24-05-2016  (1044 lectures) Categoria: Articles

Apple Locksmith - bit nibbler

  1. Bit nibbler

    From Wikipedia, the free encyclopedia

    A bit nibbler, or nibbler, is a computer software program designed to copy data from a floppy disk one bit at a time. It functions at a very low level directly interacting with the disk drive hardware to override a copy protection scheme that the floppy disk's data may be stored in. In most cases the nibbler software still analyses the data on a byte level, only looking to the bit level when dealing with synchronization marks (syncs), zero-gaps and other sector & track headers. When possible, nibblers will work with the low-level data encoding format used by the disk system, being Group Code Recording (GCR - Apple, Commodore), Frequency Modulation (FM - Atari), or Modified Frequency Modulation (MFM - Amiga, Atari, IBM PC).



    Software piracy began to be a problem when floppy disks became the common storage media.[1] The ease of copying depended on the system; Jerry Pournelle wrote in BYTE in 1983 that "CP/M doesn't lend itself to copy protection" so its users "haven't been too worried" about it, while "Apple users, though, have always had the problem. So have those who used TRS-DOS, and I understand that MS-DOS has copy protection features".[2] Apple and Commodore 64 copy protection schemes were extremely varied and creative because most of the floppy disk reading and writing was controlled by software (or firmware), not by hardware.

    Pournelle disliked copy protection and, except for games, refused to review software that used it. He did not believe that it was useful, writing "For every copy protection scheme there's a hacker ready to defeat it. Most involve so-called nybble copiers, which try to analyze the original disk and then make a copy".[2] By 1980, the first 'nibble' copier, Locksmith, was introduced for the Apple II. These copiers reproduced copy protected floppy disks an entire track at a time, ignoring how the sectors were marked. This was harder to do than it sounds for two reasons: firstly, Apple disks did not use the index hole to mark the start of a track; their drives could not even detect the index hole. Tracks could thus start anywhere, but the copied track had to have this "write splice", which always caused some bits to be lost or duplicated due to speed variations, roughly in the same (unused for payload data) place as the original, or it would not work. Secondly, Apple used special "self-sync" bytes to achieve agreement between drive controller and computer about where any byte ended and the next one started on the disk. These bytes were written as normal data bytes followed by a slightly longer than normal pause, which was notoriously unreliable to detect on read-back; still, you had to get the self-sync bytes roughly right as without them being present in the right places, the copy would not work, and with them present in too many places, the track would not fit on the destination disk.

    Apple II - Locksmith

    Locksmith copied Apple II disks by taking advantage of the fact that these sync fields between sectors almost always consisted of a long string of FF (hex - all '1' bits) bytes. It found the longest string of FFs, which usually occurred between the last and first sectors on each track, and began writing the track in the middle of that; also it assumed that any long string of FF bytes was a sync sequence and introduced the necessary short pauses after writing each of them to the copy. Ironically, Locksmith would not copy itself. The first Locksmith measured the distance between sector 1 of each track. Copy protection engineers quickly figured out what Locksmith was doing and began to use the same technique to defeat it. Locksmith countered by introducing the ability to reproduce track alignment and prevented itself from being copied by embedding a special sequence of nibbles, that if found, would stop the copy process. Henry Roberts (CTO of Nalpeiron), a graduate student in computer science at the University of South Carolina, reverse engineered Locksmith, found the sequence and distributed the information to some of the 7 or 8 people producing copy protection at the time.[citation needed]

    For some time, Locksmith continued to defeat virtually all of the copy protection systems in existence. The next advance came from Henry Roberts' thesis on software copy protection, which devised a way of replacing Apple’s sync field of FFs with random appearing patterns of bytes. Because the graduate student had frequent copy protection discussions with Apple’s copy protection engineer, Apple developed a copy protection system which made use of this technique. Henry Roberts then wrote a competitive program to Locksmith, Back It UP. He devised several methods for defeating that, and ultimately a method was devised for reading self sync fields directly, regardless of what nibbles they contained. The back and forth struggle between copy protection engineers and nibble copiers continued until the Apple II became obsolete and was replaced by the IBM PC and its clones.

    Commodore 64 - Fast Hack'em

    Part of the Fast Hack'em disk copy software was a nibbler used to produce copies of copy protected Commodore 64 commercial software. When using the nibbler, disk copying was done on a very low level, bit-by-bit rather than using standard Commodore DOS commands. This effectively nullified the efficacy of deliberate disk errors, non-standard track layouts, and related forms of copy prevention. Copying a protected disk took approximately 60 seconds if being copied directly to another disk drive, or 3 minutes (plus several disk swaps) if performed using a single disk drive.


  2. Copy Protection: A History and Outlook http://www.studio-nibble.com/countlegger/01/HistoryOfCopyProtection.html
  3. Pournelle, Jerry (June 1983). "Zenith Z-100, Epson QX-10, Software Licensing, and the Software Piracy Problem". BYTE. p. 411. Retrieved 20 October 2013.

versió per imprimir