home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware Grab Bag
/
Shareware Grab Bag.iso
/
009
/
unprotec.arc
/
ZAPPER.TXT
< prev
Wrap
Text File
|
1983-11-17
|
13KB
|
240 lines
___________________________________________________________________
THE ZAPPER
Volume 1, Number 1
For Registered Users Of FreeSoft Products
___________________________________________________________________
Copy Protecting Diskettes
-------------------------
The Ultra-Format program has the capability to format diskettes that
cannot be copied by DOS's DISKCOPY utility. This article will
explain how to use the Ultra-Format program to produce copy-protected
diskettes.
The whole idea behind producing copy-protected diskettes is to know
exactly what DISKCOPY can and can't duplicate. Specifically,
DISKCOPY looks for and copies only the following:
1) Side 0 and Side 1
2) Tracks 0 to 39
3) Sectors 1 to 8 (512 bytes each).
Knowing this, it is easy to confuse DISKCOPY by formatting a diskette
outside of these "normal" limits. Although we certainly can't format
more than two or less than one diskette sides, there are a number of
other approaches we can take. All disk drives we have used, for
instance, have been able to format 1 or 2 more tracks than the
manufacturer specifies. On your IBM-PC, you could actually format
tracks 40 and 41 if you wanted to. Since DISKCOPY does not look for
these tracks during a backup, (and, by the way, neither do many
"pirate" backup programs), any copies made will not contain the
information in these tracks. Although, due to the way DOS handles
free disk space, the extra tracks can't be used for programs or
files, you can use the sectors in these tracks to contain special
passwords. Use the FORMAT STANDARD TRACK option in Ultra-Format to
format a track 40 on a scratch diskette. Then, using Ultra-Zap, go
in with the DISPLAY/MODIFY DISK SECTOR function to insert a secret
password into one of that track's sectors. If your program has the
ability to read a raw disk sector, this password can be checked for
validity. We will discuss this "read a sector" function in more
detail later.
Another good way to fool DISKCOPY is to format a standard track of 8
sectors of 512 bytes each, but numbered weirdly (Sectors 32, 34, 5,
93, 87, 2, 14, and 201, for instance). Again, a password can be
inserted and later verified in one of these sectors. Remember that
DISKCOPY expects the sectors to be numbered consecutively from 1 to
8 and won't copy any others.
Finally, you can also format a track containing sectors of a
different length than 512 btyes. The disk controller circuit in your
IBM-PC has the ability to format sectors of either 128, 256, 512, or
1024 bytes each. You can forget about formatting a track of ten 1024
byte sectors, though - there just isn't enough room on a track. A
good rule of thumb is to format sectors in relation to their size.
That is, four 1024 byte sectors per track, eight 512 byte sectors
per track, sixteen 256 byte sectors per track, or thirty two 128 byte
sectors per track. All of these combinations give the same number of
available bytes for data.
2)
When using sectors of other than 512 byte lengths, there is another
matter to consider. Several bytes in the Disk Parameter Table will
have to be fiddled with in order to format a track correctly. If you
don't adjust these values, the resulting track will contain CRC
errors. CRC (cyclic redundency check) is just a checksum that is
used by the disk controller circuit to confirm that data is being
read properly. Of course, you could purposefully format a track with
CRC errors, try to read a sector, and verify that it is a non-pirated
copy when it returns a CRC error code. To do this, just format a
track using the FORMAT NON-STANDARD TRACK option in Ultra-Format.
When specifying sectors, go ahead and specify the first 7 sectors as
would be found in a standard track (logical sector numbers 1 through
7 with a length value of 2). On the eight sector, specify a length
value of 3 (meaning 256 bytes). When sector 8 is later read
(assuming the Disk Parameter Table bytes/sector value is changed to
value 3), you should get a CRC error.
Don't forget, when you later want to read odd-sized sectors, you will
have to change the bytes per sector value in the Disk Parameter Table
to reflect the sector's size. Don't forget to restore this byte back
to it's original value before doing other disk I/O or exiting your
program.
Here are the bytes in the Disk Parameter Table that will need to be
modified before formatting oddly-sized (not 512 bytes) sectors:
1) Byte #5 (Highest Sector Number On Track): This byte should contain
the number of sectors you wish to format, not necessarily the
highest logical sector number.
2) Byte #6 (Gap Length For Diskette Reads): We're not exactly sure if
this byte actually affects a format operation, but it doesn't hurt
to go ahead and modify it. The value should be changed in
relation to the sector size. For instance, if you're going to
format a track of four 1024 byte sectors, cut the value in this
byte in half. Double it for sixteen 256 byte sectors and multiply
it by four for thirty two 128 byte sectors.
3) Byte #8 (Gap Between Sectors): This definitely needs to be changed
before formatting. Modify it in relation to the sector size, as
was discussed in 2) above.
All in all, getting a format that works is the result of
experimentation. Since we had no need for formatting copy-protected
diskettes with our products, our experience with this is limited. We
would appreciate hearing about any particularly interesting
copy-protection schemes you come up with using the Ultra-Utilities.
Just putting a weirdly formatted track or sector on a diskette won't
keep your programs from being copied. DISKCOPY will go ahead and
copy everything else. Therefore, you will need to insert in your
program some means of reading a given sector and checking a password
in it before continuing with the execution of the program.
There is really no easy way of doing this outside of an assembly
language subroutine. Fortunately, the routine needs only to be 10 or
20 lines long since the IBM-PC BIOS contains a sector read
subroutine. This is accessed through the INTERRUPT 13H vector.
3)
Basically, all your routine has to do is put certain values into the
8088 registers and call this routine. Here's the register setup
that's required:
AH=2 (this specifies a "READ" operation)
AL=1 (this specifies a single sector read)
ES:BX (address of the memory buffer you wish the sector data to
be copied into)
CH (track number you wish to read 0-255)
CL (sector number you wish to read 0-255)
DH (side number you wish to read 0 or 1)
DL (drive number you wish to use 0=Drive A, 1=Drive B, etc.)
After filling these registers as required, execute an INT 13H
instruction. This does the actual sector read. Afterwards, the
CARRY flag is set if the read failed or is reset if the read was
successful. If an error occured, the AH register contains the error
code. Here are the meanings of the possible error codes:
AH=1 Bad disk command was issued (registers setup correctly?)
AH=2 Address mark not found (track formatted?)
AH=3 Tried to write a write protected disk (AH=2 upon entry?)
AH=4 Sector not found
AH=8 Direct Memory Access overrun
AH=9 Direct Memory Access crossed a 64K boundary
AH=16 Cyclic redundency check error (CRC)
AH=32 Disk controller failure
AH=64 Track seek failed
AH=128 Drive timed out (drive door open? disk mounted?)
All of the above error codes are in decimal format.
-------------------------------------------------------------------
Once last caveat, although many drives are capable of formatting
tracks higher than 39, most diskette manufacturers don't certify
these tracks before selling the diskettes.
-------------------------------------------------------------------
MONTHLY UNPROTECTS
------------------
The following tips are for those who are registered users of the
software concerned. Please don't rip off those who have worked hard
to put such fine products on the market.
LOTUS 1-2-3
-----------
This works with the newer releases of 1-2-3
1) RENAME 123.EXE 123.XYZ
2) DEBUG 123.XYZ
3) type U ABA9
4) you should see INT 13 at that address
5) type E ABA9 90 90
6) type W
7) type Q
8) COPY 123.XYZ onto another diskette
9) RENAME 123.XYZ UNP123.EXE
UNP123.EXE may now be freely copied and/or moved onto a hard disk.
4)
VISICALC
--------
1) Format a single sided diskette with FORMAT B:/S (or whatever drive
letter is appropriate)
2) DEBUG
3) Put VisiCalc diskette in Drive A
4) type L 100 0 138 2
5) type M 0 3FF 7000
6) type R CS
7) write down this number (we'll call this Hold #1)
8) add 700H to this number and type this in.
9) type R DS
10) write down this number (we'll call this Hold #2)
11) add 700H to this number and type this in.
12) Take the rightmost two digits of Hold #1 and insert those in
place of the LL symbols in step 13. Put the leftmost two digits
in place of the HH in step 13.
13) type E 107 LL HH (substituting your values for LL & HH)
14) type E 24D BB A8 00 90
15) type G =1B8 26B
16) After a few burps and chirps, you will be back at the DEBUG
prompt.
17) type R CS
18) type in the value you saved as Hold #1
19) type R DS
20) type in the value you saved as Hold #2
21) type R BX
22) type the number 0
23) type R CX
24) if you have VC version 1.0, type the number 6802, if you have
version 1.1, type the number 6B64
25) remove the Visicalc diskette from Drive A and mount your freshly
formatted diskette in Drive A
26) type N VC.COM
27) type W
28) type Q
VC.COM can now be freely copied and placed on a hard disk.
These unprotects have been garnered from various bulletin boards
around the country. If you've got a favorite unprotect, why not send
it in for the next issue of THE ZAPPER!
---------------------------------------------------------------------
LAST MINUTE ADDTION
-------------------
The following BASIC program lines will allow you to modify the Disk
Parameter Table values:
20000 DEF SEG=0:A1%=120:A2%=PEEK(A1%)+256*PEEK(A1%+1)
20010 DEF SEG=PEEK(A1%+2)+256*PEEK(A1%+3)
20020 POKE A2%+3,3:'THIS PUTS A LENGTH OF VALUE OF 3 INTO THE THIRD
20030 ' BYTE (BYTES PER SECTOR VALUE) OF THE D.P.T.
20040 DEF SEG