Wish to hack out code protection in a few PC games. Anyone wanna help?

[MethodGit]

I'm hoping that one day I can edit out the summon-the-code-protection calls in the following PC adventure titles:

The Secret of Monkey Island (EGA and VGA floppy versions)
Indiana Jones And The Last Crusade (EGA version)
Zak McKracken and the Alien Mindbenders
Maniac Mansion


However, I'm specifically looking to see if it's possible to apply a *script hack*, rather than a simple executable hack. I examined Amiga Patch List and noticed in its guide some instructions to hex-edit one of MI1 Amiga's data files instead of the program file, so I know it's theoretically possible. However, it seems that while gamehacking programs for AGI and SCI games exist, no such program appears to be available for SCUMM titles, making a possible script hack a lot harder to implement. Of course, even if I was able to hack that way, I'd still need to understand certain commands numbers in the code and what not.


How complicated is it to find specific code in a SCUMM game and modify it? (Before anybody mentions WHDLoad or ScummVM, I specifically want to hard-code a hack in.) All help is appreciated, thanks.

[StingRay]

Since all of these games are interpreter based you will need to reverse engineer the interpreter code to find out which command triggers the protection. In other words, if you don't have deep knowledge of x86 asm it will be impossible for you to remove these protections. Since these games are all supported by ScummVM it is not necessary to hack them anyway.

[MethodGit]

Do you mean that in order to work out which part of which data file should be hacked/edited, I'd have to translate the original bundled interpreter into disassembly? Crumbs. Sounds like too much work already. =[


And while ScummVM is capable of disabling code protection, it does not do it to all games (original floppy games for instance will still expect you to enter a specific code, and I believe games by Coktel Vision and possibly others will also still tell you to input a code), hence the need for a script hack. Most cracked/scene releases I've seen of Lucasfilm/LucasArts games from this early era usually crack the DOS executable only, something that's meaningless to ScummVM.

[StingRay]

Quote:

Originally Posted by MethodGit

Do you mean that in order to work out which part of which data file should be hacked/edited, I'd have to translate the original bundled interpreter into disassembly? Crumbs. Sounds like too much work already. =[

That's called cracking... You will have to do the same even if you go for the dirty "patch the executable" approach.

[MethodGit]

*sigh* Don't suppose anyone could be a sweetheart and try and work out for me which offsets I should edit in what data file for what game, should they have the time one day?

[skateblind]

So basically you want someone else to do the hardwork for you?
I am very disappointed in you Mr Git.

[MethodGit]

That did come out quite wrong, didn't it? =[

Look, I can always forget about it. I just thought it would've been more convenient for portable device users like me who didn't want to keep carrying physical documentation around with them everywhere they went just so they could play a game.

[Retro-Nerd]

Use the LucasArts Codes Generator.

http://eab.abime.net/showpost.php?p=423938&postcount=5

[MethodGit]

Wha wha wha? That is just GENIUS right there.

Might have a bit of trouble running a Windows app on a DS/PSP/GP2X though, but it's a useful step up nevertheless! Thanks.

[skateblind]

Surely these games are already cracked for scummvm? I don't remember needing to input the correct codes to play the games. I completed MI1 and MI2 on the PSP btw.

[jotd]

I adapted bytecode hack for Monkey Island II from Amiga crack to PC (data file) and it worked in earlier versions of SCUMMVM where protection was not removed.

FYI the newest versions of SCUMMVM now remove all protections from games (AlexH said so so it must be true)

The idea is: check a hack existing for Amiga (example: in the WHDLoad slave sources or Amigapatchlist), look the offsets around in an hex editor, and try to find the same bytecode in the PC version of the file. It worked for MI2 so why not the others...

PS: I have cracked most of ScummVM & Sierra games without knowing the byte code, but by hacking the executable & using "replay" technique at the correct moment.
I remember fondly cracking Operation Stealth on amiga in 1993 or 1994: took me 10 hours with Action Replay, and now when I look at my crack I don't even remember how I did it (but it still works flawlessly)!!

[lilalurl]

Quote:

Originally Posted by jotd

FYI the newest versions of SCUMMVM now remove all protections from games (AlexH said so so it must be true)

Quote:

There is no way for us to tell the difference between legitimate and pirated data files, so for the games where we know that a cracked version of the original interpreter was sold at some point, ScummVM will always have to bypass the copy protection.

In some cases ScummVM will still show the copy protection screen. Try entering any answer. Chances are that it will work.

ScummVM will skip copy protection in the following games:

* Maniac Mansion
* Zak McKracken and the Alien Mindbenders
* Loom (EGA)
* The Secret of Monkey Island (VGA)
* Monkey Island 2: LeChuck's Revenge
* Lure of the Temptress

bypassed with kind permission from Revolution Software.

* Beneath a Steel Sky

bypassed with kind permission from Revolution Software.

* Inherit the Earth: Quest for the Orb (Floppy version)

bypassed with kind permission from Wyrmkeep Entertainment, since it was bypassed in all CD releases of the game.

* Simon the Sorcerer 1 (Floppy version)
* Simon the Sorcerer 2 (Floppy version)

bypassed with kind permission from Adventure Soft, since it was bypassed in all CD releases of the game.

http://wiki.scummvm.org/index.php/Us...opy_protection

Hopefully, the wiki us up-to-date.

[MethodGit]

Quote:

Originally Posted by skateblind

Surely these games are already cracked for scummvm? I don't remember needing to input the correct codes to play the games. I completed MI1 and MI2 on the PSP btw.

I think the CD version of MI1 has no codewheel protection. But some of us are likely to still have the older floppy version (EGA or VGA).


jotd: I took your suggestion of looking at the WHDLoad slave sources but the way it's written I can't quite understand how to translate it into hex offsets. Besides, it seems slaves for all-pre-MI1 games do memory patching. MI1 source is the only one which seems to specifically reference a data file, and Loom/Maniac/Zak don't include any sources.

Surprised you managed to translate your Amiga MI2 hacking code into a match for the PC port though. The Amiga version divides the game data into several files whereas on the PC it's all in one big file. Did you have to extensively search each and every data file for a matching offset?


Oh, and one question to Retro-Nerd: how exactly did you come across that program in the first place? Google couldn't come up with an original source site (although I'd imagine that the author wouldn't want to make it too public in case LucasArts had a childish fit about it, or something).

[Retro-Nerd]

I found it on Abandonware-France iirc some years ago, but they removed the link as it seems.

[MethodGit]

A bit of research and some Archive.org-ing later reveals....

http://web.archive.org/web/200802071...g/download.php

[turrican3]

too bad that the protection for futurwars is always there with scummvm.

[MethodGit]

Quote:

Originally Posted by turrican3

too bad that the protection for futurwars is always there with scummvm.

I know, which is even more ridiculous. The ScummVM team's excuse, last time I checked, was that they don't have the permission of whoever holds the copyrights to the game. But who actually owns it at the moment? Delphine went belly-up several years ago and to date I haven't seen any documentation or proof suggesting that somebody picked up all of the company's IP since then. If a company no longer exists, and can therefore no longer offer support for a title which long stopped being a seller for anybody, never mind stopped being manufactured eons ago, then I would say it's perfectly viable to just disable the code protection anyway. So STOP BEING A PRICK ABOUT IT!

In fact, that just set me off on another thing altogether. Communities like LucasForums and ScummVM say they don't want to risk getting themselves into trouble with the companies by eliminating decade-old manual/code protection, but if they believe LucasArts would say something about it, why had they in later years eliminated code protection from games which previously had them (be it CD-ROM re-releases, or even cracked interpreters included as part of budget releases)? None of the Steam adventure re-releases so far include any built-in protection, unless you include the general Steam protection, which is kinda more put on there by Valve rather than LucasArts. So it's bullshit to assume LucasArts would sue them out of existence for getting round dated manual protection (which they don't even believe in anymore, and haven't believed in for more than ten years) for out-of-print titles. It's just an excuse for people to act like toffee-nosed collectors and make a mint out of overpricing old DOS titles on eBay.

[MethodGit]

Okay, so I decided to take a look at the WHDLoad source code for Future Wars just now, and it seems all I need to do is go to a certain offset and apply this single byte change. But where exactly? Is it possible to alter one of the data files directly? An executable crack won't do since ScummVM will ignore it anyway.

[MethodGit]

Well, while we're on the subject, you'll be pleased to hear that I've successfully hardcracked three games so far!


Instructions for Monkey Island 1, Monkey Island 2 and Cruise For A Corpse will be a-coming shortly.

[eLowar]

There also used to be many tools with huge collections of DOS cracks. NeverLock and Rawcopy come to mind. I used to have others, but I really haven't put much effort into hunting them down again as they're fairly useless these days (with pre-cracked games already readily available and things like ScummVM), but I do have some versions of NeverLock and at least one version of Rawcopy. I do believe they support at least some of the aforementioned games, so if you're interested I can upload them (note that they're themselves DOS programs, of course).