Death Trap & Idea Games

[Galahad/FLT]

Quote:

Originally Posted by StingRay

While writing a tutorial how to crack this game I got bored and hacked a whdload slave as well. You can find the installed game in The Zone. Please test it and report any bugs you find. The slave supports the following tooltypes/arguments:

CUSTOM1=1: skips the intro
CUSTOM2=1: unlimited lives
CUSTOM3=1: unlimited energy

Source is attached as usual.

I'll junk my install then

And Lord Blitter didn't have anything to do with the encryption, standard Cobra X-Rom Anco protection

Features on most of Ancos titles.

[Retro-Nerd]

Can you add a level selection trainer? I always fall into the ice-pike pits with the unlimited energy trainer. Can't be arsed to play it again and again.

I want test the other, probably boring, levels too.

[dlfrsilver]

What is cobra X-rom exactly galahad ? Can you please describe ?

[haynor666]

Excellent, I'll check game when I'll return from work.

Any progress on Dugger?

[Galahad/FLT]

Quote:

Originally Posted by dlfrsilver

What is cobra X-rom exactly galahad ? Can you please describe ?

it's just Ancos flashy name for their encryption system.

On the face of it, it looks very good and competant, but it has a flaw in it which actually makes it very easy to break.

All the encrypted data is loaded at $0, and then it goes through literally hundreds, and hundreds of small decryption loops, all of varying differences (so you can't just build one routine to decrypt them all with ease), the encryption is done so low as to cause Action Replay to screw up some of the data (Action Replay places code at address $40 if you use a breakpoint, which trashes part of the encrypted file), you also can't do a soft reset and expect to be able to do with anything with the data afterwards.

But, the flaw is quite easy to exploit. All of these hundreds of decryption loops are there to protect ONE completely different decryption code which is the final piece of code that actually decrypts the game exe data itself, i've exploited it on any and all Anco WHDLoad stuff and my Anco cracks (and i've done quite a few of those!).

The other thing to contend with is the checksums, and again, most of the Death Trap checksums are standard Anco type ones, with a few sneaky additions from Lord Blitter.

[StingRay]

Quote:

Originally Posted by Galahad/FLT

I'll junk my install then

I just saw that this game was in your "to do" list after starting the install, if you want you can of course continue your install and I won't release mine, don't want to steal any of your work!

Quote:

Originally Posted by Galahad/FLT

And Lord Blitter didn't have anything to do with the encryption, standard Cobra X-Rom Anco protection

Didn't know that as I didn't check many Anco games but it still was easy to defeat.

Quote:

Originally Posted by Galahad/FLT

all of varying differences (so you can't just build one routine to decrypt them all with ease)

Actually you can as there are not many variants of the the decryption loops, I coded a "semi-intelligent" decrypt routine for it.

Quote:

Originally Posted by Galahad/FLT

The other thing to contend with is the checksums, and again, most of the Death Trap checksums are standard Anco type ones, with a few sneaky additions from Lord Blitter.

I suppose the standard Anco checksums are the ones that are glaringly obvious. There was only 1 quite nice (i.e. not obvious) checksum check, I guess that one was added by Lord Blitter then.

Quote:

Originally Posted by Retro-Nerd

Can you add a level selection trainer? I always fall into the ice-pike pits with the unlimited energy trainer. Can't be arsed to play it again and again.

I added that just after I posted the slave yesterday as I wanted to test the game completely and couldn't be arsed to play all the boring levels. I'll attach the new version of the slave to this message. You can select the level with the 'CUSTOM4' tooltype. You can also use "HELP" to skip a level.

[Galahad/FLT]

Don't worry about it Stinger old chap, i'm happy for you to release it, just irked at first because all that was left on mine was playtesting, I don't actually rate the game at all, just the protection was a nice change.

All the glaring checksums like cmp.l #$12345678,d0 are the Anco ones, there are a few cmp.w checksums that are all Anco as well, but the results is still the same, the failure as you know is simply that they bypass restoring the registers back on the stack.

There was one sneaky on in Player Manager 2 Extra AGA, and that didn't result in a crash, but the coding style of it was similar to the other checksums.

The beauty of most of the Anco checksums is you always know if you've missed one because the default is to crash the Amiga, they should have gone for subtle.

Actually, scratch that, Quartex, LSD and Hoodlum ALL missed the protection on Player Manager 2 Extra AGA, they didn't think it had any at all. Check out the bootblock of my Fairlight version to see just how 'little' there was!

[Retro-Nerd]

Quote:

Originally Posted by StingRay

I added that just after I posted the slave yesterday as I wanted to test the game completely and couldn't be arsed to play all the boring levels. I'll attach the new version of the slave to this message. You can select the level with the 'CUSTOM4' tooltype. You can also use "HELP" to skip a level.

I found no bugs, so i assume it works fine. At least on 1230 cards.

[StingRay]

Quote:

Originally Posted by Galahad/FLT

Don't worry about it Stinger old chap, i'm happy for you to release it, just irked at first because all that was left on mine was playtesting, I don't actually rate the game at all, just the protection was a nice change.

The game is rather boring IMHO, nice graphics, decent code but oh so boring gameplay. I actually only had a look at it because I read dlfrsilver's post in the "Games that were tough to crack" thread and wanted to see how tricky it really was and it wasn't very hard to crack.

Quote:

Originally Posted by Galahad/FLT

All the glaring checksums like cmp.l #$12345678,d0 are the Anco ones, there are a few cmp.w checksums that are all Anco as well, but the results is still the same, the failure as you know is simply that they bypass restoring the registers back on the stack.

Yes, that's what makes them pretty useless as you'll easily notice when you missed one of the checksums. Then again it doesn't really matter as things like "cmp.w #$DEAD,d2" are a dead giveaway anyway. Except for the not so obvious checksum check which made the game crash at the beginning of level 2 I found them all by just using my standard approach to find checksums without even starting the game once. Not a very effective protection indeed.

Quote:

Originally Posted by Galahad/FLT

Actually, scratch that, Quartex, LSD and Hoodlum ALL missed the protection on Player Manager 2 Extra AGA, they didn't think it had any at all.

I'm a bit surprised about Quartex as their cracks usually worked well but you didn't really expect to see quality cracks from LSD or Hoodlum, did you? :P

Quote:

Originally Posted by Retro-Nerd

I found no bugs, so i assume it works fine. At least on 1230 cards.

Thanks for testing! I'll attach the last version of the slave to this message, if there are no problems with it it will be the final one I'm gonna send to Wepl then. I've added an unlimited continues trainer (woohoo, big deal :P), use custom4=1 to enable it. I also changed the level selector a bit, if you add 256 to the level number, the level skipper (help key) is enabled, otherwise it's off. Oh, use CUSTOM5 tooltype for the level selector now.
If unlimited energy trainer is enabled, you can toggle it with the "E" key.

[Retro-Nerd]

Looks like i found a bug:

I set Custom5=257 to start in level 2. I've disabled the unlimited energy trainer in-game with the "E" toggle key and the character dies, but then the game freezes with garbled graphics.

Edit: It also freezes without Custom5, when you use the "E" key.

[StingRay]

Quote:

Originally Posted by Retro-Nerd

Looks like i found a bug:

I set Custom5=257 to start in level 2. I've disabled the unlimited energy trainer in-game with the "E" toggle key and the character dies, but then the game freezes with garbled graphics.

Edit: It also freezes without Custom5, when you use the "E" key.

That was exactly the same bug that happened yesterday on my machine (it was the reason why I disabled the unlimited energy toggle). Gotta check if I can track down what's causing this bug. Thanks for the report!

[Galahad/FLT]

Quote:

Originally Posted by StingRay

That was exactly the same bug that happened yesterday on my machine (it was the reason why I disabled the unlimited energy toggle). Gotta check if I can track down what's causing this bug. Thanks for the report!

Wouldn't surprise me if its a protection check, Lord Blitter knowing full well the game is likely to get trained.

[StingRay]

Quote:

Originally Posted by Galahad/FLT

Wouldn't surprise me if its a protection check, Lord Blitter knowing full well the game is likely to get trained.

That's might very well be possible even though I didn't find anything in the code which checks the area I'm modifying.
Anyway, I've made a new version of the slave and on my machine it works fine now, would be nice to know if it works on other machines too.

[Retro-Nerd]

Quote:

Originally Posted by StingRay

Anyway, I've made a new version of the slave and on my machine it works fine now, would be nice to know if it works on other machines too.

Not working properly here. There are no more garbled graphics, but the game still freezes when you die. Same "E" key toggle problem. Quitkey works.

edit: Uh? Just disabled the energy trainer from the beginning and the game freezes with garbled graphics again when the character dies. I don't used the E key.

[StingRay]

Quote:

Originally Posted by Retro-Nerd

edit: Uh? Just disabled the energy trainer from the beginning and the game freezes with garbled graphics again when the character dies. I don't used the E key.

So you didn't use the CUSTOM3 tooltype at all and it happened?

[Retro-Nerd]

That's true. I tried all your slaves, and they all doesn't work properly without the unlimited energy trainer. Strange.

[StingRay]

Something is rotten in the state of Denmark. I'll investigate. Thanks for testing!

[Retro-Nerd]

I hope it's not Dizzy. I'm a lame cheater. Could have noticed this issue a bit earlier, without your trainers.

Edit: Ok, i found it:

This freezing bug appears only if you use the unlimited lifes and unlimited energy trainer together. Without Custom2=1 the energy trainer works fine, even with the " E" key.

Edit2:

The unlimited lifes trainer causes this freeze bug. It doesn't work at all.

[StingRay]

Quote:

Originally Posted by Retro-Nerd

This freezing bug appears only if you use the unlimited lifes and unlimited energy trainer together. Without Custom2=1 the energy trainer works fine, even with the " E" key.

Thanks for this crucial hint, I fixed a very lame bug of mine I used a wrong offset for the unlimited lives trainer ($6364 vs $6346). Attached slave should hopefully work fine now!

[Retro-Nerd]

Mission accomplished. If you haven't changed anything else the slave should be bug-free now.