Making illegal copies of software has a history almost as old as that of the personal computer—right from the time when programs were distributed on audio cassettes, to the current distributions that are available on CD-ROMs. Although the media on which software is distributed has changed, the age-old fight is still the same. Software developers try to invent new and ingenious ways to foil pirates, and the pirates in turn try to defeat this protection. Unlike analogue copies, each digital copy is as good as the original. Sometimes, a well-designed copy-protected software is separated from its poorer cousin—the not so well-protected software—only by the amount of time required to crack it.

History of copy protection

Let’s briefly look at some of the methods that were used to prevent illegal copying. When programs first started shipping on floppies, making copies of software was as easy as using a diskcopy command to copy all the files onto another disk. To get around this problem, software developers started modifying their programs. Some of the methods used involved shifting the location of the directory to another part of the disk to confuse DOS, using hidden files, drilling a small hole in the floppy media to simulate a bad sector or to deliberately mark a couple of sectors as bad. When the program was run, it restored the directory to its correct place or searched for the bad sector on the disk to verify that it was the original disk.

When software started to ship on CDs, they seemed to be an effective deterrent to piracy; because copying a CD wasn’t as easy as copying a set of floppies, due to its large storage capacity. Unfortunately, this large storage capacity of CDs, coupled with the advent of CD writers, has proved to be its undoing. Today, anyone can make a collection of pirated software on a single CD-R for as low as Rs 60 or so, a fraction of what the original would cost.

Copy protection today can be implemented in various ways. Key-based copy protection stands out from the rest, as it’s more secure and easier to implement. Here, you have to use a key, like a hardware lock, to invoke the program. We’ll classify copy protection under two categories—key-based and other methods.

Implementing key-based copy protection

There are three legs on which any key-based copy protection solution stands on.

1. A unique key, which can’t be easily duplicated. Examples include a key diskette, an original CD, a smart card, a dongle, or any other proof of ownership that can be verified by the guard module (we’ll explain this a little later). The key diskette uses one of the above-discussed methods of copy protection for floppies, or uses a non-standard format for storing data on the disk. Smart cards and dongles have electronic chips to store data, which can be used for key validation and program encryption. The CD key is based on the fact that no two glass masters are alike. So, these minute differences are recorded during manufacturing, enabling the guard module to recognize them. The best keys will, however, be available when digital fingerprinting and bio-recognition catch up.
   
   

2. A guard module—a program that monitors and enables the protected program whenever it detects a valid key. Except for the first few instructions that allow it to be loaded by the operating system, this guard module must be encrypted. It’s usually programmed to check for the key at a fixed time interval, to ensure that the key is always present. It’s the duty of the guard module to decrypt the protected program only upon validation of the key.