Topics

Unsecuring old HP Basic software

Tony Goodhew
 

Hey ALl,

Apologies in advance if this is an outlawed topic but I'm looking for information on how to "unsecure" some old HP basic software. I'm referring to software that loads into HP or RMB basic, mostly on old Series 200/300 machines that when you try to list it all you see is asterisks.

I see mention of people having a utility or having their own software that does the decryption (often referred to as "Unsecure") but I've never actually seen the utility/source anywhere.

The reason I'm looking into this is that I have some old HP test gear calibration software that runs on my HP Viper card but I'd like to move it either to HP Basic on Windows or to a more modern language. I'm not so much worried about porting the flow as I am in the specific calculations/methods they're using to calibrate stuff (for example setting up special functions on the calibration gear like filters, attenuators etc on an 8902A).

If anyone happens to be able to point me in the right direction to either a utility, program or notes on the 'secure' process for reverse engineering I'd really appreciate it.

Thanks,

TonyG

Stephen Hanselman
 

Tony,

 

Even when I worked at Opto Div and we asked about this the calculator folks laughed at us.  If I remember right there is a code word or number that encrypts the basic code.  On the other hand it was 1979 that I was involved with this

 

Good luck

 

steve

 

From: VintHPcom@groups.io <VintHPcom@groups.io> On Behalf Of Tony Goodhew
Sent: Friday, August 23, 2019 12:59 PM
To: VintHPcom@groups.io
Subject: [VintHPcom] Unsecuring old HP Basic software

 

Hey ALl,

Apologies in advance if this is an outlawed topic but I'm looking for information on how to "unsecure" some old HP basic software. I'm referring to software that loads into HP or RMB basic, mostly on old Series 200/300 machines that when you try to list it all you see is asterisks.

I see mention of people having a utility or having their own software that does the decryption (often referred to as "Unsecure") but I've never actually seen the utility/source anywhere.

The reason I'm looking into this is that I have some old HP test gear calibration software that runs on my HP Viper card but I'd like to move it either to HP Basic on Windows or to a more modern language. I'm not so much worried about porting the flow as I am in the specific calculations/methods they're using to calibrate stuff (for example setting up special functions on the calibration gear like filters, attenuators etc on an 8902A).

If anyone happens to be able to point me in the right direction to either a utility, program or notes on the 'secure' process for reverse engineering I'd really appreciate it.

Thanks,

TonyG

Dave McGuire
 

On 8/23/19 3:59 PM, Tony Goodhew wrote:
Apologies in advance if this is an outlawed topic but I'm looking for
information on how to "unsecure" some old HP basic software. I'm
referring to software that loads into HP or RMB basic, mostly on old
Series 200/300 machines that when you try to list it all you see is
asterisks.

I see mention of people having a utility or having their own software
that does the decryption (often referred to as "Unsecure") but I've
never actually seen the utility/source anywhere.

The reason I'm looking into this is that I have some old HP test gear
calibration software that runs on my HP Viper card but I'd like to move
it either to HP Basic on Windows or to a more modern language. I'm not
so much worried about porting the flow as I am in the specific
calculations/methods they're using to calibrate stuff (for example
setting up special functions on the calibration gear like filters,
attenuators etc on an 8902A).

If anyone happens to be able to point me in the right direction to
either a utility, program or notes on the 'secure' process for reverse
engineering I'd really appreciate it.
I had thought I heard at one point that it was something silly like
the high bit was set in the first byte of the line number, or something
equally trivial. Does anyone know anything about that?

-Dave

--
Dave McGuire, AK4HZ
New Kensington, PA

 

I've heard the same thing.
If I remember correctly Tony D. was the source of it.
Searching the classiccmp archive could deliver the answer. 

-Rik



On Fri, Aug 23, 2019 at 11:37 PM +0200, "Dave McGuire" <mcguire@...> wrote:

On 8/23/19 3:59 PM, Tony Goodhew wrote:
> Apologies in advance if this is an outlawed topic but I'm looking for
> information on how to "unsecure" some old HP basic software. I'm
> referring to software that loads into HP or RMB basic, mostly on old
> Series 200/300 machines that when you try to list it all you see is
> asterisks.
> 
> I see mention of people having a utility or having their own software
> that does the decryption (often referred to as "Unsecure") but I've
> never actually seen the utility/source anywhere.
> 
> The reason I'm looking into this is that I have some old HP test gear
> calibration software that runs on my HP Viper card but I'd like to move
> it either to HP Basic on Windows or to a more modern language. I'm not
> so much worried about porting the flow as I am in the specific
> calculations/methods they're using to calibrate stuff (for example
> setting up special functions on the calibration gear like filters,
> attenuators etc on an 8902A).
> 
> If anyone happens to be able to point me in the right direction to
> either a utility, program or notes on the 'secure' process for reverse
> engineering I'd really appreciate it.

  I had thought I heard at one point that it was something silly like
the high bit was set in the first byte of the line number, or something
equally trivial.  Does anyone know anything about that?

               -Dave

-- 
Dave McGuire, AK4HZ
New Kensington, PA



Stan
 

Eons ago I wrote an “unsecure” utility for HP BASIC. It’s simply a matter of flipping a bit at the beginning of each program line. It’s easy to see how the SECURE function works by writing and storing a one line program, looking at the stored file with a hex editor, then securing that line, storing the new file, and comparing it to the original. 

Stan

Tony Goodhew
 

Thanks everyone and a special thanks to Stan for the insight that I completely spaced on.

TonyG 

Martin Hepperle
 

Tony,

some time ago I found the attached solution to unsecuring BASIC 2.0 programs for the 9826 (sorry I don#t remember the source).
Maybe you can rework it a bit so that it works with your programs.
The code is using the ReadIO() function with the -9826 parameter to access the program loaded in memory. This is documented in the BASIC manuals.
The tricky part seems to be more in the calculation of the locations of the line numbers.

Martin

Tony Goodhew
 

Thanks appreciate it.

I attached to the process using WinDBG and I can see the difference in the lines between unsecure (00 0e):
00000000`006e0096 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 04 0a 00 7f cf 03  .....................
00000000`006e00ab 46 6f 6f ca c9 00 0e 0e 04 14 00 7f cf 03 42 61 72 ca c9 00 0e  Foo...........Bar....

and secure (01 0e):
00000000`006e0096 00 00 00 00 00 00 00 00 00 00 00 00 01 0e 00 04 0a 00 7f cf 03  .....................
00000000`006e00ab 46 6f 6f ca c9 00 0e 0e 04 14 00 7f cf 03 42 61 72 ca c9 00 0e  Foo...........Bar....

From the HP Basic Reference Manual it appears that I can use READIO(9826, <<Address>>) to simply write 00 there to unsecure. Next step is to see if the program offset is always the same and what the END/START byte set is for lines.

Thanks everyone for the help.

TonyG

Tony Goodhew
 

Actually the next step is to follow Stan's guidance and just start working with the stored file rather than trying trying to create a HP Basic sub that dynamically 'unsecures'

TonyG

Martin Hepperle
 

Hi,

if I remember correctly, there are two ways to secure a program:

  • the whole program is secured: then only a file type has to be changed and/or the password reset in the LIF directory (this scheme is also used for Series-80s programs),
  • individual lines are secured - then the "in memory" approach might be more viable than the direct disc modification (this is not present in Series-80 BASIC).

Martin