English Amiga Board


Go Back   English Amiga Board > Coders > Coders. Asm / Hardware

 
 
Thread Tools
Old 07 March 2018, 05:33   #1
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
Help/Guidance reverse engineering a demo

Hi,

I would like to practice my RE skills. I'm trying to reverse engineer the State of the Art demo from an adf I've downloaded. Eventually I would like to re-code it in javascript for fun.

My first problem is that I'm not so comfortable about how a track loader is working and can't really figure out the "entry point" of the demo itself.

I've been following pointers from this post http://www.woodmann.com/forum/archiv...hp/t-4514.html
to try to figure out where the code of the demo is loaded in memory and then use the FS-UAE debugger to do step by step.

If someone is willing to provide guidance/help I could start pasting some of my findings.
a.nonyme is offline  
AdSense AdSense  
Old 07 March 2018, 07:21   #2
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
Disassemble the bootblock. You will see which file is loaded to which address then. Then diassemble that file and locate the trackloader (usally very easy to spot, just look for code which searches for the SYNC marker ($4489)). You don't have to know how the trackloader is working, you only need to know which data it loads to which locations. Which can be easily figured out by checking the loader calls. Then you can use that info to disassemble all the other parts of the demo.
StingRay is offline  
Old 07 March 2018, 23:36   #3
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
I sticked the asm dump of the first track in a public gist here

State of the art first adf tracks asm dump


I can locate some code looking for the markers. For example

Code:
000DC1C4 loc_DC1C4:                              ; CODE XREF: RAM:000DC1C8j
000DC1C4                 cmpi.w  #$4489,(a2)+
000DC1C8                 bne.s   loc_DC1C4
000DC1CA                 cmpi.w  #$4489,(a2)
000DC1CE                 bne.s   loc_DC1D2
000DC1D0                 addq.l  #2,a2
But then I'm not sure where to go from there.

A little guidance would be most welcome.

My understanding so far is that it starts copying what's in between addresses
0xDC034 and 0xDC2B4 (relative to PC) to absolute address $100 and then jumps to $100, executing the copied code.

Code:
000DC01E                 lea     $DC034,a0
000DC022                 lea     $DC2B4,a1
000DC026                 lea     ($100).w,a2
000DC02A
000DC02A loc_DC02A:                              ; CODE XREF: RAM:000DC02Ej
000DC02A                 move.b  (a0)+,(a2)+
000DC02C                 cmpa.l  a0,a1
000DC02E                 bne.s   loc_DC02A
000DC030                 jmp     $100

Before doing that though I believe it calls a function:

Code:
000DC00C                 bsr.w   sub_DC2B4
000DC010                 move.w  #$7FFF,(word_DFF09A).l
000DC018                 movea.l #$9A0,sp
if I look at sub_DC2B4, it seems that the function is checking stuff, like what Amiga, memory extension or what not maybe ? Got no idea TBH.

So now I need to understand the code which has been copied ...

Will try to do loc_DC034, loc_DC03E & loc_DC070 when I got a chance but a few hints for the first blocks would me most welcome.
a.nonyme is offline  
Old 08 March 2018, 08:50   #4
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
sub_DC2B4 is a check for extra memory. As for the loader, think what it has to do: it needs at least 3 parameters: start offset, length, destination. Which in turn means you should look for code which passes 3 parameters to a sub-routine. If you have a closer look at $DC0A8 you might find something interesting...

No offence but I doubt you'll be able to disassemble the demo with your current knowledge. The boot code really is very easy to understand and you already struggle to continue.
StingRay is offline  
Old 08 March 2018, 12:29   #5
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
Thks for your help and no worries: no offence taken as, as you said it's just about a lack of knowledge about a particular piece of hardware ... it's neither a lack of motivation nor skills hopefully. I will pick it up.

Will check $DC0A8 when I got a chance.

Again thanks for your help.

Last edited by a.nonyme; 08 March 2018 at 23:52.
a.nonyme is offline  
Old 20 March 2018, 11:31   #6
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
I've found some of my old code which rips all files from SOTA. This should help you to get started. Source attached.
Attached Files
File Type: s RipFiles.s (3.0 KB, 59 views)
StingRay is offline  
Old 11 May 2018, 00:21   #7
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
Thks man ! Was going to have another look at it :-)
Meanwhile I taught myself more 68k asm
(I wrote a toy compiler with m68k backend supporting Amiga thanks to vasm. Check it out https://github.com/ssrb/tigerlang, it's a bit rubbish I think but it works ^^)
a.nonyme is offline  
Old 11 May 2018, 09:29   #8
jotd
Cat freak
jotd's Avatar
 
Join Date: Dec 2004
Location: FRANCE
Age: 46
Posts: 2,173
to reverse engineer the demo you could use the source code from whdload install of the demo.

No need to reverse engineer the trackloader of the demo... You need the functional parts.

There will be more than 68000 asm here. There's a lot of custom chip tricks that a few people master.
jotd is offline  
Old 11 May 2018, 19:32   #9
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
Quote:
Originally Posted by jotd View Post
to reverse engineer the demo you could use the source code from whdload install of the demo.
Wouldn't really help that much when it comes to disassembling the actual demo code.

Quote:
Originally Posted by jotd View Post
There will be more than 68000 asm here. There's a lot of custom chip tricks that a few people master.
The code in SOTA is EXTREMELY simple, it's nothing more than a basic animation player. There aren't any real tricks used at all. It's more or less all "set up screen, call anim player code, load next part" kind of stuff.
StingRay is offline  
Old 16 May 2018, 04:46   #10
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
I set up github & travis with your ripper to start with. It's here https://github.com/ssrb/SOTA

I ran the exec in UAE and archived SOTAXXX_YYY.bin files.

Drobbox: https://www.dropbox.com/s/mge11i1a7fqpokv/SOTA.zip?dl=0

For the SOTA.dsk I used the adf: ie I renamed from "Spaceballs - State of the Art.adf" to SOTA.dsk. Not sure that's the file that was expected though ?

Gonna track my progress on that repo I guess.

Thks for your help.
a.nonyme is offline  
Old 16 May 2018, 11:13   #11
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
The files look OK to me. File name extensions are track_length. Check the comments in the RipFiles.s source, they describe what is what.
StingRay is offline  
Old Today, 06:04   #12
a.nonyme
Registered User
 
Join Date: Jan 2018
Location: Tokyo
Posts: 6
Trying the de-crunching code in 21/1 and display that image.

Need to learn more about the Amiga chip-set too now.

Last edited by a.nonyme; Today at 06:25.
a.nonyme is offline  
Old Today, 09:36   #13
StingRay
move.l #$c0ff33,throat

StingRay's Avatar
 
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 5,860
21_1 contains very easy to follow code, just displays the 4 "state" "of" "the" "art" pictures, fades the colors and plays a sample. And finally displays the credits picture. Make sure you fully understand the code before continuing with anything else!
StingRay is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse engineering from an executable bloodline Coders. General 13 20 August 2017 08:50
Captive 2 reverse engineering copse Coders. General 2 19 August 2015 21:08
Gods reverse engineering Kroah Retrogaming General Discussion 68 26 August 2013 13:28
Cadaver reverse engineering Kroah Retrogaming General Discussion 8 11 November 2011 09:35
Reverse engineering wiki copse Coders. General 9 14 December 2009 01:25

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 12:27.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Page generated in 0.07420 seconds with 16 queries