5

A number of games from the early 1990s appear to be protected with a DRM system developed by Rainbow Technologies Ltd. The system allows content in the games to be unlocked by sending the manufacturer a code and getting one in return.

The system appears to make use of information in this patent.

In 1998 it advertised the ability to sell software over the internet (typically shipped on CD, only the unlock codes were sent via the internet).

It appears to be some kind of public key crypto. The game/app has a private key and an "install key" that is generated during installation. The user sends the install key plus money to the manufacturer, and they send back an unlock key that unlocks selected features.

I have been unable to find any more information on the system, how it works and if it was ever cracked.

Stephen Kitt
  • 121,835
  • 17
  • 505
  • 462
user
  • 15,213
  • 3
  • 35
  • 69
  • Sorry to be pedantic; so the question is: how did it work? (Aside: if I knew the answer, I'd just post that) – Tommy Jun 11 '18 at 18:00
  • Yes, how does it work. It appears to be some kind of public key crypto, going by the patent, but given machines were slow back then... I seem to recall that the keys were only long enough for 56 bits which suggests DES may be involved, but I can't find any reference now. – user Jun 11 '18 at 22:29
  • It sounds like just a standard PKI message exchange. Each CD has the public key of a key-pair encoded with it, and private key is retained in manufacturer database. Software generates a key-pair for the user. User sends signed message identifying the public key of their CD. Manufacturer returns message encrypted with user public key to unlock the software and signed with the private key of the CD. Simple. – Brian H Jun 12 '18 at 01:40
  • 2
    I've never heard of any game being "protected" like this. What games are supposed to have used it? But a DRM system like you described would be easy to crack, just copy the game after it's been unlocked. They'd need to use some actual copy protection method (eg. key disks) to prevent copying, and during the 90's these were all cracked. –  Jun 12 '18 at 03:04
  • Yes, it is some kind of PKI system... Presumably copying an unlocked game would work, but this was back when CD burners were expensive so copying a full install was not trivial. Having said that, I don't know how well it worked. The only games I know that used it were some adult themed ones from Artworx, but the adverts seem to suggest it was used for commercial software as well. – user Jun 12 '18 at 08:02
  • @user back in the days each of us had some older IDE HDD for data transfer .... the same way as we use USB keys now. So copying would not be an issue ... some people even had IDE HDD racks for easy exchanging discs like this – Spektre Jun 12 '18 at 08:08
  • I doubt the software made use of the patent you mention specifically. Although it is from the same company ("rainbow technologies" became "safenet"), the patent you mention dates 1998, which is much later than the first versions of the software you're talking about, and makes use of elliptic curve cryptography, which is very advanced stuff, even for now. Elliptic curve cryptography has been suggested for the first time around 1985, and has stayed in the realms of universities for a long time before being actually used in mass products. – dim Jun 12 '18 at 11:54
  • 2
    Besides, the product from the ads you linked is using a parallel-port dongle. The right to run the software is granted by this physical object that you had to plug (and having this dongle was the only requirement to run the software, which could be copied from machine to machine). It is not a scheme where you send a code to the software company and get back some sort of license file. So, either the ads are for another product, or you are mistaken on the way it worked. – dim Jun 12 '18 at 12:01
  • 1
    Software Sentinel was the dongle in the ad, yes. I want to say that one of the companies I worked for in the late 1980s or early 1990s used it. IIRC, there was a C library that we had to link in to our software. Depending on which of my former employers it was, we charged our customers between $200 and $2000 for the software. That was in ~1990 US dollars, so that would be roughly $400 to $4000 in 2018. I bet there's an old issue of Byte that describes how it works. – shoover Jun 12 '18 at 18:43
  • I removed the dongle link since it seems to be confusing people. – user Jun 13 '18 at 08:11
  • @shoover I can't remember (if I knew) how Software Sentinel's dongles worked, but from that era, the "cheap" dongles did little more than "key verification" – the software sent a code to the dongle and checked it got the expected result back. They could easily be, er... "bypassed" by little more than changing a JNE to either a JMP or NOP. Later/more sophisticated dongles passed major chunks of code through the dongle to be decrypted which was much harder to "bypass". – TripeHound Jun 13 '18 at 08:12
  • To be clear, I'm not interested in the dongle, I'm interested in the public key system. I think might be an early example of such a system being used commercially, and of software that may never be recoverable now because the private keys have been lost. – user Jun 13 '18 at 08:42
  • 1
    @RossRidge One accessible example of a CD with a decrypt-on-purchase system -- though not the Rainbow Technologies one the question is about -- is on the official Quake shareware release (https://archive.org/details/cdrom-quake-shareware). The point is not copy protection -- this was mostly used to deliver games where, as here, the regular full retail releases didn't use copy protection either. – rakslice Jun 13 '18 at 09:30
  • 1
    @rakslice Apparently it used some sort of week symmetric encryption: https://www.doomworld.com/forum/topic/73486-what-was-the-story-with-the-id-multigame-cd/#comment-1391703 –  Jun 13 '18 at 13:29
  • @TripeHound: I've often thought that it would be interesting if a game that used a dongle used it to handle a little of the game logic. Put the state of a few objects into the dongle every game loop and read out the states. Making a compatible dongle would require knowing all the way those objects interact. If the level 4 map on the disk the computer doesn't contain a key that's needed to clear it, but a dongle recognizes when the key should appear and spontaneously creates it, a reverse-engineered dongle that doesn't include that behavior would yield an unwinnable game. – supercat Jun 13 '18 at 16:49
  • @RossRidge Thanks, that's a solid bit of info. I wonder if this one is so easily cracked... It seems to be using DES which is kinda weak (based on the length of the unlock codes providing 56 bits for the key) but even today unless there are flaws in the implementation it's not trivial to attack. – user Jun 14 '18 at 07:55
  • @user "even today unless there are flaws in the implementation [DES is] not trivial to attack" Wikipedia claims that DES cracking as a service was available online in 2012, using hardware that would take 26 hours to search the entire key space, and a single commercial off-the-shelf graphics card and open source software could be used in 2016 to exhaustively search the entire key space in 30 days. The latter might not be trivial, but on the flip side, you only need to do it once... – user Jun 20 '18 at 16:16

0 Answers0