English Amiga Board


Go Back   English Amiga Board > Coders > Coders. General

 
 
Thread Tools
Old 02 December 2010, 12:06   #41
marty
Banned
 
Join Date: Aug 2008
Location: 1
Posts: 114
Quote:
Originally Posted by MethodGit View Post
Ah, maybe I'm supposed to decrypt/decode the copylock first after all. >.< Dang.
Its always important to check the whole copylock. The hardwire trick will not work on all copylocks. One example is Lethal Weapon, as it moves key to $100 in the disk-routines, and this part is skipped when hardwireing key.
ALLWAYS check whole copylock.
marty is offline  
AdSense AdSense  
Old 02 December 2010, 22:07   #42
Codetapper
2 contact me: email only!

Codetapper's Avatar
 
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,135
Lethal Weapon

Marty is so right!

Code:
Copylock Decrypter v0.01
(c) 2004 Codetapper of Action (codetapper@hotmail.com)

Copylock header found at $0
Copylock stack 1 found at $7a
Copylock stack 2 found at $3f0
Copylock key wiring position found at $40e
Copylock key wiring skip to position found at $458
Post copylock branch to address starts at $804
Copylock new magic number ($a573632c) compare at $47c

======[ Key calculation routine found at $4de: ]======
_4de   	move.w	#$b,d1
_4e2   	add.l	d6,d6
_4e4   	sub.l	(a0)+,d6
_4e6   	dbra	d1,_4e2
_4ea   	move.l	d6,($100).w	;Serial number stored at $100
_4ee   	addq.l	#4,sp
_4f0   	rts	

======[ Post copylock code starts at $804: ]======
_804   	lea	$78(sp),a6	;Set a6 to real copylock registers
_808   	move.l	d0,$1c(a6)	;Store serial number in real d7 register
_80c   	rol.l	#1,d0
_80e   	move.l	d0,(a6)+
_810   	move.l	d1,(a6)+
_812   	rol.l	#1,d0
_814   	move.l	d0,(a6)+
_816   	rol.l	#1,d0
_818   	move.l	d0,(a6)+
_81a   	rol.l	#1,d0
_81c   	rol.l	#1,d0
_81e   	move.l	d0,(a6)+
_820   	rol.l	#1,d0
_822   	move.l	d0,(a6)+
_824   	rol.l	#1,d0
_826   	move.l	d0,(a6)+
_828   	moveq	#$0,d0
_82a   	moveq	#$1,d0
_82c   	lea	_83e(pc),a6
_830   	move.l	-$4(a6),d6
_834   	add.l	$8,d6
_83a   	or.w	#$a71f,sr
_83e   	addi.l	#$44,($24).l
Copylock stack 2 ends at $83e
Codetapper is offline  
Old 03 December 2010, 15:47   #43
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Okay, I'll keep all this in mind.

Incidentally, do any of you lot happen to have the copylock key for Doodlebug on hand?
MethodGit is offline  
Old 03 December 2010, 16:50   #44
BippyM
Global Moderator

BippyM's Avatar
 
Join Date: Nov 2001
Location: Nottingham, UK
Age: 42
Posts: 8,621
MethodGit.. Surely the idea is for you to decrypt and find it???

Or am I missing something?
BippyM is offline  
Old 03 December 2010, 21:19   #45
Codetapper
2 contact me: email only!

Codetapper's Avatar
 
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,135
Thumbs down Doodlebug

I have to agree with Bippy here!

MethodGit: You claim to have cracked several titles, yet Doodlebug is one of the easiest to crack titles of them all! If you can't work out the key on this title (even without the original) there's something seriously wrong, as the key is even in the game (3 times) with a basic compare instruction!

This should make the job even more trivial:

Code:
Copylock Decrypter v0.01
(c) 2004 Codetapper of Action (codetapper@hotmail.com)

Copylock header found at $4
Copylock stack 1 found at $7e
Copylock stack 2 found at $3f4
Copylock key wiring position found at $412
Copylock key wiring skip to position found at $45c
Post copylock branch to address starts at $808
Copylock new magic number ($a573632c) compare at $480

======[ Key calculation routine found at $4e2: ]======
_4e2   	move.w	#$b,d1
_4e6   	add.l	d6,d6
_4e8   	sub.l	(a0)+,d6
_4ea   	dbra	d1,_4e6
_4ee   	move.l	d6,($100).w	;Serial number stored at $100
_4f2   	addq.l	#4,sp
_4f4   	rts	

======[ Post copylock code starts at $808: ]======
_808   	lea	$78(sp),a6	;Set a6 to real copylock registers
_80c   	move.l	d0,$1c(a6)	;Store serial number in real d7 register
_810   	rol.l	#1,d0
_812   	move.l	d0,(a6)+
_814   	move.l	d1,(a6)+
_816   	rol.l	#1,d0
_818   	move.l	d0,(a6)+
_81a   	rol.l	#1,d0
_81c   	move.l	d0,(a6)+
_81e   	rol.l	#1,d0
_820   	rol.l	#1,d0
_822   	move.l	d0,(a6)+
_824   	rol.l	#1,d0
_826   	move.l	d0,(a6)+
_828   	rol.l	#1,d0
_82a   	move.l	d0,(a6)+
_82c   	moveq	#$0,d0
_82e   	moveq	#$1,d0
_830   	lea	_842(pc),a6
_834   	move.l	-$4(a6),d6
_838   	add.l	$8,d6
_83e   	or.w	#$a71f,sr
_842   	addi.l	#$44,($24).l
Copylock stack 2 ends at $842
Codetapper is offline  
Old 04 December 2010, 12:20   #46
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Funnily enough, I thought I had found the key before (35B23068), but if according to your log it uses a different key altogether, then that shows me!
MethodGit is offline  
Old 04 December 2010, 13:27   #47
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Where on the WHDLoad site is CopylockDecrypter? I can't find it, and it's not in whdload.de/whdload either.
MethodGit is offline  
Old 04 December 2010, 15:35   #48
Arnie
R.I.P Smudge 18-08-16

Arnie's Avatar
 
Join Date: Aug 2005
Location: Leicester/UK
Age: 59
Posts: 3,861
Try http://whdloadrules.tripod.com/copylock_fmwce.html or http://zakalwe.fi/~shd/amiga-cracking/
Arnie is offline  
Old 04 December 2010, 16:34   #49
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
I don't think that's the same program, tbh. The program CT uses is called "Copylock Decrypter" and is credited solely to him.
MethodGit is offline  
Old 04 December 2010, 18:57   #50
Arnie
R.I.P Smudge 18-08-16

Arnie's Avatar
 
Join Date: Aug 2005
Location: Leicester/UK
Age: 59
Posts: 3,861
Quote:
Originally Posted by Codetapper View Post
MethodGit: I suggest you would learn a lot by using CopylockDecoder, put the original IPF in the drive and let it decode. Then you can disassemble the decoded file without needing the AR cart and you can study the code that the copylock runs.

Note that it only decodes instructions that it runs, so there will be large blank areas in the decoded file where the code doesn't run.

Read the docs that come with CopylockDecoder. Seriously. Do it! It should answer all your questions!

PS: CopylockDecoder is on the WHDLoad site if you can't find it.
Sorry, iI thought you were looking for CopylockDecoder.
Arnie is offline  
Old 04 December 2010, 20:03   #51
Codetapper
2 contact me: email only!

Codetapper's Avatar
 
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,135
I'm not sure I've ever released my decrypter, it's a C program that looks through a file for the telltale copylock chunks of code, does the decryption (eor.l the following instructions with the previous longword, and takes into account some extra modifications in a few games - eg. Krusty's Fun House) and prints out the relevant bits with automatic comments based on what part of the copylock it is in.

The tool isn't complete as I originally intended it to decrypt the copylock part and save that so you can look at it in a proper disassembler, but other things came up.

CopylockDecoder will show you exactly what instructions are executed in a copylock so you can use that or the AR 'robd' command.

The key for Doodlebug is indeed $35b23068.
Codetapper is offline  
Old 05 December 2010, 15:09   #52
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Quote:
Originally Posted by Codetapper View Post
I'm not sure I've ever released my decrypter, it's a C program that looks through a file for the telltale copylock chunks of code, does the decryption (eor.l the following instructions with the previous longword, and takes into account some extra modifications in a few games - eg. Krusty's Fun House) and prints out the relevant bits with automatic comments based on what part of the copylock it is in.

The tool isn't complete as I originally intended it to decrypt the copylock part and save that so you can look at it in a proper disassembler, but other things came up.

CopylockDecoder will show you exactly what instructions are executed in a copylock so you can use that or the AR 'robd' command.

The key for Doodlebug is indeed $35b23068.
I see, thanks for clearing that up.

And thank you for the Doodlebug listing above, and for confirming that I had the key in my possession all along.

Now looking at the "key wiring" and "skip to" positions, what are said positions relevant to? Is this after loading just the copylock chunk into the program like with those example copylocks you provided (run through CopylockDecoder etc)? It might help me work out what I must be doing wrong as said typical hardwire trick does not work straight away on it.
MethodGit is offline  
Old 05 December 2010, 21:11   #53
Codetapper
2 contact me: email only!

Codetapper's Avatar
 
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,135
The offsets are all relative to wherever the copylock was found in the file. If you just save a binary dump of memory from $0-$80000 then it'll be at that offset.

I have a collection of just the copylock starting with either the 2 moveq #0 instructions that are usually before the copylock, or starting with the normal copylock code. Attached is the Doodlebug copylock so you can compare and work out the position.

Note that Doodlebug again stores the key at $100 based on the key calculation routine running. If you wire the copylock and skip the disk check, that key won't be set, so you need to crack it properly.
Attached Files
File Type: zip doodlebug.zip (2.4 KB, 107 views)
Codetapper is offline  
Old 05 December 2010, 22:36   #54
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Quote:
Originally Posted by Codetapper View Post
The offsets are all relative to wherever the copylock was found in the file. If you just save a binary dump of memory from $0-$80000 then it'll be at that offset.

I have a collection of just the copylock starting with either the 2 moveq #0 instructions that are usually before the copylock, or starting with the normal copylock code. Attached is the Doodlebug copylock so you can compare and work out the position.

Note that Doodlebug again stores the key at $100 based on the key calculation routine running. If you wire the copylock and skip the disk check, that key won't be set, so you need to crack it properly.
Got it. Though as I said just earlier, marty said there was a similar $100 situation with Lethal Weapon but I just did my usual hardwire thing and it worked like a rocket.
MethodGit is offline  
Old 05 December 2010, 22:39   #55
marty
Banned
 
Join Date: Aug 2008
Location: 1
Posts: 114
Quote:
Originally Posted by MethodGit View Post
Got it. Though as I said just earlier, marty said there was a similar $100 situation with Lethal Weapon but I just did my usual hardwire thing and it worked like a rocket.
Yes, and now you got no key at $100.
Put it there as part of your crack patch
marty is offline  
Old 05 December 2010, 22:48   #56
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Actually, I didn't say anything earlier - I thought I had made a certain post earlier but it's still sitting in the edit window on one of my tabs! >.<

And marty, what are you suggesting? Does the game do a check much later on and act funny if it doesn't find that key in $100? Because what I was originally going to say much earlier was that I did my usual hardwire trick in the copylock (after extracting the RNC chunk containing it, unpacking, editing, repacking and then injecting into the ADF) and I didn't get any of that Illegal Copy bollocks. I tested as far as beating (the first half of?) Level 1.
MethodGit is offline  
Old 05 December 2010, 22:55   #57
Galahad/FLT
Going nowhere

Galahad/FLT's Avatar
 
Join Date: Oct 2001
Location: United Kingdom
Age: 44
Posts: 6,607
Quote:
Originally Posted by MethodGit View Post
Actually, I didn't say anything earlier - I thought I had made a certain post earlier but it's still sitting in the edit window on one of my tabs! >.<

And marty, what are you suggesting? Does the game do a check much later on and act funny if it doesn't find that key in $100? Because what I was originally going to say much earlier was that I did my usual hardwire trick in the copylock (after extracting the RNC chunk containing it, unpacking, editing, repacking and then injecting into the ADF) and I didn't get any of that Illegal Copy bollocks. I tested as far as beating (the first half of?) Level 1.
A few Copylocks had extra information put in them.

Its clear that someone realised exactly how the better crackers were defeating older Copylocks by hardwiring the key and bypassing the read routines, so no matter what, the Copylock would always give back 100% the correct information that the game was expecting.

So, some clever sods (someone at Ocean) asked Rob Northen to put some extra code into the Copylock, which, if the Copylock was cracked in the normal manner by hardwiring the key and bypassing the read routines, would mean the extra code would never get executed which was an extra layer of copy protection.

Gaston of Fairlight was caught out by Hook, as was every cracking group that cracked it for foreign versions.

I would suspect Hook was not exclusive in its use of extra code.
Galahad/FLT is offline  
Old 05 December 2010, 22:56   #58
marty
Banned
 
Join Date: Aug 2008
Location: 1
Posts: 114
Quote:
Originally Posted by MethodGit View Post
Actually, I didn't say anything earlier - I thought I had made a certain post earlier but it's still sitting in the edit window on one of my tabs! >.<

And marty, what are you suggesting? Does the game do a check much later on and act funny if it doesn't find that key in $100? Because what I was originally going to say much earlier was that I did my usual hardwire trick in the copylock (after extracting the RNC chunk containing it, unpacking, editing, repacking and then injecting into the ADF) and I didn't get any of that Illegal Copy bollocks. I tested as far as beating (the first half of?) Level 1.
I can't remember, but it really does not matter. This is a great advice, please read it and hopefully understand it;

WHATEVER REGISTERS AND / OR MEMORY ADDRESSES THE COPYLOCK
MODIFY, YOU EMULATE IT 100%. NEVER EVER SKIP ANYTHING!!
marty is offline  
Old 05 December 2010, 23:17   #59
MethodGit
Junior Member
MethodGit's Avatar
 
Join Date: Dec 2002
Location: The Streets
Age: 33
Posts: 2,723
Funnily enough, I had also been snooping at Hook's seven(!) copylocks lately, and didn't get far with them. Now you've helped save me the bother of messing with this game any further, Galahad!

Back to Lethal Weapon....... so, ummm, all I literally have to do is get the key number copied to address 100? Please tell me it's as simple as a couple of instructions in the copylock to get that sorted....
MethodGit is offline  
Old 05 December 2010, 23:21   #60
marty
Banned
 
Join Date: Aug 2008
Location: 1
Posts: 114
Quote:
Originally Posted by MethodGit View Post
Funnily enough, I had also been snooping at Hook's seven(!) copylocks lately, and didn't get far with them. Now you've helped save me the bother of messing with this game any further, Galahad!

Back to Lethal Weapon....... so, ummm, all I literally have to do is get the key number copied to address 100? Please tell me it's as simple as a couple of instructions in the copylock to get that sorted....
You could try with;

move.l #$daeb43cf,$100
marty is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
"The Amiga Works" by Allister Brimble - Kickstarter Project BuZz News 46 18 September 2014 12:30
HELP NEEDED! New "Amiga-daptor" project to support Analogue controllers! SunChild support.Hardware 10 03 November 2013 08:51
How "Brick Games" and "Game' n' Watches" works Leandro Jardim Retrogaming General Discussion 2 03 August 2013 18:48
"Reminder "Lincs Amiga User Group aka "LAG" Meet Sat 5th of January 2013" rockape News 4 30 January 2013 01:06
Scanned reviews of "Drop It" & "Project Ikarus" Tim Janssen HOL contributions 1 15 May 2003 10:55

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 08:21.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Page generated in 0.38928 seconds with 15 queries