] https://web.archive.org/web/20000229151347/http://www.box.sk...
Phew that takes me back. And it's huge list of cracks and other things is what got me started looking into reverse engineering and security analysis haha
Wow.
To be fair, this is specifically to do with personal computers of the time; MS-DOS, Windows 3x, and Windows 9x were all single user operating systems: They simply had no concept of multiple users at all. The concept was bolted on later as an afterthought, but it was really janky and paled in usability and security to proper multi user environments like that seen in Windows NT.
Incidentally, this lack of understanding multi users is also why it's a royal pain in the arcane arse to join a Windows 3x or 9x machine to a Windows NT network. A network is fundamentally a multi user environment, something Windows 3x and 9x don't understand.
As for memory access, this too was simply a thing of the times. MS-DOS, Windows 3x, and Windows 9x all simply did not have the concept of segregating and securing memory access between kernel and userland and between each process. All the BSODs that traumatized us back then stemmed from this architecture, and the BSODs quickly diminished once Windows NT became mainstream because the NT kernel operated on the concept of segregated and secured memory access for better security and reliability.
A windows password would have been silly, pressing F8 at boot would drop you in msdos
With windows specifically a factor is that it is/was almost impossible to get a computer (PC/Desktop) without Windows license. Compared to that the number of potentially illegal copies was neglectable. And even for Office it was probably better that people use a copy from dubious source than a competitor so they don't find out that alternatives are good enough.
This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!
By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).
FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8
I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..
Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.
That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.
This is the main reason for the simplicity of key checks.
If you copied someone elses windows installation (cd burners were very expensive, but a floppy version existed), you'd also copy the serial number, and just use that. Even if the serial verification algorithm was complicated, noone would really have to crack it at all, because they'd just use the original serial for all the copies.
Piracy was (and still is) rampant with home users, but business users still needed some kind of a simple check (so.. a simple serial) to match the installation to an actual licence, which was more "protected" than the actual medium (cd, floppy), by using holograms, microprint, etc: https://media.karousell.com/media/photos/products/2018/09/13...
You just borrowed the install CD. The only time you needed it was for the install and (sometimes) installing drivers after installing new hardware.
You could actually copy one of the folders from the windows CD onto your HDD and use that instead of the install CD for device drivers. From memory, you could actually complete a full install from a folder copied onto the HDD.
Worked for microsoft, worked for the people taking it home. Everyone was happy.
I don't think it's true that "most people who used computers" were teens or young adults. Since we're talking about Windows 95, here is some mostly contemporary usage data from the 1997 US Census[0]. A few of the strongest predictors of computer usage for a household are income, education, and using a computer at work. Being older (55+) is a pretty strong negative correlation (along with some correlated characteristics like being widowed).
I don't see a direct statistics tying computer usage to number of children, although the household size does indicate that houses with children probably are more likely to use a computer. Even just looking at the sample, about a third of households use a computer at work, at third don't, and a third don't work, which gives you a very large pool of people using computers who aren't teens or young people.
I suspect it's more likely that many of the people on this board were a young person in the 90s if they were a person at all, and so it felt like many computer users were like them. In fact, plenty of not so young adults were using computers.
PS: if by young person you just mean "under 50", I retract everything above and instead am confused by your definition.
[0] https://www2.census.gov/programs-surveys/demo/tables/compute... , https://www2.census.gov/programs-surveys/demo/tables/compute...
Your remembrances are valid, and fun to read, but people gotta temper their memories with how old they were. You're not describing "the 90s" as much as describing "being a teen and up to the usual teen highjinks"... in the 90's. I'm sure teens today have many equivalent sorts of hustles, but that's not how everybody lives. I had jobs with high bandwidth uplinks and could've downloaded boatloads of stuff. But I didn't because who needs the hassle of getting your employer a nasty call from the ISP, and I could generally buy the things I wanted. a lot of software downloads had trojans and other malware.
not trying to be a buzzkill, just accurate to the history. by way of signing off, let me say
astalavista
.box.sk
I remember the Windows cd cases were protected by this seal. If you opened the cd case to install Windows the seal broke and that was kinda your agreement you were not eligble for any refund. However, it was very possible to click open the hinges of the plastic jewel case, use the cd and put it back on its case, so the seal did not break.
This is still true today btw, but the broader user base includes a lot more people willing to pay
So, oddly enough, the transnational criminal gangs are helping the corporations in a way they never could do for themselves.
Enough to keep honest people honest and not copy the software to their immediate friends, but if the software had people interested in pirating it someone would disassemble it and just jump over the part that looked for the dongle while keeping all the software functionality intact and these patched versions would be readily available online to anyone who knew where to look.
At the end of the day not really any more secure than various software-based copy protection schemes, just more wasteful due to the extra hardware.
Only in the home computing world, which is why people on Real Computers thought home computers were toys back then. Real Computers, running Linux/Unix and VMS and MVS, damn well did have the protections Wintendo didn't, and didn't mandate a reboot every forty-odd days, either. Microsoft didn't even begin to achieve parity until Windows XP or later, and Apple didn't until MacOS X.
Indeed, Windows 98 and earlier did not require a username/password pair by default. However, it was stupid easy to log into computers and steal stuff.
Processes could read from each other's pages, but it was also stupid easy to download warez and viruses that took advantage of that. Remember, this was the age of HTTP and plain text all day every day (because computers were too slow to do client-side encryption).
Antivirus reviews and comparisons were really valid, as virus databases were also in their infancy, and some companies had better data that others.
> There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.
Yup. Which is why Photoshop cost $600 and a non-gimped version of Office cost $400. They baked piracy into the price and had the big companies that thought nothing of these prices pay.
Also, downloading cracks was a super easy way of getting viruses, doubly so if you didn't have AV running (many didn't). Doubly also, finding them was hard(er) before the days of WinMX, BitTorrent, etc. You had to know IRC and newsgroups. Not super friendly places.
Since disk drives existed, games makers created floppy disks that industrial disk duplicators that standard computers could read, but couldn't write, and ensured their games had code to check for that. It generally wasn't feasible to replicate these special tracks with a normal floppy drive, so instead people had to reverse engineer the game and remove the copy protection checks.
This could be easy or hard, depending on how devious the programmers were. One of the legendary games for this was Dungeon Master on the Amiga or Atari ST which took crackers about a year to find _all_ the copy protection checks [0]
This wasn't the only form of copy protection.
* Games since their earliest day had things like "enter word 7 on page 5 of the manual". Some games had a red-on-red "copy protection sheet", designed so that it would be very difficult to replicate with a standard black-and-white photocopier. Monkey Island came with a two-piece "Dial-a-pirate" code wheel [1]
* To thwart third party software developers, and to distort fair trade and give themselves lucrative pricing monopolies, the Nintendo NES had a "lockout chip", the 10NES [2]
* Sony Playstation games had a "wobble" built into the groove of their pressed discs that normal CD-Rs didn't have, and the frequency of the wobble indicated which region the game was sold to, preventing free and fair international trade by foul means [3]
* Products like AutoCAD came with a dongle, [4] it connected to the parallel port because USB hadn't been invented.
But yes, for software like Windows, where the entire product has to be installed on a hard drive, it wasn't within customer expectations to have to permanently attach a dongle or have media in a drive, and there wasn't commonplace network access with which to "phone home", the serial key or CD key was used to limit distribution. As you say, Microsoft enforced this mainly with licence audits - the BSA not only offered a reward for employees to rat out their companies [5] but they also generally acted as a front for Microsoft; Microsoft would drop their lawsuit for your minor infringement of some of their software, if you agreed to stop using Microsoft's competitors' software and convert your business to becoming a Microsoft-only shop.
Microsoft also got paid by doing deals with OEMs. If you bought a PC in the 1990s, you likely paid a "Windows tax", where every PC sold, even ones which will only run Linux, gave a portion of the sales price to Microsoft. They illegally used their exclusive agreements with OEMs to prevent BeOS entering the PC operating system market. Microsoft was found guilty of using illegal anticompetitive tactics to crush their rivals in the x86 operating system market. [7]
[0] https://www.youtube.com/watch?v=VheNpiSZxf0&t=489s
[1] https://oldgames.sk/codewheel/secret-of-monkey-island-dial-a...
[2] https://en.wikipedia.org/wiki/CIC_(Nintendo)#10NES
[3] https://en.wikipedia.org/wiki/PlayStation_(console)#Copy_pro...
[4] https://en.wikipedia.org/wiki/Software_protection_dongle
[5] https://en.wikipedia.org/wiki/Software_Alliance
[6] https://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#...
[7] https://law.justia.com/cases/federal/district-courts/FSupp2/...
You could play the adventure until you found the time travel machine (could take 1 to 3 hours depending).
You start the machine and then it went on infinite loop text : "tired of piracy tired of piracy tired of piracy..." !
Highly frustrating, but you couldn't help to admire the developper.
If I remember correctly, it was something about the way that a floppy track was formated, with the wrong number of sectors, which was readable by the disk drive, but it couldn't write it using normal copy mode.
But they picked any word in the book, even simple ones like "the". So just entering that 20x or so would get you in.
That's a name I haven't heard in a long time! It's still available! https://getright.com/
> How did he steal the source code? Sardu was running Windows 95 at the time. He made the mistake of leaving drive sharing on
Now I'm an adult who learned some of those tools profesionally, and paying for them (or services around some of them) legally.
If I didn't use them cracked in my teenage years, perhaps I would have never become a paying user in the first place.
Yes.
Okay sire here is your activation key.
Empress cracked Hogwarts Legacy in about 2 weeks to much fanfare[0].
Cracker efforts are now even crowd funded.
Maybe this is a Peter Pan moment, you grew up but the ever-child world of Piracy continues.
I think it should be made more transparent if a game uses such tools.
Yes, I still remember. Even after 12 years or so.
Apparently it had a bug where it didn't recognize the CD on Windows 98 but it worked on Windows 95!
Didn't have internet, so I fired up Visual Studio, stepped through the .exe, and tried flipping each JE/JNE or JZ/JNZ instruction that came before the copy protection error showed up.
It worked!! I searched for the sequence of instructions in a hex editor and modified the exe. And it led me to one of the best games ever to this date. :)
In the Renegade BBS system, for like one minor version or so, you could authenticate to any account, including SysOp, by hitting Enter instead of providing a password. Of course, in Renegade and many BBSes, you could login with either your account name or ID, which was an auto-incrementing (the manual way) integer starting at "0", the Sysop. And I'm fairly certain that the problem wasn't triggered unless you logged in by ID, which few ever did.
On one Saturday nearly every BBS in my area code running that software was restoring from backup.
I stumbled upon it because I was "1" on another BBS[0] and accidentally popped "Enter" aiming for Shift when typing my password. After picking my jaw up from the table I called my buddy and told him to unplug the phone line. :)
[0] Actually, I had hacked up and substantially re-written from the leaked Telegard 2.5 source (whichever was the origin of Renegade's code) and the password validation code was insanity -- I was young enough to see hacking as mystical and suspected I'd found a cleverly hidden back-door so I rewrote the entire thing to be as "dumb as the rest of the password handling logic was"; I had heard, later, that there was something funny going on but I stopped playing with that code by then and the Internet quickly ended that world. In all likelihood, the original developers were doing something novel that I was totally unfamiliar with and I made it worse, but I like to think I "locked that up". :)
I used strace to find that it kept the timestamp of its first run in a text file, and would read that on startup. Deleting that completely reset the trial period.
I was pretty amazed - I know most people aren't computer savvy to bypass trial periods, but I figured there'd be third-party libraries a developer could use to effortlessly guard against this sort of thing?
(If I ever need it again I will buy it. I just literally needed it a couple of times for something personal and will likely never need it again)
Should the user be able to control their machine, and delete data that the app has written? Should they be able to ‘look like a new user’?
Or should companies/apps have the ability to keep persistent data on the user’s machine, and/or link them to a previously collected set of data about that user?
Similarly, 111-1111112 was a valid key for Office.
...which is always really important considering the 20-30+ year lifecycle of actual software - whereas Adobe and their Creative Cloud service is copying Apple's strategy of pretending all their software older than 5-6 years simply never existed in the first place. "Adobe Flash/Fireworks/FreeHand? Never heard of it." - which is a huge PITA for people who might have old source files in those lovely propreitary binary file-formats that can't be opened in newer versions of Adobe software - so what on earth does Adobe expect them to do? This is insane...
I shared my findings to the community and within days it was all over the web and on every BBS, people where pretending they were the ones who made the hack, it was everywhere. Within weeks StufIt released a free update to fix this and I felt quite powerful at the effect I had caused. Years later I realized that my crack was banal and probably common knowledge to anyone but an ignorant teenager, most were just smart enough to not share it and ruin a good thing. So I inadvertently made the digital world a safer place.
Edit: thinking on it more, I doubt I was even the first person to share this information, I was just the first person stupid enough to share it on an easy to find warez/cracking site that everyone had access too. I also seem to recall that Stuffit explicitly said that this password protection was not a safe or reliable way to protect your data, if you wanted that you had to upgrade to the paid version. I probably had no real effect on anything and the new password protection StuffIt rolled out was probably already in the works when I showed up.
OEM Windows 95 keys came in the form of XXXXX-OEM-00YYYYY-ZZZZZ. The XXXXX grouping represents when Microsoft issued the key by day-of-year and year, and the operating system would validate any number where the first three numbers range from 001 to 365 (or 366 for year 96), and the last two X digits were 95-99. The YYYYY group must be a multiple to 7, excluding the number 0. The ZZZZZ group is basically noise and anything is permissible in them.
Now you can run a Windows 95 keygen in your head. You're welcome :)
Actually I believe Windows 98, Me, and 2000 have a similar scheme but they obfuscate it with some algorithm to generate the 25-char alphanumeric style that Microsoft continues to use to this day. I've never dug into how it goes, but you can see the 95-style key on System Properties post-install.
https://gist.github.com/Bonney/5cc85f41cdeb80146c7d5169ded8a...
* I had incorrectly stated the conditions of the Y grouping. The digits must sum up to a multiple of 7, rather than be a multiple of 7 by themselves. 0000007 and 0000016 are valid sequences, for instance, but 0000014 is not.
* The Z grouping probably has to be [0-9]. At least I've never tested non-numeric characters whenever I've installed Windows 95 (I usually type out 00195-OEM-0000007-00000 when I install it).
That is the reason Microsoft went bankrupt, and
Bill Gates is living in a mobile home in the Ozarks.
You should be ashamed!
Source: I am a creator myself, releasing a mew video every Friday. I have read the engagement guides from YouTube and other creators and decided to not take part in this landgrab for viewer time. People have more important things in their life than my videos and I should be mindful of how I use their time.
VWestlife: https://www.youtube.com/@vwestlife
Big Clive: https://www.youtube.com/@bigclivedotcom
Posy: https://www.youtube.com/@PosyMusic
Techmoan: https://www.youtube.com/@Techmoan
Technology Connections: https://www.youtube.com/@TechnologyConnections
Similar thing, no intro or self-promotion, not even a Patron. Just someone playing Doom levels with a calm and even tone explaining things about the game I never would have guessed and it's strangely relaxing.
1. https://m.youtube.com/channel/UCJ8V9aiz50m6NVn0ix5v8RQ#botto...
Man, the sheer joy and happiness when the game installed and ran without issue. I had to tweak the settings a lot because I had a P75 with a 3dfx Voodoo accelerator card but nonetheless I enjoyed a lot of that game and I still have that disc. I hope the original owner was able to get hold of a copy and still use his original licence though.
Reminds me of this classic.
Just can't believe with the right keywords, you can still see these old posts on the internet - 2002/2003 was truly different and I bet pre-2000 even wild.
I didn't know about the much smaller 10-digit Win95 keys.
Did you post this, because it showed up in your youtube feed?
