AppleWin
AppleWin copied to clipboard
AppleWin
Support CodeWriter protection key
CodeWriter (from Dynatech Microsoftware / Cortechs Corp, 1982) came with a "protection key" for the //e.
Initially it asks if it's installed...
Then from the main menu:
- 'd' Create a data entry system
- 's' Create a screen layout
- which fails with...
Using the AppleWin debugger, I set data breakpoints on all the game I/O addrs to trap how the protection key was being accessed:
bpm c040,10 ; strobe
bpm c058,8 ; annunciators (outputs)
bpm c060,10 ; digital & analog (inputs)
It is just AN2, AN3 and PB2 that are used to access the protection key:
Probably not, since this software specifically targets the Apple //e.
Also I know of a Hayden Applesoft compiler which uses a h/w dongle but only for the earlier DOS 3.2 version(s) - and the actual DSK image for this has not been found yet.
Do you know of any other software protected with a hardware dongle/key? (See #1153 for the SDS Speedstar datakey)
Sadly I don't know of any (Apple 2) programs which had hardware dongles. :-/
Thanks for the link to #1153 ! That's freaking cool you actually have the Hayden dongle! Thanks for sharing that pic in that thread. Shame that the DOS 3.2 disk hasn't been preserved.
You probably have seen Raymonds' blog from last April 2022 but just in case you haven't:
You'll probably get a kick out of that they used TASC to compile TASC and all the one-letter variable names made it unreadable. ;-)
To be pedantic, I would call any (non-standard) hardware that enables software to run a dongle. Not sure why it being limited to one make/model would change this? But I digress since "key" is probably a good alternative name. :-)
IIRC my first introduction to hardware dongles/keys was the (in)famous ancient 3D Studio r4 (yup, 3DS Max!) for MS-DOS in the early/mid 90's. In the late 90's when I wrote some image recognition software for the Pulp and Paper Mill industry and the company wanted to hardware protect it with a dongle so I remember looking at a few that were supported under Windows NT.
I've always had a soft spot for BASIC compilers since this was one of the motivations I used to learn 6502 assembly back in 1980-1984 even though I've never spent any time using them. (!) I started doing a mini manual conversion to my Applesoft programs and realized it was just simpler and faster to code natively for the 6502.
I took a quick look at Asimov's Basic documentation directory to see if the Hayden compiler manual was there. Sadly not.
I didn't realize there were so many BASIC versions and compilers!
- Beagle Compiler
- Blankenship BASIC
- CBASIC (CP/M)
- Hayden Basic Compiler <-- MISSING docs
- MD-BASIC (Morgan Davis, IIgs only)
- Micol Advanced BASIC (//e, //c, IIgs)
- Microsoft BASIC <-- Huh, TIL MS shipped their BASIC
- TASC
- ZBASIC Compiler <-- Another BASIC compiler!
Interesting tidbit about the Hayden Applesoft compiler DOS 3.2 using a dongle but the DOS 3.3 didn't.
Here's the Master disk: CodeWriter-Master.zip
And a picture of the dongle.
(The dongle is completely nondescript. It isn't "keyed", but on the underside is a semi-circular notch indicating the keyboard end)
A high-level specification for the dongle is:
- AN3 is reset (or power).
- NB. Midway through sequence: doing
POKE $C05F,0, then PB2 just returns 1's - Followed by
POKE $C05E,0which resets the sequence
- NB. Midway through sequence: doing
- AN2 is the clock signal: toggling it will generate the next bit in the sequence.
- PB2 is used to read the current bit.
- The bit sequence is 127 bits in length, then repeats.
- So perhaps a 7-bit LFSR?
Neat one. Almost certainly a simple LFSR given the 2^n-1 sequence length. Is there ever a stream of 7 consecutive zeros or ones?
Yes, 7 consecutive 1's.
WIP branch: https://github.com/AppleWin/AppleWin/commit/8840c54a3f0dc50c344ebd0fed22b351e42701da
The bit sequence can be created with a 7-bit LFSR expressed by the polynomial: $x^7+x^1+1$
Each new bit is generated by XORing the 7th bit and the 1st bit. The new bit is shifted into the LFSR state from the left.
bit = ((lfsr >> 6) ^ (lfsr >> 0)) & 1;
lfsr = (lfsr >> 1) | (bit << 6);
JSFiddle example: https://jsfiddle.net/xotmatrix/saxqkon6/1/
EDIT:
Looks like that was the reverse sequence. This may be what you want: $x^2+x^1+1$
bit = ((lfsr >> 1) ^ (lfsr >> 0)) & 1;
lfsr = (lfsr >> 1) | (bit << 6);
JSFiddle example: https://jsfiddle.net/xotmatrix/ov70cx4g/1/
Thanks @xotmatrix - I've spliced in your 7-bit LFSR, and it's working nicely. I'll be sure to credit you for this contribution.
A simple utility to dump the CodeWriter protection key's bits to both the screen and $2000: CodeWriter-DumpBits.zip
Side-note: because this uses AN3, then this can put RGB cards into unexpected video mode states. EG. for the above utility (CodeWriter-DumpBits), the screen goes blank (but running in 80-col mode is fine).
This is the Video-7 40-col "F/B Text" mode, where the foreground/background colours are read from aux mem...
(Ref: NTSC.cpp, NTSC_SetVideoMode() )
// ----- Video-7 SL7 extra modes ----- (from the videocard manual)
// AN3 TEXT HIRES 80COL
// 0 1 ? 0 F/B Text
Plugging the protection key in the wrong way means...
- pin1: +5v connects to pin9 (not connected on //e; PB3 on IIgs)
- pin8: GND connects to pin16 (not connected)
- pin12: AN3 connects to pin4 (SW2 or PB2)
- pin13: AN2 connects to pin5 (STB or strobe)
So probably fine (and probably why the Game I/O pins were arranged like this).
(From the //e TRM)
Would you say a stack of five ICs would fit inside that dongle? I've been working on a reverse-engineered circuit made from 7400-series logic.
No, it won't be 74-series. It will be a PAL chip. Probably a PAL16R8 which has 8 flip flops so will easily implement a 7-bit LFSR. Also these chips have a copy-protection feature to prevent reading out the fuse bits which would nicely add to the security of the solution.
