Most memorable hack/crack.

You can discus menu disks by all those classic ST hack & pack teams. If you have questions, requests or remarks about hackers, packers, screens or just menu disks in general, this is the place to be!

Moderators: Mug UK, bodkinz, Moderator Team

ozzwald
Atari freak
Atari freak
Posts: 51
Joined: Fri Jan 30, 2004 1:32 pm
Location: Morecambe, Lancs

Most memorable hack/crack.

Postby ozzwald » Fri Jul 30, 2004 12:06 pm

I am curious what people find to be there most memorable hack/crack.

Was it your first hack, something you were really proud to have got working or just admiration for someone elses work. Easy Peasy or devilishly complex what made you feel good.

To kick things off, my most memorable ST crack/pack was Microdeals JUG
from disk 103. It was when I was playing with 1 meg single parts, and this
was a raw data disk reader. Perfect for trying out some DMA disk stuff.

First problem, it ran at about hex 2000 in memory, fixed position.(IIRC).
So no loading mon debug from desktop. The method I tried was to load mon debug, then into that load another copy and then another until it was sat in upper memory (80000+). At this point I set the SR to 2700 and zeroed memory from 2000 up to 20000ish. First time I tried this I expected the machine to bomb, amazingly mon debug recovered but all OS system calls were gone :(. DMA from here on in.

I then ran the game and all appeared okay, only downside being I couldnt stop it to get back to mon debug, so after a little playing to get the data higher in memory I found I could recover anything I needed with a soft reset of the machine.

After adding a cheat I gradually tested and built the one meg file, the last big run was a solid 18 hour hacking session. I finally had some problems keeping my lookup tables and DMA stuff safe, things got real tight on memory.

I always felt a little guilty doing 1 meg files, but nearly everyone I knew had 1 meg so a lot of people liked them. I probably could have put it in files, but I it was already a tight fit in memory, so more work would have been needed and I didnt even like the game!.

The protection was nothing special, it was memorable for the work it took to get it into a single part. I learned a lot and felt strangely proud of the hack, even though I did a lot of things the hard way - grabbing graphics from memory rather than just reading the disk in.

Rick (Ozzwald)

User avatar
Cyrano Jones
Atari Super Hero
Atari Super Hero
Posts: 662
Joined: Wed May 28, 2003 8:28 pm

Postby Cyrano Jones » Fri Jul 30, 2004 1:22 pm

First one:

Microprose's Gunship

Took me over a week, mainly due to not knowing what i was doing! The game loaded several .PRG files and each one had a disk check in it - Talk about picking a "tough" one to start with :-) Much pride when it was finished tho.

Most Fond memory:

Outrun

Because someone wrote into ST Action askign why the original took so long to load and why was the Automation version so much quicker :-)

Most Technically Challenging:

For some reason, Microdeal's (?) Jupiter Probe. I can't remember why, but it gave me hell.

Most Embarassing:

Bitmap Brothers' Speedball II

Mine kept randomly crashing for some reason. Never worked out why.

User avatar
bjjones37
Captain Atari
Captain Atari
Posts: 313
Joined: Thu Jul 29, 2004 1:11 pm
Location: USA

221B Baker St

Postby bjjones37 » Fri Jul 30, 2004 1:50 pm

I usually just searched for ascii strings and replaced them to simplify Doc checks. But when I upgraded my TOS and could not get 221B Baker St to work, I went for broke. I diassembled it into a couple hundred pages of 68000 source, then I did a hex/ascii dump so I could separate out the strings.
Then I loaded MonST2 and traced it to the routine that was causing it to crash, apparently the newer TOS was interpreting a system call to cause the program to attempt to write to ROM. As I had 4M of RAM I simply modified the address pointer so it would point to somewhere in the 2 or 3 megabyte range. This was about 16? years ago so I do not remember the exact details. But I do consider to be one of my most exciting moments and my introduction into assembly language programming. I wish I could have stayed with it. Unfortunately a guy has to eat. I'm an MCSE now but I wish I were really an ACSE (Atari Certified Systems Engineer).
Courtesy is not an option.

ozzwald
Atari freak
Atari freak
Posts: 51
Joined: Fri Jan 30, 2004 1:32 pm
Location: Morecambe, Lancs

Postby ozzwald » Fri Jul 30, 2004 2:16 pm

Cyrano Jones wrote:Most Fond memory:

Outrun

Because someone wrote into ST Action askign why the original took so long to load and why was the Automation version so much quicker :-)


There were quite a few I remember where the file loads were ridculously slow, though these were often French and written in some weird compiled language. I am sure everyone who has used a debugger at anytime will know what I mean, lots of meaningless loops and register changes, also hundreds of lines of code, whereas in pure assembler it would be 3 or 4!

A lot of the guys in the scene did little changes to stuff that made the games easier to play and often faster to load, ripping out a compiled file load and putting in a true assembler load was always the decent thing to do.

User avatar
Klapauzius
The Klaz
The Klaz
Posts: 4302
Joined: Sun Jul 04, 2004 7:55 am
Location: Bavaria
Contact:

Postby Klapauzius » Fri Jul 30, 2004 7:46 pm

Hardest one for me that I can remember was "Future Wars" by Delphine. It took me 8 days IIRC to get a grip on the in-game protection - completely imbedded into Delphine's gaming system. I believe I lost four pounds weight during that week.... :)
Later on I found out that other crackers (with much bigger names than mine) did also have their problems with it - I must admit that I got some satisfaction from that :wink:
OTOH, I remember cracking "Damocles" in half an hour or so. Somehow I got round all that trace encoding/decoding routines in it and managed to set a break on the position where it was all done.... Must have been lucky here :)

Cheers

Klaz

Zippy
Obsessive compulsive Atari behavior
Obsessive compulsive Atari behavior
Posts: 103
Joined: Sun Feb 01, 2004 1:58 am

Postby Zippy » Sat Jul 31, 2004 1:13 am

The most memorable/fun ones for me would be those handful of games with the decent protection/encryption systems which hardly anyone (or no one) else would hack.

The challenge and then final feeling of achievement when it was done was amazing, i could be on a "high" for days after that, which i guess made the 3-4 days (sometimes longer) of sitting up staring at MonST 'til 5-6am all seem worth it. Most games only took a few hours (at most) to hack so the pressure of being maybe 4 days into a 5 day marathon hacking session and hoping no other group was about to release a crack of it was immense... don't think that actually ever happened though, 'cause our original supplier was so quick.

Anyways, can't remember them all now, but stuff like Pirates, War Heli, Maupiti Island, Operation Stealth, Future Wars, Loom, Parasol Stars, Freedom, single disc Gauntlet II, Rodeo Games i remember all taking a lot longer than average.

Sometimes all i'd be thinking about was how to get around the bit of encryption/protection i was stuck on. Having worked on it from midnight 'til 6am and finally giving up for the night and going to bed, would be lying there for maybe another hour thinking about it... then suddenly get some inspiration and come up with a new idea to try so get back up at 7am switch the ST back on and try it! Or be thinking about how to bypass some game's encryption system all day at college and couldn't wait to get home and try out the new technique to see if it worked.

Yeah, happy memories of some great times. :)

User avatar
GT Turbo
Captain Atari
Captain Atari
Posts: 335
Joined: Tue Feb 17, 2004 9:41 am
Location: Alsace, France
Contact:

Postby GT Turbo » Sat Jul 31, 2004 9:22 am

Lotus Turbo Esprit Challenge was my first crack, that tooks me about 8 minutes, the protection was a joke :


If you don't give the good password (Graphics in the doc) the game will do a neverending loop :

In the code you can see :

bra.s *

A little visit with a diskeditor and a nop took the place


GT Turbo :wink:
Never forget : Power is in your minds !!!

http://Cerebral-Vortex.net

http://Jagware.org

User avatar
Steem Authors
Steem Developer
Steem Developer
Posts: 540
Joined: Tue Apr 30, 2002 10:34 pm
Location: UK
Contact:

Postby Steem Authors » Mon Aug 02, 2004 6:36 pm

Hey Zippy,

I just noticed War Heli on your list, your crack of that is one of the few programs we have left that doesn't work on Steem. We have tried to work out what is going on but we haven't got very far yet. If you have time could you have a quick look and see if you could guide us in the right direction? If you are using Windows I can send you the latest debug build if you like, we've enhanced the debugger a bit for v3.2.

Thanks,
Russ

ijor
Hardware Guru
Hardware Guru
Posts: 3100
Joined: Sat May 29, 2004 7:52 pm
Contact:

Postby ijor » Mon Aug 02, 2004 6:54 pm

I'm wondering if any crack on the ST was ever made with a hardware debugger. I know that at the time nobody could afford a 68K ICE. But perhaps somebody had access to one at work. I know this was sometimes done on PC games.

Of course, now with emulators such as Steem, we had a "virtual" ICE for free :)

User avatar
bjjones37
Captain Atari
Captain Atari
Posts: 313
Joined: Thu Jul 29, 2004 1:11 pm
Location: USA

Ever get sick of changing disks?

Postby bjjones37 » Mon Aug 02, 2004 7:09 pm

Here is a trick I used to pull on my ST to stop swapping disks. Most of the games were on single sided disks. Usually the copy protection was on track 80 or 81. I would format a double sided disk, copy all of the files from both disks to the one, and then use Procopy or something to copy just track 80 or 81 to the disk. Worked great on lots of programs. One program, I don't remember which, I even had to do a protected disk copy of the entire single sided disk, and then went and modified the boot sector manually so it could see the second side of the disk I had formatted. Ended up with a bunch of double-sided copy protected disks. Not as nice as hacking them I know, but sooo much easier.
Courtesy is not an option.

User avatar
Mug UK
Administrator
Administrator
Posts: 11196
Joined: Thu Apr 29, 2004 7:16 pm
Location: Stockport (UK)
Contact:

Postby Mug UK » Mon Aug 02, 2004 7:58 pm

Other than the LLS cartridge by Stainless Steel Rat, I don't know of any hardware debugger for the ST.

I certainly used it a lot for hacking music from inside demos - best use for an Ultimate Ripper cartridge (ie. by erasing it and putting LLS on instead!)

EEPROM on my website (the old one, not yet moved it across to new one!)
My main site: http://www.mug-uk.co.uk - slowly digging up the bits from my past (and re-working a few): Atari ST, Sega 8-bit (game hacks) and NDS (Music ripping guide).

I develop a free Word (for Windows) add-in that's available for Word 2007 upwards. It's a fix-it toolbox that will allow power Word users to fix document errors. You can find it at: http://www.mikestoolbox.co.uk

Zippy
Obsessive compulsive Atari behavior
Obsessive compulsive Atari behavior
Posts: 103
Joined: Sun Feb 01, 2004 1:58 am

Postby Zippy » Mon Aug 02, 2004 8:29 pm

Steem Authors wrote:I just noticed War Heli on your list, your crack of that is one of the few programs we have left that doesn't work on Steem. We have tried to work out what is going on but we haven't got very far yet.


Hehe, i'm not surprised you haven't got very far, it was a nightmare! :D And the way i hacked it actually left most of the encyption + anti-hacker routines in there.

It's a long time ago, but i think the problem is probably that the emulator isn't handling the low level disk access stuff properly (where the code is hitting the hardware registers directly). Could also be that some of the more nasty trace encryption/timer/hardware register stuff isn't emulated 100% accurately either. Then again i was truly AMAZED when you got my sync/trace encryption shell on the Maupiti Island loader to run on Steem. :)

I think on the text intro on war heli i described what some of the protection routines were doing, and the bit which is very likely not working would be where it checksummed the protected track (#41) and used that value to setup a hardware register. Even though the hacked disk was copyable in Fcopy this part of the protection was sort of left in place, in that rather than remove the routine completely and force the checksum to the correct value i actually just modified the data on the protected track to make the checksum return the correct value and yet still be copyable. That way i could leave as much of their checksum/timer stuff alone as possible and still make the disk copy with Fcopy.

There were duplicate sector ID's and fake Track ID's on track #41 as well, and they'd use some clever timing routines to work out when the real sector was approaching the drives head, as opposed to the fake one which would read instead, if the sectors were read sequentially as they would normally be. Again, i just modified the sector header to give it a genuine sector and Track ID's and patched the read routine accordingly, but left the timing and decryption stuff alone. The object was only to make the disk copyable... and that still took about a week!

So, basically you'd have to emulate the low level disk access stuff like the "Read Track" command at the hardware level and also get a lot of disk hardware related critical timings spot on as well... probably more trouble than it's worth for a single game. If you got it working you'd probably be able to emulate most disc protection systems as well (assuming you could develop some way of reading them in of course!), eg. the Rob Northen copylock which is measuring the variable *length of time* it takes to read bytes off the disk on the protected sector.

User avatar
bjjones37
Captain Atari
Captain Atari
Posts: 313
Joined: Thu Jul 29, 2004 1:11 pm
Location: USA

Postby bjjones37 » Mon Aug 02, 2004 8:34 pm

Klapauzius wrote:Hardest one for me that I can remember was "Future Wars" by Delphine. It took me 8 days IIRC to get a grip on the in-game protection...
Klaz


I bought that game and tried to play it, but the protection scheme was so frustrating just to use with their stupid clear plastic gridlines, I never bothered to play the game. Maybe I'll give it another try now.
Courtesy is not an option.

User avatar
bodkinz
Moderator
Moderator
Posts: 790
Joined: Fri Jul 02, 2004 8:32 pm
Location: London

Postby bodkinz » Mon Aug 02, 2004 8:56 pm

I never hack/cracked anything on the Atari ST...

but my most memorable one was when i used someones cheat code to copy a fast loader game (i forget which one exactly) by Ultimate Play The Game.

before that i had written a 17 byte copier using the ZX Spectrums internal copy/save routines with a wait for a keypress inbetween copy and save.. and as i have very few brain cells i was amazed the fastloader copier worked..

A friend of mine who was a bit of a tearaway bought a ZX Spectrum after i did.. he really knew how to hack/crack... he used to try to show me his latest efforts.. but i didnt understand half what he was on about.. he became a cash register programmer when he left school... i bow down to his knowledge...He was one of those type of guys who hung around with the local gang a lot.. amazing how some people turn out :D

Bodkinz (the brainless) :P
someone post something, i'm bored :)

ijor
Hardware Guru
Hardware Guru
Posts: 3100
Joined: Sat May 29, 2004 7:52 pm
Contact:

Postby ijor » Mon Aug 02, 2004 9:15 pm

muguk wrote:Other than the LLS cartridge by Stainless Steel Rat, I don't know of any hardware debugger for the ST.


It doesn't have to be ST specific. Any M68k ICE should work.

Those are quite affordable second hand, nowadays. I would like to try one myself if I would be good at soldering.

User avatar
Mug UK
Administrator
Administrator
Posts: 11196
Joined: Thu Apr 29, 2004 7:16 pm
Location: Stockport (UK)
Contact:

Postby Mug UK » Mon Aug 02, 2004 11:05 pm

On the consoles there was PSYQ (PS1) and SNASM etc for the SNES (and other names for the Megadrive etc).

Megadrive one I suppose if you found it could be hooked up to the ST .. but then again it'd would complain about the lack of a Z80 and FM chip for the sound.

I'm almost sure there's a few developers suites out there somewhere on a backup disk or two :)

Overlander was developed on if I remember ..
My main site: http://www.mug-uk.co.uk - slowly digging up the bits from my past (and re-working a few): Atari ST, Sega 8-bit (game hacks) and NDS (Music ripping guide).

I develop a free Word (for Windows) add-in that's available for Word 2007 upwards. It's a fix-it toolbox that will allow power Word users to fix document errors. You can find it at: http://www.mikestoolbox.co.uk

User avatar
Steem Authors
Steem Developer
Steem Developer
Posts: 540
Joined: Tue Apr 30, 2002 10:34 pm
Location: UK
Contact:

Postby Steem Authors » Sun Aug 08, 2004 9:02 pm

Hi Zippy,

Thanks for all the info, I wish my memory was as good as yours. :)

Could also be that some of the more nasty trace encryption/timer/hardware register stuff isn't emulated 100% accurately either. Then again i was truly AMAZED when you got my sync/trace encryption shell on the Maupiti Island loader to run on Steem.

So was I! :D I think it was more luck than judgement, but due to my bad memory I can't remember what fixed it now.

So, basically you'd have to emulate the low level disk access stuff like the "Read Track" command at the hardware level and also get a lot of disk hardware related critical timings spot on as well... probably more trouble than it's worth for a single game. If you got it working you'd probably be able to emulate most disc protection systems as well (assuming you could develop some way of reading them in of course!), eg. the Rob Northen copylock which is measuring the variable *length of time* it takes to read bytes off the disk on the protected sector.

There is a great deal of progress going on in this area, in fact thanks to ijor we already have Rob Northern copylock protected disk images running on Steem. The odd thing with War Heli is that it seems to go wrong before it gets to the hard bit (the disk access). All the disk access up to the point it goes into an endless loop is done by TOS. The only FDC related activity the program itself does is this:

FDC: 0001A2 - Setting FDC sector register to 4

And I don't think that is intentional, it has already caused an address error by trying to write to address $19 before it gets there. Can you remember if it did anything unusal before getting to the FDC code?

Thanks again,
Russ

User avatar
Marl
Atari nerd
Atari nerd
Posts: 44
Joined: Mon Aug 09, 2004 12:55 pm
Location: Yorkshire

The one with all the piddly little files

Postby Marl » Mon Aug 09, 2004 5:48 pm

Hiya,

Was it Operation Wolf? - I forget - Anyway the game loaded loads of little files, it would have been a pain to change it and a memory dump was not an option.

So we broke new ground by patching the depacker into the operating system file read routines. 8O

At the start we loaded a custom version of the depacker high in memory and re-pointed the OS load routines.

ANY file read was checked to see if it contained a pack header and if so it was decompressed to the correct size, the depacker then returned the corrected load information to the calling program.

In effect it meant from then on we could do the same trick with any game, pack all data files and not have to touch the game load routines.

I recall at the time being extremely surprise how well it worked. :lol:

ozzwald wrote:There were quite a few I remember where the file loads were ridculously slow,

Dynamic Drums - Major International Computer Show :lol:

The company that wrote the software demonstrated it with our cracked version because "it loads faster than our original" :roll:

User avatar
bjjones37
Captain Atari
Captain Atari
Posts: 313
Joined: Thu Jul 29, 2004 1:11 pm
Location: USA

Infocom game (crack?hack?)

Postby bjjones37 » Mon Aug 09, 2004 9:35 pm

Hey MugUK, this one's for you.
There are about six different versions of the Infocom runtime interpreter for the Atari ST. They are called Z-machines. The Infocom adventures are all fully contained within the data files. Some will work with more then one interpreter. Well guess what? So do the IBM versions. Get one of the data files from an IBM version of the Infocom text adventure games and just try each ST interpreter until one of them works. I find that they work with all but the newer ones (Arthur, etc). The are of course some generic Zmachine interpreters, but they are ttp programs and I do not like having to type file names. Thats why I have a GUI. Having the Infocom Masterpieces CD came in handy.
Courtesy is not an option.

User avatar
ruthless
Atari freak
Atari freak
Posts: 65
Joined: Fri Jul 30, 2004 4:30 pm
Location: south wales

Postby ruthless » Mon Aug 09, 2004 9:47 pm

The most memorable crack i got was (i think) for Enchanted Lands and was cracked by 'The Magic Middle Finger',

There was much debate behind closed doors as to who actually did the crack of this game, i beleive it was either Zippy or Andy from the BBC (becuase of the text loader on the front, which was very similar to ones often used by them) :wink:

As for the game you either loved it or hated it, most hated it, i quite liked it and would put it on to enjoy the great music in the game.

I would also like to add that my favourite menu (compilation) was The Pompey Pirates menu coded by Dominion (who later joined Awesome) which saw you control a small space ship around the screen to select the different games - was truly great and original.

I remember talking to Derek MD on the phone when it was released and him saying how fantastic it was (his biggest selling disc), which considering he hated the group was refreshing to hear.

Also the Automation menu compiled by Hank, which contained Rick Dangerous 2 was memorable (think it had to be re-released a couple of times) becuase Automation imo had been falling behind The Pompeys, but with the releases Hank was literally getting his hands on, it put them back up there in stature again :)

Enough waffling (no bold text either) ;)

User avatar
bodkinz
Moderator
Moderator
Posts: 790
Joined: Fri Jul 02, 2004 8:32 pm
Location: London

Postby bodkinz » Mon Aug 09, 2004 10:43 pm

so... no one really wanted to claim responsibility for cracking enchanted lands? is that what you are saying? :P

bodkinz
someone post something, i'm bored :)

Zippy
Obsessive compulsive Atari behavior
Obsessive compulsive Atari behavior
Posts: 103
Joined: Sun Feb 01, 2004 1:58 am

Postby Zippy » Mon Aug 09, 2004 10:54 pm

Wasn't me. I got the cracked version long before i was offered an original to look at so didn't see the point.

User avatar
ICS
Moderator
Moderator
Posts: 455
Joined: Sun Apr 28, 2002 12:26 am
Location: .de

Postby ICS » Mon Aug 09, 2004 10:57 pm

Yo!

Never saw that Enchanted Lands version.

But I have Thalions "A Prehistoric Tale" (The Lost Boys game) cracked by The Magic Middlefinger.

Some people said it was Lethal/Hotline.
I think it was Mr. ST News who speculated that it was Jacky/ACF.

So who was it then?

User avatar
ruthless
Atari freak
Atari freak
Posts: 65
Joined: Fri Jul 30, 2004 4:30 pm
Location: south wales

Postby ruthless » Mon Aug 09, 2004 11:05 pm

Correct, nobody wanted to take credit coz it was TLB.

I still believe it was BBC/MEDWAY

Who knows, would be nice for someone to step forwars and claim responsibilty.

At least we know it wasnt Zippy ;)

Zippy
Obsessive compulsive Atari behavior
Obsessive compulsive Atari behavior
Posts: 103
Joined: Sun Feb 01, 2004 1:58 am

Postby Zippy » Mon Aug 09, 2004 11:13 pm

Steem Authors wrote:it has already caused an address error by trying to write to address $19 before it gets there. Can you remember if it did anything unusal before getting to the FDC code?


Oh yeah, it definitely did loads of very, very unusual stuff... all sorts of redirected exceptions + trace stuff with code running in page 0 right over the exception vectors.

I never actually fully traced or decrypted some of the protected loader stuff, they were lapse enough to leave some of the data loaded by the initial encrypted loader unencrypted on the disk, so i could find it and patch it there without removing or even fully understanding what they were doing in the most protected of the initial loader routines.

It was definitely one of the most heavily "anti-hacker" protected games ever released on the ST, even just a look at the original bootsector could tell you that (think i ended up copying that onto track 79 somewhere, probably sector 1).

I'd think you probably couldn't debug it through the emulator, you'd almost certainly need a real ST and even then you couldn't trace it cause of the timing/sync stuff and hardware register (FDC) access stuff embedded into the decryption/trace routines.

If it's hitting an address error (presumably not one of the intentional ones which would be redirected as part of their protection) then i'd guess it's probably because something hasn't been loaded or decrypted properly due to the timings or hardware not being emulated 100%. Did you actually try tracing it from the bootsector or just running it until it generated the exception?


Social Media

     

Return to “Menu Disks”

Who is online

Users browsing this forum: No registered users and 1 guest