15

How did the vendors using copy protection create weak bits on the floppies?

This always fascinated me as a kid. I ended up finding a weak bit emulator that would intercept the floppy disk interrupt and substitute different values and would be configurable per game but that was clearly software.

enorl76
  • 261
  • 2
  • 5
  • 2
    I'm not going to make this an answer because it's so vague, but: specialised duplication machines that can maliciously write a flux transition exactly on a window boundary (or write areas at different strengths for the related fuzzy bits, or write at an arbitrary density, or ensure a specific spiral, or...). I'm optimistic someone else will be able to be more specific than "specialised duplication machines". – Tommy Oct 04 '18 at 19:47
  • 1
    @Tommy, I don't know the answer either, but I doubt that "spiral" is part of it. Floppy drives used open-loop stepper motors to position the heads. Even if the duplicator was capable of writing a spiral track, the consumer's drive would not be capable of following the spiral. –  Oct 04 '18 at 20:30
  • @besmirched by spiral I was referring to inter-track skew, which can be set up so that the read head effects what amounts to a quantised spiral; I didn't mean in the same manner as a CD or vinyl record. – Tommy Oct 04 '18 at 20:52
  • I am pretty convinced that the concept of "weak bits" on a floppy disk as "weak amount of magnetization", thus flipping bits on repeated reads as a means of copy protection is an urban legend (or at least a mis-interpretation of what's really done). While it might be technically possible, it's not something you could sustainably reproduce in mass production. What's done instead is try to write bits to the disk that violate the encoding rules and thus are returned as random when read back. – tofro Oct 04 '18 at 21:28
  • @tofro now you mention it, I might have inverted the meaning of weak and fuzzy bits in my mind. Certainly they're always lumped together in any file format in aware of, usually you just get a segment that instead of saying "data here is X" says "empirically, data was X for a% of reads, Y for b% of reads, etc", or possibly even just an "insert random data here" signifier. Weak bits definitely exist on the Apple II though; you can just not write any transitions for a prolonged period and the automatic gain control will summon them for you when you attempt to read. – Tommy Oct 04 '18 at 22:25
  • @Tommy Your first idea in your first comment was apparently pretty close. – tofro Oct 04 '18 at 22:55
  • Low tech and cheap method, punch a couple of holes in the area of the last tracks of a floppy. – Rui F Ribeiro Oct 04 '18 at 23:15
  • 1
    One trick that I used was to format a disk with duplicate sector ids. That was enough to confuse most disk copiers. Not an answer to your question, though. – Mick Oct 05 '18 at 01:22
  • The point is that anything you do with your computer can be reproduced by somebody who has the same - Weak bits copy protection is immune to that. – tofro Oct 05 '18 at 13:53
  • @tofro ah, I had the feeling (eventually) that ordinary strength but maliciously placed bits were "fuzzy" rather than "weak", but probably I'm reading far too strictly into jargon that doesn't even have an authoritative source. Oh well. – Tommy Oct 05 '18 at 17:29
  • @Tommy I'm not sure there is some sort of "standard terminology" and I keep mixing them up as well. I think "weak" used to be non-formatted areas and "fuzzy" at some time was what I call "weak" (timing violations). On more modern systems that have a proper FDC, unformatted areas aren't much use for copy protection as you cannot read them without getting a consistent error. So, I guess the two terms have melted into one over time. – tofro Oct 05 '18 at 22:47

2 Answers2

18

"Weak bits" are a means of copy protection that generates areas on a disk that read back as random values, without the floppy disk controller actually detecting an error. When copying such a weak bit to a new disk with a standard FDC controller, it will end up as a distinct 0 or 1 depending on the random state that it was read in and never change as long as the disk remains intact. The copy protection check will repeatedly read such locations and check whether the bit value actually changes on repeated reads. Obviously, that check needs to be well hidden in the software, otherwise, it could easily be deactivated by malicious people.

The apparently common conception that this would be done with "weak magnetization" or a change in magnetic flux that is "smaller" than normal, is wrong. While this might theoretically be possible (aging disks that can be read successfully after several re-tries seem to prove this), I very much doubt this could be reliably reproduced in mass-production of disks.

You can simply generate such weak areas by not formatting a specific track (or part of that track) on the disk at all. This will create a complete track of "weak bits" that are entirely unreadable by a normal FDC - Unfortunately, a software pirate can reproduce the same thing with a standard floppy disk controller by simply not formatting that track on his copied disk as well - So, this is maybe too simple.

What's instead done is described in detail in this article that describes in-depth the analysis of a copy-protected game disk for the Atari ST (Dungeon Master) - Scroll down about 2/3 of the page to where the action starts.

In a nutshell, the PLL on a disk drive controller relies on somewhat evenly spaced sync bits on the disk to sync its read window (that is, where it expects to be able to read a valid data bit) to the specific RPM of the drive. By deliberately placing some out-of-sync clock bits on the disk, placing a magnetic flux transition exactly where the FDC would assume a stable state and determine a data bit value it can be confused so that it will in fact "read" a random value (within normal RPM variations of the drive it will either "see" a flux transition there or not). A standard floppy disk controller will not be able to write such a timing violation to the disk, thus not be able to copy the "weak" bit, but rather copy it as a "normal", non-changing bit. You need a disk controller that can record a raw MFM data stream, complete with its timing. So, weak bits are actually not "weak magnetization", but a violation of the MFM timing.

Standard disk copying machines will not use a standard floppy disk controller and simply copy the low-level MFM data stream with the standard-violating sync bits as-is. The master (at least the affected track) must obviously be written with a specific disk controller that can write such violations. Modern equipment like Kryoflux can do that, apparently. I would expect that back in the days similar equipment existed.

tofro
  • 34,832
  • 4
  • 89
  • 170
  • One piece of similar equipment was of course the Commodore Amiga. – Alan Cox Oct 05 '18 at 16:53
  • @AlanCox Hmm. Wouldn't bet on that - If you read the article I linked, Dungeon Keeper for the Amiga used the same copy protection scheme, even with an Atari ST-formatted track. I doubt they had used this scheme if the Amiga could simply copy it? – tofro Oct 05 '18 at 17:02
  • 2
    Let me rewrite that last comment more accurately. The Amiga can write almost anything. Copy gives the wrong impression. With the right commands and tight timing you can use the fact the hardware does almost all the processing in software (or with the blitter) to generate really strange disk I/O. – Alan Cox Oct 05 '18 at 23:09
4

The best copy protection is called “marching bits”. The transition is place at the window margin by using a write clock speed 10x faster than the actual playback clock on the floppy controller. This way each bit is actually written as 10 bits and allows for a production product accurate within a 25% window. Note floppy discs drives vary between units and within with flutter. However, using this technology allowed the creation of a hardware copy protection. The “protected” byte contains a bit that reads as a 1 in one of two bits because the bit is written on the window border. You cannot write this bit with a normal floppy disc controller because you cannot control where bits are written within the window. The software reads the byte 3 or more times and an allowable results is 1 bit shift between the 2 possible results. Also the sector CRC is not generated by the bytes written but part of the user SN. One very large company asked how a customer makes a backup copy. The answer: The disc is copy protected and NO copies can be made using a commercial floppy disc controller. Now game software companies loved this feature - no bootleg copies. Send in your old copy to receive a replacement. One of my favorites was a bootleg copy would appear to work expect you could never win because it ran a separate sub program to make you work very hard without ever advancing. When you called about the program not working you were identified as using stolen software.

John Sonoma
  • 41
  • 1
  • 1
    When you called about the program not working you were identified as using stolen software. Well, that sort of "guilty until proven innocent" mindset isn't very good public relations. What about honest actors who had a floppy or two reserved for a copy of whatever they were currently playing to minimize wear and tear on their originals? ...or parents who did that because they didn't trust their kids with the originals? – ssokolow Apr 15 '20 at 22:26
  • On machines where the CPU reads out individual bytes, one can do even better by having some bytes be written somewhat fast and some written somewhat slow, and timing the arrivals of the bytes. Instead of merely having a pass/fail routine, one could have a routine which reads out one useful bit from each byte based upon timing. – supercat Feb 14 '22 at 18:58