This page is a wiki. Please login or create an account to begin editing.


155 posts / 0 new
Last post

Comments

powermax's picture
Offline
Joined: 2020 Sep 5

Have anyone managed to run Grenier du Mac's Cubase 2.5.1r3?
It's on the list of the application that need a "fix".

When I run the application from the above archive in my iMac G3 it crashes immediately and drops into MacsBug.
I tried both .sit and .hqx archives as well as the original package from grenier-du-mac.net.
None of them works for me.
Any idea?

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

Have anyone managed to run Grenier du Mac's Cubase 2.5.1r3?

Yes, I have - in Mini vMac II (68020, 256 colors, variation build). Screenshot #3 and DL #2 are what I put up on that page.

It requires running from the mounted disk image. That is, it won't allow you to move the contents from that mounted image to a drive and then run the program directly from the HD.

I think that's what is meant by the comment "Requires a Master Disk. Any way to bypass it?" in the list of requests.

It's a very old program and just may not be suitable for a modern G3 iMac perhaps.

powermax's picture
Offline
Joined: 2020 Sep 5

@MikeTomTom I just patched the SoundJam OS X to remove the time bomb. Please give it a try - it's the 7th DL on the SoundJam DL page. To use it, unzip the archive into the same directory where the original application is located, then run the patched version.

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

Hi powermax. Brilliant and thank you for this one too.

I'm playing your patched copy as I type this out, on an old iBook G4 running Mac OS X 10.2.8. Laughing out loud
It's so good to see SoundJam's OS X pre-release continue to run on without that expiry notice popping up.

I know galgot will be over the moon when he sees this. Thanks for doing this, powermax.

powermax's picture
Offline
Joined: 2020 Sep 5

Thanks for doing this, powermax.

You're welcome!

I'm glad to hear that the patched application works as expected. I always try to avoid patching because I saw a lot of protected software that performs integrity checks and either refuses to work properly or crashes unexpectedly as far as it detects unauthorized changes.

But sometimes patching is unavoidable. SoundJam was programmed to quit with "Version expired" alert when running after May 2020. The corresponding values were hardcoded in the executable so there is no way to avoid patching.

But all is well that ends well. Cool

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

But all is well that ends well. Cool

I'll say!

I haven't noticed anything adverse happening as yet. I've had it playing for an hour or so now.
It's looking (and sounding) very good from my side. Thanks! Laughing out loud

cbone's picture
Offline
Joined: 2011 Sep 17

Another formerly-crippled Mac program's been PowerMaxed, yay! Laughing out loud

powermax's picture
Offline
Joined: 2020 Sep 5

The full version of Lunar Commando is protected by PACE Interlok like the most pro audio software of the 90s does. Interlok will allow you to set a 30-day trial before it stops working.
Interlok belongs to the hardest protection schemes I saw so far. IIRC, its Macintosh version was never fully cracked. Interlok protects a target application by encrypting it and adding a software guard that ensures that the target is authorized to run from a particular hard drive. As soon as the authorization is approved, the target application will be decrypted and executed.
Because Interlok was widely used, the best approach to circumvent it would be "defeat once, apply everywhere". In other words, figuring out how Interlok wraps its targets will help to "unprotect" a lot of applications. The latter is particularly important in order to make Interlok-protected apps to run in emulators including the Classic environment.
While the above sounds like a good plan, I have neither the time nor the energy to fight with Interlok alone so I'm hoping to find some more volunteers (I'd train them if needed).

adespoton's picture
Offline
Joined: 2015 Feb 15

Has anyone attempted dumping memory after Interlok has already decrypted? Or watching for the decryption key as it's loaded?

I haven't studied that DRM at all; it seems rather early for the varieties that only do partial decryption though, so it should be possible to load into memory and then dump to disk, even if this has to be done in parts to get anything usable out.

powermax's picture
Offline
Joined: 2020 Sep 5

Has anyone attempted dumping memory after Interlok has already decrypted?

Yes, I attempted that about 25 years ago with no success. Interlok patches MacOS Debugging API so there is no way to enter MacsBug or another low-level debugger when an Interlok-protected application is running.
Issuing a NMI using the programmer switch will cause your Mac to reboot.

I imagine that dumping memory content without debugger will be pretty tough. One would need to develop a special driver running in the background that dumps memory content to disk at reboot. If that even can be done, it's still not generic enough to be applied to said Interlok-protected plugins because those rely on PACE API to be called from plugin code.

I'm afraid the only clean way to get rid of Interlok is to study how it works. Moreover, I'm not a friend of brute force methods because they can lead to a serious damage. The possibility of destroying a master disk or dongle doesn't sound like a good idea to me.

Or watching for the decryption key as it's loaded?

Interlok hides all its keys and even the most part of its code from hacker's eyes by encrypting almost everything. Moreover, it constantly performs integrity checks of itself and the protected application to prevent unauthorized modifications. In other words, any attempt to change a single byte of a protected application will render it unusable.

I haven't studied that DRM at all; it seems rather early for the varieties

The company behind Interlok is still in business; you can visit their site at www.paceap.com

There are several Interlok versions for Macintosh. The early ones are dated back to 1986. The most widespread versions were around in mid-90s. The Interlok protection code from this era is exclusively 68k.

In the late 90s, Interlok was rewritten to run natively on PowerPC. Interlok runs on Windows as well.

The early versions rely exclusively on key disks while the most recent versions require iLok dongle to work. The most recent protection technology is called "Fusion". It glues application code and protection code together so they cannot be separated. This idea is similar to (un)famous Syncrosoft protection known to be very hard to defeat. Both PACE Fusion and Syncrosoft MFACT protection technologies are considered virtually uncrackable.

adespoton's picture
Offline
Joined: 2015 Feb 15

Does Interlok run within any existing emulators? Since they do disk-based stuff, BII and Mini vMac are out, but what about SoftMac XP or PCE/Macplus? Then you don't run the debugger inside the OS, you instead run it in the emulator or the host OS.

Of course, it's also possible to get around the debugger patching by redirecting Interlok to dummy patches every time it attempts to patch the debugger. This would take a long time, but the results might be illuminating.

powermax's picture
Offline
Joined: 2020 Sep 5

Does Interlok run within any existing emulators?

I personally didn't try it but I heard from others that Interlok poses a lot of problems when running under emulation. That's the main reason for wanting to strip Interlok off of protected executables.

Of course, it's also possible to get around the debugger patching by redirecting Interlok to dummy patches every time it attempts to patch the debugger.

Yes, that's what I'm going to do. I'm also thinking about running Interlok in a custom VM based on specialized emulators like bare68k. This way, I can intercept virtually everything. Moreover, it enables a higher level debugging with sophisticated watchpoints that aren't available in MacsBug. Want to break when a specific instruction is executed? No problem! Need to monitor reading from a particular memory region? Easy done! Want memory snapshots? Voilà! Go on and imagine your own crazy debugging scenario.

Yeah, VM is great Cool

adespoton's picture
Offline
Joined: 2015 Feb 15

Bare68k sounds great; I've never heard of that one before. I'll add it to my list of things to investigate Smile

cbone's picture
Offline
Joined: 2011 Sep 17

Man, I love see Mac-gurus at work.. it never gets old! Shock Laughing out loud

LanHawk's picture
Offline
Joined: 2019 Dec 28

Since I have been studying these on my own picking my way through piece by piece and learning a lot along the way, I would be more than willing to be "trained" and assist however I can. I had also thought that the best way to get to the bottom of these was to be running a debugger on the "outside" of the emulation so that Interlok can't nerf the debugger before you get to see what you want to see. So I would be very interested in the bare68k thing.

powermax's picture
Offline
Joined: 2020 Sep 5

Thanks! I'll go ahead and set up a basic VM for our Interlok "research" project then. Please give me a week or so - while the 68k emulator is there, the required MacOS traps still need to be emulated for the VM to be usable. Moreover, I need a way to access the resource fork of protected executables on mac OS 13.6. Any clue what library can be used for that purpose?

adespoton's picture
Offline
Joined: 2015 Feb 15

I don't know of any library, but you can always access it via a named fork (in [file]/..namedfork/rsrc), and via xattr -p com.apple.ResourceFork [file].

I haven't dug into it, but com.apple.ResourceFork might include some more exposed API as well. As for handling defined resources... I don't know of a library for that.

powermax's picture
Offline
Joined: 2020 Sep 5

While it's possible to access the legacy resource fork on a recent macOS, it will be of little use because the fork itself is basically a blob of raw binary data. Manipulating it in the absence of the resource manager isn't trivial.

Fortunately, there is a library for doing exactly that: https://github.com/dgelessus/python-rsrcfork

cbone's picture
Offline
Joined: 2011 Sep 17

Indeed! The growing interest in lock-picking this encryption technology as you have presented it is gaining momentum. It very well can lead to the creation of a small band of decrypters collaborating on the methods that this security wrapper can be beaten globally, an A-Team of sorts.

Wow! It's playing Sherlock Holmes with the right instruments and clues the very software protection-scheme leaves as it executes its security objective.. it's a most exhilarating and intriguing software forensic venture! Reverse-engineer away my friends Laughing out loud

powermax's picture
Offline
Joined: 2020 Sep 5

MasterList CD (both versions) is another Interlok protected software to be "fixed". It doesn't even install without key disk inserted.

snes1423's picture
Offline
Joined: 2020 May 13

what about boot camp beta 1.4 might be important to put on the list

powermax's picture
Offline
Joined: 2020 Sep 5

What's the problem?

snes1423's picture
Offline
Joined: 2020 May 13

says that the beta is over and does not allow you to use the programmer

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

I haven't used this, but going by the info on the Boot Camp 1.4 Beta page, I was under the impression that only the installer app was time-bombed. And that all one needed to do was to set the Mac's clock back to any date in 2007 and it will install and work for you from that point on, in the current date and time. Is this not the case?

Also, it is for Tiger 10.4.x Intel Mac's only, running Mac OS X Tiger 10.4.6 - 10.4.11

Intel Mac OS's from 10.5 onward supplied Boot Camp installers that aren't time bombed.

powermax's picture
Offline
Joined: 2020 Sep 5

Found more Interlok protected software that requires "fixes":
Cubase 3.0.1 VST
DINR 1.1

LanHawk's picture
Offline
Joined: 2019 Dec 28

Of those I have investigated, these also appear to be Interlok:
Alter Ego - Female version
Forbidden Castle
MacRobots
MacWars
Maze Survival
Sword of Kadash
Voodoo Island

powermax's picture
Offline
Joined: 2020 Sep 5

I just added a working registration code for Galaxus. Please test it (especially on 68k).

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

Yep. Another notch in your belt Smile

Your code on the Galaxus page works for both 68k & PPC - the game runs with all levels available.
And the game plays in Basilisk II and SheepShaver! (that wasn't noted on the Galaxus page)

Thank you once again, powermax!

cbone's picture
Offline
Joined: 2011 Sep 17

Thanks for that very nice 8-bit little arcade game save, PowerMax! Smile

It plays beautifully in Basilisk II - of course, the game's screen depth change to thousands (or millions) of colors upon quitting throws the emulator out of whack and requires exiting BII or shutting down - that's if you can make out the shutdown menu option! Shock lol

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

I didn't strike any errors on quitting, cbone. It quit OK for me and auto-switched the screen rez back to 24bit color without upsetting Basilisk II. I was using a Windows version of B2 at the time, if yours was running on Android or Mac, perhaps there's a difference there?

cbone's picture
Offline
Joined: 2011 Sep 17

Running the Android port of Basilisk II has been an interesting experimental journey of hits-and-misses for me.

Aside the losing networking capabilities mostly due to lack of knowledge and understanding of how to set that up, I also fought to get it to boot properly at one point, and then I also had the issue of the tablet vs. desktop mouse modes (being that my Android environment uses a keyboard and touchscreen); most of these things ended up simply being a set learning-curve roadblocks and diversions for me to get the emulator working properly.

This last resolution-switching glitch is honestly quite bizarre, however; it may be something tied to the Basilisk II version or maybe the SDL it's wrapped in (I'm not very tech-savvy on under-the-hood elements of programs).

Here's how it looks after the resolution depth is auto-increased by a program:

MikeTomTom's picture
Offline
Joined: 2009 Dec 7

Eek! Sorry to see that happening for you, cbone. It must be an Android thing, as it's not happening here for me.
I note, while crossing fingers Puzzled

Duality's picture
Offline
Joined: 2014 Mar 1

I'd rather not take the focus away from the 68k + PPC Mac software, so don't take this too seriously.

As a request, Emagic's SoundDiver 3.1 beta 2 for Mac OS X, download 7 from the SoundDiver page, would be nice to get working without an XSKey dongle. I do happen to have one of these, that's where the screenshots on this page came from.

I suspect that the check for this key isn't that strong, as my XSKey is for an education version of Logic Pro 7. It will force quit quite suddenly if the USB key isn't always present.

powermax's picture
Offline
Joined: 2020 Sep 5

I remember working with SoundDiver in the late 90s. That was an amazing piece of software I enjoyed a lot.
Frankly speaking, XSKey sounds like a hacker's nightmare. IIRC, no XSKey was ever cracked properly. Apple dropped XSKey as soon as it acquired Emagic Logic. A Macintosh computer has been turned to be a dongle because any PC version was immediately discontinued after the acquisition.
Could you make your dongle available for "research" purposes?

Duality's picture
Offline
Joined: 2014 Mar 1

Sure, the dongle can be surrendered if it can be returned in one by-some-standard-of-functional piece.

Drop me a note at duality at doubleaught dot site with a place to ship it to and I can get that sent off in a day or so.

LanHawk's picture
Offline
Joined: 2019 Dec 28

A playable copy of OrbQuest has been uploaded. Someone should probably verify all is well with the zipped disk image.

Bolkonskij's picture
Offline
Joined: 2009 Aug 3

Thank you! Just crossed off OrbQuest from the list thanks to LanHawk's upload of a hacked version. Anything I did miss to add / delete? I had a few busy weeks lately with almost no time to check the Garden - please let me know Smile

LanHawk's picture
Offline
Joined: 2019 Dec 28

Unprotected versions of the following have been uploaded:
Alter Ego (female version, it also works with disk swapping)
Forbidden Castle
Maze Survival
Voodoo Island

Bolkonskij's picture
Offline
Joined: 2009 Aug 3

Thumbs up and thanks for your amazing effort!

LanHawk's picture
Offline
Joined: 2019 Dec 28

Unprotected versions of the following uploaded:
MacRobots
Tass Times in Tonetown (bad sector in source may not allow full operation)
The Toy Shop (bad sector in source may not allow full operation)
The Lüscher Profile

Bolkonskij's picture
Offline
Joined: 2009 Aug 3

And crossed them from the list. It gets smaller! Awesome! Smile

LanHawk's picture
Offline
Joined: 2019 Dec 28

The list may not shrink quite so fast from here on out, but work is ongoing.
Unprotected versions of the following uploaded:
Hacker II: The Doomsday Papers

cbone's picture
Offline
Joined: 2011 Sep 17

We appreciate all your efforts, LanHawk! Laughing out loud

LanHawk's picture
Offline
Joined: 2019 Dec 28

Unprotected versions of the following uploaded:
Temple of Apshai Trilogy

It will only work under Mini vMac at the lowest emulation speed. CONTROL-S-Z
Verified to work on real hardware. Thanks to jkheiser and Apple2Forever!!

powermax's picture
Offline
Joined: 2020 Sep 5

An unprotected version of Sensei Geometry has been uploaded. Please go ahead and try it out. By the way, you'll learn a lot about Geometry Wink

Bolkonskij's picture
Offline
Joined: 2009 Aug 3

I don't know what to say other than that you two guys are awesome! Sensei Geometry is no. 15 on the list of hacked titles, thus made accessible for posterity along with the original media image. *thumbs up*

LanHawk's picture
Offline
Joined: 2019 Dec 28

Comments on the game/app pages like the one provided by jkheiser (and others) make it all worth it.

powermax's picture
Offline
Joined: 2020 Sep 5

An unprotected version of Mystery Master: Felony! has been uploaded. Enjoy!

LanHawk's picture
Offline
Joined: 2019 Dec 28

Added registration code for: Investigator No.1

cbone's picture
Offline
Joined: 2011 Sep 17

Wow Shock u two are rocking these freed releases! Laughing out loud