Audience matters. Something intended to stop legitimate business consumers in a non tech industry requires substantially less sophistication than something built to withstand professional reverse engineers.

Locks are there to keep honest people honest.

To expand on the saying, they're not there to be insurmountable. Just to be hard enough to make it easier to do things the right way.

And often they’re there so no one can plausibly say they didn’t know what they were doing or stumbled into it accidentally. You can’t “accidentally” go through a door with a padlock on it.

I’d guess it’s something similar with this dongle. You can’t “accidentally” run the software without the dongle.

Copy protection was also generally less robust for educational software, since it sold to generally law-abiding folks (parents, educators, etc.). Never saw Rapidlok or V-MAX! used for educational software on the Commodore 64, for example.

These days there would be an Aliexpress listing selling fake dongles within a month making it easy for the business customers too.

The tool of choice back then was SoftICE and it would have been trivial to trap even bios level LPT access.

More to the point the guy didn't even open the dongle, which in all likelihood was a simple set of logic gates in this case.

I'm assuming he did have a careful look at the caller to the function because his reasoning that the communicating function took no inputs is faulty.

What if the hardware has a LFSR in it and returns changing responses, and the caller can check them with a verify function else where that maintains a state and knows to expect the next in the sequence?

We have far better tools today for sure, but we understood the system better back then. The right tool is sometimes better than a sharper tool as they say.

Edit : I should add I'm aware it's very likely the actual reversing involved more steps and checks than Dimitrys blog which is narrowed to what worked.

SoftICE was like magic back in the day.

BPIO anyone?

In fairness, the decompiler didn't work on the protection method :)

I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!

Iremember doing exactly this kind of hack for a small telco in Bueno Aires. Extel. Around the year 2000.

In most cases it was not much more difficult than what OP described.

I worked on some software that was used by telcos around that time - you were probably hacking our dongles :)

Even more amazingly - that software I worked in is still being used and sold. Probably still has some of my ropey old code on it…

Yeah, my IT company bitshifts suspect files and provides the magic number.

The protection just needs suficirntly complex.