Bit nibbler explained

A bit nibbler, or nibbler, is a computer software program designed to copy data from a floppy disk one bit at a time. It functions at a very low level directly interacting with the disk drive hardware to override a copy protection scheme that the floppy disk's data may be stored in. In most cases the nibbler software still analyses the data on a byte level, only looking to the bit level when dealing with synchronization marks (syncs), zero-gaps and other sector & track headers. When possible, nibblers will work with the low-level data encoding format used by the disk system, being Group Coded Recording (GCR - Apple, Commodore), Frequency Modulation (FM - Atari), or Modified Frequency Modulation (MFM - Amiga, Atari, IBM PC).

Overview

Software piracy began to be a concern when floppy disks became the common storage media.[1] The ease of copying depended on the system; Jerry Pournelle wrote in BYTE in 1983 that "CP/M doesn't lend itself to copy protection" so its users "haven't been too worried" about it, while "Apple users, though, have always had the problem. So have those who used TRS-DOS, and I understand that MS-DOS has copy protection features".[2] Apple and Commodore 64 copy protection schemes were extremely varied and creative because most of the floppy disk reading and writing was controlled by software (or firmware), not by hardware.

Pournelle disliked copy protection and, except for games, refused to review software that used it. He did not believe that it was useful, writing "For every copy protection scheme there's a hacker ready to defeat it. Most involve so-called nybble copiers, which try to analyze the original disk and then make a copy". By 1980, the first 'nibble' copier, Locksmith, was introduced for the Apple II. These copiers reproduced copy protected floppy disks an entire track at a time, ignoring how the sectors were marked. This was harder to do than it sounds for two reasons: firstly, Apple disks did not use the index hole to mark the start of a track; their drives could not even detect the index hole. Tracks could thus start anywhere, but the copied track had to have this "write splice", which always caused some bits to be lost or duplicated due to speed variations, roughly in the same (unused for payload data) place as the original, or it would not work. Secondly, Apple used special "self-sync" bytes to achieve agreement between drive controller and computer about where any byte ended and the next one started on the disk. These bytes were written as normal data bytes followed by a slightly longer than normal pause, which was notoriously unreliable to detect on read-back; still, you had to get the self-sync bytes roughly right as without them being present in the right places, the copy would not work, and with them present in too many places, the track would not fit on the destination disk.

Apple II

Locksmith copied Apple II disks by taking advantage of the fact that these sync fields between sectors almost always consisted of a long string of FF (hex - all '1' bits) bytes. It found the longest string of FFs, which usually occurred between the last and first sectors on each track, and began writing the track in the middle of that; also it assumed that any long string of FF bytes was a sync sequence and introduced the necessary short pauses after writing each of them to the copy. Ironically, Locksmith would not copy itself. The first Locksmith measured the distance between sector 1 of each track. Copy protection engineers quickly figured out what Locksmith was doing and began to use the same technique to defeat it. Locksmith countered by introducing the ability to reproduce track alignment and prevented itself from being copied by embedding a special sequence of nibbles, that if found, would stop the copy process. Henry Roberts (CTO of Nalpeiron), a graduate student in computer science at the University of South Carolina, reverse engineered Locksmith, found the sequence and distributed the information to some of the 7 or 8 people producing copy protection at the time.

For some time, Locksmith continued to defeat virtually all of the copy protection systems in existence. The next advance came from Henry Roberts' thesis on software copy protection, which devised a way of replacing Apple’s sync field of FFs with random appearing patterns of bytes. Because the graduate student had frequent copy protection discussions with Apple’s copy protection engineer, Apple developed a copy protection system which made use of this technique. Henry Roberts then wrote a competitive program to Locksmith, Back It UP. He devised several methods for defeating that, and ultimately a method was devised for reading self sync fields directly, regardless of what nibbles they contained. The back and forth struggle between copy protection engineers and nibble copiers continued until the Apple II became obsolete and was replaced by the IBM PC and its clones.

Commodore 64

Part of the Fast Hack'em disk copy software was a nibbler used to produce copies of copy protected Commodore 64 commercial software. When using the nibbler, disk copying was done on a very low level, bit-by-bit rather than using standard Commodore DOS commands. This effectively nullified the efficacy of deliberate disk errors, non-standard track layouts, and related forms of copy prevention. Copying a protected disk took approximately 60 seconds if being copied directly to another disk drive, or 3 minutes (plus several disk swaps) if performed using a single disk drive.

Super Kit/1541[3] was sold by Prism Software around 1986 written by Joe Peter who also did Wrap Speed and some of the VMax copy protection. It included many different copiers like a Normal Copier, Nibbler, File Copier, Super Nibbler, Disk Surgeon, and disk Editors. There was also parameters on Side-B (see the list below). 2 Drives could also be daisy chained and once programmed the computer itself could be disconnected and let the drives do the copying by checking the disk insertion key in around 20 seconds.

Interesting fact is that the program could make a copy of itself, BUT could not make a copy of the copy because the sync length of the original was shorter than the copy made and the loader checked for this length and the copy would have a much longer sync. V3 was later released to PD by the author.

NIBtools is a modern (circa 2006) open source software that performs the same function, intended mainly for archiving data from old floppies that may be copyright-protected or damaged.[4] Instead of reading bit-by-bit, one can also read many 1.25 KB stretches and then assemble them together in a way akin to shotgun sequencing, an approach necessary for using slow connections on the Commodore 1541.[5]

Rapidlok was a copy protection scheme used widely by many companies and no version of it was successfully copied ever. They used a $00 value in between sectors which caused copiers to become "flaky" as it was an illegal GCR value.[6]

Notes and References

  1. Copy Protection: A History and Outlook http://www.studio-nibble.com/countlegger/01/HistoryOfCopyProtection.html
  2. News: Zenith Z-100, Epson QX-10, Software Licensing, and the Software Piracy Problem . BYTE . June 1983 . 20 October 2013 . Pournelle, Jerry . 411.
  3. Web site: Steverd . Super Kit/1541 . 20 March 2013.
  4. Web site: NIBtools . Commodore 64 (C64) Preservation Project.
  5. Web site: Steil . Michael . Reading the Raw Bits of a C64/1541 Disk without a Parallel Cable . pagetable . 27 April 2019.
  6. Web site: Rittwage . Pete . Rapidlok info . page . 10 Nov 2019.