Reverse-Engineering Software Copy Protection

Commercial software often comes saddled with undesirable features. Microsoft Office, for example, has an annoying pop-up screen that prevents me from using the software unless I first purchase a “product key” to “activate” it.

Microsoft’s copy protection is a self-enforcing contract: In order to gain access to the software, I must pay $149.99 for a license. Licensing is administered by the product key, which activates the software.

A contract is only as good as its enforceability, and commercial copy-protection has long been terrible at self-enforcement.

Disk_II

In early days, distributors copy-protected their disks by introducing intentional bad sectors [1]. The floppy disk’s boot loader would look for errors upon execution, and only load the software if the intentional errors occurred. Copied disks didn’t have bad sectors, so they couldn’t generate the expected errors.

This stopped piracy for about five minutes, or however long it took to delete three lines from the boot loader.

tetris box

In the 80s, game publishers brought copy protection into the physical world: At runtime, the program would ask a question whose answer could only be found in the game manual. If answered incorrectly, the software would terminate.

Boxed versions of Tetris came with a book of information about the fifteen Soviet Republics (Tetris was developed at the Academy of Sciences of the USSR). I didn’t own this manual because my dog ate it. As a result, I spent hours at the library memorizing Soviet trivia in order to play my stupid Tetris game.

От каждого по способностям, каждому по потребностям
The answer is От каждого по способностям, каждому по потребностям!

There were better workarounds.

Software-liberators armed with debuggers could view machine instructions as the program was running. When the copy-protection popped up, the user would identify the offending lines and edit them out of the program. This is called a crack.

Example: 

CMP  WORD PTR [A720], 1C20  ;compare location A720 (user’s response) with hardcoded passphrase
JNZ  kill_function           ;if Z flag not set, CMP failed. Quit. 
CALL continue_playing        ;otherwise, continue

Replace the second line with a NOP and it’s fixed.

There were many variations on this scheme: Free trials that expire after 30 days, mail-order activation codes, serial numbers based on device IDs. These protections all relied on a checkpoint, followed by a conditional jump. The checkpoints were trivial in the face of a debugger.

A lock does no more than keep an honest man, honest.

Protectionists realized that it was impossible to guarantee digital rights security for software running on an untrusted machine. Still, they hoped to at least increase the cost and inconvenience of breaking copy protection.

They wrote software that could detect if it was running in a debugger; they added code checksums to detect alterations; they planted copy-protection subroutines in multiple locations.

Unfortunately, they overestimated the value of time to Eastern Europeans making fifty kopeks a day. The net result was that proprietary software became buggier and more bloated for legitimate users, while only nominally slowing the freedom-fighters.

dc-Cover-qf1kifq9vq6bbheeh5of1qfh70-20160426004906.Medi

You know how doctors warn against the unnecessary use of antibiotics because it leads to an increase in drug-resistant bacteria? Decades of broken software security trained reverse-engineers to identify flaws in the toughest protection schemes. Many then applied these skillz to creating malware, the malicious code that resulted in multiple breaches at the US Federal Reserve and disappeared $81 million from Bangladesh’s central bank.

As for large software vendors, they found that the most effective copy protection is still best-enforced in the physical world: Lawsuits.

There are some transactions software can’t enforce. For everything else, there’s the blockchain.

Screen Shot 2016-06-06 at 8.34.54 PM

References:
1. Pournelle, Jerry. Zenith Z-100, Epson QX-10, Software Licensing, and the Software Piracy Problem. BYTE, June 1983.
2. +HCU (High Cracking University) Academy of Reverse Engineering –Fravia+ (the definitive cracking guide of the 90s)

See Also:
Obfuscated Obfuscation

Podcast Transcript: Tim Ferriss and Marc Andreessen

The Tim Ferriss podcast with Marc Andreessen is very good. Andreessen compares himself to Warren Buffett as a value investor, except that Andreessen bets on legacy industries getting disrupted, and Buffett bets that they don’t.

I generated a transcript for those who hate podcasts. Also, for those who complain that Marc Andreessen has a squeaky voice that only a dog can understand.

Source: Marc Andreessen — Lessons, Predictions, and Recommendations from an Icon –The Tim Ferriss Show

Can I Take Medication that was Prescribed for a Dog?

My friend George was visiting from Pyongyang when he suffered a minor hangnail. Unfortunately, it soon became infected and turned into something not-so-minor.

It was gonna be another two weeks before he could return to the land of universal health care, so he had no choice but to submit to the indignity of the American health care system. He went to the MinuteClinic at CVS.

MinuteClinic is a walk-in medical clinic designed to substitute the services of a primary care provider. Just like at a family doctor’s office, George spent two hours waiting, ten minutes with a nurse practitioner, and $127 for the ordeal ($99 for the visit, $28 for prescription antibiotics).

MinuteClinic-7

After he left, George did a Google search on his medication: Cephalexin. Much to his dismay, it was available online, for cheaper, and without a doctor visit or prescription. From an animal supply store!

Elaine, he said. You’re sort of a doctor — Is it safe for me to take animal medication that I get off the internet?

I’m not really a doctor, but I do watch a lot of medical shows on Netflix. That must count for something, so let’s take a look.

This one is for dogs.
This one is for dogs.
This one is for humans.
This one is for humans.

Hit up American Pharoah for the good stuff.

Five seconds into my review of animal med suppliers, I was distracted by all the fun stuff available for racehorses.

American-Pharoah-a4-721-800x461

Myo-inositol trispyrophosphate (ITPP) stands out due to its cult popularity in nootropic and health-hacking forums. It’s used to increase the oxygen-releasing capacity of red blood cells, increasing the stamina of racehorses. Lance Armstrong doesn’t need a prescription for this dopant!

Xylazine is a horse sedative. It’s also a recreational drug that’s frequently cut with cocaine and heroin to create speedballs.

Clenbuterol is an amphetamine that celebrities use for rapid weight loss. It’s also illegal in the US, unless you’re a horse.

All of these drugs are available online, without prescription.

Pet meds are cheaper than prescription human meds.

Insurance companies are pretty good at insulating their customers from actual drug prices. Uninsured customers account for only 8.5% of prescriptions dispensed nationwide. As a result, pharmacies mark retail prices to whatever they like.

Pets, on the other hand, don’t always have health insurance. Their human owners are more motivated to shop around, or maybe replace the animal with a new one and hope the kids don’t notice. This forces animal drug manufacturers to be a little more competitive with their pricing.

For example, a 30-day supply of 10 mg Fluoxetine, aka Prozac, is $20 at my local CVS. Prozac for dogs is $2.70 for an equivalent strength and supply. Amlodipine, a blood pressure medication, is $34 for humans, $5.40 for dogs. Humulin N (insulin): $435.20 for people, $149.99 for dogs. Minocycline (antibiotic): $108 for people, $6.60 for dogs. Epinephrine: $430 for people, $17.98 for dogs.

cute-dog-11

So I can take animal drugs?

What’s the difference between animal meds and human meds?

Animal drugs often start off as human medications, because human drug research commands more money. But before a human drug can be marketed for animals, it has to go through an FDA approval process.

Both animal and human approval processes require safety and efficacy assessments consisting of lab and clinical studies. I understand how clinical trials might work for obvious indications like bacterial infection or hypertension, but how do you evaluate the efficacy of Dog Prozac? What about side effects? How do you ask a dog if he feels dizzy or has a headache? Or whether he notices an increase in suicidal thoughts?

Unless the drug is destined for mass administration in livestock, it doesn’t make sense for a manufacturer to invest millions towards FDA approval. Certainly no veterinarian would bother prescribing Prozac or insulin to a food-producing animal.

So none of the animal drugs I mentioned here are FDA-approved for their respective species. That’s okay, because veterinarians can prescribe FDA-approved human drugs for “extralabel use”:

Actual use or intended use of a drug in an animal in a manner that is not in accordance with the approved labeling. This includes, but is not limited to, use in species not listed in the labeling, use for indications not listed in the labeling, use at dosage levels, frequencies, or routes of administration other than those stated in the labeling, and deviation from labeled withdrawal time based on these different uses. (21 CFR 530.3(a))

The main restriction is that the drug manufacturer can’t market the drugs for animal uses.

Let’s look at those dog meds again.

Doggie minocycline is manufactured by Actavis, a pharmaceutical company that also makes human minocycline. Dog Prozac is made by Par Pharmaceutical, which also supplies a generic for humans. The dog version of Humulin N is manufactured by Elanco Animal Health… a division of Eli Lilly, which still holds a patent on Humulin N for people.

Same drugs, same manufacturers, different FDA approval status. Next time I need a prescription, I’ll go to the vet and pretend I’m a dog.

I AM NOT A MEDICAL DOCTOR AND NONE OF THIS IS MEDICAL ADVICE.

See Also:
This Post Brought to You by Your Insurance Provider

Stalkers in a Decentralized Autonomous Organization

get_off_my_cloud

Several weeks ago, I made the silly assumption that DAO tokens were a safe place to park some ether.

Quick recap for the uninitiated: Ether is digital money, and the DAO is a Decentralized Autonomous Organization. The DAO acts like an investment fund, but is actually software on a blockchain. The investments are made using ether, and the fund was raised through the crowdsale of “tokens”, which would be like corporate shares except that the corporation is a piece of software. Tokenholders get voting rights when it comes to deciding how the software should operate (voting on proposals), and proportional rewards if the DAO ever manages to generate a profit.

So I put some ether into the DAO, got some tokens, and now the DAO tokens are trading at a discount to intrinsic value on crypto exchanges.

The DAO has 12.07 million ether, and there are a total of 1172.78 M outstanding tokens.
The DAO has 12.07 million ether, and there are a total of 1172.78 M outstanding tokens.

The intrinsic value is what you would get if you picked the DAO up by its ankles and shook out all the ether that investors put in. And for some reason, the market doesn’t think it’ll be easy for tokenholders to take that ether back out.

I decided to try. The DAO has a function that allows tokenholders to split, a secession where the splitting tokenholders create a separate organization and take their share of the ether with them. Here’s my split, E’s Castle Rock.

Screen Shot 2016-06-02 at 2.30.44 PM

The plan was to split, then have Castle Rock pass a proposal that sends all the ether back to myself. Annoyingly, splits sit as an open proposal for at least 7 days. During this time, any other DAO tokenholder may join the split, no invitation needed.

Already, a tokenholder with nearly twice my tokens has joined Castle Rock. If we complete the split, this person can outvote me on any proposal, forever locking my ether into Castle Rock. This sets him up nicely for an extortion scheme where I have to create a proposal that sends most of the ether to him if I want anything back at all*.

The DAO wiki proposes two solutions to this problem:

The first is to create a large number of decoy splits, and then wait until the last second to complete the split. There’s a single 10-second window between blocks during which I could safely do this.

Or, I could salt the earth and refuse to do anything at all, leaving both our funds locked up forever.

With all due respect, both responses kinda suck. But there might exist a third possibility. Stay tuned…

*As the creator of Castle Rock, I also serve as curator, which means that only I may whitelist proposals for voting. Curators exist to prevent a tyranny of the majority.

See Also:
How to Split the DAO

Markets Without Limits, Markets in Everything

Alice does a lot of drugs. As a result, Alice’s kidneys fail catastrophically and now she needs a new one. Consider the following scenarios:

  1. Bob reads about Alice’s heartwrenching tale on 4chan. He donates his kidney out of the kindness of his soul.
  2. Chuck is a heavy drinker with cirrhosis of the liver. He trades his kidney for a liver donation from Alice.
  3. Donald is a farmer. Alice gives Donald two hectares of arable land and a couple of goats in exchange for a kidney.
  4. Alice offers Warren Buffett $10,000 for his left kidney. Buffett, being extremely old, recognizes that he may not get much more use out of his kidneys. He decides this is a Very Good Deal and accepts the offer.
  5. Eve is a homeless single parent who lost her job to a robot. Alice pays Eve $10,000 for a kidney so that Eve can afford to feed her kids.

Legally, we draw the line between 3 and 4. Most would condone 4, but not 5. Why?

Maybe it’s exploitative. Allowing organ sales might encourage the rich to take unjust advantage of the poor. Of course, you could say the same thing about wage labor. Low-income jobs allow rich people to exploit poor people by paying them chump change to do demeaning things.

Exploitation: Silicon Valley enables the rich to coerce software engineers into battery cages while fattening them by gavage. No one feels sorry for engineers in Silicon Valley :(.
Exploitation: Silicon Valley enables the rich to coerce software engineers into battery cages while fattening them by gavage. No one feels sorry for engineers in Silicon Valley :(.

Maybe it’s unfair. Only rich people will be able to afford kidneys, creating a concentration of internal organs in the upper class.

Neither are arguments against organ markets though. It just means the markets ought to be regulated. For example, prevent exploitation in organ sales by requiring a minimum income for participants. Ensure equal access by handing out organ subsidies the same way we distribute food stamps.

We feel that scenario 4 is less exploitative than scenario 5 because Warren Buffett has the option to decline the offer. Eve requires paternalism because she’s too poor to have that option. In that case, isn’t it better to give Eve more options, not less? Make other markets available to her, like selling weed or sex, while we’re at it*.

Convicted felons are restricted from occupational licensing, which rules out 30% of the jobs held by US workers. They also lose the ability to receive social benefits or live in public housing. That doesn’t leave a lot of options. No wonder there’s a 77% recidivism rate.

*Some parties prefer to guarantee freedom through social security. That is also a type of optionality, I guess.

See Also:
J. Brennan and P. Jaworski. Markets without Limits: Moral Virtues and Commercial Interests

markets