Rob Northen copylock

Rob Northen Copylock (also known simply as Copylock) is a copy-protection system designed to prevent disk duplication with standard floppy disk drives on the Amiga, Atari ST, and IBM PC compatibles. It was created by British programmer Rob Northen after founding his own company Copylock Software. It was used mainly to prevent games from being copied by regular users.

History
In 1984, Rob Northen was hired by Acornsoft to write copy protection routines for their published software, such as the original Elite for the BBC Micro. Northen left the company six months later and started his own company Copylock Software, while still working part-time for Acornsoft to write copy protection routines, file systems and disk utilities.

Northen's first copy-protected software under the Copylock name came in 1987 on the Atari ST. The first version of the Copylock software was used to protect early Amiga and Atari ST games that had no multi-load and were on a single floppy disk. Initially, publishers would send the unprotected master disk to Northen, who would then replace the loader program with his own encrypted loader and ship the protected master disk out for duplication.

Following requests from game developers, such as The Bitmap Brothers, who were keen to implement more complex protection checks, Northen wrote subroutines that developers could implement to their own liking. In 1990, he purchased a disk duplicator and used it to create floppies with Copylock serial numbers embedded in them, which he would then send to developers in lieu of the protected master disks, along with the Copylock routines for them to include in their games. This Copylock series could accommodate more recent games with multi-load or spanning across multiple floppies. It also allowed for protection checks to be included at arbitrary points in the game code: one example of this was the Hook computer game by Ocean Software, which included an in-game protection check that if failed would cause a key item, namely a mug, to disappear from the game.

In 1990, Copylock was also ported to MS-DOS-based systems. By the end of its run in 1996, around 500 commercial Amiga games had reportedly been protected with Copylock.

Technical details
A Copylock-protected floppy disk contains one long track, known as the Copylock Serial Track, which can be read on a standard floppy drive but is impossible to write without a sophisticated disk duplication machine. The disk contains a special loader which is heavily encrypted and can read and decode the Copylock Serial Track. The encrypted code verifies that the disk has the correct Copylock Serial Key, which is uniquely generated for each game.

On the machine language level, Copylock works by using the Motorola 68000 trace mode, which causes the processor to execute a specific trace vector before each instruction in the main program. The trace vector decodes the machine language code just-in-time before it is executed and re-encrypts it after execution, so that no more than one or two instructions are stored unencrypted into physical memory at any given time. This is called a trace vector decoder and was originally implemented on the Atari ST platform and afterwards copied to early Amiga models, both based on the 68000 architecture.

First series
There were two types of Copylock routine of the earlier series.

In the internal type, the Copylock Serial Key for that particular software is passed in hardware register D0 and stored at memory address $24. Inventive programmers could use this serial key for specific purposes to force the would-be cracker to have to remove the additional checks in the game. However, on many early titles, programmers typically just performed a check for the serial key, which was easy to find in a program and therefore to disable.

In the wrapper type, the code to start the game, or boot routine, is encrypted and then included with the Copylock code. All disk validity checking is performed by the Copylock code: if successful, the trace vector decoding extends to the encrypted boot routine or file; the data are then moved to the location expected by the game code and the routine is executed. This type of Series 1 Copylock was often used for games that loaded in one hit and did not need to access the disk drive again. However, this meant that the copy protection was rendered useless once the game was decrypted, as then the game could be 'single-filed', i.e. dumped entirely from memory, saved to disk and then made to work independently of the Copylock routines.

Second series
Series 2 was an evolution of the internal Series 1 routines, which again made early versions easy to circumvent, since many programmers only implemented a simple protection check that read the serial key from the Copylock Serial Track and checked that it was correct. Crackers often did not even need to inspect the encoded Copylock routines, because the check for disk authenticity was implemented in such a way that they could clearly see what the serial key was from the code that checked for it. Therefore, whilst many people understood how Copylock worked, very few had taken the time to work out how to actually decode one. By now, however, Copylock had evolved to allow parameters to be passed to it before execution, which meant that Copylock could now write not only the serial key, but also specific game-related values into the contents of registers passed to Copylock, or simply write values to a list of predefined addresses, which would make the game operate correctly.

The typical, generally incorrect way of cracking a Copylocked game was to get the serial key, modify the header of the Copylock to put the correct serial key into register D0, and then bypass all the reading and decoding process. This would mean the "special case" code in the Copylock would never be executed, which would mean the game would not work by using the serial key alone.

IBM PC compatible version
It was possible to port Copylock to IBM PC compatibles because the x86 microprocessor supports the trace vector the same as the 68000 processor does, through a single-step interrupt or INT 1. It manifested itself in a slightly different way in that the game's executable code was encrypted and "wrapped" by the Copylock loader. At runtime this loader would read 4 sectors from the floppy, and generate checksums from them. These in turn would be used as the keys to decrypt the game code. Once the decryption was done, the loader transferred control to the game program. It was easy to circumvent, as the original game executable code was just stored inside the loader. Once you got past the disk checks, and encryption code, dumping the unencrypted executable was just a matter of performing 2 disk writes. The first would dump the unmodified "MZ" header, and the 2nd write would finish the job by saving the actual game code. Fabulous Furlough of The Humble Guys wrote a tool that did just that, and could "crack" a game in less than a minute.