Page 1 of 2

Protection Analysis

Posted: Fri Dec 26, 2014 11:31 am
by DrCoolZic
First thanks to Brume and Dal that have created a "neutral place" where to discuss Atari game protection/preservation subjects independently of Kryoflux / Supercard Pro and Pasti

Many images has been posted on the Atari-Forum, I have received images for tests from several people, and I have myself imaged many of my disks ...
It is now time for me to get a bit more organized and therefore I have decided to create a page on my site where I store the results of protection analysis I have done. This help me during regression test of new version of Aufit and hopefully it can e of interest to you.

In this thread I will keep you updated on the games that I have analyzed and published on my Atari FD Protection Analysis page http://info-coach.fr/atari/software/GameAnalysis.php

This first post will be updated to reflect the status of published results.
You are obviously welcome to comment the results and provide extra information.

Re: Protection Analysis

Posted: Fri Dec 26, 2014 12:58 pm
by Stefan jL
This kind of analysis would be fun to have at Atarimania at the game entrys pages, although Atarimania layout does not support this kind of feature yet.
But in case AM gets an update would you (DrCoolZic) allow the info you have on your analysis pages to be added to AM?

Re: Protection Analysis

Posted: Fri Dec 26, 2014 5:25 pm
by DrCoolZic
Stefan jL wrote:This kind of analysis would be fun to have at Atarimania at the game entrys pages, although Atarimania layout does not support this kind of feature yet.
But in case AM gets an update would you (DrCoolZic) allow the info you have on your analysis pages to be added to AM?

Yes no problem. Just having a reference back to my page would be nice

Re: Protection Analysis

Posted: Sat Dec 27, 2014 8:28 am
by AtariZoll
That's very useful and interesting project. I think that we should give some names to much used protection systems - what is already done for some, like Copylock - but must separate diverse Copylock versions . From floppy side there is 2, what I know: track read based and variable density based. SW for testing has many variations - later ones use more advanced systems to fool crackers . For instance that "Contains 70 sectors: SWS + FZS + CRC" is used a lot in French games. I suggest that Jean, as French give some nice name to it :D
From experience, I can say that not always all irregular things are checked in SW. In some cases there is no check at all. Or it is poorly made, so standard formatted floppy passes. Or there is just text "Rob Northen" in bootsector to scare pirates :D (not a joke) .

Unfortunately, I don't have time to go deeper in floppy protections. Usually, removing it is not hard, and takes less than half hour, or only couple minutes. I spend more time with poor code in games in most cases. It is annoying, especially when 3 games in row are with stupid bugs:
viewtopic.php?f=68&t=27337

P.S. Carrier Command, Rainbird release has no copy protection, it has manual prot. Even recommends to play from copy. There is another release in compilation Virtual Reality 1 - with Copylock, and likely without manual book. I have both versions.

Re: Protection Analysis

Posted: Sat Dec 27, 2014 10:25 am
by Brume
Great page DrCoolZic!

I see you added a mention about the quality of the image. For instance :

Chicago 90 - Ubisoft 1990
Images Kryoflux + SCP from my personal disks. Image quality not good
Track 00.0-79.0 Sector #11 with no Data


In that case, does it mean you need another dump? Or do you consider the dump as a valid one nevertherless?

Re: Protection Analysis

Posted: Sat Dec 27, 2014 10:46 am
by DrCoolZic
That's very useful and interesting project. I think that we should give some names to much used protection systems - what is already done for some, like Copylock - but must separate diverse Copylock versions . From floppy side there is 2, what I know: track read based and variable density based. SW for testing has many variations - later ones use more advanced systems to fool crackers . For instance that "Contains 70 sectors: SWS + FZS + CRC" is used a lot in French games. I suggest that Jean, as French give some nice name to it :D
From experience, I can say that not always all irregular things are checked in SW. In some cases there is no check at all. Or it is poorly made, so standard formatted floppy passes. Or there is just text "Rob Northen" in bootsector to scare pirates :D (not a joke) .

Unfortunately, I don't have time to go deeper in floppy protections. Usually, removing it is not hard, and takes less than half hour, or only couple minutes. I spend more time with poor code in games in most cases. It is annoying, especially when 3 games in row are with stupid bugs:
viewtopic.php?f=68&t=27337

P.S. Carrier Command, Rainbird release has no copy protection, it has manual prot. Even recommends to play from copy. There is another release in compilation Virtual Reality 1 - with Copylock, and likely without manual book. I have both versions.

There are really two point of view for protections:
- originally I was only looking at protection from a more "physical" point of view. Just by looking at variation in flux transition, impossible data value, wrong crc or id, etc. This is what is described in my document about protections. You just detect what COULD be used as protection because for example impossible to reproduce on Atari. But finding such protection does not imply that it is used and how it is used. Therefore there is a second point of view
- analysis of how actual protection are detected and used.

The two point of views are obviously tightly related. For example Rob Northen uses certain type of bit width variation but there are more to it ...
It is very hard to detect all protections by looking only at the "physical" level. For example finding hidden data into gap.
Therefore I have hope to be able to add "software" protection detection in Aufit. This is very close to what is done in CTA.
Basically the idea is to detect "software protection patterns" (described in external protection pattern files). This would allow to save perfect images as described originally (for example in IPF format) even if the image made from FD is not perfect.

It is a bit hard to explain but I hope you get the idea.
I already started to think about the protection description files based on work done by SPS people. They would be more simple (as only covering Atari formats) in XML. This would include Disk descriptors, track descriptors, Sector descriptors, with predefined data descriptors

This level of analysis is to be added after. Currently what I present on my Web page is more the first level of "physical" protection. But whenever I have information on how the protection is tested I add the information.

Again I use information on this Web page mainly for test purpose. Decoding flux data as read track/id/sector is not as easy as it looks and therefore whenever a big change is done it is necessary to do lot of regression tests....

Re: Protection Analysis

Posted: Sat Dec 27, 2014 11:09 am
by DrCoolZic
Brume wrote:Great page DrCoolZic!

I see you added a mention about the quality of the image. For instance :

Chicago 90 - Ubisoft 1990
Images Kryoflux + SCP from my personal disks. Image quality not good
Track 00.0-79.0 Sector #11 with no Data


In that case, does it mean you need another dump? Or do you consider the dump as a valid one nevertherless?


I just completed a new version of Aufit that does "auto-recovery" of incorrectly read sector if possible. The DPLL in Aufit is already capable to recover bits in very "bad and noisy" data, but in some cases one revolution is read correctly and the next one is not read correctly. With the auto-recovery when writing Pästi file the program can pick good sector data if available (another good reason to ALWAYS make 5 revolutions image samples).

Another example of bad data is what I call "wobulation of the bit width". You have some tracks where the bit width of the cell follow a sort of sinusoidal pattern. Again thanks to the DPLL of Aufit it is possible to decode correctly the data for this kind of tracks. However if the variation is large (above 4-5%) it might be detected by Aufit as track/sector with bit width variation. This is not really a problem during simulation because even though some sectors are detected with bit width variation it should not hurt as this should not be tested by the program.

In the two above cases you should get correct stx file even if indeed the quality of the original is not good.
Do you have to make another dump? I would say no unless you know that the disk is dirty and there is something you can do to improve the quality of the dump. I have some floppies that were not read correctly and even cleaning them did not help.

As described in my previous post this is where I hope in the future to be able to take an image of "bad quality" but good enough to be "decoded" correctly and turn it into a perfect master image.

Just an example as mentioned above several images suffer from Wobulation. I have noticed than on a "real protection" the width of cell changes relatively abruptly and not slowly (this need to be confirmed). Therefore if a "slow variation" is detected this is probably a problem of quality of the image and not a real protection. In that case it is possible to produce an image with perfect timing ...

Re: Protection Analysis

Posted: Sat Dec 27, 2014 11:29 am
by Brume
OK, I see the advantage of using 5 rev in order to create a .STX file with Aufit.
But I wonder... What's about rewriting a KF or a SCP on a floppy? Which revolution is used?
If revolution #1 has corrupted data but not the revolution #2, which one will be used to write back the disk?
In that case, don't we need to create a 100% safe dump?

Re: Protection Analysis

Posted: Sat Dec 27, 2014 11:34 am
by DrCoolZic
Brume wrote:OK, I see the advantage of using 5 rev in order to create a .STX file with Aufit.
But I wonder... What's about rewriting a KF or a SCP on a floppy? Which revolution is used?
If revolution #1 has corrupted data but not the revolution #2, which one will be used to write back the disk?
In that case, don't we need to create a 100% safe dump?

Unless the writing program can uses correct data the floppy created will be bad!
I know that HxC can also uses data from good revolution to write Past file. But I do not know if this apply to writing scp file?
The SCP writer is NOT able to use correct dataas it has no idea about decoded data (working at flux level)

Re: Protection Analysis

Posted: Sat Dec 27, 2014 12:47 pm
by Stefan jL
DrCoolZic wrote:
Stefan jL wrote:This kind of analysis would be fun to have at Atarimania at the game entrys pages, although Atarimania layout does not support this kind of feature yet.
But in case AM gets an update would you (DrCoolZic) allow the info you have on your analysis pages to be added to AM?

Yes no problem. Just having a reference back to my page would be nice


I don't know if having links like that in actual game entrys is allowed at AM.. there have been some discussion about it. links outside the game entrys is ok though. I have asked at the AM-admin forum to get a clear answer how to do with credits and link on game pages.

Also the pictures that Jeff_hxc2001 posted could work also on Atarimania:
http://hxc2001.com/disks_analysis/disks_0003/

Sometimes i have found textstrings about protection using a hex-editor and then i add these info at Atarimania... like for example Eye:
http://www.atarimania.com/game-atari-st-eye_9271.html

Re: Protection Analysis

Posted: Sat Dec 27, 2014 4:38 pm
by JimDrew
How SCP writes the disk image depends on the settings you choose. Here is how writing works (referring 5 revolution dumps):

If you image the disk in SPLICE mode then 4 revolutions worth of data are written, and the last revolution's data is written up to the write splice.
If you click on the override option and leave the mode set to SPLICE and change the number of revolutions, then the number of revolutions (minus 1) is written and the last revolution's data is written up to the write splice.
If you click on the override option and set the mode to INDEX, then a single revolution is written using the 1st revolution's data.

If someone has an image that has good data and bad data contained in the same 5 revolution dump, please send it to me. I would like to see it. The only time I have seen this is when the disk and/or head is dirty. I have a routine that I am working on that does a read-verify of the flux data by reading multiple revolutions and overlaying the bitcells for comparison.

Re: Protection Analysis

Posted: Sat Dec 27, 2014 6:12 pm
by DrCoolZic
JimDrew wrote:How SCP writes the disk image depends on the settings you choose. Here is how writing works (referring 5 revolution dumps):

If you image the disk in SPLICE mode then 4 revolutions worth of data are written, and the last revolution's data is written up to the write splice.
If you click on the override option and leave the mode set to SPLICE and change the number of revolutions, then the number of revolutions (minus 1) is written and the last revolution's data is written up to the write splice.
If you click on the override option and set the mode to INDEX, then a single revolution is written using the 1st revolution's data.

If someone has an image that has good data and bad data contained in the same 5 revolution dump, please send it to me. I would like to see it. The only time I have seen this is when the disk and/or head is dirty. I have a routine that I am working on that does a read-verify of the flux data by reading multiple revolutions and overlaying the bitcells for comparison.

As a start
http://info-coach.fr/atari/software/Gam ... res_moktar
http://info-coach.fr/atari/software/Gam ... hp#awesome
http://info-coach.fr/atari/software/Gam ... de_big_ben

I have plenty of images like that

For info completed auto-correction tested on several images and works fine :)

and also look at viewtopic.php?f=102&t=25854&start=525#p263700

Re: Protection Analysis

Posted: Sat Dec 27, 2014 7:37 pm
by JimDrew
Have you tried writing the "non-working" disks back to see if they actually work on real hardware? I have not had any reports of such an issue so far since fixing the strongbits (NFA) routine.

Re: Protection Analysis

Posted: Sun Dec 28, 2014 3:19 pm
by DrCoolZic
list updated

Re: Protection Analysis

Posted: Wed Dec 31, 2014 5:47 pm
by Jeff_HxC2001
DrCoolZic wrote:
Brume wrote:OK, I see the advantage of using 5 rev in order to create a .STX file with Aufit.
But I wonder... What's about rewriting a KF or a SCP on a floppy? Which revolution is used?
If revolution #1 has corrupted data but not the revolution #2, which one will be used to write back the disk?
In that case, don't we need to create a 100% safe dump?

Unless the writing program can uses correct data the floppy created will be bad!
I know that HxC can also uses data from good revolution to write Past file. But I do not know if this apply to writing scp file?
The SCP writer is NOT able to use correct dataas it has no idea about decoded data (working at flux level)


It apply to all currently exportable format.

BTW here is the latest version with the new track edition tool :
http://hxc2001.com/download/floppy_driv ... t_beta.zip
You can now edit/copy/paste the track data, change/clean up the bitrate, edit/set the flakey bits, etc.

Image2.png

Re: Protection Analysis

Posted: Wed Dec 31, 2014 5:50 pm
by DrCoolZic
Thanks I have to test this. :mrgreen:
I will use your build unless I succeed in building with VS2013

Re: Protection Analysis

Posted: Wed Dec 31, 2014 7:51 pm
by DrCoolZic
seems great but is there a minimum documentation on usage?

Re: Protection Analysis

Posted: Sat Jan 17, 2015 10:43 am
by DrCoolZic
Converted Eliminator
stx file works fine on Steem but not on Hatari?
On Hatari the game does not load ??? only reads few tracks and stops. I am not good with Hatari can someone look at it?

Re: Protection Analysis

Posted: Sat Jan 17, 2015 11:48 am
by npomarede
DrCoolZic wrote:Converted Eliminator
stx file works fine on Steem but not on Hatari?
On Hatari the game does not load ??? only reads few tracks and stops. I am not good with Hatari can someone look at it?

Hi,
the game work, but you need to disable "Gemdos HD emulation", as it uses code that is seen as a cartridge, and some games/demos won't start in such case (they consider it as a ripping cartridge).
By the way, this version is different from the STX at atarimania, it starts loading at track 0x44, atarimania's version starts at track 1, probably some different releases.

Nicolas

Re: Protection Analysis

Posted: Sat Jan 17, 2015 12:38 pm
by DrCoolZic
Thanks it now works perfect.
The protection on this version is analyzed here http://info-coach.fr/atari/software/Gam ... eliminator

I also have another version of the game that uses a different protection see description at the same location
attached is a copy of the stx file

Re: Protection Analysis

Posted: Sat Jan 17, 2015 12:57 pm
by npomarede
Your version eliminator-no.rar looks similar to the one at atarimania : fuzzy sector on track 79 and a standard directory structure (files can be seen on the disk).
The rob northen protected version has fuzzy on track 0 and no file visible on disk.
By the way, looking at this cracktro for amiga :
http://www.pouet.net/prod.php?which=64735
It seems the Amiga version were never properly cracked at this time, as they lacked the intro. I wonder if there was a version for ST with the same intro ?

Re: Protection Analysis

Posted: Sat Jan 17, 2015 1:26 pm
by DrCoolZic
Converted Elvira (big game with 5 disks) to stx now works with Hatari and Steem (I had conversion problems) :)
The game does not seems to use protections?

BUT ... I have also tested the ctr generated by DTC and I have also converted the game in IPF format and ...
both .ctr and .ipf works fine on Hatari but do not load in Steem ?

Mr Seagal can you have a look ?

Re: Protection Analysis

Posted: Sat Jan 17, 2015 5:43 pm
by DrCoolZic
I finally fixed my bug to produce optimized stx files (reuse track data)
Ii is sometimes hard to check this information without impacting the performance :)

here is elvira and eliminator optimized. Nice to test if reading optimized file correctly which seems to be the case with Hatari and Steem
I have also modified the Pasti reader AIR so it can output complete content of a disk for comparison

Re: Protection Analysis

Posted: Sat Jan 17, 2015 6:25 pm
by Maartau
Good job :thumbs: !

Re: Protection Analysis

Posted: Sun Jan 18, 2015 12:18 am
by kodak80
Elvira opt stx and CTR freezes for me in Hitari 1.8.0 (Tos1.4 uk & 2.06 uk with 1mb).

I entered the courtyard, got thrown in the dungeon and rescued by Elvira.
Elvira gives me a few items and tells me to start in the courtyard but the screen doesn't move on from Elvira. Music continues to play.

Eliminator opt seems to work fine for me.