"Project 66" encryption thingy in Codemasters games

[MethodGit]

Does this pretty much ensure I'll never be able to just hardwire a copylock key in? That I'll have to replace the exe entirely first with, say, a ByteKiller'd reloc exe or something? What's usually the best/common way of dealing with it?

[Codetapper]

Not at all. Write a small program that LoadSeg's the main file, copy any required patch (for further into the game) to some spare memory like $c0, install your patches, run game. You shouldn't need to alter any original files, just like how WHDLoad works.

[marty]

Those Codemaster games are not encrypted, but Imploder data packed, usually the original header " IMP! " changed to " CHFI " or I think also " Vic2 " sometimes
Find the decruncher, and take over game, in end of decruncher. Then you can
inject what ever opcodes you like.
There is a crack in The Zone, to look at. Its hardwireing the key, a bit overkill for
(as i remember) a simpel copylock, from boot block. There are tnnes of ways to do it.
Its just a good advice with the decruncnher, as you will meet lots of files you can not
decrunch.

[MethodGit]

Thanks marty, but you're not thinking of the right titles I believe.

I know full well how to modify and crack the VC file/format used by some Codies titles, but I'm talking about some of the older games with their own exes (Fast Food, Little Puff, Kamikaze to name but a few) that compress/encrypt the data inside so you can't just easily XFDDecrunch anything inside it.

And CT, is that basically what the bootblock tutorials in Flashtro do? All that inserting-patch-code-into-common-addresses-on-the-bootblock-like-$C0-and-$100 stuff?

[marty]

Quote:

Originally Posted by MethodGit

Thanks marty, but you're not thinking of the right titles I believe.

I know full well how to modify and crack the VC file/format used by some Codies titles, but I'm talking about some of the older games with their own exes (Fast Food, Little Puff, Kamikaze to name but a few) that compress/encrypt the data inside so you can't just easily XFDDecrunch anything inside it.

And CT, is that basically what the bootblock tutorials in Flashtro do? All that inserting-patch-code-into-common-addresses-on-the-bootblock-like-$C0-and-$100 stuff?

No diffrence, its just the same. Its almost always the same.
I've uploaded Kamikaze, Little Puff & Fast Food to The Zone.
Thats just one way. Or you could use CT method.
You'll find yor way

[MethodGit]

Did you really just take the "VC bootblock" from another Codies game and inject it into the Kamikaze disk?

I guess this is just showing me another unique way of cracking a Proj66 title, unless there's a reason why a similar patch as seen in the other two games couldn't be implemented???

[Codetapper]

I haven't looked at the files uploaded but from what marty wrote, it doesn't sound like he has replaced the exe from one game with another - the bootblock crack probably does almost the same thing on each game but it's unwise to assume one game will load identically to any other game!

[marty]

Quote:

Originally Posted by MethodGit

Did you really just take the "VC bootblock" from another Codies game and inject it into the Kamikaze disk?

I guess this is just showing me another unique way of cracking a Proj66 title, unless there's a reason why a similar patch as seen in the other two games couldn't be implemented???

The procedure is is always the same, check if protection is crunched, if it is, take over game after decrunching and inject crack.
And no, its not the same boot blocks

[MethodGit]

I propose a challenge to any budding bootblock fixupper - produce a working patch for Steg the Slug!

Here's what you need to know - the loader program is very basic, literally the very first thing it does is initiate the copylock check. No JMPs beforehand to take advantage of. It also appears to be encrypted, but it's definitely not the same sort of encryption we saw prevalent in Fast Food, Little Puff and Kamikaze. I've looked at the game myself and can't think of a way to get round it via the bootblock, so I'm hoping some smart-arse out there can think of something better.

Game on!

[StingRay]

Had a quick look, a bootblock patch doesn't make sense for that game since it's started via normal startup-sequence. Instead, you'll have to decrypt the copylock to find out what it does and then "emulate" it. How you do that is up to you. You could f.e. write a loader which loads the "load" file using LoadSeg() and then patch it.

[marty]

Quote:

Originally Posted by MethodGit

I propose a challenge to any budding bootblock fixupper - produce a working patch for Steg the Slug!

Here's what you need to know - the loader program is very basic, literally the very first thing it does is initiate the copylock check. No JMPs beforehand to take advantage of. It also appears to be encrypted, but it's definitely not the same sort of encryption we saw prevalent in Fast Food, Little Puff and Kamikaze. I've looked at the game myself and can't think of a way to get round it via the bootblock, so I'm hoping some smart-arse out there can think of something better.

Game on!

Uploaded another way to do it, to the zone.

[Galahad/FLT]

Looks to be a File Imploder clone thats packed the files.

circumventing the Copylock is easy enough.

[marty]

The protected file is not packed

[StingRay]

Quote:

Originally Posted by marty

Uploaded another way to do it, to the zone.

I thought he was asking for a patch which didn't touch the original file? Also, mind telling how you did it?

[marty]

Quote:

Originally Posted by StingRay

I thought he was asking for a patch which didn't touch the original file? Also, mind telling how you did it?

As I wrote, "another way to it" in former post.
I used an AR3 cartridge.

[Galahad/FLT]

Quote:

Originally Posted by marty

The protected file is not packed

I didn't say it was, but the GAME.STG file *IS* packed,which is the main game file that is loaded once the Copylock check has been verified, which then decrypts the small loader located at address $70000

[StingRay]

Quote:

Originally Posted by Galahad/FLT

Looks to be a File Imploder clone thats packed the files.

It actually looks like a bytekiller clone to me.

Quote:

Originally Posted by marty

As I wrote, "another way to it" in former post.
I used an AR3 cartridge.

Well, and I'm interested in the "way you did it". Any more info than that?

[marty]

Quote:

Originally Posted by StingRay

It actually looks like a bytekiller clone to me.



Well, and I'm interested in the "way you did it". Any more info than that?

Of course, but first explain me 2 things;

1. Why did you write "way you did it" ?
2. How do YOU think I did it ?

[StingRay]

Answering a simple question with another question tells me all I need to know.

[marty]

Quote:

Originally Posted by StingRay

Answering a simple question with another question tells me all I need to know.

I'am happy to hear that, a bit dissapointed though.