> But if your program tried to write to ROM and did it often enough, you stressed both the CPU and ROM chip and could cause one or the other to overheat and fail.
I was very much into the C64 scene back in the early 90s and while I heard claims similar to that one (code that destroys chips or other components by overheating/stressing them) there was never any legitimate source of that. It was all just urban legends
> code that destroys chips or other components by overheating/stressing them
I agree with you that, just on general principles, I don't know of any reason writing to a masked ROM chip would have any negative impact. While I didn't have a C64 back in the day (I do now though), I did have a Radio Shack Coco which had 16K of masked ROM for the BASIC interpreter (and another 8K of masked ROM if the optional disk controller cartridge was there). And the Coco never had anything like what Dave describes ("Although it’s impossible to write to ROM, Commodore left out the circuitry in the 1541"). The CPU could write to any address whether it held ROM, RAM, control registers or nothing at all. A masked ROM doesn't even have a write select pin. Some EPROMs have a write select but that requires other voltage etc. I used a lot of EPROMs back in the day because I worked at a company that leased hundreds of complete Coco systems to corporate customers each with it's own unique software on a custom cartridge. Each EPROM was burned by hand because it had proprietary customer data on it. The cost was no problem because one month's lease paid for the whole computer. :-)
Since I wrote the EPROM bank switching assembly language routines that drove the custom ROM cartridge hardware, I hammered EPROMS with writes all the time and it never hurt them (and we had hundreds of systems in all-day use). So that part doesn't make much sense to me unless there was something very unusual about the Commodore 1541 controller hardware (and to be fair, I understand the 1541 was weirdly complicated). EEPROMs could maybe have been effected but those were expensive and I can't imagine Commodore shipped electronically erasable chips in volume when much cheaper masked ROMs would suffice. So I suspect whatever Dave is talking about perhaps got garbled or conflated (as 30+ year-old memories do).
If it's garbled or conflated it could be based on the legendary (but real) undocumented HCF instruction (Halt and Catch Fire). And I know all about that because the Coco's 6809 was the original 8-bit home computer CPU that had that instruction. https://en.wikipedia.org/wiki/Halt_and_Catch_Fire_(computing.... But even HCF wouldn't actually damage your processor, although it could certainly warm it up if you left it running!
Further grasping at straws here... I guess every CPU does have some lifespan limit based on cycles and heat but it's really long. Unless something's very wrong with the chip or system design, that lifespan limit isn't usually a factor for a mass market computer. Another thing which might lead to confusion is that lots of computers over the years have had designs that were "thermally challenged" either through poor design, manufacturing errors or excess cost cutting. In those specific cases, it was possible to run really tight loops on the CPU which would, given some time, warm up the processor more than normal and cause a crash due to exceeding the T-limit (max operating temp) for too long. Some early computers also had RF design issues in how the traces on the motherboard were laid out. On these systems, if the RF shield wasn't grounded and you ran code hammering the address lines in certain ways, it could cause enough ringing to turn traces into little antennas spewing out noise and that could cause the computer to crash due to corrupted signals on the adjacent data lines. Once again, that was just a software crash, not permanent damage, and I never personally saw it happen except on prototypes and wire-wrap boards.
> I call BS on this claim
Unless you're Dave's drinking buddy and there's beer on the table, that specific wording may be just a little bit harsh. I mean, Dave has generated a huge volume of retro writing over a lot of years... and the dude definitely lived it first hand. Mistakes happen and I've certainly conflated or garbled some things from 30+ years ago but I doubt he's just making stuff up. I think he's writing from personal experience and relating the truth as he remembers it. That said, I think it's entirely reasonable to ask him for more clarification whenever something doesn't make sense. As retro-obsessive as he obviously is, like me, I'm sure he'd love to find out something he thought he knew is actually different.
> Unless you're Dave's drinking buddy and there's beer on the table, that specific wording may be just a little bit harsh
Yeah, maybe, sorry if it came across like that. We use the term "I call BS on that!" very colloquially and loosely here, so I didn't think of it as being offensive. I could have worded that better, I agree.
> "Although it’s impossible to write to ROM, Commodore left out the circuitry in the 1541"
There is no "circuitry" to disable writing to ROM. ROM chips have no r/W pin, so no circuitry could attach to that. The only thing I could imagine is that they "forgot" the circuitry to disable the ROM's outputs when a write was issued. In that case, the CPU and the ROM write to the data bus at the same time. Which would totally garble whatever it is that is on the bus (which doesn't matter, since the write would be lost anyway), and maybe send a few more milliamps through the processor's (or the ROM's) data lines, but I doubt that this would be much more than what those pins are designed to handle in the first place.
One fact though is that the RAM chips they used back then were often very low quality (because they had trouble sourcing the amount they needed to keep up with the demand), and these RAM chips just broke at some point.... Watch any YouTube video about a C64 repair, and you will notice that everyone just complains about those chips. But that is a different issue and wouldn't explain the ROM chips breaking, or why the issue happens because of "writing to ROM"...
Facts. Only attacks I ever saw were physical where the code would seek the drive head on Atari 810s repeatedly or strobe it or attempt force xt drives in and out of the landing zone to similar effect. obviously over time this is not good for the mechanism.
I don’t remember cpu therms being an issue until the mid late 90s - and then it was athlons. I could be wrong but I dont remember seeing CPU fans until the Pentium II cartridge but that is probably misremembering nostalgia.
80s was just robust against thermal - heck ataris had a giant aluminium shield over the mobo
yeah, there definitely were hardware viruses, stepping the drive out of its maximum cylinder was one... I remember there were even hard drives that didn't have a physical stop, so the head just dropped down on the platter at some point. But to exploit that you had to make sure that you are running on the exact (vulnerable) disk drive model, which was already very unlikely.
I also heard stories of programming graphics card registers in a fancy way to trigger high frequencies in the CRT coils that could, again if the CRT was vulnerable, potentially destroy the coil. But this also relied on very specific hardware to pull it off.
A generic attack on such a high volume home computer or floppy drive like the C1541 would definitely have made the rounds back then in the computer magazines.
And the myth that developers deliberately put in code to damage or even destroy the pirates' computers can also be ruled out almost entirely, as (at least in europe) even back then there was a strong legal protection against deliberately damaging other people's property. I distinctly remember reading about this being debunked in the largest German C64 magazine (64'er) by a lawyer....
> he’d seen protection schemes that, if they detected you had tampered with them, would try to break your disk drive in retaliation. The most common way to do this was to send the drive a command to try to move the drive’s stepper motor beyond its physical range. The drive would oblige and try to do the impossible, so it was possible to command the drive to permanently damage its own drive mechanism.
I didn't have a C64 and my Radio Shack Coco had a less complex disk drive mechanism based around a standard Western Digital disk controller chip, but there were similar copy protections on some software titles.
While I'm sure someone did tell Dave this story, and that person may have believed it themselves, I suspect it's based on a mistaken extrapolation of a more innocent behavior. Way back in the day, we heard a similar report at my local user's group but a techie friend of mine looked into the offending software title and discovered a reality that was more benign. Basically, during manufacturing disk protections tend to put some non-standard formatting someplace on the original disk and then the software tries to read back the non-standard stuff to verify it's the original disk. These could be extra, missing or mis-numbered tracks or sectors. Some protections also put data on an extra track added beyond the last track. Coco disks had 35 "official" tracks in the specification but users quickly learned that these drives were manufactured as 40 track drives, of which some didn't pass QA tests seeking all the way to track 40 and were sold cheaper to Radio Shack. But I never saw a Radio Shack Coco drive that wouldn't seek to track 36, 37 and usually more. I eventually had four drives and all of them would reliably seek to track 41 or 42. In fact, hobbyists made mods for the disk operating system to add extra tracks to the official count. So, at least on the Coco, there were multiple disk protections that would seek the head "beyond the last track", not to damage the drive but because they knew the original disk had data there which all drives could read but no normal disk copy command would write.
The other thing to know is that all these floppy drives were inexpensive, mass-manufactured mechanical devices that had varying tolerances between individual units at the factory which only grew with wear over time, temperature, shipping and handling. Also the diskettes themselves weren't exactly made to exacting mil-spec standards. So, to read the disk the controller software would seek to the desired track and try to read the requested sector. It wasn't terribly unusual for a read to fail and time out due to the head moving a bit too slow or perhaps initially undershooting or overshooting the target track. So all controller software would move the head back (usually to track zero) and then try to step back to the desired track and do the read again. If it didn't work, it would repeat this several times hoping to get a good read before eventually failing with an error. When these rapid head resets and retries happened, the drive would make a loud and unusual "gronking" sound that was quite noticeable. And that was just with normal disks and no oddball disk formatting or trick-play head seeking.
When disk protections would fail to find the expected oddball tracks or sectors, they'd do the same reset/retry behavior with the same furious gronking. Except in the case of disk protections half the sectors on a track could be "special" (on the Coco there were 18 sectors on a track). At 3 or 5 retries each, that's a lot of loud head gronking for a long time as each sector is attempted and fails out in turn. Such was the case with the protected software title my friend disassembled. The erstwhile failed pirate at our user's group meeting (a middle schooler) was trying to start a copy of the game which had none of the "special" sectors present. While I doubt all that gronking was good for the disk mechanism, it wasn't intentionally malicious on the part of the software title. But you can see how the loud gronking sounds which only happened on a failed attempt to pirate a copy of a protected disk could cause people to make assumptions and leap to nefarious conclusions which would then be further embellished through the retelling.
Of course, I don't doubt that some hobbyist hacker or maybe solo software dev had nefarious thoughts and maybe even played around with how to do it and showed their friends a demo. But I never saw or heard any credible claims a commercial software title sold at scale ever shipped to consumers with the intent to destroy user hardware. Even in those days software was sold by publishers to distributors who then sold to retail stores, who sold to end users. A national wave of failed hardware reports associated with one title could mean blame and perhaps even legal liability for any and all of those parties. And disassembling the software sufficiently to prove it was doing this intentionally would have been much easier than making working pirated copies. To be so reckless, not only would the author have to be really dumb, so would the publisher and anyone who knew about it in advance.
The kicker is that, in those days, bulk duplication of diskettes (especially funkily formatted diskettes) wasn't all that reliable - meaning there was a pretty high probability that some non-zero percentage of your legit copies sometimes wouldn't read correctly for a paying customer due to varying manufacturing tolerances (or stray magnetic fields in shipping). And, of course, this failure to read could cause the copy protection to detect the legit disk as "pirated". Back in the 80s and 90s I worked for a successful software manufacturer and one of our products was a large, professional tool which eventually grew to occupy well over a dozen 3.5 inch floppy disks. When a disk wouldn't read for a customer it was a costly warranty issue to ship them a new disk set (and there was no consumer internet). As our software and disk count grew, we saw increasing disk failures. So we analyzed it and despite using the top disk duplicator in the U.S. and legit top-notch, direct-from-the-Sony-factory media - once our install was over a dozen diskettes, the statistical best case was almost every fourth customer would have at least one disk from their set fail to read. And this is without any funky formatting! Fortunately, CD-ROM became a thing shortly thereafter but the point is, the top disk duplicator in the country confirmed that "Yep, we do this better than anyone and your media is the best money can buy - and you're getting the expected field failure rate." So, selling hardware destroying time bombs would have been incredibly stupid, because statistically inevitable failures would certainly harm the hardware of more than one legitimate paying customer by mistake, and that would result in a very fast (but quite spectacular) fireball of infamy for any company dumb enough to try it.
There was the BHP virus, but that was more of a proof of concept, and I don't remember hearing much (if anything) of it being in the wild. That said, it could stamp itself on disks even by simply listing the directory. 64'er was indirectly its source (by claiming it couldn't be done), and they were also the ones to issue a cleaner to remove it from disks.
> But if your program tried to write to ROM and did it often enough, you stressed both the CPU and ROM chip and could cause one or the other to overheat and fail.
I was very much into the C64 scene back in the early 90s and while I heard claims similar to that one (code that destroys chips or other components by overheating/stressing them) there was never any legitimate source of that. It was all just urban legends
I agree with you that, just on general principles, I don't know of any reason writing to a masked ROM chip would have any negative impact. While I didn't have a C64 back in the day (I do now though), I did have a Radio Shack Coco which had 16K of masked ROM for the BASIC interpreter (and another 8K of masked ROM if the optional disk controller cartridge was there). And the Coco never had anything like what Dave describes ("Although it’s impossible to write to ROM, Commodore left out the circuitry in the 1541"). The CPU could write to any address whether it held ROM, RAM, control registers or nothing at all. A masked ROM doesn't even have a write select pin. Some EPROMs have a write select but that requires other voltage etc. I used a lot of EPROMs back in the day because I worked at a company that leased hundreds of complete Coco systems to corporate customers each with it's own unique software on a custom cartridge. Each EPROM was burned by hand because it had proprietary customer data on it. The cost was no problem because one month's lease paid for the whole computer. :-)
Since I wrote the EPROM bank switching assembly language routines that drove the custom ROM cartridge hardware, I hammered EPROMS with writes all the time and it never hurt them (and we had hundreds of systems in all-day use). So that part doesn't make much sense to me unless there was something very unusual about the Commodore 1541 controller hardware (and to be fair, I understand the 1541 was weirdly complicated). EEPROMs could maybe have been effected but those were expensive and I can't imagine Commodore shipped electronically erasable chips in volume when much cheaper masked ROMs would suffice. So I suspect whatever Dave is talking about perhaps got garbled or conflated (as 30+ year-old memories do).
If it's garbled or conflated it could be based on the legendary (but real) undocumented HCF instruction (Halt and Catch Fire). And I know all about that because the Coco's 6809 was the original 8-bit home computer CPU that had that instruction. https://en.wikipedia.org/wiki/Halt_and_Catch_Fire_(computing.... But even HCF wouldn't actually damage your processor, although it could certainly warm it up if you left it running!
Further grasping at straws here... I guess every CPU does have some lifespan limit based on cycles and heat but it's really long. Unless something's very wrong with the chip or system design, that lifespan limit isn't usually a factor for a mass market computer. Another thing which might lead to confusion is that lots of computers over the years have had designs that were "thermally challenged" either through poor design, manufacturing errors or excess cost cutting. In those specific cases, it was possible to run really tight loops on the CPU which would, given some time, warm up the processor more than normal and cause a crash due to exceeding the T-limit (max operating temp) for too long. Some early computers also had RF design issues in how the traces on the motherboard were laid out. On these systems, if the RF shield wasn't grounded and you ran code hammering the address lines in certain ways, it could cause enough ringing to turn traces into little antennas spewing out noise and that could cause the computer to crash due to corrupted signals on the adjacent data lines. Once again, that was just a software crash, not permanent damage, and I never personally saw it happen except on prototypes and wire-wrap boards.
> I call BS on this claim
Unless you're Dave's drinking buddy and there's beer on the table, that specific wording may be just a little bit harsh. I mean, Dave has generated a huge volume of retro writing over a lot of years... and the dude definitely lived it first hand. Mistakes happen and I've certainly conflated or garbled some things from 30+ years ago but I doubt he's just making stuff up. I think he's writing from personal experience and relating the truth as he remembers it. That said, I think it's entirely reasonable to ask him for more clarification whenever something doesn't make sense. As retro-obsessive as he obviously is, like me, I'm sure he'd love to find out something he thought he knew is actually different.
Yeah, maybe, sorry if it came across like that. We use the term "I call BS on that!" very colloquially and loosely here, so I didn't think of it as being offensive. I could have worded that better, I agree.
> "Although it’s impossible to write to ROM, Commodore left out the circuitry in the 1541"
There is no "circuitry" to disable writing to ROM. ROM chips have no r/W pin, so no circuitry could attach to that. The only thing I could imagine is that they "forgot" the circuitry to disable the ROM's outputs when a write was issued. In that case, the CPU and the ROM write to the data bus at the same time. Which would totally garble whatever it is that is on the bus (which doesn't matter, since the write would be lost anyway), and maybe send a few more milliamps through the processor's (or the ROM's) data lines, but I doubt that this would be much more than what those pins are designed to handle in the first place.
One fact though is that the RAM chips they used back then were often very low quality (because they had trouble sourcing the amount they needed to keep up with the demand), and these RAM chips just broke at some point.... Watch any YouTube video about a C64 repair, and you will notice that everyone just complains about those chips. But that is a different issue and wouldn't explain the ROM chips breaking, or why the issue happens because of "writing to ROM"...
I don’t remember cpu therms being an issue until the mid late 90s - and then it was athlons. I could be wrong but I dont remember seeing CPU fans until the Pentium II cartridge but that is probably misremembering nostalgia.
80s was just robust against thermal - heck ataris had a giant aluminium shield over the mobo
I also heard stories of programming graphics card registers in a fancy way to trigger high frequencies in the CRT coils that could, again if the CRT was vulnerable, potentially destroy the coil. But this also relied on very specific hardware to pull it off.
A generic attack on such a high volume home computer or floppy drive like the C1541 would definitely have made the rounds back then in the computer magazines.
And the myth that developers deliberately put in code to damage or even destroy the pirates' computers can also be ruled out almost entirely, as (at least in europe) even back then there was a strong legal protection against deliberately damaging other people's property. I distinctly remember reading about this being debunked in the largest German C64 magazine (64'er) by a lawyer....
I didn't have a C64 and my Radio Shack Coco had a less complex disk drive mechanism based around a standard Western Digital disk controller chip, but there were similar copy protections on some software titles.
While I'm sure someone did tell Dave this story, and that person may have believed it themselves, I suspect it's based on a mistaken extrapolation of a more innocent behavior. Way back in the day, we heard a similar report at my local user's group but a techie friend of mine looked into the offending software title and discovered a reality that was more benign. Basically, during manufacturing disk protections tend to put some non-standard formatting someplace on the original disk and then the software tries to read back the non-standard stuff to verify it's the original disk. These could be extra, missing or mis-numbered tracks or sectors. Some protections also put data on an extra track added beyond the last track. Coco disks had 35 "official" tracks in the specification but users quickly learned that these drives were manufactured as 40 track drives, of which some didn't pass QA tests seeking all the way to track 40 and were sold cheaper to Radio Shack. But I never saw a Radio Shack Coco drive that wouldn't seek to track 36, 37 and usually more. I eventually had four drives and all of them would reliably seek to track 41 or 42. In fact, hobbyists made mods for the disk operating system to add extra tracks to the official count. So, at least on the Coco, there were multiple disk protections that would seek the head "beyond the last track", not to damage the drive but because they knew the original disk had data there which all drives could read but no normal disk copy command would write.
The other thing to know is that all these floppy drives were inexpensive, mass-manufactured mechanical devices that had varying tolerances between individual units at the factory which only grew with wear over time, temperature, shipping and handling. Also the diskettes themselves weren't exactly made to exacting mil-spec standards. So, to read the disk the controller software would seek to the desired track and try to read the requested sector. It wasn't terribly unusual for a read to fail and time out due to the head moving a bit too slow or perhaps initially undershooting or overshooting the target track. So all controller software would move the head back (usually to track zero) and then try to step back to the desired track and do the read again. If it didn't work, it would repeat this several times hoping to get a good read before eventually failing with an error. When these rapid head resets and retries happened, the drive would make a loud and unusual "gronking" sound that was quite noticeable. And that was just with normal disks and no oddball disk formatting or trick-play head seeking.
When disk protections would fail to find the expected oddball tracks or sectors, they'd do the same reset/retry behavior with the same furious gronking. Except in the case of disk protections half the sectors on a track could be "special" (on the Coco there were 18 sectors on a track). At 3 or 5 retries each, that's a lot of loud head gronking for a long time as each sector is attempted and fails out in turn. Such was the case with the protected software title my friend disassembled. The erstwhile failed pirate at our user's group meeting (a middle schooler) was trying to start a copy of the game which had none of the "special" sectors present. While I doubt all that gronking was good for the disk mechanism, it wasn't intentionally malicious on the part of the software title. But you can see how the loud gronking sounds which only happened on a failed attempt to pirate a copy of a protected disk could cause people to make assumptions and leap to nefarious conclusions which would then be further embellished through the retelling.
Of course, I don't doubt that some hobbyist hacker or maybe solo software dev had nefarious thoughts and maybe even played around with how to do it and showed their friends a demo. But I never saw or heard any credible claims a commercial software title sold at scale ever shipped to consumers with the intent to destroy user hardware. Even in those days software was sold by publishers to distributors who then sold to retail stores, who sold to end users. A national wave of failed hardware reports associated with one title could mean blame and perhaps even legal liability for any and all of those parties. And disassembling the software sufficiently to prove it was doing this intentionally would have been much easier than making working pirated copies. To be so reckless, not only would the author have to be really dumb, so would the publisher and anyone who knew about it in advance.
The kicker is that, in those days, bulk duplication of diskettes (especially funkily formatted diskettes) wasn't all that reliable - meaning there was a pretty high probability that some non-zero percentage of your legit copies sometimes wouldn't read correctly for a paying customer due to varying manufacturing tolerances (or stray magnetic fields in shipping). And, of course, this failure to read could cause the copy protection to detect the legit disk as "pirated". Back in the 80s and 90s I worked for a successful software manufacturer and one of our products was a large, professional tool which eventually grew to occupy well over a dozen 3.5 inch floppy disks. When a disk wouldn't read for a customer it was a costly warranty issue to ship them a new disk set (and there was no consumer internet). As our software and disk count grew, we saw increasing disk failures. So we analyzed it and despite using the top disk duplicator in the U.S. and legit top-notch, direct-from-the-Sony-factory media - once our install was over a dozen diskettes, the statistical best case was almost every fourth customer would have at least one disk from their set fail to read. And this is without any funky formatting! Fortunately, CD-ROM became a thing shortly thereafter but the point is, the top disk duplicator in the country confirmed that "Yep, we do this better than anyone and your media is the best money can buy - and you're getting the expected field failure rate." So, selling hardware destroying time bombs would have been incredibly stupid, because statistically inevitable failures would certainly harm the hardware of more than one legitimate paying customer by mistake, and that would result in a very fast (but quite spectacular) fireball of infamy for any company dumb enough to try it.
See also groepaz's list: https://hitmen.c02.at/files/docs/c64/C64_Virus_List.txt