English Amiga Board


Go Back   English Amiga Board > Coders > Coders. Asm / Hardware

 
 
Thread Tools
Old 26 October 2019, 23:43   #1
Spec-Chum
Registered User

 
Join Date: Dec 2016
Location: England
Posts: 86
Game hacking - but using modern tools

Wasn't really sure where to put this, but it's more related to asm I think, so I'll put it here.

Back in the late 80s/early 90s I used to love hacking games on my humble ZX Spectrum, I wasn't very good as I didn't have the right tools, or knowledge, at the time but more recently, with the help of emulators I've got back into it and it's great challenging fun.

I do confess to cheating somewhat tho, as modern Speccy emulators do have very comprehensive debuggers, far exceeding the software, and even hardware ones of the time (multiface).

I'd like to try the same with the Amiga, again using modern tools to help - as I'm only doing this for fun.

I know there's Action Replay or HRTMon, which was what used back in the day, but as above I want to know if I can make life easier with more modern tools.

What modern tools or tips would help me with this, either PC or Amiga side? I know winuae has a debugger, and I've had a quick play today, but I'm not really sure how to best utilise this to achieve what I want with the custom loaders, protection systems etc? I appreciate it probably wasn't designed for this.

Last edited by Spec-Chum; 26 October 2019 at 23:50.
Spec-Chum is offline  
Old 27 October 2019, 02:53   #2
Spec-Chum
Registered User

 
Join Date: Dec 2016
Location: England
Posts: 86
Scrap that, did more reading.

If I can't do it with either an AR and/or the winuae debugger then, well, I shouldn't be trying this lol

Any suggestions for "easier" games, with easier copy protections, to try?

Last edited by Spec-Chum; 27 October 2019 at 02:00.
Spec-Chum is offline  
Old 27 October 2019, 10:42   #3
mcgeezer
Registered User

 
Join Date: Oct 2017
Location: Sunderland, England
Posts: 1,508
Quote:
Originally Posted by Spec-Chum View Post
Scrap that, did more reading.

If I can't do it with either an AR and/or the winuae debugger then, well, I shouldn't be trying this lol

Any suggestions for "easier" games, with easier copy protections, to try?
Have you checked out flastro?
mcgeezer is offline  
Old 27 October 2019, 10:44   #4
Antiriad_UK
Registered User

 
Join Date: Mar 2019
Location: Birmingham, UK
Posts: 142
Quote:
Originally Posted by Spec-Chum View Post
Scrap that, did more reading.

If I can't do it with either an AR and/or the winuae debugger then, well, I shouldn't be trying this lol

Any suggestions for "easier" games, with easier copy protections, to try?
Yeah I don't know how they do it. I can't even understand my own assembler code if the comments were removed lol
Antiriad_UK is offline  
Old 27 October 2019, 10:46   #5
jotd
This cat is no more
jotd's Avatar
 
Join Date: Dec 2004
Location: FRANCE
Age: 48
Posts: 3,300
On windows:

- WinUAE debugger is the best, with read/write breakpoints and all. Beats HRTMon (except for the UI: hrtmon has mouse)
- IRA has a windows version. Disassembles executables & memory blocks. If symbols were kept, it injects them in the source. And the resulting code can be reassembled with phxass, vasm, whatever! A must have. I remember cracking/modifying BattleChess with that: disassemble/change stuff/reassemble: works.
- I've written a wrapper to reinject OS calls into IRA (python). Works wonders with OS-compliant games.
jotd is online now  
Old 27 October 2019, 11:16   #6
ross
Per aspera ad astra

ross's Avatar
 
Join Date: Mar 2017
Location: Crossing the Rubicon
Age: 49
Posts: 2,230
Quote:
Originally Posted by Antiriad_UK View Post
Yeah I don't know how they do it.
Crack is often the easiest part..
The difficulty begins when you have to render everything for a proper ADF release.

Quote:
I can't even understand my own assembler code if the comments were removed lol
Even worse when I don't even understand my own commented parts

..and when I look for code that I'm sure I've written and end up rewriting it..
ross is offline  
Old 27 October 2019, 13:14   #7
WayneK
Registered User
 
Join Date: May 2004
Location: Somewhere secret
Age: 45
Posts: 294
Quote:
Originally Posted by Spec-Chum View Post
Scrap that, did more reading.

If I can't do it with either an AR and/or the winuae debugger then, well, I shouldn't be trying this lol

Any suggestions for "easier" games, with easier copy protections, to try?

Earlier Gremlin Graphics games basically boil down to a simple "check track, BEQ good BNE notgood", copy a few old games to ADF (XCopy in UAE, .IPF to .ADF) and find games which seem to copy successfully except for 1 bad track - a bad track 0 is more than likely a CopyLock which I would avoid at first, a bad track 79 could be the Gremlin loader or similar ("Outrun Europa" from US Gold is a simple track 79 check, don't cheat and read the Flashtro tutorial!).


If you've worked with protected Speccy loaders like Alcatraz + Speedlock, you'll find the Amiga stuff much easier once you get familiar with the system/cpu


Good luck!
WayneK is offline  
Old 27 October 2019, 14:00   #8
Spec-Chum
Registered User

 
Join Date: Dec 2016
Location: England
Posts: 86
Quote:
Originally Posted by mcgeezer View Post
Have you checked out flastro?
Yeah, I found that after posting this.

They're not very "tutorial" if I'm honest - some seemed OK tho, mainly the codetapper ones.

Often they were just like "So, as you can see the boot loader shows..." OK, how do I load the bootloader? Although, that is probably something I should, and need to know, before I start this adventure.

Quote:
Originally Posted by Antiriad_UK View Post
Yeah I don't know how they do it. I can't even understand my own assembler code if the comments were removed lol
Hehe, I'm fine with that bit, I know Z80, 6502, 65816, 68k, x86 and x64 asm.

Quote:
Originally Posted by jotd View Post
On windows:

- WinUAE debugger is the best, with read/write breakpoints and all. Beats HRTMon (except for the UI: hrtmon has mouse)
- IRA has a windows version. Disassembles executables & memory blocks. If symbols were kept, it injects them in the source. And the resulting code can be reassembled with phxass, vasm, whatever! A must have. I remember cracking/modifying BattleChess with that: disassemble/change stuff/reassemble: works.
- I've written a wrapper to reinject OS calls into IRA (python). Works wonders with OS-compliant games.
I was thinking more along the lines of how to load the boot loader? I'm guessing native tools best for this?

I've not seen IRA for many years, I'll check it out again.

I do know cutter (GUI for radare2) does 68k, but it has no idea about the Amiga - I do have contact with the cutter devs tho, so I might ask about this.

Promising tho, once you start adding comments and setting the data:



Quote:
Originally Posted by ross View Post
Crack is often the easiest part..
Even worse when I don't even understand my own commented parts

..and when I look for code that I'm sure I've written and end up rewriting it..
Haha, been there, done that!

Quote:
Originally Posted by WayneK View Post
Earlier Gremlin Graphics games basically boil down to a simple "check track, BEQ good BNE notgood", copy a few old games to ADF (XCopy in UAE, .IPF to .ADF) and find games which seem to copy successfully except for 1 bad track - a bad track 0 is more than likely a CopyLock which I would avoid at first, a bad track 79 could be the Gremlin loader or similar ("Outrun Europa" from US Gold is a simple track 79 check, don't cheat and read the Flashtro tutorial!).


If you've worked with protected Speccy loaders like Alcatraz + Speedlock, you'll find the Amiga stuff much easier once you get familiar with the system/cpu


Good luck!
Nice, I'll take a look at some gremlin ones, thanks.

I did do speedlock yeah, on looking last night the Amiga ones do seem much simpler by comparison.

Plus, using modern speccy emulators really help with R reg decryptors, it really was just a case of breakpointing right after it ran and plugging the numbers into the hack.

For example, here's my hack for Daley Thompson's Decathlon:
Code:
	org $ff78

	; CLEAR 65490
	
	; second BASIC block
bblk2:
	ld ix, $5ccb
	ld de, 827
	ld a, 255
	scf
	call $0556
	jr nc, bblk2
	
	; decryptor
	di
	ld hl, $5e28
	ld de, $fde8
	ld bc, $01aa
	ld a, $61
	call $5ff3
	
	ld a, $c3
	ld ($ff7d), a
	ld hl, pokes
	ld ($ff7e), hl
		
	jp $ff5e
	
pokes:
	xor a
	ld (24000), a
	ei
	jp $5b00
The values for the registers on the "; decryptor" section would have been a pain, even with a multiface, but using an emulator makes it far easier.
Attached Thumbnails
Click image for larger version

Name:	Cutterresize.png
Views:	243
Size:	150.3 KB
ID:	64945  

Last edited by Spec-Chum; 27 October 2019 at 15:21. Reason: Image was comically large!
Spec-Chum is offline  
Old 27 October 2019, 21:25   #9
Spec-Chum
Registered User

 
Join Date: Dec 2016
Location: England
Posts: 86
Spoke to Cutter devs and they gave me these links for adding Amiga Hunk to Cutter:
https://radare.gitbooks.io/radare2book/plugins/dev-bin.htm
https://github.com/radareorg/radare2...ter/libr/bin/p

Not really looked too deeply into the Hunk format yet, so will be a while before I even attempt this, but thought it might be useful to others.
Spec-Chum is offline  
Old 31 October 2019, 10:55   #10
Spec-Chum
Registered User

 
Join Date: Dec 2016
Location: England
Posts: 86
I've just discovered amitools:
https://github.com/cnvogelg/amitools...ster/README.md

Disassemble the bootloader in seconds with 1 command.

Now we're taking!
Spec-Chum is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking for some basic IP tools en SDK tools Roland007 support.WinUAE 0 28 November 2012 23:34
SWAP; Massive Amiga game collection and many programms / tools / software UrokoSakanabito Swapshop 11 19 September 2012 00:07
Hacking Game Music Solid Snake support.Games 1 15 April 2012 22:06
Game authoring tools and demo making Leandro Jardim request.Apps 7 09 November 2010 19:06
Amiga Game Tools-Shape Grabber Joe Maroni request.Apps 0 22 October 2008 21:54

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 00:16.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Page generated in 0.07673 seconds with 16 queries