Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

Straight cracks from Farb's ATX-Torrent

DjayBee

By DjayBee
in Atari 8-Bit Computers

 Share

Recommended Posts

Diaperboy Star Raider

Diaperboy

Posted
Posted

Regarding the EA skew align (40 sector boot) copy protection. My crack patches sector #11,#18,#19,#40. I use sector #11 for my first "hook" to execute custom subroutines. I use sectors #18,#19,#40 to contain the extra subroutines. These subroutines temporarily exist in memory and must be used quickly before getting over-written. My first "hook" WILL get detected by a data check, so the first subroutine patches it back to the unaltered value before the data check. Because of the temporary nature of my "injected" subroutines, the third subroutine "writes" the fourth subroutine to memory starting at location $0100. This area seems to be safe from data checks and from being over-written. This fourth subroutine is the one used to redirect the second read of the double sector, thus tricking the protection into thinking it is a genuine disk.

The variations on this copy protection (2 so far) effect where my "injected" code ends up in memory and where the copy protection itself ends up in memory.

(type A) Archon and M.U.L.E. have the same memory layout and can use the IDENTICAL CRACK. You can't swap sectors between the two, but you can modify the same sectors in the same locations with the same code.

(type B) Pinball Construction . and Seven Cities Of Gold (first edition) also have the same memory layout. This memory layout is different than (type A), but uses the same code. The same "injected" subroutines are used, but they are modified to support the new memory layout.

  • Like 4
Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

Here is the Electronic Arts titles that I have modified so far.

Archon

(40 sector boot - skew align copy protection - type A)

 

M.U.L.E.

(40 sector boot - skew align copy protection - type A)

 

Pinball Construction Set

(40 sector boot - skew align copy protection - type B)

 

Seven Cities Of Gold (first edition - black disk)

(40 sector boot - skew align copy protection - type B)

 

Archon II

(36 sector boot - super tracks copy protection)

 

These titles are cracked but have the original EA loading screen INTACT. They all go through the entire copy protection routine, performing all checks just the same as an unmodified disk. The added subroutines mimic what the copy protection expects to see on an original disk.

These have ONLY been tested using Altirra 2.60 emulator. I would greatly appreciate if somebody could test these titles on genuine Atari hardware.

 

Thanks in advance!

Electronic Arts.rar

  • Like 8
Link to comment
Share on other sites
FULS Moonsweeper

FULS

Posted
Posted

Diaperboy,

These are amazing. Keep up the great work. Minimal change to the original is always the best.

Electronic Arts games were always my favorites.

I think these were the 19 titles for the Atari.

Were there more?

 

Age of Adventure Electronic Arts 1986

Archon Electronic Arts 1983

Archon II - Adept Electronic Arts 1984

Axis Assassin Electronic Arts 1983

D-Bug Electronic Arts 1983

Hard Hat Mack Electronic Arts 1983

Lords of Conquest Electronic Arts 1986

Mail Order Monsters Electronic Arts 1985

MULE Electronic Arts 1983

Murder on the Zinderneuf Electronic Arts 1983

One-on-One Electronic Arts 1983

Pinball Construction Set Electronic Arts 1983

Racing Destruction Set Electronic Arts 1985

Realm of Impossibility Electronic Arts 1984

Seven Cities of Gold (The) Electronic Arts 1984

Super Boulder Dash Electronic Arts 1986

Touchdown Football Electronic Arts 1986

Word Flyer Electronic Arts 1983

Worms? Electronic Arts 1983

 

Hope you can do some more of these before you lose interest.

Your time and research are invaluable!!

 

Thank you!

  • Like 2
Link to comment
Share on other sites
Tempest Quadrunner

Tempest

Posted
Posted

These titles are cracked but have the original EA loading screen INTACT. They all go through the entire copy protection routine, performing all checks just the same as an unmodified disk. The added subroutines mimic what the copy protection expects to see on an original disk.

These have ONLY been tested using Altirra 2.60 emulator. I would greatly appreciate if somebody could test these titles on genuine Atari hardware.

 

So does that mean they won't work with the Happy board?

Link to comment
Share on other sites
DjayBee Stargunner

+DjayBee

Posted
  • Author
Posted

I cracked some MicroProse games which seem(!) to be protected by a modified track alignment.

What stumped me is the fact that I cannot FAIL the protection in emulation. :mad:

 

The routine reads one sector from each of five consecutive tracks; once in ascending order and then in descending order. The time needed to do this may only vary by one jiffy.

Since standard emulation does not take time to wait for rotational delays, it will never fail. But after copying the whole disk image to an ATX which was created from a plain standard formatted disk (with no specific alignment) the games still load.

 

Could anyone write the attached dumps to a real floppy and try to load them?

My expectation is that the files ending in "orig" have to crash and the ones without "orig" will run.

 

Some info about the protection can also be found inside the attached archive.

MicroProseAlignment.zip

  • Like 2
Link to comment
Share on other sites
ijor River Patroller

ijor

Posted
Posted

Here is the Electronic Arts titles that I have modified so far.

Archon

(40 sector boot - skew align copy protection - type A)

...

Pinball Construction Set

(40 sector boot - skew align copy protection - type B)

 

Amazing work! Btw, there should be a third type of EA skew align code. It is earlier than those, incompatible with XL/XE. Should be in Worms?, IIRC, may be also in D-BUG.

 

From memory the originals would not work on a Lazer or Happy, had to be dropped in to UN-Happy mode..

Not exactly unhappy mode is needed. Slow mode is enough.

 

I cracked some MicroProse games which seem(!) to be protected by a modified track alignment.

What stumped me is the fact that I cannot FAIL the protection in emulation. :mad:

Yes, jaja. See my article at: http://vapi.fxatari.com/docs/Microprose-skew.html

 

Since standard emulation does not take time to wait for rotational delays, it will never fail. But after copying the whole disk image to an ATX which was created from a plain standard formatted disk (with no specific alignment) the games still load.

Reuse a real ATX image from some title you know it is not aligned. Altirra is probably creating an aligned image by default. And remember to turn off SIO patch and enable accurate disk timing.

 

I had a special debug switch in VAPI to randomize the skew align :)

 

  • Like 2
Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

To Ijor,

You are correct about there being a third type of memory layout in the EA skew align (40 sector boot) copy protection. So far I have

Type A:

Archon

M.U.L.E.

Music Construction Set

 

Type B:

Pinball Construction Set

Seven Cities Of Gold(first edition)

Axis Assassin

Financial Cookbook

Hard Hat Mack

Word Flyer

 

Type C:

Murder on the Zinderneuf

Worms

 

All of these titles are 130XE OS compatible. I have been unable to find an .atx copy protected copy of D-Bug.

Interestingly enough...an Altirra emulator Cheat Code can make an unaltered copy of an EA skew align protected title boot correctly. If you copy the .atx title with Disk Wizard II, the output will be an .atr image. This .atr image can't duplicate the copy protection and will not boot. Using a cheat code it Will boot.

Cheat codes:

Type A: Mem Loc $0A10 - Value $01

Type B: Mem Loc $B390 - Value $01

Type C: Mem Loc $7390 - Value $01

 

I'm not sure if I missed any titles with this copy protection scheme. I have found a bunch of titles with the super tracks (36 sector boot) copy protection but I have only worked on one of those (Archon II). I do know that there is more than one memory layout used. Lords of Conquest uses the same layout as Archon II, but the rest are different.

Pulling off a hack on the super tracks (36 sector boot) copy protection could be difficult on some titles. This hack requires remapping 20 sectors and they need to be in-a-row (At least a group of 3 and a group of 17). I'm not sure how "full" some titles are.

  • Like 1
Link to comment
Share on other sites
ijor River Patroller

ijor

Posted
Posted

Type C:

Murder on the Zinderneuf

Worms

 

All of these titles are 130XE OS compatible.

Ok, checked these two titles. There are two versions of each of them. One is XL/XE compatible, the other is not. So it should be a type "D", that actually is probably the earliest.

 

I'm not sure if I missed any titles with this copy protection scheme.

 

I assume you mean EA titles with skew align, correct? Off the top of my head ...

 

One on one

Realm of Impossibility

Cut & Paste

Movie Maker

 

Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

Thanks for all the encouragement! I'd like to thank the original poster for all his hard work as well.

Here are the rest of the EA titles (skew align copy protection - 40 sector boot) that I have. I don't have a copy protected image of D-Bug, so that will have to wait...for now

Type A:
Music Construction Set

Type B:
Axis Assassin
Financial Cookbook
Hard Hat Mack
Word Flyer

Type C:
Murder On The Zinderneuf
Worms?
Electronic Arts II.rar

  • Like 3
Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

All other EA titles that I have use the Super Tracks (36 sector boot) copy protection scheme. I'm gonna try to crack them all if possible. Finding some titles in the original unmodified form with copy protection intact could be tricky. This is what I was able to find:

Archon II (I cracked this one)
Age of Adventure
Lords of Conquest
Mail Order Monsters
One-On-One
Racing Destruction Set
Realm of Impossibility
Seven Cities of Gold (second edition - grey disk)
Super Boulder Dash
Touchdown Football

Any contributions would be appreciated. Which titles am I missing? Any ideas where I might find missing titles?

Link to comment
Share on other sites
eccofonic Star Raider

eccofonic

Posted
Posted (edited)

Thanks for all the encouragement! I'd like to thank the original poster for all his hard work as well.

Here are the rest of the EA titles (skew align copy protection - 40 sector boot) that I have. I don't have a copy protected image of D-Bug, so that will have to wait...for now

 

Type A:

Music Construction Set

 

Type B:

Axis Assassin

Financial Cookbook

Hard Hat Mack

Word Flyer

 

Type C:

Murder On The Zinderneuf

Worms?

attachicon.gifElectronic Arts II.rar

 

Just noticed that Music Construction Set in the rar file is still an atx file dated dec 2005... is this a mistake?

Edited by eccofonic
Link to comment
Share on other sites
remowilliams Quadrunner

+remowilliams

Posted
Posted

All of these titles are 130XE OS compatible. I have been unable to find an .atx copy protected copy of D-Bug.

 

I have an original D-Bug but wasn't able to VAPI image it, I do have a .pro of it though. I've also got a Seven Cities grey, Racing Destruction Set and Mail Order Monsters, all of which I believe I could not VAPI image either.

Link to comment
Share on other sites
ijor River Patroller

ijor

Posted
Posted

Hi Remo,

 

 

I have an original D-Bug but wasn't able to VAPI image it, I do have a .pro of it though. I've also got a Seven Cities grey, Racing Destruction Set and Mail Order Monsters, all of which I believe I could not VAPI image either.

 

I might try to improve the VAPI imaging tool for the Happy, if there is enough demand, but it is a bit of a PITA currently. Don't you happen to have low level imaging hardware? Kryoflux or SCP?

Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

Firestorm,

Bummer that it didn't work. I actually had my suspicions that they may not. Thanks so much for trying it on a floppy on a 1050 drive though. I think the issue is the same problem faced by Djaybee regarding being unable to make the skew align FAIL when running on an emulator.

Did you / could you test Archon II on a floppy? That title has a different copy protection than ALL the others I have posted. I actually think it has a better chance of working because it doesn't seem to use skew alignment (I might be wrong though)

Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

To Djaybee,

Did you ever figure something out regarding making skew alignment FAIL using an emulator (hopefully Altirra)?

 

According to firestorm my titles won't boot on a floppy and a suspect that it's the same issue you faced with Microprose titles (not being able to make the protection fail).

 

Did using an .atx (as suggested by ijor) work? If so what .atx did you use?

 

I wish there was a option on Altirra to mimic a random skew alignment

Link to comment
Share on other sites
firestorm Dragonstomper

firestorm

Posted
Posted

Firestorm,

Bummer that it didn't work. I actually had my suspicions that they may not. Thanks so much for trying it on a floppy on a 1050 drive though. I think the issue is the same problem faced by Djaybee regarding being unable to make the skew align FAIL when running on an emulator.

Did you / could you test Archon II on a floppy? That title has a different copy protection than ALL the others I have posted. I actually think it has a better chance of working because it doesn't seem to use skew alignment (I might be wrong though)

Archon II works :) just few extra pixels on loading screen .

 

To copy files from sio2sd to floppy I'm using copy program from Alternate Reality disk 2 side 2. Testing on Atari 800XL PAL and stock Atari 1050.

Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

To anybody who is interested. I have found a blank disk in .atx format that has a RANDOM SECTOR SKEW!

 

Running the Altirra emulator, I loaded Disk Wizard II. Using Disk Wizard II, I copied one (several) of my EA cracks and used this .atx image as a blank disk WITHOUT FORMATTING. *IMPORTANT* When saving the disk image after being written to, MAKE SURE you select "VAPI protected disk image (*.atx)", because Altirra defaults to "Atari disk image (*.atr.)

 

Using this blank seemed to "trip up" every one of my EA cracks. The ONLY exception to this was my crack of Archon II. As I suspected it doesn't seem to use skew alignment as part of it's copy protection.

 

Hopefully this image can be of use to somebody who is investigating sector skew alignment copy protection.

 

BLANK-random sector skew.rar

  • Like 2
Link to comment
Share on other sites
Diaperboy Star Raider

Diaperboy

Posted
Posted

Thanks for doing the test Firestorm! You rock! I'm actually thinking about revisiting my Archon II crack to patch out those pixels.

 

I've got some work ahead of me now that I can test sector skew alignment copy protection. I really don't think it will be too difficult to crack the sector skew part of the EA copy protection. I'll hopefully be posting more correctly cracked EA titles in the near future.

  • Like 3
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...