This message showed when I entered the serial specifically made for pirates. Right now feeling nothing but respect for plugin devs. Next month Imma buy this plugin 100% fixed, need it or don’t need it doesn’t matter anymore lol.

WinRAR attitude, I respect that o7

@pinkwerdo@lemmy.world
link
fedilink
English
21Y

The developers of Just shapes and beats also did this.

Xanthrax
link
fedilink
English
51Y

I want that on a t-shirt.

@BaardFigur@lemmy.world
link
fedilink
English
41Y

Git Fork has the same attitude. I bought it

lastweakness
link
fedilink
English
21Y

The Buckets (budgetwithbuckets) budgeting app is also a personal favourite of mine. Unlimited evaluation period, no subscriptions and even a regional pricing program called “Buckets by the Loaf”. I really love how they go about it

@Boldizzle@lemmy.world
link
fedilink
English
431Y

It kinda reminds me how Reaper DAW lets people have a really long trial version that I used for ages and then eventually decided to buy it when I could afford it. It’s been great.

Reaper is great. It’s only like 60 dollars for a personal use version, too. 225 dollars for a commercial license version if you make enough money off of your music. Pro Tools is like 700 dollars for comparison.

@shrippen@feddit.de
link
fedilink
English
71Y

Plus there is a native Linux version!

FuyuhikoDate
link
fedilink
English
351Y

Now i wanna buy that piece of Software, so i k ow somebody can Pirate it and does not feel Bad about it.

Lemmy Tagginator
bot account
link
fedilink
-41Y

removed by mod

@nolight@lemm.ee
link
fedilink
English
971Y

There’s a FOSS companion app for AirPods on Android and some features are “locked” until you press “Activate” and choose “I’ve spent all of my money on AirPods” as a payment method.

Ispanicus
link
fedilink
English
81Y

Hey, I’ve been looking for a better airpod app in android, mind telling me the name?

@nolight@lemm.ee
link
fedilink
English
31Y

Yes, it’s this app, I didn’t mention it because I wasn’t sure if it was the one with the message.

RVGamer06
link
fedilink
English
11Y

🤣

ChrisFhey
link
fedilink
251Y

This is fantastic. I’ve no use for this software, but I would absolutely purchase it if I did.

@lntl@lemmy.ml
link
fedilink
English
191Y

I just bought a license just because

laxsill
link
fedilink
English
281Y

As an adult, I pay for winrar purely because it helped me so much for free as a kid (especially pirating other software).

@IHadTwoCows@lemm.ee
cake
link
fedilink
English
1111Y

I had a colleague who would buy legal versions of software and then shelve them while using pirated cracks because he hated the EULAs.

@Cinner@lemmy.world
bot account
link
fedilink
English
-23
edit-2
1Y

====================

Edit: Can any fellow infosec nerds chime in and say whether this is readable or not? I feel like I just wrote it incoherently because I was stoned. I hope that’s what happened anyway, and people pirating software aren’t actually this ignorant about network security.

tl;dr: Disgruntled employee wants to make a bunch of easy crypto from the company he hates. cracks contain viruses a non-minimal amount of the time. This turned into a story about an easier way this coworker could be doing it to introduce his own ransomware and get away with it, and then I went into how I would do it if that was the intention.

I have no idea if this is the reason or if OPs colleague really hated scrolling down and clicking Accept. Maybe he just wanted the legit version for himself.

====================

This sounds like a great way to introduce your 2-year-delay ransomware on the company without it being as risky of a charge if you’re caught. Only fired for causing a ransomware infection out of neglect and stupidity if caught, just make sure you tell a few coworkers about it.

Although it’d be easier to plug in a USB drive you found in the parking lot with folder [company name blackmail] which contains “[hot male coworkers name] NUDES.zip.ws” and “[hot female coworkers name] NUDES.zip.ws

Just make sure you buy a throwaway laptop and install a Russian or Chinese language pack and use that as the primary system language when opening the final source code before you add some CN/RU strings in the file and compile. Use Google Lens to translate in realtime from a burner smartphone /e/OS and location disabled. Make 3 drives and toss 2 of them from your car window in hard to find places a week before, with multiple days between. Then on the day you find yours, covertly chuck it from the roadway an hour before opening in the general area you park, and show up 5 minutes early in the spot you usually park. Make sure you always show up somewhat early. Then “notice it” and walk in and plug it in.

Ransomware starts after a 2 day delay, they being in LE and find the others that were dropped. Make sure to use neoprene gloves, as latex can pass fingerprints through.

@IHadTwoCows@lemm.ee
cake
link
fedilink
English
21Y

deleted by creator

@Cinner@lemmy.world
bot account
link
fedilink
English
3
edit-2
1Y

Unless he cracked it himself, he wouldn’t know for a long time if the cracks were malicious or not. When I found an uploader that had so much working software even the smaller more obscure and niche stuff, I tried to stay with him…Eventually I did malware analysis (hobby at the time) and found out he was binding his password manager stealer to the main program or some necessary .dll that was called my the main program.

That was on IPTorrents private tracker, and he was incredibly highly regarded.

I cum in my pants thinking about the number of different accounts he stole over all those years. I was able to access a similar dumb via ftp and hardcore username and password in the downloader, but that uploader has his bound file so crazy hidden.

The rest was high me writing a story about what your coworker could have been doing, Office Space style.

@Cinner@lemmy.world
bot account
link
fedilink
English
21Y

Many IT security guys go their whole career without touching malware analysis so I’m not one bit surprised.

Your post insinuated this was happening at work

Anyway if doesn’t matter. I’ll take the L for trying to share some information.

@IHadTwoCows@lemm.ee
cake
link
fedilink
English
21Y

Out of “friend” , “acquaintance”, “associate”, and “colleague”, the last one seemed to fit the best.

Maybe shoulda gone with “I know a guy”

@Cinner@lemmy.world
bot account
link
fedilink
English
1
edit-2
1Y

lol I still would have gone on the same rant since it was him using cracked software at work after paying for it. No worries.

WTF are you on about?

Cosmic Cleric
link
fedilink
English
-41Y

Any guesses about the comment you replied to was created by a bot or not?

@Cinner@lemmy.world
bot account
link
fedilink
English
5
edit-2
1Y

I am technically less than 49.999999999 bot.

Take that as you will.

Cosmic Cleric
link
fedilink
English
3
edit-2
1Y

I am technically less than 49.999999999 bot.

Take that as you will.

That’s exactly what a bot would say.

(I kid, I kid. Er, I think.)

@Cinner@lemmy.world
bot account
link
fedilink
English
-3
edit-2
1Y

Seriously? 21 downvotes? Is everyone in the piracy Lemmy completely ignorant and unaware of USB drops? Do you guys not get information security training at work?

I’m talking about https://www.osibeyond.com/blog/usb-drop-attacks-cause-cybersecurity-incidents - USB drops and how that’d be the ideal way I would do it, if I were going to.

I was basically making a story about how OPs colleague could be using cracked programs so the ransomware he coded didn’t get him charged, but instead only fired.

I watched Office Space recently and I was high when I wrote it so maybe it didn’t come read as well as I thought it did.

P.S. .ws files can be as dangerous as .exe and .com/bat/PS1 if that’s what’s confusing people.

@locuester@lemmy.zip
link
fedilink
English
51Y

I’m failing to draw a connection between what OP said about his friend, and the rant you wrote.

Well op said “colleague” rather than friend, which I point out only because that is presumably why they made the connection to work.They’re referring to using pirated software at work, which could introduce ransomware without you knowing it. Ransomware can remain dormant for extended periods of time, giving it a better chance to evade security controls and spread to other machines.

@locuester@lemmy.zip
link
fedilink
English
41Y

I was assuming that software wasn’t used at work. Anyhow, cool rant

You’re not wrong, just ranting in the wrong place.

Haha okay infosec engineer here… I think this blurb is hard to read maybe a little because you wrote it high and maybe a little because you’re overestimating what the average person knows about security.

Your first paragraph there makes sense but it would’ve definitely benefited from a little additional explanation. I don’t think it was super clear you were referring to an insider threat scenario. People probably could’ve got that by breaking it down a little more, but naturally they jumped to the next part hoping for more context.

But you jumped into a hypothetical alternative means to introduce ransomware to a device. And it’s not necessarily that people don’t know plugging in strange thumb drives is bad, as you suggested in another comment. It’s the jargon (maybe not really jargon but thats the best word that came to mind) you used. You talked about a lot of things a bad actor would do, but the average Joe does not know why you’d be doing most of those things. And even if they do it’s still not going to make much sense if they didn’t grasp what you were saying in the first paragraph.

But ultimately yes, what you said does make sense if you have some Security knowledge (at least a bit more than just basic awareness training) and break down what you’re first paragraph is trying to say.

@Cinner@lemmy.world
bot account
link
fedilink
English
31Y

I can see that. Appreciate you taking the time to break it down like that.

Zoolander
link
fedilink
English
431Y

This is what I do with movies. I still, to this day, do not understand what possible purpose studios have for including 3 minutes of copyright warnings and other bullshit ahead of movies that people paid for. Pirates don’t see any of that shit, morons, and the people who are ripping these films already are ignoring the warnings. What the hell?

This. It’s like “Let’s wreck the paying customers! Ha ha, that will show those pirates.”

WTF?

cannache
link
fedilink
English
101Y

Pirates a movie, includes copyright warning on the pirated copy, include a note to say they’re including it in good spirit of the producers wishes

I’ve seen pirates put in a modified version…

@trafficnab@lemmy.ca
link
fedilink
English
271Y

You would think that in 40+ years of being completely ineffective against pirates and only hurting paying customers they would have learned that that time and money could be better spent elsewhere, but I guess that would imply that the rich are rich because they make good decisions, instead of just being born with good options

@Thermal_shocked@lemmy.world
link
fedilink
English
9
edit-2
1Y

Ooh, I usually say luck and timing is what the rich had, but I like “being born with good options” too. Makes more sense since even with luck and timing, still need the means.

It is also an honorable course of action. Developer gets paid for their work, you use quality service with convenience.

Cethin
link
fedilink
English
101Y

Although it’s not very honorable for developers to intentially create a worse product for people who pay, just to try to prevent a small number of pirated copies to work (which likely won’t actually prevent anything).

Usually that’s not so much the developers but the publisher that the devs have to abide by.

Cethin
link
fedilink
English
51Y

I meant it more as the company. I’m fully aware the individuals don’t have any say. It’s still often an internal decision though, but made by the suits, not the people actually creating the thing.

I do this with games. A lot of games dont even really get a demo anymore. So its gambling to buy it…
I pirate the games and if i like it i buy it. Generally ill keep playing the pirated version unless it has a multiplayer i want to play as well.

Melody Fwygon
link
fedilink
English
151Y

More devs should be this understanding of piracy. So should companies in general.

Asking nicely is a lot better than hitting. More flies with honey than with vinegar.

@Maggoty@lemmy.world
link
fedilink
English
51Y

To be fair this is an approach that works better with continued use software. Most software that makes headlines are video games that live or die on that first purchase.

SteefLem
link
fedilink
English
241Y

For me sometimes its enough if i can get a plugin demo with FULL functionality and without some sort of beep or white noise every x seconds, to buy a plugin if i like it after tests. And for more then a few days. But this is nice too

@schmidtster@lemmy.world
link
fedilink
English
58
edit-2
1Y

Big brain move, getting you to acknowledge that you’re pirating for when the lawsuit comes.

More people need to accept that piracy helps sales in the end, not take sales.

I am not a lawyer, but… This does not prove you’re pirating the software. It’s informing the customer (who, as far as they may be aware, obtained the key in a totally legit manner) that the company thinks the key to be a pirated key (of which, it might not actually be, but, rather identified as such by the company or software in error). It is definitely designed to illicit some form of guilt if you did in-fact pirate the software (which is between you and your conscience), but it is not proof that you pirated it. That said, I totally back what this company is doing!

Doesn’t matter how you acquired the key, it’s still a pirated copy.

Do you think buying a stolen car or phone changes that it’s still stolen? Plenty of places also have laws against buying or keeping knowingly stolen items. So even just being informed and you continuing to keep it can now be used against you as well.

That’s the key, though… KNOWINGLY stolen! If you purchased an item but where unaware that it was stolen, there’s no legal issue and, unless there’s something that can link that item back to it’s original owner… I guess it’s yours then.

As far as the digital key is concerned, this is even more nebulous. Sure, their database or software thinks the key is stolen, but that’s just a binary bit somewhere which could, by accident or by a bug in the software, be in error. If, as a purchaser, you were unaware that the dealer from which you purchased said key was selling keys illegally, they is the same as buying a stolen TV from the flea market. Unless you knew, you did nothing wrong. As for the software telling you it’s stolen… again, that’s only what the software things. It could be wrong.

Additionally, purchasing suspect keys is even more legal as there’s no intrinsic value to the key itself. It’s just a string of numbers and symbols. Keep it, it’s yours. Have fun. Play hangman. The company who owns the software for which that key was intended… didn’t loose anything. They still have their software. If the key worked? Well, if the key worked, that means the company and/or software doesn’t think the key stolen or otherwise illegitimate (which, can also be an error on the companies part).

In this case, the company says, in essence, “We think this key is stolen, but we cannot prove you did the stealing. We’re not going to belabor the issue. Keep on, and let your conscience guide you”

Sounds like that may rankle your sense of right and wrong, but, them’s the fact. You have never seen someone arrested for purchasing a software key, nor have you seen anyone arrested for purchasing a physical product they believed to be legit even when it wasn’t.

@schmidtster@lemmy.world
link
fedilink
English
-3
edit-2
1Y

Uhh… what do you think the notice is telling you…? That’s it’s not a legal copy. Now you can’t claim you didn’t know… this is literally a legally accepted measure to remove that entire defense that you didn’t know. It’s hilarious you comprehend that, but don’t see how this notifies you of it being illegal! It’s along the same veins of reselling a book without its cover and the notice telling you. Of course it’s legal and accepted to remove your ignorance defense. Ignorance has never been a defense and this would be no different.

And yeah people have been arrested for those before, of course I haven’t personally seen it. That doesn’t mean it doesn’t happen.

Legal or not legal isn’t determined by the licence key anyway. You can buy it for real, then crack it and you still have a legal copy.

Actually, no… it’s telling you that it thinks it’s not a legal copy. The company doesn’t actually know. It’s not like they sit down and write out by hand every key that is created. Those keys are generated by some algorithm. The company can identify if an algorithm was compromised (either the generation method identified or a significant portion of keys from said algorithm being used without them having been generated by the company), or they surmise that a chunk of codes, that had been previously generated for distribution, were nabbed when a number of them start to get activated without the company seeing a corresponding increase in sales. They more than likely do not have an exact list of which codes were stolen, just an assumption.

Here’s an example for ya… Company gives Legit LTD a set of codes to sell. Unfortunately, the thieves seal hack into Legit LTD’s systems and are able to copy a chunk of those codes. Legit LTD does not realize the breach for a day, or a week, and sells those codes to customers. At the same time, the thieves setup a seeming legit web store and started selling their ill gotten codes on that site. Two different customers are looking for Company’s software. One buys a code from Legit LTD. The other buys from thieves seemingly legit store. Just so happens that both stores sold the same code. Now two people have a copy of the same code. Both customers, in this case, believed they were buying a legit code. Both believe their code is valid. Before either can activate those codes, however, Legit LTD realizes they’ve been hacked and tell Company. Company, not knowing exactly which codes were stolen, decides to invalidate the batch… but there are legit customers in the wild that have codes from that batch and there’s no way for Company to tell who bought from who. BOTH customers, at this point, go to activate their code and both are told they’re running a pirated code. Neither of them really pirated, however. The thief did, but the thief isn’t the run using the code.

As such, no… Company and Legit LTD would find it very difficult, if not impossible, to determine who bought legitimately. Most companies, when this happens, would say, fuck’em and let both customers suffer. This company chooses to tell them they’re running suspected pirated codes (though, they don’t know for sure), and, regardless, neither customer would be pirating because both believe they purchased legit codes all above board.

Welcome to software, my friend. :D

cannache
link
fedilink
English
11Y

Kind of debatable depending on the floor price but not bad an idea either way, it’s all about margins and looking to let yourself understand how much your product is really worth to the customer vs simple market cost

That sounds like EULA territory, ergo, not defensible in court

Can’t say you didn’t know the key was pirated when you bought it off kijiji if there’s this warning.

It removes a potential defence, it’s not for them to admit any evidence, it’s to destroy your rebuttals.

veroxii
link
fedilink
English
81Y

How can they sue you if they literally say they don’t oppose the use of this pirated serial and it’s okay to do and the software will continue working?

If anything if you agree to this you can sue them if they ever disable this key because they agreed to accept it.

Do you even know how contracts/agreements work?

Do you really think this is a contract or agreement of legal enforceability? Holy hell.

If they actually used this for that reason it would be to merely remove your defense of saying you didn’t know you bought a pirated copy. They don’t even need you to agree to it, a splash screen would be enough.

Look up the legal principle of estoppel. In general you can’t turn around and sue someone for doing something after informing them (in writing no less) that you’re okay with it, even if you would otherwise have had a valid basis to sue.

@killeronthecorner@lemmy.world
link
fedilink
English
5
edit-2
1Y

“my friend gave it to me as a gift. What’s Kijiji?”

@schmidtster@lemmy.world
link
fedilink
English
-8
edit-2
1Y

And you said you acknowledged it was pirated, doesn’t matter where you got it from……

You didn’t, you typed the words “I understand”, which isn’t acknowledgement of comprehension, exactly the same as it is when you “accept the EULA” after not having read it. The very thing that has been deemed non-defensible for EULA litigation.

removed by mod

removed by mod

If ppl like it enough to pirate it, ppl will also like it enough to buy it. That’s the rule of thumb imo.

I really don’t think this is true though, the cost of piracy is severely low when compared to buying it, I can see myself downloading some shit games just to play them for 15-30 minutes but I’d never buy them.

If those games had demos would you still pirate the full game to only play a small portion?

I don’t really understand what it has to do with buying the game but yeah I probably would since I’d rather have the unlimited experience in case the game is halfway decent.

True. I would never pay for AC Rogue, and after having completed the game, I can justify that decision. To me, it felt lile Black Flag but worse. Could I justify but I Black Flag on Steam, after already paying for it on PS4? Yes. Could I justify any purchase of Rogue? No, none.

@datavoid@lemmy.ml
link
fedilink
English
11Y

Arguably if you completed the entire game, the purchase would be justified

@theshatterstone54@feddit.uk
link
fedilink
English
0
edit-2
1Y

I completed it because I started it (and it’s a shorter game), not because I was actually invested. I’ve played Black Flag 3 times, I’ve paid for it once, and would both replay it and pay for it again. I’ve played Rogue once, and I have no intention of replaying or paying for it.

Its about justifying it to myself. I’m not rich and don’t really have disposable income for games.

@gibmiser@lemmy.world
link
fedilink
English
351Y

The caveat is that it has to be easy for people to find it and buy it without jumping through hoops. If you gotta jump through hoops just to buy it, you might as well jump through hoops and get it for free.

@schmidtster@lemmy.world
link
fedilink
English
6
edit-2
1Y

There will also be people who abuse it for nefarious means as well. Even if purchasing is easy.

They of course use these 2% to justify vilifying the rest though.

@GoofSchmoofer@lemmy.world
link
fedilink
English
14
edit-2
1Y

They of course use these 2% to justify vilifying the rest though.

This is the method that is used to justify cutting welfare benefits for poor people.

Too bad they don’t see the hypocrisy of them doing the same with tax loopholes.

Yes. Corporate welfare is good for the country, human welfare is bad. /s

cannache
link
fedilink
English
21Y

Hey everyone deserves some sympathy

@AlexWIWA@lemmy.ml
link
fedilink
English
21Y

Reminds me of everyone pirating the Mass Effect trilogy through 2015 until the remaster released because it was literally the only way to get all three games, with all of the dlc.

@fluxion@lemmy.world
link
fedilink
English
51Y

How’s the plugin?

Blue and Orange
link
fedilink
English
81Y

Oh would you look at that, something I would pay for

Yote.zip
link
fedilink
English
2161Y

I feel piracy for demo purposes is fully justified if you buy it after you like it. People always say vote with your wallet but it’s more like gambling with your wallet if you don’t get to see and touch the product before you make the purchase. Giving proper demos should be more common with digital media.

@Glide@lemmy.ca
link
fedilink
English
791Y

On a related note, I’m very glad I pirated Starfield.

@ByteJunk@lemmy.world
link
fedilink
English
61Y

I played it as part of Xbox live, paid $20 for 2 months. Ended up playing a lot more of Senua Sacrifice than I did Starfield.

That price is very acceptable, almost a convenience fee that I gladly pay so I don’t have to look for torrents and stuff.

I would never pay the hyperinflated prices that are being asked for AAA nowadays, especially for digital copies that, as PlayStation is keen to teach us, are worthless.

thanevim
link
fedilink
191Y

I’m thinking that I might buy it once we have creation kit access and mods that add story and flesh out the game a la Fusion City Rising and companion mods for Fallout 4

At that point I’d rather pirate the game and donate to mod developers who are putting endless hours of unpaid time into free mods.

@Zoboomafoo@lemmy.world
link
fedilink
English
91Y

I don’t know if it’s worth the drive space

@theolodger@feddit.uk
link
fedilink
English
91Y

I had pirated it, in my opinion not worth the drive space. Currently deleted.

@Zoboomafoo@lemmy.world
link
fedilink
English
51Y

I’ve been watching critiques of it, it’s amazing that they made a game with everything wrong

@Syrc@lemmy.world
link
fedilink
English
131Y

Imo “vote with your wallet” is more about companies/brands that have proven to do shitty games, as in “don’t buy any more games/dlcs/microtransactions from them”.

Yote.zip
link
fedilink
English
211Y

Vote with your wallet regards any sort of purchase. By giving money to someone you are giving them the most encouragement possible to continue doing what they’re doing. If you purchase something that you end up not liking, they will still receive your initial vote loud and clear. The gaming industry especially has shown us that companies will happily take both the money and the negative review and say ‘thank you’.

@Syrc@lemmy.world
link
fedilink
English
11Y

Yes, but as you said, you can’t know if you’ll like the game or not until you try it. It works with standalone games as well if you pirate before buying, but it’s usually not aimed at pirates: no one sane will pirate a game, find out they dislike it, and buy it anyway. It goes without saying.

It’s more the people who already bought games that need to hear that “so you bought the last two mainline Pokémon games and they both sucked ass? Don’t fall for it again, vote with your wallet and stay away from the next one”.

Zoolander
link
fedilink
English
31Y

You’re the first person in this community that gets it. The people here that bloviate about their moral justifications are so tiresome. It’s really as simple as “if you want more of something, you have to pay for it”.

@Jarix@lemmy.world
link
fedilink
English
171Y

I too remember shareware. Ahh im old

Ænima
link
fedilink
English
71Y

Old enough to remember the Ambrosia Software game, Escape Velocity? That game had a shareware setup involving a really powerful ship that would message you several times in a game and eventually get so annoying it was almost impossible to play. If you accidentally shot him, he’s ruin you. Oh, gone are the days of true “try before you buy.”

@kittyrunningnoise@lemm.ee
link
fedilink
English
2
edit-2
1Y

lol, EV was special. It was also pretty easy to mod with plug-ins using macos resource fork hackery, even to a kid, and all of the original game data was replaceable just by creating something with the same ID in a plug-in. Cap’n Hector became an angry invincible shuttlecraft with a single laser cannon. now that I’m old enough to afford a license, the company is gone and there’s no way, so I guess I’m stuck with him like this forever.

Ænima
link
fedilink
English
1
edit-2
1Y

I make no claim to this info, nor do I understand it, nor do I take responsibility for its use. As linked, I got this from a reddit post about the company and copy/pasted it into Obsidian so I’d have it. The code blocks are as close to the original as I cared to fiddle with. This is all greek to me but there are Python scripts linked, which may help you generate a key that works to register EV. Good luck!

Note: I had to split this into multiple posts cause it was not wanting to post the entire thing in one reply.


Ambrosia and Registration (Site)

Now that Ambrosia is gone, new registrations are no longer possible, and due to their expiring codes, using legitimate license keys has become difficult. We may hope to see a few of their games revived in the future but at present, only the original releases are available. Perhaps this case study on Ambrosia’s registration algorithms will be useful to some.

The Old System

In their earliest days, ASW didn’t require registration, but they eventually began locking core features away behind codes. All of their classic titles use the original algorithm by Andrew Welch.

Given a licensee name, number of copies, and game name, the code generator runs through two loops. The first loop iterates over each letter of the capitalized licensee name, adding the ASCII representation of that letter with the number of copies and then rotating the resulting bits. The second loop repeats that operation, only using the game’s name instead of the license holder’s name.

Beginning with Mars Rising, later games added a step to these loops: XOR the current code with the common hex string $DEADBEEF. However, the rest of the algorithm remained essentially unchanged.

The resulting 32 bits are converted into a text registration code by adding the ASCII offset of $41 to each hex digit. This maps the 32-bit string into 8 characters, but due to the limit of a hex digit to only encode 16 values, codes only contain letters from the first 16 of the alphabet.

The following chart shows an example using a well-known hacked code for Slithereens.

			Iteration 1 ('A' in ANONYMOUS)
Name: Anonymous             Code = $0 + $41
Number: 100 (hex: $64)  ->        << 6             ... -> Code = $FD53 FFA0
Game: Slithereens                 + $64
                                  ^ $DEAD BEEF
                                  >> 1

Add $41 to each digit:                                      Registration
-> $41 + $F = $50 = P    ->      Reverse string        ->   ------------
   $41 + $D = $4E = N                                       | AKPPDFNP |
   ...                                                      ------------

Here is a Python implementation of the v1 system: aswreg_v1.py

Once you have the bit-string module installed via sudo pip install bitstring, you can test the output yourself with python aswreg_v1.py "Anonymous" 100 "Slithereens".

Ænima
link
fedilink
English
11Y

The New System

As Ambrosia’s Matt Slot explains, the old system continued to allow a lot of piracy, so in the early 2000’s they decided to switch to a more challenging registration system. This new method was based on polynomial hashing and included a timestamp so that codes could be expired and renewed. Ambrosia now had better control over code distribution, but they assumed their renewal server would never be shut down…

They also took more aggressive steps to reduce key sharing. The registration app checks against a list of blacklisted codes, and if found to be using one, the number of licenses is internally perturbed so that subsequent calculations fail. To combat tampering, your own information can get locally blacklisted in a similar manner if too many failed attempts occur, at least until the license file is deleted. Furthermore, the app attempts to verify the system time via a remote time server to minimize registration by changing the computer’s clock.

You can disable the internet connection, set the clock back, and enter codes. There’s also a renewal bot for EV: Nova. But let us look at the algorithm more closely.

64-bit Codes

The first noticeable difference is that registration codes in v2 are now 12 digits, containing both letters and numbers. This is due to a move from a 32-bit internal code to a 64-bit one. Rather than add an ASCII offset to hex digits, every letter or number in a new registration code has a direct mapping to a chunk of 5 bits. Using 5 bits per digit supports up to 32 values, or almost all letters of the alphabet and digits up to 9 (O, I, 0, and 1 were excluded given their visual similarities).

The resulting 64 bits (really only 60 because the upper 4 are unused: 12 digits * 5 bits each = 60) are a combination of two other hashes XOR’d together. This is a notable change from v1 because it only used the registration code to verify against the hashing algorithm. Only the licensee name, number of copies, and game name were really used. In v2, the registration code is itself a hash which contains important information like a code’s timestamp.

Two Hashes

To extract such information from the registration code, we must reverse the XOR operation and split out the two hashes which were combined. Fortunately, XOR is reversible, and we can compute one of the hashes. The first hash, which I’ll call the userkey, is actually quite similar to v1’s algorithm. It loops through the licensee name, adding the ASCII value, number of copies, and shifting bits. This is repeated with the game name. An important change is including multiplication by a factor based on the string size.

The second hash, which I’ll call the basekey, is the secret sauce of v2; it’s what you pay Ambrosia to generate when registering a product. It is not computed by the registration app, but there are several properties by which it must be validated.

The chart below visualizes the relationships among the various hashes, using the well-known “Barbara Kloeppel” code for EV: Nova.

TEXTCODE:
------------------
| L4B5-9HJ5-P3NB |
------------------                    HASH1 (userkey):
	|                             calculated from licensee name,
        |                             copies, and game name
BINCODE:                              ----------------------
5 bits per character,             /-> | 0x0902f8932acce305 |
plus factors & rotations         /    ----------------------
----------------------          /
| 0x0008ecc1c2ee5e00 |   <-- XOR
----------------------          \
	                         \    ----------------------
	                          \-> | 0x090a1452e822bd05 |
	                              ----------------------
	                              HASH2 (basekey):
	                              generated by Ambrosia,
	                              extracted via XOR
Ænima
link
fedilink
English
11Y

The Basekey

The basekey is where we must handle timestamps and several validation checks. Consider the binary representation of the sample 0x090a1452e822bd05:

binary basekey (above) and indices for reference (below):
0000 1001 0000 1010 0001 0100 0101 0010 1110 1000 0010 0010 1011 1101 0000 0101
b0   b3   b7   b11  b15  b19  b23  b27  b31  b35  b39  b43  b47  b51  b55  b59  b63

Timestamps

Timestamp are encoded as a single byte comprised of bits indexed at b56,51,42,37,28,23,14,9 from the basekey. In this example, the timestamp is 01100010 or 0x62 or 98.

The timestamp represents the number of fortnights that have passed since Christmas Day, 2000 Eastern time, modulo 256 to fit in one byte. For example, 98 fortnights places the code at approximately October 2004.

Stored as a single byte, there are 256 unique timestamps. This is 512 weeks or about 10 years. Yes, this means that a code’s validity rotates approximately once every decade.

After the code’s timestamp is read, it is subtracted from the current timestamp (generated from the system clock or network time server if available). The difference must be less than 2, so codes are valid for 4 weeks or about a month at a time.

Of note, Pillars of Garendall has a bug in which the modulo is not taken correctly, so the timestamp corresponding to 0xFF is valid without expiry.

Validity Check

The last three bits, b60-63, contain the sum of all other 3-bit chunks in the basekey, modulo 7. Without the correct number in these bits, the result will be considered invalid.

To this point, we have covered sufficient material to renew licenses. The timestamp can be changed, the last three bits updated, the result XOR’d with the userkey, and finally, the code converted from binary to text.

Factors for Basekey Generation

I was next curious about code generation. For the purposes of this write-up, I have not fully reverse engineered the basekey, only duplicated the aspects which are used for validation. This yields functional keys, just not genuine ones. If the authors of the EV: Nova renewal bot have fully reversed the algorithm, perhaps they will one day share the steps to genuine basekey creation.

One aspect validated by the registration app is that the licensee name, number, and game name can be modified to yield a set of base factors. These are then multiplied by some number and written into the basekey. We do not need the whole algorithm; we simply must check that the corresponding regions in the basekey are multiples of the appropriate factors.

The regions of note in the basekey are f1 = b5-9,47-51,33-37,19-23, f2 = b43-47,29-33,15-19,57-61, and f3 = b24-28,10-14,52-56,38-42. The top 5 bits and f3 are never actually checked, so they can be ignored.

Considering f1 and f2, the values in the sample basekey are 0x25DA and 0x1500, respectively. The base factors are 0x26 and 0x1C, which are multiples by 0xFF and 0xC0, respectively.

Rather than analyze the code in detail, I wrote a small script to translate over the disassembled PPC to Python wholesale. It is sufficient for generating keys to EV: Nova, using the perfectly-valid multiple of 1x, but I have found it fails for other v2 products.

Ænima
link
fedilink
English
11Y

Scripts

Here is a Python implementation for v2: aswreg_v2.py and aswreg_v2core.py

With bitstring installed, you can renew codes like python aswreg_v2.py renew "L4B5-9HJ5-P3NB" "Barbara Kloeppel" 1 "EV Nova" (just sample syntax, blacklisted codes will still fail in the app). There’s also a function to check a code’s timestamp with date or create a new license with generate.

As earlier cautioned, generating basekeys relies on code copied from disassembled PPC and will likely not work outside EV: Nova. In my tests with other v2 products, all essential parts of the algorithm remain the same, even the regions of the basekey which are checked as multiples of the factors. What differs is the actual calculation of base factors. Recall that these keys were created by Ambrosia outside the local registration system, so the only options are to copy the necessary chunks of code to make passable factors for each product or to fully reverse engineer the basekey algorithm. I’ve no doubt the factors are an easy computation once you know the algorithm, but code generation becomes less critical when renewal is an option for other games. I leave it to the authors of the Zeus renewal bot if they know how to find these factors more generally.

To renew codes for other games, keep in mind the name must be correct. For instance, Pillars of Garendall is called “Garendall” internally. You can find a game’s name by typing a gibberish license in the registration app and seeing what file is created in Preferences. It should be of the form License.

Finally, a couple disclaimers: I have only tested with a handful of keys, so my interpretations and implementations may not be completely correct. YMMV. Furthermore, these code snippets are posted as an interesting case study about how a defunct company once chose to combat software piracy, not to promote piracy. Had Ambrosia remained operational, I’m sure we would have seen a v3 registration system or a move to online-based play as so many other games are doing today, but I hope this has been helpful for those who still wish to revisit their favorite Ambrosia classics.

Ænima
link
fedilink
English
11Y

I have a link to how to take an old serial for the game and generate a new serial based on the algorithm. When I get back to my computer I’ll send it along.

@Jarix@lemmy.world
link
fedilink
English
21Y

I remember the name ambrosia software but dont recall that game. Sounds like a good experience to remember!

You…

You shot Captain Hector?!

Ænima
link
fedilink
English
21Y

Usually, not intentionally. More, I was defending myself and he was buzzing around me like a moth on a summer porch light when a stray laser beam hit his ship. :(

I remember this game being one of the reasons I love Macs so much as a younger kid. Zooming around and then this guy showing up “remember to buy the game” and then, eventually, it becoming a game of seeing if I could leave a system before getting wrecked by him.

Good times.

If you happen to miss those days, check out Endless Sky. It’s a free remake of the game for more modern machines. Still under active development.

@DerMann@feddit.de
link
fedilink
English
2
edit-2
1Y

Thanks for the nice anecdote and reccomendation Gonna see how it runs on my steam deck.

On Android Space RPG3 (free) and Space RPG4 ($3?) are really good spiritual successors as well.

Some of the original team are also working on a spiritual successor. Have been for a while. Don’t remember what it’s called though.

KptnAutismus
link
fedilink
English
21Y

exactly, had a pirated version of frostpunk. but when i played through it the first time i immediately wanted to play the DLC.

so i went on epic games and bought it for full price.

good job devs, that game is a masterpiece and you deserve my money.

Einar
link
fedilink
English
431Y

Demos used to be a lot more common. It used to be the norm for most games. Now it’s extraordinary.

Indie devs seem to be bringing them back. Played quite a few demos recently. Hopefully the trend continues.

Captain Aggravated
link
fedilink
English
41Y

Devolver Digital published a demo for Heave Ho!. Worked fine, demo was fun, decided to buy the full version. It didn’t work, none of the UI elements except the back button worked on the character selection screen. Fortunately Valve is good with refunds.

Robust Mirror
link
fedilink
English
11Y

PlayStation making you pay for their highest sub tier just to access demos.

@Jarix@lemmy.world
link
fedilink
English
11Y

Not entirely or at least in a different way. Steam still has free weekends occasionally on games. Or more likely some publishers still offer them sometimes probably

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
!piracy@lemmy.dbzer0.com
Create a post
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don’t request invites, trade, sell, or self-promote

3. Don’t request or link to specific pirated titles, including DMs

4. Don’t submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

  • 1 user online
  • 106 users / day
  • 270 users / week
  • 1K users / month
  • 3.5K users / 6 months
  • 1 subscriber
  • 3.4K Posts
  • 82.2K Comments
  • Modlog