2

Back in the day, retail software was shipped on physical CDs that often had a printed "CD key" label affixed. The (usually alphanumeric) key on the label was unique to that particular copy of the product, and it needed to be entered during setup for the software to work. The keys had a special property that allowed the installer to determine if the key was valid without contacting a central server of any kind, while still being generally impossible to mash random letters on the keyboard and produce a valid key.

Without giving specifically identifiable examples, there are a number of legacy software products and games that I've seen folks discussing installing in recent months, often with missing/lost keys, and common advice is to use keys that look like AAAA-AAAA-AAAA-AAAA or buttheadbutthead during the key entry dialog in the original, pristine installer -- and somehow these keys generally work. Compared to real keys (which looked random, like BWHP-PWJU-VTV1-94M5) these keys are obviously weak and, perhaps most importantly, very easy to memorize.

It got me wondering why such keys are accepted in these unmodified retail versions. Is it that these patterns were intentionally installed as "backdoors" by the developers to simplify the development/QA/support process? Or is it more likely that the key validation used some form of home-grown hash/checksum procedure that had blatant but undetected weaknesses that end-users later found and exploited?

smitelli
  • 2,035
  • 3
  • 15
  • 19
  • Off the top of my head -- I remember one DRM system which basically just put a file with the key somewhere in its installation drive, if it was confirmed to be valid by checking online. So pirated copies had that file, with some fixed, known key; you had to enter it once to "confirm" it. Other solutions did similarly non-cryptographically-secure things. I also remember one which, if it got a DNS NXDOMAIN or HTTP 404, it gave you the benefit of the doubt -- future-proofing against the inevitable failure of their systems. – Nic Jul 28 '19 at 23:02
  • The issue with this question, though, is that there are any _number_ of reasons this could have happened. Maybe it was a QA backdoor, like you propose. Maybe it was a flaw in their checking. Maybe it's because the pirates tweaked the code to accept all codes, but couldn't remove the code-check entirely. Maybe... well, you see my point. There's no way to answer this generically; there are a million and one reasons it could have happened. – Nic Jul 28 '19 at 23:04
  • Although, on reflection, I'm not sure that makes this a _bad_ question. Definitely a broad one, but I don't know where it falls on the "too broad"/"on topic" spectrum. You probably could write up a fairly concise answer explaining some of the common ways that CD-ROM DRMs got broken. – Nic Jul 28 '19 at 23:12

1 Answers1

3

CD Key is a fundamentally flawed design. The software that checks the CD key validity runs on the user's machine, so it's running under the user's control. There's little that the software can do to protect itself from the user who knows what they're doing to bypass the check. There's little to gain for software vendor to deploy advanced security technique to prevent users from using pirated CD keys; it's simply there to raise the bar just enough to keep honest users honest, and not to keep pirates out.

Indeed, most companies that attempted to do anything beyond a very basic key checks have inevitably gotten a bad rep, because the techniques that they'll have to employ are very similar to what malware uses to hide itself, and they often get caught by anti malware software's heuristic scanners and such advanced techniques often increases the rate of legitimate users being unable to use legitimate keys. Some advanced DRM schemes have such a bad rep for using malicious techniques for implanting itself into the system so deeply, that they sometimes causes legitimate security issues on the system, which might cause some antimalware vendors themselves to consider flagging such advanced DRM as legitimately unwanted software and offer to remove them.

Many companies would rather have some pirates being able to break their DRM schemes, rather than having some legitimate user not being able to use their rightfully purchased keys. So, they keep the DRM simple and permissive by design.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93