Page 2 of 2

Posted: Tue Aug 10, 2004 12:18 am
by bodkinz
I can totally understand no one wanting to admit cracking a game by people who used to be crackers themselves..

Bodkinz

Posted: Tue Aug 10, 2004 1:49 am
by ijor
Zippy wrote:
Steem Authors wrote:it has already caused an address error by trying to write to address $19 before it gets there. Can you remember if it did anything unusal before getting to the FDC code?


Oh yeah, it definitely did loads of very, very unusual stuff... all sorts of redirected exceptions + trace stuff with code running in page 0 right over the exception vectors.

If it's hitting an address error ...


I found the problem. Considering Zippy's description, I checked this game, just in case it was an FDC emulation problem. In partly it is, but there is a second issue as well.

The “address error” ringed a bell to me. Russ, do you remember the first bug I reported to you? Well, it’s very similar to that. I’m emailing you the details.

After “fixing” this issue manually with Steem’s debugger, the game loads ok. But it still doesn’t run correctly with “plain” Steem. You have to use my tools. Then you can actually play the game. So it seems that there is a disk timing issue as well.

Zippy, I sent you a PM (private message). Could you please check it?

Ijor

Posted: Tue Aug 17, 2004 9:14 pm
by Steem Authors
Great, this will work on the next version of Steem thanks to ijor. I can't figure out just how the 68000 does what this game requires it to, but I'll be able to fix it at least.

Russ

Posted: Tue Aug 17, 2004 9:28 pm
by Cyrano Jones
ruthless wrote:Correct, nobody wanted to take credit coz it was TLB.

I still believe it was BBC/MEDWAY

Who knows, would be nice for someone to step forwars and claim responsibilty.

At least we know it wasnt Zippy ;)


It was actually TCB. And it wasnt the BBC either, cos I've got the Empire version.

Maybe putting a "Cracked by The Empire" on the bootloader is a hint at who did it? Do you think? Perhaps?

Posted: Tue Aug 17, 2004 9:52 pm
by bodkinz
yeah i got the empire version too... but who knows to be sure ;)

bodkinz

Posted: Tue Aug 17, 2004 10:08 pm
by ruthless
Cyrano Jones wrote:
ruthless wrote:Correct, nobody wanted to take credit coz it was TLB.

I still believe it was BBC/MEDWAY

Who knows, would be nice for someone to step forwars and claim responsibilty.

At least we know it wasnt Zippy ;)


It was actually TCB. And it wasnt the BBC either, cos I've got the Empire version.

Maybe putting a "Cracked by The Empire" on the bootloader is a hint at who did it? Do you think? Perhaps?



No doubt you are correct, your memory is obviously more accurate than mine, thanks ever so much for clearing that up for us CJ.

Maybe next time i se you around we can discuss the Magic Middlefinger ?? ;)

Posted: Tue Aug 17, 2004 10:16 pm
by bodkinz
True.. who knows... maybe empire were credited on purpose???

bodkinz

just curious

Posted: Mon May 23, 2005 8:55 pm
by zelda
just curious, how many working versions of b.a.t was there?

Posted: Fri May 27, 2005 11:33 am
by ggn
Now here's something I remembered the other day. Probably my only crack! I swear it is true :)

So I got hold the Replicants version of Electronic Arts' "The Immortal". Nice gfx and scenario, but really awful coding. I think it was done in a kind of scripting language.

Anyway I kind of liked the game and managed to pass level one (after quite a few tries :)). Then A protection came up: Enter code, blablabla... So I started entering numbers, thinking it won't matter anyway.

Wrong. Trying to enter again a code froze the game. Oh, dear, they forgot to remove the protection :(

As I had some time to spare, I started toying around with Bugaboo. Loading the program from the auto folder I saw that they hooked on trap 1 (depacker) and then they loaded the main file at a fixed address. "Ok", I said and went along.

Now, my idea is that I should play the game until the password protection appears, let it hang, then freeze (pressing left + right shift) or reset the machine, and see where the PC is (yes, Bugaboo can do this without breaking sweat).

So IIRC the game froze, I pressed shift+shift, and there I was back in Bugaboo. Now, I think I scrolled up a few lines and saw what I thought was the offensive code to remove. But then an idea came to me:

"Oh man, I'm bored resetting the machine and loading it up again (rememeber that to this day I have only 1 floppy on my ste, no hdd or anything). Let me re-set the pc at the load address and run it, it should hopefully run again and stop at my break point".

Well, the game ran, I passed level 1, I entered a passcode, and instead of the game stopping (bringing me back to Bugaboo) or freezing altogether, it started loading level 2!!!!!!! I originally thought that I entered a correct password (what are the odds against THAT? ;))

Then I cold started the machine and tried again the same thing: load it, let it hang, shift+shift back to bugaboo, set the pc to the start address ($20000?) and run it again. The game loaded and played ok! So in the end I just saved the binary prg back to disk, replaced the original, and there it was, my custom cracked version of the Immortal!!!! My explaination is that the scripting language, in its attempt to check the password, sets some flag that assumes that the correct password is entered that thought would be safe to do, BUT it didn't count on my idea to reset the PC!!!!

Now, I wasn't so naive as to think that it's THAT easy to crack games, it was a 1 in a million chance for this (probably even higher!), but there you are!

I swear it's 100% true, I did that, I was just extremely lucky. I just wish I had played the lottery that day.... 8)

George

Posted: Fri May 27, 2005 4:16 pm
by Marcer
ggn,

That reminds me of my first Serial hack..
also kind of lottery..

to find out the serial number of this software I used an old key.. and find it little funny.. in serial key. it was just Ascii Code-2Step.

it was just needed the Ascii Setup to make a new serials :D

// Marcer

Posted: Fri Jun 03, 2005 4:41 am
by karlm
never cracked anything on the Atari, only fixed Dark Forces on the PC. That protection was soooo crap. Serial check, so I loaded it up with a hex editor, and there were all the serials.
So then I decided, I'll fill all the texts in with space ($20) instead of the real texts ... and then...

all you had to do was click on the authenticate button and it all worked!


But on the ST I guess my most memorable one was Alien's F29 Retaliator Hack ... 7 disks into one booter was surely a good accomplishment.

cheers

karlm

most memorable crack

Posted: Fri Jun 03, 2005 7:02 pm
by illegal
i have 3 opinions about it, depending on how i consider it

the first crack that impressed me was 42crew's purple saturn day crack
all crackers were stucked on this protection. it made weeks and weeks to be released and cracked by 42crew. That's the reason why i consider 42crew the best cracking crew when they were active.
It is interesting to mention that purple saturn day had one of the most subtile and innovative protection i knew

there are also the dragon's lair series : hard to crack because of the disk format, the reading routines and the awful code! maxi from the replicants was very good for cracking them

Sweek protection is very horrible. I only knew a 1040ST crack, i tried it : a nightmare. It was very hard

And of course, thanks to rob northern we had the first protection using the 68k trace mode $24, and as there has been many rob northern computing protection releases, it has impressed me also when it was relased

But one of the nicest were from demos.

Let's mention the one of the big demo from tex with move.w #$4e71,(a0+) on the next instruction, that exploited a nice 68k behaviour (we called it the 68k pipe bug)

And the one from the cuddly demos that used $24 and also the screen counter to decode the next instruction. The weakness of the protection was that TCB put nops at the end of the trace routine, probalbly to get the hashcodes to encrypt the code, so we could use it to get the decoding walues in memory and finallly decode the whole TCB code. But this was very very nice ! i think it could have been really harder to crack if TCB used a trace routine such as the decoding eor.l used a register to decode.
when trying to get the hashcodes, for instance eor.l d0,(a6)+ - a6 never used in the code - that would have been tranformed to eor.l d0,(a0)+, a0 with the next pc instruction offset. With this artifice, they would not have needed to put nops at the end of their trace routine, and so, it would have been difficult... !

greetz to you all

i forgot

Posted: Fri Jun 03, 2005 7:10 pm
by illegal
i forgot to mention the silmarils games, that were hard to debug and crack, DOM was a specialist of it, maybe the only one able to crack the silmarils games at this period

Posted: Sat Jun 04, 2005 8:26 am
by ggn
Now that you mentioned Silmarils games.... I know I have posted a similar topic a couple of years back: Does anybody have and could post/mail me a 100% working version of Metal Mutant? All the versions I've tried (including Amiga versions :)) crash after a certain point (when you get underground, red colours, fires, etc).

I've tried a version on Automation, one by Replicants.. perhaps a few more.

Can anybody help?

George

Posted: Sat Jun 04, 2005 8:31 am
by ecureuil
I have a little idea... Someone will be interested by the creation of st cracking sites like http://www.flashtro.com cracking section?

Cheers

Posted: Sat Jun 04, 2005 10:34 am
by lotek_style
an ST CRACKTRO project would be indeed very nice... I thought about starting this a while ago and also collected a handfull of cracktros but time and motivation were gone and so I stopped.

Posted: Sat Jun 04, 2005 11:47 am
by Marcer
I can surely help on this project. Since i collect all different cracks i can find atm!

I have around 3600 files in my collection so far.. (keep in mind.. some games are upto 7+ files. )

// Marcer

Posted: Mon Jun 06, 2005 4:55 pm
by alexh
The most memorable crack for me was the Automation Crack of Dungeon Master. My mates ST was an STe and it didnt work on the STe unless you held down the number key as the intro was loading... and even then the colours went nuts etc. for a bit.

There may have been a v2 but I never had it.

Re: most memorable crack

Posted: Tue Jun 07, 2005 5:35 pm
by ijor
Hi illegal,

illegal wrote:It is interesting to mention that purple saturn day had one of the most subtile and innovative protection i knew


Could you elaborate a bit about what was innovative in that protection?

Let's mention the one of the big demo from tex with move.w #$4e71,(a0+) on the next instruction, that exploited a nice 68k behaviour (we called it the 68k pipe bug)


You mean the general prefetch behavior of all (most) "move" instructions? Or exactly that variant has something special?

And the one from the cuddly demos that used $24 and also the screen counter to decode the next instruction.


A nightmare for emulators, at least for Steem. One of those has, combined, the timing of a "DIVS" instruction.

One thing I found quite interesting is running code at the hardware. CJ mentioned he coded a small routine running at the SHIFTER palette. I saw a protection running code (well, just one instruction) at the PSG !

about purple saturn day

Posted: Sat Jun 11, 2005 10:25 am
by illegal
ijor, the innovative stuff with psd was that portion of the code of the protection was so weird it looked like data, instead of usual code. So often everybody "stopped" to debug at this point, just because they thought it was badly decoded

instead of it, the code was executable, it looked liked :
0ri.b #1,d0
eor.w #$A742,(A7)+ (that decoded one of the next instruction)
0ri.w #$BFD,d1
dc.w #$E7EF (illegal instruction was trapped and jumped on another part of code
etc...
trash data...
other part of code :
(still weird code)

when psd went out, it took some weeks to be cracked, because it supposed that the one who goes through the protection has a complete understanding and knowledge of the 68k, at this time, not much people had this skill, it was the early years of the atari

best regards

Re: Most memorable hack/crack.

Posted: Thu Jun 05, 2014 9:49 am
by AtariZoll
This is pretty old thread, and I'm here because DrCoolZic linked this in his Atari copy protection article.
In golden Atari times I cracked only originals, what I bought, and only for myself. Hardest was Voyager with Rob Norten protection. But it was for sure not so hard case.
Now, when we have Steem Debugger and lot of STX images available, things are much easier with cracking. As hardest I remember Wrath of the Demon. Copy protection self was not big deal, but there was lot of diverse checksums at almost every level. And final level had complete different protection and checksum.
Additionally, it was probably hardest case of finding how game counts down players health - it was done without numeric value - just used graphic presentation of it. Here need to mention that many checksums will not make problems with usual floppy cracks, as no need to change many things in code. But if you make hard disk adapt, then more code is changed. Trainers and keyboard hooks may harm checksums too.

And: what is good copy protection , so hard to copy may be easy for crack , and versus. Often good copy protection is not well protected against crackers.