DDOS21V.UNP Breaking Doubledos's Softguard 2.03 Protection by The Lone Victor For DOUBLEDOS 2.1V United States copyright law SPECIFICALLY grants you the right to make copies of programs you buy on magnetic media. Programs are copy protected IN VIOLATION OF YOUR RIGHTS UNDER U.S. LAW. Programs that are protected by the Softguard system are distinguished by the files CML0203.HCL and VDF0203.VDW which are hidden in the root directory when you install the program on your fixed disk. The 0203 part of the file names is the Softguard version (2.03) while CML stands for Common Loader and VDF is the Volume Descriptor File. The extensions HCL and VDW stand for Hard-disk Common Loader and Verify Descriptor Working copy. In addition, there will be a hidden root file with a .EXE or .LOD or some other extension. This is the REAL program, which has been encrypted and hidden. The program DOUBLEDO.COM, in the product directory is the Softguard miniloader. All it does is call the Common Loader. For example, when you run DOUBLEDO, the program DOUBLEDO.COM loads CML0203.HCL high in memory and runs it. CML decrypts itself and reads VDF0203.VDW. The VDF file contains some code and data from the fixed disk FAT at the time of installation. By comparing the information in the VDF file with the current FAT, CML can tell if the CML, VDF, and DOUBLEDO.EXE files are in the same place on the disk where they were installed. If they have moved, say from a backup & restore, then DOUBLEDOS will not run. This text file is designed to let you unprotect the most current version of Doubledos, which is protected by a variation of Softguard 2.03. (not 2.03A) -- INSTRUCTIONS -- First, using your valid, original DOUBLEDOS diskette, install it on a fixed disk. You cannot use this text to unprotect the floppy directly! Softguard hides three files in your fixed disk root directory: CML0203.HCL, VDF0203.VDW, and DOUBLEDO.EXE. It also copies DOUBLEDO.COM into your chosen DOUBLEDOS directory. DOUBLEDO.EXE is the real DOUBLEDOS program, encrypted. The extension of this file does not matter. It is really an encrypted .EXE file. Second, un-hide the three files in the root directory. You can do this with the programs ALTER.COM or FM.COM found on any BBS. Make copies of the three files, and of DOUBLEDO.COM, into some other directory. Hide the three root files again using ALTER or FM. Following the DOUBLEDOS instructions, UNINSTALL DOUBLEDOS. You can now put away your original DOUBLEDOS diskette. We are done with it. Now copy your four saved files back into the root directory and hide the CML0203.HCL, VDF0203.VDW, and DOUBLEDO.EXE files using ALTER or FM. We can now run DOUBLEDO.COM using DEBUG, trace just up to the point where it has decrypted DOUBLEDO.EXE, then write that file out. LET 'ER RIP! Instructions Comments debug DOUBLEDO.com ; name of file that runs the product r ; dump debug's registers **** WRITE DOWN THE VALUE OF DS FOR USE BELOW. **** **** THIS VALUE IS DEPENDENT ON YOUR PARTICULAR MACHINE. **** g 4D7 ; now we can trace CML t g 1B5 t e cs:A2 74.EB ; debug reports the 74 here, you enter EB e cs:127 ; E8.90 ; you enter the 90's followed by a space, and D1.90 05.90 ; a carriage retirn after the 3rd 90 (no space). g 127 a 185 jmp 1C5 ; this second CR gets you out of the assembler a 22B jmp 265 a 41F mov ax,22 e cs:42F 01.89 ; debug reports the 01, you enter 89 a 4CE mov bl,7A g 4DF g 281 t g 24D t g 5A6 ; wait while reading VDF & FAT g=5B1 5C1 g=5C9 9DA ; DOUBLEDO.EXE has been decrypted d cs:1E7 L8 ; just for grins, here's the password rBX :0 ; set BX to 0 rCX :4800 ; set CX to 4800 n dd.bin ; name of file to write to w XXXX:100 ; where XXXX is the value of DS that ; you wrote down at the beginning. q ; quit debug Now unhide and delete the files DOUBLEDO.EXE, VDF0203.VDW and CML0203.HCL. DOUBLEDO.COM should also be deleted from the root directory and the product directory. Copy DD.BIN from the root directory to the product directory. Then rename the file: REN DD.BIN DOUBLEDO.EXE Lastly, you must remove a check in DOUBLED2.PGM that makes sure you are still using the Softguard protection. debug doubled2.pgm e 9109 5F.78 ; You type in 78 ; (If something else shows here, patch won't work) w ; Save changes to the file q ; You are now ready to DOUBLE DO IT in high style! NOTE: The Lone Victor is the author of this method to unprotect Softguard protected products, and deserves all the credit. I adapted his method to DOUBLEDOS and "cleaned-up" a "chain-letter" unprotection file that some novices would have had trouble fathoming. Robert White and Steve Diamond had nothing to do with this. GVH root directory when you install the program on your fixed disk. The 0203 part of the file names is the Softguard version (2.03) while CML stands for Common Loader and VDF is the Volume Descriptor File. The extensions HCL and VDW stand for Hard-disk Common Loader and Verify Descriptor Working copy. In addition, there will be a hidden root file with a .EXE or .LOD or some other extension. This is the REAL program, which has been encrypted and hidden. The program DOUBLEDO.COM, in the product