[0] https://martypc.blogspot.com/2024/09/pc-floppy-copy-protecti...
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk... for a much newer example, albeit non-destructive. I vaguely remember some much more recent destructive examples, not sure if implemented or threatened, but I might be confusing things.
Edit: Found the incident I was thinking about using Gemini. A flight sim addon company FSLabs shipped malware with their installer. It didn't wipe data, it stole your Chrome password manager instead. https://www.reddit.com/r/flightsim/comments/xa58qz/a_retrosp... is a reddit summary, https://forums.flightsimlabs.com/index.php?%2Fannouncement%2... the company explaining/justifying what they did and why (TL;DR it was meant to be a targeted attack against some specific pirates).
The backlash to this measure was massive, as many legitimate products turned out to use counterfeit FTDI parts without the manufacturers' awareness due to unreliable supply chains. Microsoft quickly pulled the update but FTDI seemed not to care for the most part, eventually releasing another similar update a couple of years later that would deliberately corrupt all data sent through clone chips.
it could pretty much copy anything
copying disks in 1980s was like radar vs radar-detector battle, always escalating
It was a pretty healthy business, not just for the copy protection breaking but also the general tools software.
Funny story:
I was at their offices working on a project when they were getting ready to ship out the new version. Their warehouse was connected to the office building and they were producing all of the final copies and loading them on trucks to get sent to the distributors.
In the morning they gave the all clear for the first wave of trucks to leave, then about 4 hours later someone found a bug and they had to call all of the trucks back to the warehouse, unload, re-create new clean product etc.
They did this about 3 times before that version finally made it to the distributors.
So you had to add code to detect modifications which itself could be bypassed.
If I were a paranoid DOS-compatible publisher of expensive software, I would add layers of checks:
- checksum the entire executable on disk, at different points
- checksum the entire program resident in memory, at different points
- use a serial number and activation verification system based on public key cryptography and hardware attributes, and spread those checks around critical functionality. Store the activation code in the end of the root directory as phantom deleted file entries.
Ultimately though, does the increase in hassles and decrease in goodwill create more sales than it pushes away? I'd argue that intentionally no-DRM/no-cp software (GOG style) encourages brand goodwill and loyalty and there's even a nonzero conversion funnel from warez to paying customers. Cp is, thus, mostly an exercise in the practice of footgunnery by performative restrictions that do not deter technically-inclined persons. But like a sign that says "restroom for customers only", it doesn't add positive value. If they had instead spent more engineering time on the software and making the software priced for normal humans, they would have had more customers and more profits.
Right, which is why DRM schemes aren't typically implemented in a straightforward way. Instead license checks are added to critical program logic so you can't easily skip it, anti-tamper/debug is added to thwart runtime analysis, and on top of all of this the code is obfuscated to thwart analysis even further. You might be eventually be able to figure it out, but it's designed to make it enough of a slog that nobody bothers to work through it all.
