[twawaaay]

It may sound strange to people who were born later.

But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine. Software was cracked the moment it came out and it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it -- late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.

There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.

Windows security mechanism was no better and there were copies distributed so much that probably many people remember "standard" CD Keys even to this day.

And it was pretty much safe because most software did not have ability to phone home so the software developer would have no way of knowing that somebody used an illegal copy.

The business model was mostly companies paying for software (fearing an ex-employee reported illegal use). I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video. The only exception was sometimes people bought OEM software with their hardware.

[SpaceL10n]

It's weird reading about my life as if it's history.

Everyone was doing it. I remember my teachers, friends, and family all giving me pirated software at some point. I remember my friends and I getting excited when someone got a ripped copy of some game and we couldn't wait to burn new CD-ROMs to share. If one of us got our hands on the copy of some game, we all got copies. It was kind of like a free-for-all in the world was starving for cool applications. Computers were starting to live up to their promises and software was just like recipe cards.

[KronisLV]

> It's weird reading about my life as if it's history. Everyone was doing it.

Here in Latvia that's still somewhat the case, at least according to statistics like these: https://eng.lsm.lv/article/society/society/latvia-leading-in...

I've personally seen people who choose to pirate everything from movies, to OSes and IDEs, and have no problem with doing that whatsoever. That said, I can kind of understand it, due to many not exactly having lots of money to throw around.

Personally, I live a bit more ethically, but it kind of sucks: I'm not sure what I'd do without JetBrains offering student licenses, followed by a graduation discount and recurring discounts. I've also not bought a AAA game on release in years, it's always sometime later on sale etc. The same goes for server hosting, most PaaS solutions are too expensive and vendors like AWS and GCP are outside of my price point.

But hey, OSes like Linux and software like LibreOffice are a godsend. As are free IDEs and text editors as well, sometimes.

[wkat4242]

I used to copy like crazy but now that I have a good job I pay for most of my software. Mainly because I like to keep my computer clean from malware. If I ever need to run something pirated because it's ridiculously expensive (like Adobe stuff or IDA pro) I run it in a VM or an isolated machine.

It's less out of an ethical sense though. Video I still pirate by the terabyte. Most of that comes from large media concerns that I don't really have much care for. The small games industry I support as much as I can on GOG.

Latvia and Bulgaria are great for torrent sites indeed, there seems to be nobody even trying to take them down unlike in western europe.

[harha]

It’s funny how regular software now seems fishy now that everyone is calling home. I’m close to getting a VM or a raspberry pi to run Citrix and zoom because they have all this junk that runs at startup and removing it causes strange error messages.

[isatty]

Yeah the world has changed. Sure, limewire had tons of trustmebro.mp4.exes but these days I don’t trust cracked software to not be mining coins or exfiling my personal data.

I suppose it was still the case back in the day (more for botnets than coins?) but I just simply cared less. Had to get my hands on the AAA games.

[namaria]

Hell I don't trust most legit software with my data. I still remember people being in awe of how I made Teams work on my Linux notebook (the previous guy couldn't make it right for some reason) by just running it in Chromium. The more sandboxed these 'apps' can be the better.

[ElectricalUnion]

I myself run it in Edge, specifically because I believe Microsoft is less capable of exfiltrating and collecting my data effectively that Google.

That and the "official" "Linux" app is basically unsupported.

[arsome]

If you're pirating IDA Pro, you're probably the type of person who can figure out which cracks are real and which aren't pretty quick.

[wkat4242]

True yes but a lot of cracks are real and still include malware. And it can even be introduced remotely. A malware downloader is a few lines of code hidden among millions.

Also analyzing malware tends to make one more paranoid. This is definitely a thing too.

And the most powerful features of it like hexrays require cloud cooperation so they don't work :(

I really wish it was affordable for individuals because I would pay for it if I could.

[arsome]

IDA's decompiler is only cloud dependent if you have the crappy version, if you have the full Pro version with the add on its entirely local.

While it's true that malware could hide well theoretically, I'll also add that in my experience investigating malware infections from friends and family and occasionally hunting for malware myself, samples attached to cracked software tend to be things like miners, iStealer, script kiddie RATs, etc using simple "binders" - which are usually incredibly obvious, like extract the real executable into %temp% or the usual RunPE gimmick. People posting malware on torrent sites are not exactly APTs using spear phishing attacks.

[nicolas_t]

Yes, if only IDA pro had a hobbyist license :(

[TaylorAlexander]

Yeah I just run Linux and I’ve not needed to pirate or pay for software in years. Doesn’t work for everyone but as a robotics engineer it all works out for me. It took me some time to switch from windows ten years ago but I’ve never looked back.

[kevin_thibedeau]

I too am Linux only 99% of the time. I keep some Windows VMs around for tools I rarely need to run. Some are 10+ year old legitimate commercial software with online activation that now accuses me of piracy. Even when you try to do the right thing you get screwed.

[TaylorAlexander]

Yep I’ve got a crusty old Windows 7 VM, though I’ve not needed to use it for my work in many years. Certainly handy to have now and then. It is remarkable however how much I’m able to do with Wine these days! When something says it’s windows only I go straight to the EXE and run it and most of the time it works! Always makes me happy.

[glandium]

It was so common that "something cd key" was a common search term. And people would put that in the wrong input box/window such that they would end up typing that in chat rooms. In some of those, people would reply with the same "something cd key" followed with "to you too", as if it were some form of greetings. Later on, people would show up saying "something random cd key" as an actual form of greeting, not a mistake.

[Zircom]

Reminds how typing an album name into Google used to autocomplete to add MediaFire right after it.

[nunez]

or site:blogspot.com. (So many legit downloads on blogspot, even today, though most of those links are dead now :( )

[xtracto]

I remember serials.ws with its frame based we site... had all the keys you'd need. Also there was a windows program that was basically a database of keys and serials.

[ornornor]

Those were the days.

There was also that site with all the trainers and cracks for every game ever, with a little landing page that would dynamically show online and offline mirrors before it was cool. I forget its name but as a 10–14 years old I loved it.

[ornornor]

gamecopyworld.com it was called. I just remembered.

[nunez]

"______ serial" was my go-to on Google.

[13of40]

When I was a kid it was an actual thing to know how to lift postage stamps off of envelopes with rubbing alcohol so they could be reused to mail pirate floppy disks to your friends. Try explaining that to a kid today and they'll think you had a stroke.

[tonymillion]

We used to just cover the entire envelope in Sellotape and put an address label over the top so we could just wipe off the postage mark - a dated ink stamp over the postage stamp (Royal Mail employees circa 1990 didn’t get paid enough to care) and use it again.

If you regularly swapped disks with someone you’d just mail the envelope along with the disk

[hattmall]

Now you can just buy bootleg stamps on Amazon. Search "Forever Stamps". Amazon catches them frequently but then they just liquidate the stamps. My local Amazon returns store has them upfront 100 for $10.00 and they have tons of them.

[ilyt]

Uh, here since forever post office put rubber stamp mark on stamps to prevent that, I'm surprised there is country that doesn't

[13of40]

IIRC, there were two kinds of cancellation ink - black and red. The black just dissolved in isopropyl alcohol, but red was permanent. Probably the result of some cost / benefit analysis.

[dopidopHN]

Yeah exactly. How do you go around the ink on the stamps? Ours ( French ) don’t go away with alcool. At least it was not the case in the 90´s.

[vidanay]

I remember the days of cracked software on Apple II systems. The crackers would add custom splash screens advertising themselves.

http://artscene.textfiles.com/intros/APPLEII/

[LocalH]

The related C64 cracking scene also begat the demo scene. The flashy crack intros with sprites, scrollers, and raster bars became the flashy demo intros, and from there they learned about a wonderful thing called "design".

[nonethewiser]

Keygen music is another similar relic. They are chiptunes included in cracked software. Their names were often just whatever software they were cracking. I like Adobe Create Suite 4 here https://youtube.com/watch?v=FVX6t-ivMfE&feature=share

[can16358p]

I sometimes just opened keygens after I was done cracking, just to listen to it more.

[kdtsh]

The revelation for me was when a school friend of mine in the early 2000s told me about a site called crack.cd which had serials or keygens for practically any software I wanted. It was a whole new world, I loved it. Only had to nuke my computer once after a keygen turned out to be a virus! (The other occasion on which I lost everything was when I was installing Ubuntu 5.10 ‘Breezy Badger’ for dual booting with Windows on the family computer and accidentally wiped the entire disk instead of just the old Linux partition - that was a bit more awkward because it had all our family photos on it ever since digital cameras started coming out, but luckily I found a CD backup of them all and also tried my hand at downloading and using a cracked file restoration program. Definitely took some time to rebuild trust and explain that I know what I did wrong and wouldn’t do something like that again.)

I had lots of learning experiences with this kind of stuff that I’m very glad I could have in my little years of first being online, when it wasn’t tied to anything really important, it was all just for fun. Everything would be different for me today if I didn’t have the opportunity to play with non-zero but relatively little risk.

[NDizzle]

I used those sites to find new software to check out. The popular stuff had to be good, right?

[ilyt]

My friend from school basically got his entire PC upgrades for good 5-6 years paid because he "invested" in CD burner (then-expensive devices requiring SCSI card to even work) and profited off copying business. Think it was around age of 10.

[dopidopHN]

I started a « business » sending burned games to tunisia from rural France. At the time Tunisia had a thriving game cafe scene. But shitty broadband.

It was cheaper to find someone on a phpbb forum to send you physically something than dealing with ISP and shitty local internet laws.

It lasted for a year or so. I send hundreds of disks. Was getting pay thought bank wire on my older brother account.

I think I drink all of it in cheap pastis drink.

[ptsneves]

Keep in mind that here in Poland it is said cdprojekt of Witcher and cyberpunk fame started by selling bootlegged western games. I do not have a source for this.

[srfvtgb]

The founders got their start selling pirated software, but CD Projekt itself started as a legit importer and localiser. Their initial success was due to knowing that they needed to compete with pirates on quality and convenience because piracy was so prevalent in Poland.

https://en.wikipedia.org/wiki/CD_Projekt#Founding

[ilyt]

I remember! Baldur's Gate was a first "legit" game I bought for my pocket money that wasn't just "a game attached to a magazine".

And the localization was epic. It would be basically equivalent to all movie/TV star localization on the west. I still like the translated narrator better than the original.

[rasz]

CD Projekt CEO Marcin Iwiński aka 'S.S. Captain' (SS came from Star Ship)

https://spidersweb.pl/plus/2021/04/cdprojekt-niekoloryzowane...

translated, but broken images: https://spidersweb-pl.translate.goog/plus/2021/04/cdprojekt-...

[buffington]

Between my freshman and sophomore years in high school I: a) convinced the reluctant phone company to install a dedicated phone line in my bedroom (apparently a very uncommon setup) of my parent's house. b) hooked up a 9600 baud modem I'd found in a dumpster to it and my 386-33mhz computer c) ran a BBS for the sole purpose of having people upload pirated software.

That said, when I do recall that period of time I do feel a bit guilty about the piracy angle. But I'm also reminded of how the original premise (having people give me software) was eclipsed by all of the other things the BBS provided. Within about a month of getting it up and running I'd joined a network of other BBSes that'd automatically call up other BBSes to distribute "packets" (I don't recall the terms used) that'd contain emails, forum posts, and more, of all the other BBSes in the network. It was like having a (very slow) internet connection in my bedroom in 1991, which was not a thing a typical high school skater kid with, at best, a 2.0 GPA, would have, let alone even know existed at the time.

Suggesting that what I learned from that experience was the foundation of my career is a massive understatement. It got me my first tech job, gave me confidence in starting a dot-com (which survived the dot-com-bubble-burst), and built relationships that have lasted over 30 years.

[hulahoof]

As a kid my main source of new games was to hire it from the video store overnight, install it and then download a no-cd crack. I dont recall ever running into issues finding one.

[giobox]

Your local video store rented PC games? Where I grew up, console games for sure were available in video rental places but there was never a business in renting PC games. I wish there had been!

[dopidopHN]

the public library in my 20k rural town was lending game for 1 euros / week. The console itself for 3/week.

That was ...amazing.

[technion]

I remember buying games that would come with a huge "don't copy that floppy" booklet. I remember it even argued selling the game when I was done with it was unethical and would likely lead to jail.

[treeman79]

Linus from Tech Tips still pirates windows. He even has a whole video on why.

https://youtu.be/M3bezYerYxQ

[tripdout]

Is it even piracy when Windows allows you to use it unactivated?

[mise_en_place]

It’s nagware, like WinRAR.

[anticensor]

Oh, you mean the never ending forty days.

[Dalewyn]

Technically yes.

[seanp2k2]

MassGrave exists these days but almost all laptops come with a Win10/11 license anyway now, probably enough legal grey area to CYA for personal use but I wouldn’t risk it for anything for-profit, even a startup.

[kevin_thibedeau]

Until recently he's run his corporate infrastructure on Windows servers. Not quite the same league as reinstalling on hardware with an existing license.

[washadjeffmad]

In many cases, disassembling and modding was often necessary to get software working on your system. We all shared executables that patched bugs, added features, and improved performance back in the 90s and 00s.

[Borg3]

Haha :) I still do so for some old legacy games. The biggest patching project was AI War: Fleet Command. Great game, but quite a bit of bugs and missing features. Spend weeks in CIL decompiler, understanding code and then making patches.

[nunez]

pirated software is everywhere in the third world still (hell, even in the first world)

[stevekemp]

Very true, there are a lot of sites out there back in the day that a lot of oldtimers would remember.

My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.

Actually I take that back, my favourite site was +fravia's reverse engineering pages. Mostly because the legitimate crack-sites were safe, but there was always a risk of downloading something with a virus, or a trojan instead. So it was more rewarding to read up on the reversing techniques and do the job myself.

Happy days using Numega's soft-ice (kernel mode debugger) to remove the protection it shipped with.

When I switched to Linux one of the first "problems" was that there were few commercial binaries which required a license key, so there were fewer reasons to actual get into reverse engineering / decompiling & patching linux binaries.

[strictnein]

Wow astalavista brings back some great memories. Hadn't thought about that site for a long, long time.

[dools]

> My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.

That name contains two very iconic pop culture references from the 90s: altavista and the terminator

[stevekemp]

I noticed the terminator connection, but I wasn't too sure of the timescale - which came first.

Anyway it's a definitely a nice memory!

[selcuka]

> My personal favourite was astalavista, named in relation to the legit search-site altavista I guess.

The domain box.sk [1] hosted other interesting sites as well.

[1] https://web.archive.org/web/20000229151347/http://www.box.sk...

[jcpham2]

Also an astalavista.box.sk user (typo)

[girvo]

> astalavista

Phew that takes me back. And it's huge list of cracks and other things is what got me started looking into reverse engineering and security analysis haha

[egberts1]

Archive to Fravia’s website

Wow.

https://www.richardharrison.pro/fravia/

[qurashee]

Your post really brought back memories of softice and w32dasm. Incidentally one of the websites from that era (gamecopyworld) is still alive! Mind blown.

[Borg3]

Ahh SoftIce (and later WinIce for Win9x).. Great RING0 debugger.. I used it quite a bit for crack some games myself :) Oh look, it still here on disk: siw405w9x.exe Why I keep it... ;)

[xtracto]

Do you remember crackstore? That was my goto place to find software for cracking.

[Dalewyn]

>It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.

To be fair, this is specifically to do with personal computers of the time; MS-DOS, Windows 3x, and Windows 9x were all single user operating systems: They simply had no concept of multiple users at all. The concept was bolted on later as an afterthought, but it was really janky and paled in usability and security to proper multi user environments like that seen in Windows NT.

Incidentally, this lack of understanding multi users is also why it's a royal pain in the arcane arse to join a Windows 3x or 9x machine to a Windows NT network. A network is fundamentally a multi user environment, something Windows 3x and 9x don't understand.

As for memory access, this too was simply a thing of the times. MS-DOS, Windows 3x, and Windows 9x all simply did not have the concept of segregating and securing memory access between kernel and userland and between each process. All the BSODs that traumatized us back then stemmed from this architecture, and the BSODs quickly diminished once Windows NT became mainstream because the NT kernel operated on the concept of segregated and secured memory access for better security and reliability.

[consp]

I distinctly remember having lots BSODs with IRQ_NOT_LESS_OR_EQUAL errors due to shoddy drivers all the time on XP (which is the first consumer NT kernel windows version), especially in the early days. Maybe not related to shared memory but overall not great either.

[J-Kuhn]

Things got better with newer windows versions.

* Userland printer drivers (that don't bring down the machine if they have a bug)

* Mandatory driver signing...

Nowadays I can run my machine 24/7 without any crashes. Which would be unthinkable back in the day.

[ornornor]

Back in the day, your uptime was a source of pride. So much so that I remember using samurize to display my PC’s uptime right in the desktop… my Linux workstation of today isn’t impressed at all.

[Borg3]

12:50:37 up 1224 days, 53 min, 6 users, load average: 0.00, 0.03, 0.00

Not desktop tho, my home router/server :)

[Borg3]

Are you sure it was drivers issue? Not HW fault? I have good memories of Win2003 (and XP too) Very stable system, if drivers are correctly written.

Back in the days I remember fighting with random BSODs on Audio play/stop on Win2003. After months of fights I nailed that bloody .sys audio driver that gave me the problems. Found orginal vendor simpler driver and problem went away.

[nunez]

Same thing happened after Windows Vista came out. Vista came with a new audio stack that many sound card drivers were not compatible with out the gate.

[tengwar2]

Multi-user seems to have been something which was dropped when MS/DOS was CP/M inspired by CP/M. CP/M (and I do mean CP/M, not just MP/M) had the concept of user areas. These were a different concept from Unix users: there were 16 user areas numbered 0..15, and one could change between them with the USER command. I believe that user area 0 was in some sense shared, possibly only as a place to load .COM files from. There was no security boundary: it was just an organisational tool.

[LocalH]

And in the Windows 9x days, even if the user did have a password, you could bypass that with the novel method of... pressing Escape.

[hyperman1]

I always thought the password was for the network shares only. You could perfectly log in without a username and password, except networking partially fails. The login dialog only appeared after installing win9x networking components.

A windows password would have been silly, pressing F8 at boot would drop you in msdos

[lloeki]

> A windows password would have been silly, pressing F8 at boot would drop you in msdos

As it is to this day with many many Linux installs (unless some disk encryption is set up): edit the kernel command in GRUB and add init=/bin/bash. boom, you're root without any password.

[wkat4242]

That's why one sets up disk encryption :3

[merb]

good idea on computers with 100 mhz, an encryption algorithm would've probably not slowed down anything at all, especially not because there was no encryption extension.

[wkat4242]

My 166Mhz Pentium MMX laptop was encrypted too, with the full disk encryption feature of network associates' PGP Desktop. It could handle it fine even without AES-NI. Slower computers also had slower disk access so the burden wasn't big.

I think there was just less focus on security back in those days. We used the same password everywhere, left thumb drives in taxis, used telnet instead of SSH and regular http.

[zargon]

In college I got by with a 75 MHz Pentium with full disk encryption. I didn't notice any performance penalty.

[hyperman1]

While true, there is a quantitative difference:

The linux trick is quite obscure, only used when you're in serious trouble. It's the same level of knowledge as removing a hard drive.

Meanwhile, the F8 trick was in common use by tons of teenagers, especially in Win95: A lot of games were still DOS based and you needed windows out of your RAM if you wanted any performance. People still used the config.sys boot menus to choose between windows and gaming. Browsing the file system and editing text files in DOS were still common enough activities.

[mmis1000]

There isn't only one linux boot manager in the world. Not every boot manager allow that.

But… you can still insert a bootable usb drive to skip it

[mschuster91]

Yeah but as with Windows, in a decent environment you'd still need credentials for access to networked resources.

[ztetranz]

> I always thought the password was for the network shares only.

Correct. It was only for networking.

[bee_rider]

Ah, this reminds me of one time being an amazing average-competence hero.

Labmate: “my Linux install is borked, now my files are all gone” :(

Me: “Fortunately here in 201X (for low values of X) full disk encryption is rare! Let me introduce… another use for the install drive!”

[ilyt]

I remember grepping my entire 2GB hard drive for some files (a bunch of scripts) I lost when doing some Linux shenanigans...

[dividuum]

Couldn't that be disabled? I vaguely remember bypassing the login using the little help icon, then opening the help and/or (not sure) printer dialog and finally using the file open dialog to run explorer.exe :-)

[geraldhh]

that was windows 3.11

[johannes1234321]

> it was assumed people bought any software because they feared legal action rather than because they had no other way to get their hands on it

With windows specifically a factor is that it is/was almost impossible to get a computer (PC/Desktop) without Windows license. Compared to that the number of potentially illegal copies was neglectable. And even for Office it was probably better that people use a copy from dubious source than a competitor so they don't find out that alternatives are good enough.

[YPPH]

>was normal for computers to auto-login and have no password

This persisted for longer than it should have on Windows! I remember on Windows XP Home Edition, you could just press Ctrl Alt Delete to drop to the classic winlogon.exe screen and then log in as "Administrator" with no password!

By that time, though, Microsoft had implemented product activation. To my knowledge, no one ever cracked the telephone activation algorithm. That is, there were no tools to get a confirmation ID from an install ID. At the very least, no tools were ever made widely available, and don't seem to be even to this day. I suppose there wasn't a lot of need, since pirates just distributed volume licenced versions that did not require product activation (FCKGW).

[metadat]

Devils0wn Windows XP Final serial key, yeah baby! Seared into my mind forever after entering it so much:

FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8

I used to reinstall windows anytime anything got weird, which was often because I was always messing with disabling combinations of system services in attempts to reduce OS memory consumption. Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..

Sigh. Those were good times. Eventually I got more memory and gave it all up and devolved all the way to allowing Win10 to indulge in it's wasteful memory ways and report it's telemetry about me or whatever the fuck else creepy shit it wants to do. It also helps that now we tend to have a bit more than 512MB total RAM.

[gvx]

I killed so many instances of svchost.exe back in the day! Never ran into anything bad that a reboot wouldn't fix. I remember figuring out by trial-and-error which instances were safe to kill by looking at their memory usage.

There was something exciting about stripping Windows XP to its bare essentials, and also it seemed necessary at the time, if you wanted to run it smoothly on an ageing laptop that was basically obsolete when it was new. Especially if you wanted to run such RAM and CPU hogs like The Sims 2! (Not to mention the 40 GiB disk space that just filled up so fast with save games and expansion packs.)

I wonder if Windows 10 still lets you use an alternative to explorer.exe for its desktop shell? I used to write my own little launchers and spotlight-esque programs.

[JackGreyhat]

Oh...my...god...

That CD key. I remember that one as well. Good times :) Thanks for bringing up these memories.

[thesh4d0w]

It's famous enough it's in wikipedia - https://en.wikipedia.org/wiki/Volume_licensing#Leaked_keys

[nunez]

RHQQ2. Wow. I was not ready for this throwback.

> Wtf is svchost.exe doing? I don't want it! Wireless Zero Config? I don't have Wi-Fi, too flaky and slow (remember, it's 2003). Distributed Link Tracker? Sounds cool, but what distributed links am I tracking? I don't think this is part of Napster or KaZaa.. DCOM Sockets.. <disable>, and so on, until the eventual: Oops, the network is messed up. What was this originally set to? Haha. Oh well, time to refresh and start anew..

ARE YOU ME?! I did all of that stuff! Friggin' svchost.exe man...

[ornornor]

> FCKGW-RHQQ2-YXKRT-8TG6W-2B7Q8

I still have a burnt disc somewhere with that key written on the jacket so I didn’t have to look it up every time.

Haven’t used the key in 15+ years but when I saw it in your post I knew exactly what it was. Funny how memory works.

[nobleach]

As soon as the parent mentioned memorizing keys, the FCKGW key came to mind!

[porbelm]

Very close to the key I had memorised, but now forgotten; although mine had RQ2D3 in the second part and something else at the last part (I think. But am positive about RQ2D3)

[metadat]

Win98 serial.

https://old.reddit.com/r/windows98/comments/6trdvf/working_w...

[userbinator]

At the very least, no tools were ever made widely available, and don't seem to be even to this day.

That's because discussions around them have been heavily censored by Big Tech in general; but that algorithm has been cracked, purely out of curiosity, in the late 2010s.

[l33t233372]

Where?

[userbinator]

There's some discussions about it on a site which goes by the acronym MDL.

[p1peridine]

https://forums.mydigitallife.net/

[winsid]

The activation process relies on public key cryptography. The private keys, held by Microsoft, are amongst their most well-protected assets. Much more so than their source code, for instance, which is developed with the expectation that it will be leaked in part or in whole.

[LocalH]

Imagine the shitshow that would happen if those keys leaked lmao. They've got to have a ton of them, across all their services.

It'd be cool to be able to build "legitimate" LIVE packages that would be usable on unmodified 360s lol

[userbinator]

For everything up to ~XP era MS software, the private key was cracked years ago. Beginning around Vista they started using a longer key, which AFAIK hasn't been (publicly) cracked yet.

Search for "MSKey README" if you want to read more... but as one interesting datapoint, the computational complexity of finding the private key was 2^31.

[mschuster91]

What stops people from just exchanging the public key that is used for verification?

(Not that it matters in a world where kmspico and dazloader exist, but still)

[metadat]

Given the length of Windows serial keys is not that long, why couldn't one extract the check function and run an iteration attack to generate valid keys?

Edit: @ale42: makes sense, thanks for putting this one to rest. 36^25 is approximately 8 x 10^38 which is a really, really big number.

[ale42]

There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.

This makes me think of a shareware app (I think an icon editor) for Windows 3.1 back in 1994 or so... I could find a valid registration key by entering random numbers by hand in around 2 minutes. And I wasn't lucky as I tried and succeeded several times ;-) But the rule (figured out after I had 10 or so valid keys) was simple maths with the digits, no crypto behind.

[ilyt]

> There are 25 characters, each of which has 36 possible values. So 36^25 possibilities, and log2(36^25) = 129.2. There are basically 129 bits of entropy in there, so good luck bruteforcing it.

Kinda depends what is encrypted there. If it is just "magic number + SKU + licence ID" and there is no online check whether that combination is valid then you're "just" trying to hit one that's valid and that cuts few bits off equation as there is spectrum of keys that will be valid but not generated by Microsoft.

[aaronax]

Not used characters: 015AEILNOSUZ

So less possible combinations.

[scambier]

I get why some chars aren't used, but why the N and U?

[ale42]

Still 114 bits of entropy...

[AlotOfReading]

Not if their cryptography is done properly. Cryptosystems are designed to maintain their security even if the complete algorithm is known to the adversary. You'll commonly see this phrased as "don't rely on security through obscurity".

[staunton]

> don't rely on security through obscurity

Which doesn't mean you shouldn't also use obscurity. NIST recommends it [1], and the industry widely uses it. In practice "don't rely on obscurity" usually means "have enough security besides obscurity to give you a grace period to switch out the obscurity". That's for whole systems, you might get away with people knowing you use standardized primitives like AES.

[1]: https://csrc.nist.gov/news/2021/revised-guidance-for-develop...

[AlotOfReading]

Everything we know about the subject of this discussion (windows product key validation) comes from reverse engineering the relevant DLLs because none of it has been discussed publicly. I think MS is probably of a similar opinion regarding publishing unnecessary details.

[ranger_danger]

> don't rely on security through obscurity

if it's not obscure enough that it will be found, then you are correct.

but what's more secure than a password that you don't know? not knowing there is a password in the first place. if the answer is never found, how can it be insecure? I dub this schrodinger's security.

[wkat4242]

Yeah they're probably in a HSM at the very least.

[recursive]

I wish you still could. I resent being required to create a user account to use my own computer.

[voidfunc]

I really really miss the 90s computing environment. I was young but it was a total wild west and the internet was beautiful and totally open. For a curious kid without a lot of friends it was amazing.

[boredemployee]

That really was me in the 90s. Made all my real and best friends using mIRC and ICQ. the good old days.

[ornornor]

Got locked out of my OG ICQ years ago and can’t get access back because I can’t prove it’s mine with a copy of my id or birthday (obviously, not even sure I entered anything…)

My icq number is locked forever although I still remember it to this day.

For a while I had the icq incoming message sound for texts on my phone but that sound got obnoxious real quick, even though I had good memories associated with it. “UHOH!”

[cobbaut]

Early 90s (and end 80s) was more "copy parties" than Internet iirc.

[ajsnigrutin]

> software did not have ability to phone home

This is the main reason for the simplicity of key checks.

If you copied someone elses windows installation (cd burners were very expensive, but a floppy version existed), you'd also copy the serial number, and just use that. Even if the serial verification algorithm was complicated, noone would really have to crack it at all, because they'd just use the original serial for all the copies.

Piracy was (and still is) rampant with home users, but business users still needed some kind of a simple check (so.. a simple serial) to match the installation to an actual licence, which was more "protected" than the actual medium (cd, floppy), by using holograms, microprint, etc: https://media.karousell.com/media/photos/products/2018/09/13...

[phire]

> (cd burners were very expensive, but a floppy version existed)

You just borrowed the install CD. The only time you needed it was for the install and (sometimes) installing drivers after installing new hardware.

You could actually copy one of the folders from the windows CD onto your HDD and use that instead of the install CD for device drivers. From memory, you could actually complete a full install from a folder copied onto the HDD.

[GeneralMaximus]

You can still do this with Windows 11!

I had to do this recently because of an old, well-known, but relatively rare bug with Windows installs. I created an 8GB partition at the start of the target hard disk, booted from it, and installed the OS into the rest of the disk. When the OS was up and running, I cleaned out the install partition.

Now I have an empty 8GB partition on my computer, which is a bit irritating. But I try not to think about it too much.

[porbelm]

Yeah, first thing reinstalling a computer was a clean format, copy the CD to C:\WIN.CD\ and install from there. That way, it never asked for the Windows CD when installing drivers or functionality later -- that functionality always read where Windows was installed and only asked if it couldn't find the source. It was really worth it taking up 1/20 of a hard drive back then.

[ta1243]

Everyone took software from the office and installed it at home, that's why everyone uses microsoft at home, you got it for free from work.

Worked for microsoft, worked for the people taking it home. Everyone was happy.

[smeyer]

>I remember most teens and young adults (which is most people who used computers) would never buy any kind of software, music or video.

I don't think it's true that "most people who used computers" were teens or young adults. Since we're talking about Windows 95, here is some mostly contemporary usage data from the 1997 US Census[0]. A few of the strongest predictors of computer usage for a household are income, education, and using a computer at work. Being older (55+) is a pretty strong negative correlation (along with some correlated characteristics like being widowed).

I don't see a direct statistics tying computer usage to number of children, although the household size does indicate that houses with children probably are more likely to use a computer. Even just looking at the sample, about a third of households use a computer at work, at third don't, and a third don't work, which gives you a very large pool of people using computers who aren't teens or young people.

I suspect it's more likely that many of the people on this board were a young person in the 90s if they were a person at all, and so it felt like many computer users were like them. In fact, plenty of not so young adults were using computers.

PS: if by young person you just mean "under 50", I retract everything above and instead am confused by your definition.

[0] https://www2.census.gov/programs-surveys/demo/tables/compute... , https://www2.census.gov/programs-surveys/demo/tables/compute...

[fsckboy]

>It may sound strange to people who were born later. But in 90s...

Your remembrances are valid, and fun to read, but people gotta temper their memories with how old they were. You're not describing "the 90s" as much as describing "being a teen and up to the usual teen highjinks"... in the 90's. I'm sure teens today have many equivalent sorts of hustles, but that's not how everybody lives. I had jobs with high bandwidth uplinks and could've downloaded boatloads of stuff. But I didn't because who needs the hassle of getting your employer a nasty call from the ISP, and I could generally buy the things I wanted. a lot of software downloads had trojans and other malware.

not trying to be a buzzkill, just accurate to the history. by way of signing off, let me say

astalavista

.box.sk

[b3lvedere]

Microsoft tried a lot of weird things preventing piracy or refunds.

I remember the Windows cd cases were protected by this seal. If you opened the cd case to install Windows the seal broke and that was kinda your agreement you were not eligble for any refund. However, it was very possible to click open the hinges of the plastic jewel case, use the cd and put it back on its case, so the seal did not break.

[vidanay]

And your biggest fear was that an outgoing employee would drop a dime and report you to the BSA (not the Boy Scouts of America).

[zaps]

Don’t copy that floppy

[isatty]

This huge thread is such a send back to old times. Nostalgia overload.

[seydor]

> late 90s and early 2000s you could download pretty much anything you wanted, immediately, for no cost.

This is still true today btw, but the broader user base includes a lot more people willing to pay

[toss1]

What may prevent more of it today is that "cracked" software has been found to be a handy delivery mechanism for malware so, especially after the spread of cryptocurrency and ransomware utilizing it for payment, there is a reasonable fear of your download coming with an extremely costly payload.

So, oddly enough, the transnational criminal gangs are helping the corporations in a way they never could do for themselves.

[akho]

Decent torrent sites get rid of those very quickly. It’s corporations doing their own work by creating a scare.

[forinti]

One mechanism which was sometimes used for more expensive software was a dongle connected to the parallel port.

[georgemcbay]

These were generally useless at the time, at least as it pertains to online piracy.

Enough to keep honest people honest and not copy the software to their immediate friends, but if the software had people interested in pirating it someone would disassemble it and just jump over the part that looked for the dongle while keeping all the software functionality intact and these patched versions would be readily available online to anyone who knew where to look.

At the end of the day not really any more secure than various software-based copy protection schemes, just more wasteful due to the extra hardware.

[RedShift1]

This still exists today, only now with USB dongles.

[PapaSpaceDelta]

I’ve heard stories about high end recording studios, with shrink wrapped boxes of expensive audio software, that used cracked versions on their workstations because they don’t want to deal with the inevitable iLok hassles…

[ornornor]

Hello Cubase!

[bunabhucan]

Prior to W95/NT4 windows didn't even have a license key, scary warning text was the upper limit of enforcement. In some companies part of the IT departments job was to find unlicensed software and delete or pay for it.

[popcalc]

Letting people pirate your software early on is a valid business strategy. Enterprise users pay, students/hobbyists find a simple crack. Once those students enter the workforce they decide the market.

[userbinator]

That apparently worked well for Adobe products too.

[kivlad]

I know that a few pieces of software distributed on floppy showed a warning if it detected it was previously installed (which wrote to some file on the disk, given it wasn't write protected). Which basically amounted to a sternly-written paragraph to say that they're using honor system to make sure you follow the rules.

[msla]

> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all, processes could each read entire memory on the machine.

Only in the home computing world, which is why people on Real Computers thought home computers were toys back then. Real Computers, running Linux/Unix and VMS and MVS, damn well did have the protections Wintendo didn't, and didn't mandate a reboot every forty-odd days, either. Microsoft didn't even begin to achieve parity until Windows XP or later, and Apple didn't until MacOS X.

[nunez]

> But in 90s these mechanisms were in infancy. It was normal for computers to auto-login and have no password at all.

Indeed, Windows 98 and earlier did not require a username/password pair by default. However, it was stupid easy to log into computers and steal stuff.

Processes could read from each other's pages, but it was also stupid easy to download warez and viruses that took advantage of that. Remember, this was the age of HTTP and plain text all day every day (because computers were too slow to do client-side encryption).

Antivirus reviews and comparisons were really valid, as virus databases were also in their infancy, and some companies had better data that others.

> There really wasn't much possibility to protect your piece of software. If it was put on a CD somebody will either extract the key or modify your software to accept any key.

Yup. Which is why Photoshop cost $600 and a non-gimped version of Office cost $400. They baked piracy into the price and had the big companies that thought nothing of these prices pay.

Also, downloading cracks was a super easy way of getting viruses, doubly so if you didn't have AV running (many didn't). Doubly also, finding them was hard(er) before the days of WinMX, BitTorrent, etc. You had to know IRC and newsgroups. Not super friendly places.

[amiga386]

That didn't stop people creating hard-to-crack copy-protected software.

Since disk drives existed, games makers created floppy disks that industrial disk duplicators that standard computers could read, but couldn't write, and ensured their games had code to check for that. It generally wasn't feasible to replicate these special tracks with a normal floppy drive, so instead people had to reverse engineer the game and remove the copy protection checks.

This could be easy or hard, depending on how devious the programmers were. One of the legendary games for this was Dungeon Master on the Amiga or Atari ST which took crackers about a year to find _all_ the copy protection checks [0]

This wasn't the only form of copy protection.

* Games since their earliest day had things like "enter word 7 on page 5 of the manual". Some games had a red-on-red "copy protection sheet", designed so that it would be very difficult to replicate with a standard black-and-white photocopier. Monkey Island came with a two-piece "Dial-a-pirate" code wheel [1]

* To thwart third party software developers, and to distort fair trade and give themselves lucrative pricing monopolies, the Nintendo NES had a "lockout chip", the 10NES [2]

* Sony Playstation games had a "wobble" built into the groove of their pressed discs that normal CD-Rs didn't have, and the frequency of the wobble indicated which region the game was sold to, preventing free and fair international trade by foul means [3]

* Products like AutoCAD came with a dongle, [4] it connected to the parallel port because USB hadn't been invented.

But yes, for software like Windows, where the entire product has to be installed on a hard drive, it wasn't within customer expectations to have to permanently attach a dongle or have media in a drive, and there wasn't commonplace network access with which to "phone home", the serial key or CD key was used to limit distribution. As you say, Microsoft enforced this mainly with licence audits - the BSA not only offered a reward for employees to rat out their companies [5] but they also generally acted as a front for Microsoft; Microsoft would drop their lawsuit for your minor infringement of some of their software, if you agreed to stop using Microsoft's competitors' software and convert your business to becoming a Microsoft-only shop.

Microsoft also got paid by doing deals with OEMs. If you bought a PC in the 1990s, you likely paid a "Windows tax", where every PC sold, even ones which will only run Linux, gave a portion of the sales price to Microsoft. They illegally used their exclusive agreements with OEMs to prevent BeOS entering the PC operating system market. Microsoft was found guilty of using illegal anticompetitive tactics to crush their rivals in the x86 operating system market. [7]

[0] https://www.youtube.com/watch?v=VheNpiSZxf0&t=489s

[1] https://oldgames.sk/codewheel/secret-of-monkey-island-dial-a...

[2] https://en.wikipedia.org/wiki/CIC_(Nintendo)#10NES

[3] https://en.wikipedia.org/wiki/PlayStation_(console)#Copy_pro...

[4] https://en.wikipedia.org/wiki/Software_protection_dongle

[5] https://en.wikipedia.org/wiki/Software_Alliance

[6] https://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#...

[7] https://law.justia.com/cases/federal/district-courts/FSupp2/...

[JeanMarcS]

I remember a text adventure game on Amstrad CPC ("Le passager du temps" in french, roughly translating as "Time passenger") which I had a pirated copy.

You could play the adventure until you found the time travel machine (could take 1 to 3 hours depending).

You start the machine and then it went on infinite loop text : "tired of piracy tired of piracy tired of piracy..." !

Highly frustrating, but you couldn't help to admire the developper.

If I remember correctly, it was something about the way that a floppy track was formated, with the wrong number of sectors, which was readable by the disk drive, but it couldn't write it using normal copy mode.

[lloeki]

Could also be something like that:

https://scarybeastsecurity.blogspot.com/2020/12/the-cleveres...

I remember reading some article I can't find again about a very unusual floppy protection that involved nonstandard floppy format, something like non standard sector sizes that could be read by the hardware but not written, and the protected software implemented some direct access to the floppy hardware to read data.

[ornornor]

Settlers III did something like that too.

If you were running a pirate version (or a poorly cracked one), the game would run just fine but at some point, it would only produce pigs instead of another resource (can’t remember which) and you were basically stuck because you couldn’t get the more advanced buildings etc without that resource.

[mtrower]

Original SimCity would let you play off you failed the copy protection, but would Chuck disasters at you left and right.

Downright sadistic tbh.

[VBprogrammer]

I'm pretty sure I remember a pirated version of Metal Gear solid on the original play station where the fact you where using a pirated version came up in the gameplay at some point.

[doubled112]

While I have no recollection of this pirated version, it sounds like something Psychomantis would say.

[VBprogrammer]

I looked it up, at a point towards the end of the game you had to find a communication frequency on the back of the disc package. If you had a pirate copy this was obviously difficult (it was before this information was as freely available on the internet).

[wkat4242]

Yeah elite on pc had such a copy protection mechanism.

But they picked any word in the book, even simple ones like "the". So just entering that 20x or so would get you in.

[zxcvbnm]

Everyone used pirated software, Bill still got rich, software developers did make a living, and software prices did not cripple companies. Good old times.

[schlauerfox]

While it seems like a lost battle, Bill Gates chiding letter about software sharing being bad, versus the FSF/Stallman philosophy that hiding what the program does from the user is morally wrong is still being fought out. People need to earn a living, but as Cory Doctorow says, these are computers we put out bodies in and put in our bodies, hiding the flaws behind license contracts hurts us all long term. We all build on each others tools so grabbing all that value for yourself seems wrong. I personally don't know how we allow copyright on software without some kind of source code escrow at the library of congress level. Enforcing these license contracts is a waste of time in the free software paradigm, that could be better used perhaps, but Bill Gates owns a yacht and Richard Stallman doesn't, so I suppose the question depends on your point of view.

[ajxs]

When I was young we had a family friend who regularly flew to Hong Kong for work. Whenever we wanted software that was expensive he would kindly pick it up for us there on one of his business trips. He must have known all the right places to look, because he never let us down! I still have a pirated copy of Macromedia Studio MX in a cupboard somewhere. The idea of installing pirate software you bought at an open market in Hong Kong seems absolutely insane in today's world, but 2002 was a very different time! For anyone wondering, we had dial-up internet back then, so even if I'd known the right places to look for pirated software, there was no way we could reasonably download it! I was using Getright download manager to download things over the course of weeks!

[randlet]

> Getright

That's a name I haven't heard in a long time! It's still available! https://getright.com/

[webreac]

Microsoft software (and borland) were easy to copy, but it was not the case before. There were many tricks to protect software like "weak bits", "laser holes", fancy sector layout. We had special software to copy protected disks.

[seanp2k2]

I still remember that all 7s and IIRC all 8s works in Quake 3 Arena as a CD key too. I found this out button-mashing as a kid after my actual CD key wouldn’t take. Probably something screwy with their CD key verification algo that probably just passes stuff around internally as 1 or something. I’m sure this is some whole sub-genre of cryptography — finding inputs that break the verification calculations — but I don’t know the name of it beyond “cracking”, albeit “non-patching-based”.

[temac]

Software is still widely "cracked" and tons of people still want to not break the law. In some case telemetry is removed. Otherwise you run it in a VM without network access. This has little to do with autologin and lack of efficient memory protection: if you are root: you can still read everything in most cases. The only exception is if some kind of "trusted" enclave is used, but I don't think this is very common.

[Causality1]

Being able to just do anything you want was so incredible, though. For example, the Google Assistant DING is one of the most ear-splittingly obnoxious sounds I've ever heard and there's not a damn thing I can do about it besides stop using Google Assistant. When I had similar problems in the 90s I could just go find the audio file in question and quiet or replace it with whatever I wanted.

[andrew_]

Remember Windows 95/98 and the shared-by-default $C network mount that was read/write to anyone? Had a lot of fun with that one in the dorms.

[rasz]

This is how NESTicle source code was stolen https://patpend.net/articles/zd/article2.html

> How did he steal the source code? Sardu was running Windows 95 at the time. He made the mistake of leaving drive sharing on

[can16358p]

This. As a teenager those days, I never bought software and always cracked them. I grew up learning to use Photoshop, Visual Studio, 3ds max etc. cracked.

Now I'm an adult who learned some of those tools profesionally, and paying for them (or services around some of them) legally.

If I didn't use them cracked in my teenage years, perhaps I would have never become a paying user in the first place.

[rqtwteye]

Computing and software dev definitely was much more fun back then. No worries about security and systems way less complex. I often shake my head when I get a PR that adds one fields to the data model and you have ten different files changes in UI layer and possibly several services. Can't wait until AI writes that code and verifies it works across all layers.

[cm3hy]

cm3hy-26vyw-6jryc-x66gx-jvy2d reporting for duty. Probably did 50-100 OS reinstalls a week so it is burned into memory.

[junon]

Can you confirm please that you have only installed Windows XP on a single computer please?

Yes.

Okay sire here is your activation key.

[askiiart]

Is that also a key for Windows 95?

[batiudrami]

Windows XP, I believe.

[bouncycastle]

We also had p2p file sharing before the internet or any networking existed. Files were shared physically, literally from peer to peer. You would meet with your friends and exchange floppies or CDs, take them home, copy and return back. No IP addresses, no VPNs, nobody could take us down. True decentralization.

[londons_explore]

FCKGW-...

[pxx]

It's _FCKGW_, not what you have. It's easier to remember this way...

[Tade0]

I used the mnemonic "FuCK Gates, William...".

[nobleach]

All these years I assumed it was George W....

[psychphysic]

In the gaming space prompt cracks are still common place.

Empress cracked Hogwarts Legacy in about 2 weeks to much fanfare[0].

Cracker efforts are now even crowd funded.

Maybe this is a Peter Pan moment, you grew up but the ever-child world of Piracy continues.

[0] https://nfomation.net/info/1677131115.EMPRESS.nfo

[raxxorraxor]

The goal is to not have it immediately cracked on release, so for that the copy protection does work. To protect it indefinitely isn't the main objective. The copy protection should be called malware though, because it basically is. Same goes for some anti-cheat tools.

I think it should be made more transparent if a game uses such tools.

[psychphysic]

Sometimes it is cracked immediately on release. Hogwarts Legacy had a playable beta crack in only a few days.

Denovu v17 is broken but it still takes work to apply the process and it's tedious which is why only one person works on any/all game (Empress) (a few others only crack single games presumably those they enjoy themselves).

Although I'm sure 2 weeks is a very nice cushion, ideally it'd be at least a month.

There is a conspiracy theory that Day 1 patches are to mitigate cracks.

I've taken my eye off DRM as I believe the real big issue will be cloud gaming.

But Empress at least cracks Denuvo due to not liking the idea of intrusive DRM.

[shanghaikid]

In old days, software is not that soft. Floppy disk, CD, DVD are gone now.

[ranger_danger]

fun fact: in Japanese, software is literally just called "soft", regardless of the medium. and hardware is "hard". no joke.

[acuozzo]

Is this why that popular secondhand store in Japan is called "Hard-Off"?

[aneeshnl]

V2C47-MK7JD-3R89F-D2KXW-VPK3J

Yes, I still remember. Even after 12 years or so.

[jakogut]

VDDF2-JJWM3-X7P27-FRHRT-8BVHT