What to crack next after Battle Chess?

[Sektor 83]

There was definitely a lot of trial and error involved in my first Copylock crack, and ended up eventually finding the end of the routine ($16ee), and setting a breakpoint there. When it broke back into the replay, I looked at the registers to find the Copylock key was stored in d0 (it's returned in address $24, I think?).



It was when I was scrolling through the code, having a think about what to DO with the key, that I almost fell out of my chair with laughter when I stumbled on this instruction at $1102 ... I just couldn't believe how blatant it was!



So, having a vague understanding that when a Copylock fails that it returns a value of 0 (I even checked a copy 'backed up' from the .ipf to make sure!), I just changed the instruction at $1102 to 'cmp.l #0,d0' and tested it to see if it worked... and it did!

To make the crack permanent, I just read in the first 12 tracks to the replay at $80000, found the code up in that memory location, amended it, and wrote it straight back to disk and again, tested to see if it worked... job done!! It's in the Zone if anyone wants to test it for themselves and see if it's okay

[zipper]

Heh, just threw it into my PC, double clicked it and it works (AForever, of course). First time in over 15 years as I never got the cracks I have to work from HD in my Amiga.

[Sektor 83]

Batman The Movie: Key = $FF7EEFAB. Managed to patch this one by NOPping out all instructions from $139c-$13a4 (right at the end of the Copylock).

Phobia: Key = $7670CF6B. Uses pretty much a similar key comparison routine as Chase HQ, only this time the comparison routine located in memory right after the end of the Copylock. Patched in exactly the same way (cmp.l #0,d0).

I guess there's a lot to be said for persistence... Chase HQ took me AGES to figure out what was going on, hours in fact! (not that I'm embarrassed about that at all, because I felt I learned a lot from the experience), whereas these two took me about 10 minutes each using what I'd learned from my Chase HQ cracking attempt!

[TCD]

Quote:

Originally Posted by Sektor 83

Chase HQ took me AGES to figure out what was going on, hours in fact!

Been there, seen that

Congratulations for being that persistent and for finally tackling it on your own

[Sektor 83]

Quote:

Originally Posted by musashi5150

Alien Storm & Zombi are both a piece of cake too

Had a go at Alien Storm last night, found it a bit Copylock-like in a way... there's a routine which starts at $C37C which goes to the protection check, before checking the result. Patched this one by NOP'ping out everything from $C37C up to $C38C (where the game continues to load) and using a hex editor to find the opcodes and fix it into the executable. Might have a go at Zombi later on tonight if I'm not too knackered!

[Sektor 83]

Okay, I've skipped Zombi for the moment (since I can't find an .ipf of it), and turned my attentions back to Powermonger. I've managed to patch the disk check on the WWI edition (the routine for the actual check is between $1DDB8-1DDBE), which I'm fairly pleased with, but I don't seem to be faring as well with the actual manual protection; I've tried pretty much every idea I can think of to figure out what's going on, and I'm SURE there's something I'm missing. I dunno, I'm going to take a small break from it, and then persist with it later on, because I have a feeling I'm just going about it in the wrong way.

[Galahad/FLT]

Quote:

Originally Posted by Sektor 83

Okay, I've skipped Zombi for the moment (since I can't find an .ipf of it), and turned my attentions back to Powermonger. I've managed to patch the disk check on the WWI edition (the routine for the actual check is between $1DDB8-1DDBE), which I'm fairly pleased with, but I don't seem to be faring as well with the actual manual protection; I've tried pretty much every idea I can think of to figure out what's going on, and I'm SURE there's something I'm missing. I dunno, I'm going to take a small break from it, and then persist with it later on, because I have a feeling I'm just going about it in the wrong way.

I can give you a hint if you get stuck

[mai]

Why not trying to crack a game/Program, where no crack exists, or is this pure education thread?

[Sektor 83]

Quote:

Originally Posted by mai

Why not trying to crack a game/Program, where no crack exists, or is this pure education thread?

Definitely the latter, although I'd quite like to achieve the former someday... hopefully I'll get there!

Quote:

Originally Posted by Galahad/FLT

I can give you a hint if you get stuck

I've been having a look at it a little bit more, and I'm definitely not finding myself getting much further. Looks like I'm going to have to take the hint on this one!

[mai]

Quote:

Originally Posted by Sektor 83

Definitely the latter, although I'd quite like to achieve the former someday!

...then start with the easiest protection, "Jurrassic Park" for example. -
i am just joking.

[Galahad/FLT]

Quote:

Originally Posted by Sektor 83

Definitely the latter, although I'd quite like to achieve the former someday... hopefully I'll get there!





I've been having a look at it a little bit more, and I'm definitely not finding myself getting much further. Looks like I'm going to have to take the hint on this one!

I presume you're having problems finding code that points to various text strings?

Not all games have a piece of code that directly references the text, some text has control codes and the like before it that is referenced first.

So, for example, if you've found a piece of interesting text at address $1ffbe (this is an example), and the text has control codes before it (control codes can be X and Y offsets for positioning of text onscreen).

So, logically, it might be that the control codes that precede the text might well have code that references that.

So instead of looking for pointers to $1ffbe, why not start looking for pointers for $1ffbd or $1ffbc or $1ffbb etc etc?

[mai]

be aware - learn quickly

[dlfrsilver]

Quote:

Originally Posted by Sektor 83

Okay, I've skipped Zombi for the moment (since I can't find an .ipf of it), and turned my attentions back to Powermonger. I've managed to patch the disk check on the WWI edition (the routine for the actual check is between $1DDB8-1DDBE), which I'm fairly pleased with, but I don't seem to be faring as well with the actual manual protection; I've tried pretty much every idea I can think of to figure out what's going on, and I'm SURE there's something I'm missing. I dunno, I'm going to take a small break from it, and then persist with it later on, because I have a feeling I'm just going about it in the wrong way.

I have zombi in what you want format pm please
note the ipf has the original virus on it

@mai : you want him to quit already ? jurassic park involves many days of work and needs a blocknote and a format change + copylock removall + 50 checksums to remove lol

[mai]

Quote:

Originally Posted by dlfrsilver

@mai : you want him to quit already ? jurassic park involves many days of work and needs a blocknote and a format change + copylock removall + 50 checksums to remove lol

right, its too hard for everyone, uncrackable.
ok, there is a WHDLOAD install

[Djay]

Quote:

Originally Posted by Galahad/FLT

I presume you're having problems finding code that points to various text strings?

Not all games have a piece of code that directly references the text, some text has control codes and the like before it that is referenced first.

So, for example, if you've found a piece of interesting text at address $1ffbe (this is an example), and the text has control codes before it (control codes can be X and Y offsets for positioning of text onscreen).

So, logically, it might be that the control codes that precede the text might well have code that references that.

So instead of looking for pointers to $1ffbe, why not start looking for pointers for $1ffbd or $1ffbc or $1ffbb etc etc?

When i wrote out the Populous II codes from the manual, i think they were faces (might be my bad memory), i noticed a mathematical pattern to it..

is that similar to this crack?

I hope someone else noticed this or at least knows what I am on about, you might be able to describe it better, hey it was a long time ago...

If not I might find the manual and write it out again to find the pattern

[Sektor 83]

Quote:

Originally Posted by Galahad/FLT

I presume you're having problems finding code that points to various text strings?

Not all games have a piece of code that directly references the text, some text has control codes and the like before it that is referenced first.

So, for example, if you've found a piece of interesting text at address $1ffbe (this is an example), and the text has control codes before it (control codes can be X and Y offsets for positioning of text onscreen).

So, logically, it might be that the control codes that precede the text might well have code that references that.

So instead of looking for pointers to $1ffbe, why not start looking for pointers for $1ffbd or $1ffbc or $1ffbb etc etc?

That was one of the problems, and I don't know why it didn't occur to me to do exactly what you've just said! It's blindingly obvious when I think about it! The other problem was I think I tried to overthink this one a little too much and ended up looking at things I didn't particularly need to. Nevertheless, I took your advice on board and I've managed to crack it Working on a permanent patch for the WWI data disk, should get that uploaded into The Zone shortly

[TCD]

I'll surely give it a good whirl as tomorrow is a public holiday here

Sir, you rock Keep it up

[Sektor 83]

Quote:

Originally Posted by TheCyberDruid

I'll surely give it a good whirl as tomorrow is a public holiday here

Sir, you rock Keep it up

Thanks It took a little while longer to make a permanent patch than I thought it would. Disk check was simple enough to patch in, but manual check took a little more work (see Codetapper's post about searching around the routine for opcodes etc. etc.), I've never played this game so I haven't really given it much of a thorough testing, but it's in The Zone if you wanna check it out

[dlfrsilver]

Quote:

Originally Posted by mai

right, its too hard for everyone, uncrackable.
ok, there is a WHDLOAD install

Not uncrackable, it's just that it's time consuming. Even the whdload release has a checksum unpatched.....

Just ask to galahad

[Sektor 83]

Quote:

Originally Posted by Big-Byte

Also try Battlehawks 1942 (I think that is correct title)

Ah yeah, patched the novella on this one by just NOP'ping out the BNE instruction at $1A112. Got this one over and done with fairly quickly, it would seem! Guess there's just Zombi to go now...

Quote:

Originally Posted by dlfrsilver

I have zombi in what you want format pm please
note the ipf has the original virus on it

Ah, you've no need to worry... I've managed to get hold of a Zombi .ipf, and it indeed did have a Lamer Exterminator virus on the bootblock which I had to remove... was it actually mastered and sold in the shops this way? Pretty crappy if it was!