Cracking for people with no real coding experience

You can discus menu disks by all those classic ST hack & pack teams. If you have questions, requests or remarks about hackers, packers, screens or just menu disks in general, this is the place to be!

Moderators: Mug UK, bodkinz, Moderator Team

BARRY
Retro freak
Retro freak
Posts: 16
Joined: Fri Jan 11, 2013 12:06 am

Cracking for people with no real coding experience

Postby BARRY » Fri Jan 11, 2013 1:04 am

So back in the day the people who had loads of programming experience and knowledge would have been very clever in running battles with Rob Northen and others who were profesionally charging for proteciton software and routines. For a young teenager like me, that was all way above my head. But I figured there must be an easier way to get around this stuff.

So I remember taking a few novel approaches to effectively remove the effect of copy protection without necessarily actaully cracking the game. This was surprisingly simple. Now these weren't copied or circulated at all at the time as far as I am aware, it was mainly me showing off with a local few mates who had sts that I could "crack" when I wasn;t really. But looking back I'm quite proud of myself - so I thought I'd set up this thread as a homage to anyone else who managed to do stuff like this.

For those of you (most of you?) who can programme, this probablt sounds very basic and sad, but I think it's quite cool - in retrospect though it is very disturbing that a 13/14 year old with no programming experience could bypass protection routines that presumably cost the publishing company a lot of money to implement using some lateral thinking.

If any of you ever did anything similar feel free to give some examples! Here's the ones I did off the top of my head, and how I did it. This is over 20 years ago now so my memory is not 100% but I think these are right.

Zool
When I bought Zool it came with a code wheel - you know where 2 parts of the wheel would match the image on the screen and then you would put in the number / letter from one wheel and the number/leeter from the other wheel on a specified box. So the code may be, say, 54, beside box 21 when you match the top and bottom half of the graphics around the wheel. This essentially represented a complex algorythm with lots of variables. So I thought, can we just equalise the amswers and bypass the variables? So I copied disk 1 using A copy, and, guessing that the ultimate answer was an entry on some master code matrix file hidden on the disk, using the backup I searched through the raw data using Diskdoctor for the text "2154" - sure enough I found it along with a load of other 4 digit numbers. Guessing these were the final answers, I changed them all to "9999". I also searched for the text that was the entry prompt for the code and changed that from "please enter the code at xx" to please type "xx" (as the first part and second part were now both 99, the prompt would therefore also give the correct 2 digit answer, 99!). Sure enough this worked. Then I thought, alctually why even prompt a number, so I changed all the "9999"s to " " and just change the text prompt to "press return". As the answer would always be " " pressing return as a blank entry worked, and the whole complex algorythm was practically bypassed without any cracking, being able to see the files, or putting in some code to bypass the protection.

Premier Manager[b]
This was a nifty football manager game by Gremlin graphics. If I remeber correctly, simialr to zool (also produced by gremlin graphics) it used a code wheel, and the exact same approach as zool also worked. In addition, for this (and for other games) if found a few hidden cheat modes simply by searching for the ascii term "cheat" anywhere on the disk using diskdoctor. Surprisingly, for a lot of games this actually revealed cheat modes built in the game. I assume they were left as easter eggs for proper hackers, but again I did it without any real hacking and I sent the cheat into zero magazine - it was published - and I got a "zero hero" badge (long since lost unfortunately). I obviously didn't tell them how I'd found the cheat but I earned that badge ;)

[b]Championship Manager '94[b]
Amazingly this verison I did seemed to be the "official" cracked version circulating for years on the internet after the st scene died off and went into abandonware / world wide web. Again there was a complex code entry system where you had to match scores from game number x on page y of the manual, Not knowing how to hack this, and not wanting to dig out my manual every time I played the game, I just use Degas or Deluxe Paint or Crack Art (can't remember which but it probably doesn't matter) to cereate a graphic file (to replace the really shitty background graphic that was there anyway) with all the scores form all the pages on it. That way you could just read the answer off the screen when you logged in. Now I vaguely recall some smart arses talking on soe forum (possibly this one) about this "crappy" crack being the one everyone had and having "fixed" it "properly" - I guess in criticising what I had done they were missing the beauty of it - I had come up with a really simple approach to bypass a protection which probably took less time and work than actually hacking it but was equally effective - in that way I think my way was superior. Plus I was only around 15 at the time and couldn't programme! I also added a nicer loading screen than that which came with the original game (it's actually supposed to be goodison park, in case you ever wondered) and the original background screen was so bad I still maintain my list of numbers was an improvement, and I am a bit sad that someone eventually just hacked the game and lopped off the protection :D

[b]Create your own menu disks using crack art and diskdoctor

I also discovered that even if you couldn't code, you coyuld always piggy back a menu. I would create my own menus to show my mates simply by using crack art to find the picture in the programme and then copy and paste my own pic in, maping the colours to the original, and changing the scorll text using discdoctor and changign the load files on pressing 1 or 2 byt just looking for the original names of the prg files and chanmging them to whatever other programme I wanted. Now the purists will say I was ripping off good coders dressing up their work as my work. And yes, obviously as a 13-15 year old kid I was. but I don't think any of the original coders can complain as they were probably the ones who spent a huge amount of time slagging off the games publishers / programmers for crappy protection routines in their scrollers. And like I said earlier, none of these discs ever got circulated, so no-one was ever really ripped off ;)

Anywway there's some examples. I did do some other similar common sense stuff but I can't think of it off hand. I hope it wasn't too boring for you!!! If anyone else did similar "shamateur" hacking this is the thread for it! I guess it's a different angle to the ST scene that's possibly not been discussed before, and after 20 years of everything and anything being discussed, bringing some new angle to the board is probably nice.

Dal
Administrator
Administrator
Posts: 4053
Joined: Tue Jan 18, 2011 12:31 am
Location: Cheltenham, UK
Contact:

Re: Cracking for people with no real coding experience

Postby Dal » Fri Jan 11, 2013 9:23 am

Nice story, thanks for sharing. The biggest problem tended to be actually copying the disks reliably due to protection (like Rob Northern etc) - this is where the cracking really comes into play.

But for circumventing code-based protection your approach is novel and sounds very familiar to me.
TT030: 4MB/16MB + Crazy Dots, Mega"SST" 12, STacy 2, MegaSTE, STE: Desktopper case, IDE interface, UltraSatan (8GB + 512Mb) + HXC floppy emulator. Plus some STE's/STFM's

User avatar
troed
Atari God
Atari God
Posts: 1147
Joined: Mon Apr 30, 2012 6:20 pm
Location: Sweden

Re: Cracking for people with no real coding experience

Postby troed » Fri Jan 11, 2013 10:51 am

BARRY wrote:I searched through the raw data using Diskdoctor for the text "2154" - sure enough I found it along with a load of other 4 digit numbers. Guessing these were the final answers, I changed them all to "9999"


This I would characterise as a proper crack actually - well done! ;) It's not at all that different from what "real crackers" did in many cases.

To compare, one of the cracks I'm most proud of is of "Jim Power" [ICS version]. There's a long story behind why a crack of this particular game was somewhat special even outside of the technical details but since it involves others I'll skip it and just explain how it was done.

After having downloaded the rip from our supplier I started by booting up the game and see (using a freeze cartridge, don't remember exactly which at the time) what code was executed just before the obvious fail due to lacking copy protected information on disc. This was how I always used to start, and in many cases it was simply a question of then editing that code snippet on disk to make it "not fail".

For Jim Power, it was not that easy. I realised all the code on the disk was encrypted (not just compressed), all sectors on the disc were fully used up, and pondered a bit over trying to reverse engineer the encryption routine, filing the whole game (something I usually never did, the disk packing crews were a lot better at that) and then give it another try. It seemed to be a monumental task, and this game [the story I skipped] we wanted done really quickly.

So I looked at how the game loaded itself since encrypted data cannot boot. In the boot sector was code to display some text ("Loading game X by Y blabla please wait") and then a subroutine that loaded disc sectors into memory and at the same time decrypted them. I figured I could always try minimising the amount of text written to the screen and use those extra bytes for my own little subroutine that was called each time a sector was loaded & decrypted. In that subroutine I did a realtime search for the string of bytes I had identified earlier and replaced them under the hood with a modified version which caused the game to continue executing instead of failing due to the negative copy protection check later.

That worked just fine on the first try. I packed up the image and sent it back up to our WHQ where others took over.

(If you look up Jim Power by ICS in archives you'll most likely find a version that I also included a trainer on. I did that a few hours later using the same trick, changing the needed code in the decryption routine, and using an over format with an extra track to hold the extra code)

To get back on topic: As I hinted, many games had the executable code in clear text on disc. Just as you went through the disc looking for a string of bytes and edited them into another string of bytes that's what we "real crackers" did. Usually the string (bytes) we searched for were of a particular BNE instruction (0x6610 I think) and replaced it with a NOP instruction (0x4E71). That's borderline "coding experience" :)

User avatar
dma
Atari Super Hero
Atari Super Hero
Posts: 810
Joined: Wed Nov 20, 2002 11:22 pm
Location: France
Contact:

Re: Cracking for people with no real coding experience

Postby dma » Fri Jan 11, 2013 11:22 am

BARRY wrote:in retrospect though it is very disturbing that a 13/14 year old with no programming experience could bypass protection routines that presumably cost the publishing company a lot of money to implement using some lateral thinking.

I'm really not sure about the money involved on many protection routines, especially those like the Zool one.
Lotus III had the same kind of uncrypted protection entries (also a Gremlin game).

User avatar
wongck
Ultimate Atarian
Ultimate Atarian
Posts: 11787
Joined: Sat May 03, 2008 2:09 pm
Location: Far East
Contact:

Re: Cracking for people with no real coding experience

Postby wongck » Fri Jan 11, 2013 12:08 pm

BARRY wrote:, using the backup I searched through the raw data using Diskdoctor for the text "2154" - sure enough I found it along with a load of other 4 digit numbers. Guessing these were the final answers, I changed them all to "9999". I also searched for the text that was the entry prompt for the code and changed that from "please enter the code at xx" to please type "xx"


Well I did something similar to at least one game, and I remembered this particular game as it was like a week or so after I got my STFM.
It was one of those games that requires to enter some text from the game book/manual and the paper was coloured in such a way that it does not photocopy. You must remember that back in those days, we don't know about colour photocopier (as commonly available now).

I just took a disk sector editor, search to the place where the question began, and I just replace entire sector with 00.
Surprisingly, it worked. That part that suppose to ask the question was skipped and I can continue on to play. I was pure fluke !! :lol:

Incidentally, that's when I started using Probe House Software.... the Probe as in examining (the program/disk) and the House part was due to the software company Melbourne House whose keep coming up when I played Xenon I. I just took the House part and combined it with Probe. I went on to mess with programming after that. So now you know how I came up with Probe House Software, which till today, is still making software for Atari today. :angel:
My Stuff: FB/Falcon CT63+CTPCI ATI R7500 14+512MB 30GB HDD CF HxC_SD EtherNEC/ TT030 68882 4+32MB 520MB Nova/ 520STFM 4MB Tos206 SCSI
Shared SCSI Bus:ScsiLink ethernet, 9GB HDD,SD-reader @ http://phsw.atari.org
My Atari stuff for sale - click here for list

BARRY
Retro freak
Retro freak
Posts: 16
Joined: Fri Jan 11, 2013 12:06 am

Re: Cracking for people with no real coding experience

Postby BARRY » Fri Jan 11, 2013 6:41 pm

Good stuff folks - glad I wasn't alone in figuring out stuff for myself :D

The code wheel seems to be more about style than substance - do up something that looks complex to please the publisher / top brass, and then blame those devilishly clever hackers for bypassing it, when in reality they knew all along it was crap.

The Jim Power story is interesting. Basically but for that pointless bit of text you may have been snookered? Although in a worse case scenario maybe you could have expanded the disk to 11 sectors or to articifically created a bit more space, although this probably has it's own problems if there's checks against sector numbers etc?

As for Probe House, it's always nice to here something developed that long ago is still in use. An oldie but a goodie...

gilles504
Atari freak
Atari freak
Posts: 54
Joined: Thu Aug 11, 2011 4:17 pm

Re: Cracking for people with no real coding experience

Postby gilles504 » Sat Jan 12, 2013 8:58 pm

I remember I used a similar method to get the page/line/word for genesia.

First ST games were not protected, nearly all commercial floppies were protected in the late 80ies... but after that, came a generation of machines with HDD, so physical protection disappeared to be able to install such games on Hard drive.
Physical protection made its comeback with CD and DVD (and with encryption chips for last generation of cartridges based consoles (in that sense (but only this one...) the amstrad GX4000 is also a last generation cartridge based game console :lol: )).

User avatar
nativ
Fuji Shaped Bastard
Fuji Shaped Bastard
Posts: 4087
Joined: Mon Jul 30, 2007 10:26 am
Location: South West, UK

Re: Cracking for people with no real coding experience

Postby nativ » Sat Jan 12, 2013 11:15 pm

I never really hacked anything, but as Another World main disk was unprotected and I had a backup copy I scrolled through the disk with Knife ST and found the text that comes up on the 3D computer ingame and changed it :D I'm surprised more hackers didn't 'tag' themselves in games like this! :lol:
Atari STFM 512 / STe 4MB / Mega ST+DSP / Falcon 4MB 16Mhz 68882 - DVD/CDRW/ZIP/DAT - FDI / Jaguar / Lynx 1&2 / 7800 / 2600 / XE 130+SD Card // Sega Dreamcast / Mega2+CD2 // Apple G4

http://soundcloud.com/nativ ~ http://soundcloud.com/nativ-1 ~ http://soundcloud.com/knot_music
http://soundcloud.com/push-sounds ~ http://soundcloud.com/push-records


Social Media

     

Return to “Menu Disks”

Who is online

Users browsing this forum: No registered users and 1 guest