Jump to content

Photo

Encryption script


8 replies to this topic

#1 sage OFFLINE  

sage

    Dragonstomper

  • 578 posts
  • Location:Germany

Posted Mon Dec 26, 2011 4:01 AM

As this is useless for most people, I decided to release it as kind of a X-mas decoration. Useless, but nice to look at.

This script creates a new encoded header including checksumming for a 256kb ROM.
Thus automating the process of encoding which is described elsewhere.
As are the sourcecodes for the programs.
The encodes stage 2 you can just copy of any of the newer commerical ROMs.
The stage 1 source you would have to decode and reassemble from any of the newer commerical ROMs.

#!/bin/bash
echo "Add a loader to a 256kb ROM (well 1024bytes/block)"
echo "Process $1, get dir entries"
buildchk $1 256
echo "now romdir.i and checkstring.src have been created"
echo "next assmble new stage1 using loader_stage1.asm"
lyxass -d -o "$1.stage1_plain" loader_stage1.asm
lynxenc "$1.stage1_plain" "$1.stage1_enc"
OUT="$1_mod.lyx"
echo "Copy Image file to new name... $OUT"
cp  "$1" $OUT
## Now write the stage 1 part (which depend on file dir)
SIZE1=154
dd if="$1.stage1_enc"  of="$OUT" bs=1 count=$SIZE1 conv=notrunc
## Now write the stage 2 part
SIZE2=256
dd if="loader.stage2_256k_enc"  of="$OUT" bs=1 count=$SIZE2 conv=notrunc seek=$SIZE1
OUT2="_$(basename "$OUT")"
echo "Now make a lnx... $OUT"
mv $OUT "$OUT2"
make_lnx "$OUT2" -b0 256k
echo "Finished"


#2 ThomH OFFLINE  

ThomH

    Star Raider

  • 69 posts

Posted Tue Dec 27, 2011 11:19 AM

Dumb question, probably, but supposing someone wanted to set themselves up with a BLL development environment based on this script...I'm assuming I'm wrong on at least the final two bullet points — would it be possible to expand on the tools this script calls?

#3 sage OFFLINE  

sage

    Dragonstomper

  • Topic Starter
  • 578 posts
  • Location:Germany

Posted Tue Dec 27, 2011 11:28 AM

1) BLL is not needed, just one assembler for the 6502 code, lyxass ist just what i am used to ... well eh and a dissassmbler to get the code of a module :)
2) yes
3) https://bitbucket.or...rc/58e88930582a
4) no idea where the source came from, it just popped up somewhere (how about google for buildchk epyx)?

Edited by sage, Tue Dec 27, 2011 11:31 AM.


#4 ThomH OFFLINE  

ThomH

    Star Raider

  • 69 posts

Posted Tue Dec 27, 2011 11:53 AM

I'm a huge fan of BLL and am actually quite happy you posted, since I spent quite a few hours the other day trying and failing to locate the source code — just following the link in your signature got me there instantly!

The final link I found is to an Amiga-related archive that Google pointed me to, but expands to a whole bunch of stuff including a buildchk.c that starts with:

/* *** buildchk.c ***********************************************************
*
* Build the Security code  --  Handy ROM security code builder
*
* Copyright (C) 1989, Epyx, Inc.
* All Rights Reserved
*
* CONFIDENTIAL and PROPRIETARY
*
* HISTORY	  NAME			 DESCRIPTION
* -----------  ---------------   --------------------------------------------
* 5 Apr 1990   Stephen Landrum  Created this file.
*
* *********************************************************************** */

Is that the one? If so then it's quite possibly now free and legal to distribute per Hasbro's release of Lynx development tools into the public domain?

#5 sage OFFLINE  

sage

    Dragonstomper

  • Topic Starter
  • 578 posts
  • Location:Germany

Posted Tue Dec 27, 2011 1:59 PM

looks so ;-)

#6 sage OFFLINE  

sage

    Dragonstomper

  • Topic Starter
  • 578 posts
  • Location:Germany

Posted Tue Dec 27, 2011 2:07 PM

Let me just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM.
If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM.

#7 LX.NET ONLINE  

LX.NET

    Dragonstomper

  • 513 posts
  • Location:The Netherlands

Posted Tue Dec 27, 2011 5:19 PM

I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight.
Just a few comments on the stuff mentioned:
buildchk is (originally) from the Lynx encryption zip-archive (http://cgexpo.com/encrypt/lynx.htm). I guess it was part of the Handy development kit. At least some of the things that the doit batch file uses (asm and asmstrip) are also included in the dev kit. The encryption archive contains all source code for the encryption of headers (the Epyx way). Wookie did a great set of wiki posts on that (http://www.classicga...Lynx_Encryption) earlier.

buildchk does the following:
  • a check on the first and second directory entries (whether they exist)
  • writes out a romdir.i include file with variables for the dir entries
  • computes a hash (I still have to look into the specifics of the algorithm)
  • writes hash value to checkstring.src
For completeness sake the whole process of encryption performed by "doit" is like this, supposing you start out with a bare ROM file that has the correct directory entries at top and two obligatory files for startup sprite (load screen) and first program to run.
  • Creates an include file romsize.i that has a variable for the current ROM's size
  • Runs buildchk (creates checkstring.src and romdir.i)
  • Compiles assembler code for boot.src (references all created files)
  • Cuts compiled boot loader in two frames and strip headers (asmstrip does this)
  • Premodifies (obfuscate by accumulation trick) the two frames
  • Encrypts individual blocks inside two frames
  • Postmodifies each frame (reversing bytes per block)
  • Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with
That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there.

I know this should have some picture, but hold on and I'll have them ready in notime.

#8 EricDeLee OFFLINE  

EricDeLee

    Quadrunner

  • 5,751 posts
  • Location:Michigan

Posted Tue Dec 27, 2011 8:35 PM

Let me just point out, that actually the only use for teh encrypted header is, that it contains a checksum for the whole ROM.
If you dont want the checksum, you can simple use the hacked loader, which can just be copied in front of the ROM.


Hacked loader? Where is that at?

#9 sage OFFLINE  

sage

    Dragonstomper

  • Topic Starter
  • 578 posts
  • Location:Germany

Posted Wed Dec 28, 2011 3:53 AM

I am currently working out the entire boot process of the Lynx and the decryption process in it. After that I will investigate and document the cartridge header types, encryption options. I'll post an annotated boot rom later tonight.


have you seen my post about the loader/header types?

Just a few comments on the stuff mentioned:
<<<stuff removed >>>
Creates final ROM image by appending first two encrypted loader frames and the original ROM image you started with


What do oyu thing the script is doing?

That's it. I do not know exactly how the BLL loader does things (as described by sage), but the Lynx boot rom always does a decrypt of the first two header frames and then runs the decrypted code (that gets stored at $0200). The code is a checksummed version of boot.src. You can read what it does there.


Nobody talks about the BLL gautlet loader here.

Hacked loader? Where is that at?


This is the loader which lynxdir uses.
Its an epyx loader where the checksumming is disabled and where the adress for the binary and title picture are read from the directory and NOT stored in the encryoted part. Just a few lines of fixes...




0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users