Trending:
Software Development

Reverse-engineering a 40-year-old copy protection dongle to rescue legacy accounting data

An accounting firm still running Windows 98 in 2026 needed their data extracted from DOS-era RPG software—locked behind a hardware dongle from a company that vanished decades ago. The copy protection turned out to be simpler than expected, but the real story is how many enterprises remain trapped by vendor lock-in from the 1980s.

TheBiggish Editorial ·
Reverse-engineering a 40-year-old copy protection dongle to rescue legacy accounting data

The Problem

A U.S. accounting firm was running production software on Windows 98 in 2026. Not by choice—they were locked into an RPG-based accounting system from the 1980s that required a physical dongle plugged into a parallel port. No dongle, no software. No software, no access to 40 years of financial data.

The dongle came from Software Security Inc., a Connecticut company whose only evidence of existence is SIGGRAPH records from the early 1990s and a handful of patents. The hardware itself is older than most CTOs.

What Happened

Developer Dmitry Brant reverse-engineered the protection system to help migrate the firm's data. The approach was methodical: disk image the Windows 98 machine, find the RPG II compiler (made by Software West Inc.), analyze how it injected copy protection into compiled binaries.

Using Reko, a disassembler for 16-bit DOS executables, Brant isolated the dongle communication routine—just 144 bytes of code that spoke to the parallel port. The protection wasn't particularly sophisticated, even by 1980s standards. It worked because replacing it seemed harder than just keeping the Windows 98 box running.

Why This Matters

This isn't software archaeology for nostalgia. Enterprises still run mission-critical systems on decades-old platforms because migration risk exceeds operational risk—until it doesn't. When the dongle fails, the Windows 98 hardware dies, or the last person who understands RPG retires, the entire operation stops.

The story gained traction on Hacker News (353 points, 111 comments) because it's a problem many organizations face quietly. Modern workarounds like Donglify enable remote dongle sharing over networks, but that's addressing symptoms, not causes.

The Real Question

How many other firms are one failed dongle away from losing access to their own data? Copy protection that made sense in 1986—when enterprise software cost six figures and piracy was rampant—becomes a catastrophic liability in 2026.

Vendor lock-in has always been expensive. When the vendor doesn't exist anymore, it becomes existential. This accounting firm got lucky—they had someone willing to reverse-engineer 40-year-old protection. Most won't.

Tags:
legacy-systems migration cybersecurity enterprise-software vendor-lock-in

Related Articles

Why WebRTC demos work on localhost but fail in production
Software Development

Why WebRTC demos work on localhost but fail in production

WebRTC tutorials succeed on localhost because browsers exempt local testing from HTTPS requirements and network traversal challenges. Real deployments fail when NAT/firewall traversal, TURN relay infrastructure, and secure contexts become mandatory. Between 5-50% of production WebRTC sessions require TURN relays just to connect.

Feb 2, 2026