Battle Chess - obscure on-disk protection?

[Amiga1992]

But at the same time, the people who allegedly dislike MethodGit's posts, SHOULD avoid his threads, nevertheles they post offensively. It has been said before, there's an IGNORE function built into this board, why can't people use it?

Personal attacks like the ones above should not be tolerated in this board.

[stevsurv]

Quote:

Originally Posted by Akira

But at the same time, the people who allegedly dislike MethodGit's posts, SHOULD avoid his threads, nevertheles they post offensively. It has been said before, there's an IGNORE function built into this board, why can't people use it?

Personal attacks like the ones above should not be tolerated in this board.

Agreed!

[MethodGit]

Quote:

Originally Posted by Ian

Its not snobbish i'm pretty sure when you started this venture of yours everyone was willing to help you but the lack of humility and big headedness from yourself has what has turned people against you. People in general like helpibg people who are grateful and take on advice and criticism in the manner it is intended (ie to make you think about what you are doing and maybe ways you can improve yourself)

I thought that's what happened though? I did learn stuff along the way and think of new methods and skills, particularly in more recent times (stuff that I just haven't mentioned on here to date). And if I've come across as big-headed before, it was certainly never intended. When I say "oh I know about that bit", it's purely to say I was aware of that one detail, but that it still didn't necessarily act as the key necessary to unlock the mystery behind the rest of it, if that makes any sense. And of course I don't expect to sit and watch as someone else solves the entire puzzle for me, but the odd hint or piece of advice to aid me along the way certainly doesn't hurt. Being flatly told "you know EXACTLY how to do this and that in full" when there's no evidence to actually confirm that obviously doesn't help one bit.

I'm honest when I say that whenever I have successfully cracked a game a new (and possibly shorter) way, the beam on my face becomes big enough to hurt my facial muscles. I'm bound not to have that sort of satisfaction if somebody else already did it and I'm just repeating the routine.

On one more note, being helpfully informed of an editing program you were unaware of before that does a lot of useful things and more in itself should disqualify this thread from being "pointless", no?

[TCD]

Have you ever noticed how many threads you open compared to how many 'cracks' you actually 'release'? Ian has a fair point that it feels like spoonfeeding you all the time. Also agree with Akira that open attacks should be avoided, but you seem to not even want to try at times and that's what makes people being slightly annoyed. Have a look at Sektor_83's post for example. In the past I already told you to create one thread for all your 'cracking woes' and I still believe that you spam this board with threads that a little bit of spending time with the subject could have easily avoided.

[Amiga1992]

I understand there's a problem, don't get me wrong.

MethodGit/Marz, you've been in the EAB for, what, 10 years? And in all these 10 years, you have always been the "victim" of similar situations. People have come and go, and new people get miffed at your threads and engage into verbal abuse and whatnot. One would think you could have learned how things are in all this time, because there's obviously something wrong with your attitude that flicks the wrong switches in people. It's been 10 years of people labeling you as a "spoon fed". First it was about game images, now it's about cracks. Don't you think you can improve?
I have never seen a crack by you, either, so I guess people are right in that there's been no output so nobody has seen how much you have actually learned. Also it's no use to come out smug when asking for help if you don't even release anything. What is your contribution to the Amiga scene after so much time learning? come on, do something about it.

Remember than 20 years ago, there was no Internet and people had to make do on their own to learn things like this. Use some of that method in your own learning process and the satisfaction will be ten times better. A solution to this problem you posted here was figured out by someone who doesn't even know about cracking games, showing you could do a much better job at pressing yourself into learning on your own.

[StingRay]

Quote:

Originally Posted by MethodGit

When I say "oh I know about that bit", it's purely to say I was aware of that one detail

And I really do not believe that you knew about this certain detail. Because otherwise you would not have tried writing to the game disk and wondered why the game suddenly didn't work anymore. As it should be quite obvious that this will destroy the data on the disk.
All this reminds me of a certain other thread where you claimed you found certain checksums but once asked how you did it you couldn't come up with an answer.

See Sektor83's posts in this thread here and you might notice a blatant difference to your posts. He admitted that he has not much knowledge about cracking but, contrary to you, he THOUGHT about the problem and came up with a solution. Which perfectly proves my point that this was not exactly hard stuff. You could have done the same with a bit of effort but no, again you came up with weird theories about checksums and corrupted stacks just to sound more knowledgeable than you really are.

You have opened the same threads for years now and had you really learnt something you would not have needed to open this very thread here.

[Galahad/FLT]

Quote:

Originally Posted by MethodGit

You know, I don't appreciate having threads where I had genuine problems understanding an error in a game be called "pointless".

I thought this community knew better than to be so snobbish.

The problem is Methodgit, is you have claimed to crack certain copy protections, but we've never seen the end result.

For instance, you claimed to have cracked Premier Manager 3 Deluxe all on your lonesome.

Yet the disk format for Battlechess is not that disimilar, PM3 Deluxe is a combined track loading game and has AmigaDOS files on it.

If you were so easily able to do that game, why is it you would struggle over Battlechess which is significantly easier?

The difference with Battlechess is that the disks bitmap has been set to show no room on the disk, and quite obviously there can be no way that the entire game is contained within the files that are visibly present on the disk.

So for you to not know that it was trackloading and AmigaDOS, frankly I find incredible, bearing in mind some of the copy protections you claim to have cracked in the past.

People would give you less of a hard time if you appeared more honest, which has been a running theme ever since your name change from Marzattacks all those years ago.

The fact that a guy (Sektor83) has zero experience, supposedly in comparison to you, just further cements my opinion that I find your bold claims of cracking to be less than honest.

[Sektor 83]

I was a little bored tonight and I thought that, since I'd managed to get the files off the disk, I thought I'd have a go and take a look at the in-game protection as well. I put the files I'd extracted with the hard drive installer (alongside the other non-hidden files from the disk) onto a new disk, loaded it up and entered a load of nonsense into the protection check. I thought if I could see what happens when the program fails, then I could trace back from that and see when it was being called etc.



I broke into the program at address $216EA, which is looping in on itself, obviously creating a 'hang' when the protection fails. Just before that is an instruction which branches to the address $216EE if the comparison done at $216E4 is equal. Obviously, if it's not equal, it just hangs in the aforementioned loop. I thought to myself "what happens if I make the instruction at $216E8 branch regardless?". So, I booted up the game again, and got to the protection screen, broke into the program at that point and did this...





I entered nonsense into the protection check again, and...





It seems to be working just fine, too! I checked using the replay to see if the addresses $216E8 and $216EA are called using any other instructions, but aside from the BNE shown in the first screenshot at $216E2, there isn't. If I learn how to amend the executable to contain these instructions, could I possibly consider this my very first ever crack!?!

[Amiga1992]

Dude, you rock.

[Codetapper]

Quote:

Originally Posted by Sektor 83

It seems to be working just fine, too! I checked using the replay to see if the addresses $216E8 and $216EA are called using any other instructions, but aside from the BNE shown in the first screenshot at $216E2, there isn't. If I learn how to amend the executable to contain these instructions, could I possibly consider this my very first ever crack!?!

Indeed you can!

If you look at the hex dump of the area you are changing prior to your changes, you'll see the hex bytes before and after your patch. Search for those same bytes in the EXE file and change them, and you should have a permanent crack.

In general, the only thing that can trip you is if any addresses were relocated upon loading (ie. they may have been jsr *+$12346 originally and when the game loaded, it changed that to jsr $216e8 or whatever). It pays to find unique instructions near the code that don't access memory, and always check that you are changing the right one in case there are loads of identical instructions in the code!

If MethodGit had simply said "I didn't realise writing a file back to disk didn't occupy the same sectors" you may not have ended up learning to crack this game

[Sektor 83]

Thanks Codetapper!

I did a hex dump of the original instructions at $216e8 and $216ea and it revealed the hex value of '67 04 60 FE 60 44 70', amended the instructions with my little bit of code, re-dumped the hex and it gave me '60 04 4E 71 60 44 70'. Looking at that, I know the '60 44 70' aren't necessary to amend, but I wrote them down anyway.

I loaded the executable into a hex editor (a quick search of the forums brought up 'FileX 2.4' as a recommendation, so I downloaded a copy of that), and did a search for the original values in the executable...



Not wanting to write over the wrong set of values, of course, I searched to see if the string had any repeat occurances, but thankfully it didn't, so I knew I was in the right place! I then amended those values to that of my amended code, like so...



...and then saved the executable.

I've got to say, I was nervous as hell when I booted the game back-up, absolutely fearing the worst, but I got to the protection check, entered nonsense, aaaaaand...



Punching the f***ing air isn't really the right phrase for it! Shit!!

A couple more adjustments (I still haven't copied the Interplay disk icon from the original disk onto my 'work' disk yet) and my god...

[Codetapper]

A cracker is born...

[Sektor 83]

I've just uploaded it into The Zone for everyone to check out... I hope it's alright!

[kipper2k]

Nice work,

BEQ and BRA are pretty well the staple codes for determinig protection checks, especially the manual word check routines, pretty well most of the earlier games used a non encrypted password check scheme. If you want a fun one to do try "The Stealth Affair". that one drove me almost crazy

[StingRay]

Quote:

Originally Posted by Sektor 83

could I possibly consider this my very first ever crack!?!

You can, top work! A really nice surprise to see this here, looks like MethodGit's thread made you become a cracker. Now you could have a look at DiskMonTools for him.

Quote:

Originally Posted by kipper2k

If you want a fun one to do try "The Stealth Affair". that one drove me almost crazy

That's not something I'd recommend for a beginner as interpreter protections are not that easy.

[Ian]

So I suppose you could use a hex editor on the disk and hack this without losing the original file structure?

[seuden]

Congratulations Sektor 83, good work!

[StingRay]

Quote:

Originally Posted by Ian

So I suppose you could use a hex editor on the disk and hack this without losing the original file structure?

Only if the hex editor allows block/sector/track-wise editing as otherwise you'll destroy the data. Sektor83 used the game's very own hd-installer to work around this problem, i.e. he has created a 100% DOS version of the game.

[deicidal]

Quote:

Originally Posted by Sektor 83

It seems to be working just fine, too! I checked using the replay to see if the addresses $216E8 and $216EA are called using any other instructions, but aside from the BNE shown in the first screenshot at $216E2, there isn't. If I learn how to amend the executable to contain these instructions, could I possibly consider this my very first ever crack!?!

Well done pat on the back and a high five

[redblade]

Just got to add your Cracktro to it.

Well done!!!!