Laziest crack you ever did that still worked?

[Hewitson]

Laziest crack... I recall one Amiga game that cracked itself if you installed it to HD.

Did a few MS-DOS/Windows cracks in the 90s. Many of which were simply changing a jnz to nop, or jz to jmp, etc.

I believe one application I cracked had a "Registered" setting in the .ini file. Simply changing this from false to true cracked it.

Wouldn't mind getting back into cracking as the Mac scene needs more crackers (or should I say K'ers).

[AmigaHope]

Quote:

Originally Posted by Hewitson

Laziest crack... I recall one Amiga game that cracked itself if you installed it to HD.

Did a few MS-DOS/Windows cracks in the 90s. Many of which were simply changing a jnz to nop, or jz to jmp, etc.

I believe one application I cracked had a "Registered" setting in the .ini file. Simply changing this from false to true cracked it.

Wouldn't mind getting back into cracking as the Mac scene needs more crackers (or should I say K'ers).

I kind of think that the cracking scene is more of a game preservation effort now than anything. Game sales make everything cheap now -- even AAA titles get affordable over time. I guess that's why the evil-minded AAA publishers are pushing online P2W transactions more now to milk customers for whatever they're worth.

GOG in particular is a great help -- they make cracking irrelevant by removing all protection whatsoever. I haven't pirated a game I haven't bought in many years. The only reason I ever get a pirated game now is just to strip out Denuvo crapware or something. It's important that people keep pirated games now though since you never know when they'll fall off of Steam for some reason or another. Even having a physical copy is no protection since online patches are par for the course.

I wish I could go back in time to when I was a kid and tell developers -- hey if you just make games cheap and easily accessible then people will stop pirating. I guess in the UK Mastertronic understood that.

But back to the topic at hand. Yeah I encountered a couple of HD install Amiga games where once they were installed there was no protection. I wish I remembered what they were. I guess they figured that if you had a hard drive you had enough money to buy the original.

OK here's my *LAMEST* story. Before I learned how to crack at all, I played a game once that checked protection on bootup but ran fine from copied disks once the disk protection check was passed. I beat the game by stealing the floppy from my local game shop, booted it, then swapped in the copied disk. Then I went back to the game shop and stuck the original floppy back in the box. I left my A500 on for 3 weeks solid while I played the game from the copied disk. Then the power went out, and I went back to the game shop, swiped the disk again, reloaded my saved game and then put the original back in the shop. Played the game another few weeks until I was done.

[jotd]

> I played a game once that checked protection on bootup but ran fine from copied disks once the disk protection check was passed

A lot of copylock games are like that. Bitmap brothers games for instance (Chaos Engine, Gods). So if you made an AR III freeze after the protection, you could play off copied disks too.

[XPD]

"Cracked" a door I wanted registered for my BBS.... it had an annoying pause of about 10s before it ran. Fired up a hex editor and dove in.... found the author had just used a "wait" command that the BBS system used, and took it out. No more delay

My other hack/crack was for the game Floor 13 - it was 2 discs, so slow to load.... I copied all the files to my HDD and again used a hex editor to look at the main program. Found it was referencing the disc name when it needed a swap - so copied that name, and setup two assigns in my user-startup to match, pointing to the game location on the HDD. Much faster loading and no more swaps

[gerbil]

Quote:

Originally Posted by Galahad/FLT

Not lame. If the end result is the user can successfully get past the protection entry with no issues other than typing the correct word, then you've done the crack.

I totally agree here, it's also less risky messing things up later when the program is being used.

Quote:

Originally Posted by Galahad/FLT

I also did Archipelagos where it printed onscreen at the protection what word to type in to proceed.

Archipelagos was the first ever crack that I did with my brand new at the time Action Replay 3! I got rid of the Novella by NOPing the BNE at the check, iirc, but no idea whether or not there where other checks in the game as I didn't really play it much, I wasn't too keen on that game.
I would loved to have had the skill at the time (and perhaps now as I'm a bit rusty and relearning using FS-UAE with AR3) to print the correct word on the screen! That's awesome!

[Galahad/FLT]

Quote:

Originally Posted by gerbil

I totally agree here, it's also less risky messing things up later when the program is being used.





Archipelagos was the first ever crack that I did with my brand new at the time Action Replay 3! I got rid of the Novella by NOPing the BNE at the check, iirc, but no idea whether or not there where other checks in the game as I didn't really play it much, I wasn't too keen on that game.
I would loved to have had the skill at the time (and perhaps now as I'm a bit rusty and relearning using FS-UAE with AR3) to print the correct word on the screen! That's awesome!

Every five levels it would load a custom level from the disk so you had to crack the MFM part as well.

[gerbil]

Ah! I'm not too sure if I did that or not, but we're talking about 30 years ago, so it looks like I'm going to have to revisit that one.
I'm currently stumped on an "interpreter" (scumm) protection that is doing my head in, so I'll revisit Archipelagos after I've done this one (all help will be gladly received and much appreciated). So that will probably in another 30 years or so!

[ImmortalA1000]

My illegal copy of an original disk of Battle Squadron (which I still use for the same reason as I did back in the 80s, don't wear out the original disk).

Can't remember the name of the program but it had hullabaloo copy mode IIRC.

[jotd]

Quote:

Originally Posted by gerbil

I'm currently stumped on an "interpreter" (scumm) protection that is doing my head in, so I'll revisit Archipelagos after I've done this one (all help will be gladly received and much appreciated). So that will probably in another 30 years or so!

Which game?

[gerbil]

Monkey Island 1.
I've got all the locations of the useful stuff, location of correct answer of the code wheel, location of inputted date, location of the CMPI instruction, but can't seem to transfer this knowledge to the data files.
So, I can "crack" the protection on the fly, but not as a persistent crack.
This was a game I couldn't crack back in the day, but trying again with emulation.

I'm loving it and hating it at the same time!

[jotd]

I attempted Monkey Island on PC a long time ago when a few NOPs cracked virtually anything and of course failed. There's a "replay" technique that I successfully used in several Lucas games: inject a successful memory layout at the proper time. 20 years ago I wrote about that technique: https://github.com/jotd666/amiga68kt...rds_on_VMs.txt

On that one, I just hacked the binary file where the pseudo code was without thinking too much (besides, the hack completely removes the protection screen!). In that regard, what works for PC works for Amiga as it's SCUMM.

To crack the game (and remove the protection screen) on that one, all you have to do is to use the kixx version where the codewheel screen is removed, and adapt to other versions.

[gerbil]

That's excellent! Many thanks for that.
Through all my investigation I did find a vulnerability, I think maybe within SCUMM that I was exploiting, that it completely ran past the protection screen and into the game. Trouble was that the music played in double speed so I dismissed that hack.
My personal aim is to crack this game, and learn how to get through SCUMM interpreters.

[jotd]

In that case, the best way is to get SCUMM disassembler from ScummVM package, and figure out what pseudocode to change.

There's no such thing at "cracking" ScummVM. What I did was to adapt the data I received at proper code locations provided that some data I was expecting was present (because the code is used for other things in the game).

I'm explaining that in the documentation. Cracking Zak also removed a puzzle. I had to make the crack smarter so it could tell if the protection was active, or just the puzzle.

[gerbil]

Exactly that! SCUMM is an interpreter and it's the "code" it reads that is to be 'cracked'.
Somebody made a brilliant analogy to describe this situation - "it's like trying to crack the bytecode of a java program by 'cracking' the java runtime program" - it's not the way to do things!
Thanks for the advice - I'll keep on digging and bear all this in mind.

[dlfrsilver]

Quote:

Originally Posted by gerbil

Exactly that! SCUMM is an interpreter and it's the "code" it reads that is to be 'cracked'.
Somebody made a brilliant analogy to describe this situation - "it's like trying to crack the bytecode of a java program by 'cracking' the java runtime program" - it's not the way to do things!
Thanks for the advice - I'll keep on digging and bear all this in mind.

Exactly what i did on Nippon Safes. The PDX crack was useless because it tried to crack from the program, instead of the data files.

What i did is that i removed the protection sections inside the data files, and hop, no more question in the manual ! And cherry on the cake, i have fixed all the text parsing errors in the french version of the game

[rothers]

The easiest way was probably to get in game and use the action replay feature to save ram to disk.

This worked on any game which loaded everything in to RAM. There were quite a few good games this 'hack' worked on.

Awful but great if it worked.

[jotd]

or, wait for kixx release

[gimbal]

Quote:

Originally Posted by jotd

I'm explaining that in the documentation. Cracking Zak also removed a puzzle. I had to make the crack smarter so it could tell if the protection was active, or just the puzzle.

Did they make it like that on purpose? If so that's genius, way more elusive than causing an object to disappear somewhere late game

[jotd]

no they didn't. They used the same SCUMM construct for protection & puzzle, and you have to filter puzzle out when cracking the game with my method.

[grond]

Dopus5 had this nag screen thing that let you wait for 50 seconds or so before starting if it wasn't registered. Now this was really lazy: I simply hexedited the code replacing the 50 with 0. I still had to click the requester each time I booted. I believe this somehow got too much work so that I "cracked" it more thoroughly.

Similarly for the HappyNewYear1996 virus. I just edited out its "dos.library" string manually.