Straight cracks from Farb's ATX-Torrent

[Mclaneinc]

Has anybody had trouble booting Lords Of Conquest using Altirra emulator? I have an .atx image with copy protection intact. I've also tried a couple of cracked images and they don't boot either.

It gets past the copy protection, then shows a text screen with info about the game. After a second or two, the background behind the text turns black...then it sits. I've tried pressing START, Enter, joystick buttons, etc. but nothing seems to help.

 

 

 

Just booted it fine, even worked as a Happy Drive and didn't need accurate sector timing enabled..Ah, just as I typed I saw the lock up and its when Accurate sector timing IS enabled it happens. I asked Phaeron about why this can happen and he replied

 

There are a couple of reasons this can happen, but all are rare occurrences. The first is if the game has copy protection in it that does sector read timing checks. These are sometimes left in because they happen to work with ATR files without accurate timing, but once sector skew or seek times are introduced, the timing check fails. The second is that the loader may have a bug in it that causes a load failure under certain timing conditions that the change in mode happens to trigger, such as overwriting an active display list and having DLIs fire at a bad time. I would only expect this to happen on disk loads that can't be accelerated through the SIO patch; it would be very odd for this to matter on parts of the load that used SIOV and would turbo load either way.

 

[ijor]

Has anybody had trouble booting Lords Of Conquest using Altirra emulator? I have an .atx image with copy protection intact. I've also tried a couple of cracked images and they don't boot either.

It gets past the copy protection, then shows a text screen with info about the game. After a second or two, the background behind the text turns black...then it sits. I've tried pressing START, Enter, joystick buttons, etc. but nothing seems to help.

 

I cannot reproduce it. It works fine for me. Can even start a game.

 

Please post all the details. Which ATX image exactly? Which Altirra version? Altirra configuration (including OS ROM, memory, XL or not, etc).

[FULS]

My third batch which brings the whole close to 350 titles.

• Original Epyx-releases of Ballblazer and Rescue on Fractalus with their load-screens
• Dropzone

• Catch-up with July-torrent from Farb (Adv. Intl., Broderbund, Datasoft, MicroProse, some more)

• New publishers:

  Artworx, Atari, Cosmi, Gebelli, SSI, Main Street Publishing (re-releases), Value-U-Line (re-releases)

• and the following educational publishers:

  Carousel, Davka, DLM, JMH, Learning Company, MECC, Milliken, Mindscape, Scarborough, Scholastic, Unicorn

Have fun

These are Great!!

Thank You!!

[Diaperboy]

To firestorm,

Let me look into this. I'm pretty sure I was able to find land and even interact with the natives (I think I murdered them all)

[+remowilliams]

I'm pretty sure I was able to find land and even interact with the natives (I think I murdered them all)

 

I just booted Seven Cities on my 800/Happy 1050 (unhappy mode), was able to sail right (well left ) to land and have unfortunate encounters with the natives in no time at all.

[Diaperboy]

to firestorm,

I just re-tested Seven Cities Of Gold and couldn't replicate the error. I just headed straight West (of left) and found land each time. I DID get slaughtered by the natives in MASTER difficulty and got a message that the expedition was Lost and never heard from again.

 

I've also "fixed" my issue with Lords Of Conquest not booting. I updated Altirra emulator to version 2.80 and also used a real Atari OS Rom (instead of the supplied OS Rom in Altirra). I think using the real OS Rom is what "fixed" the problem. Previously I was using Altirra 2.60 with supplied OS Rom.

[Diaperboy]

To DjayBee,

 

Your work is AMAZING! I hope some day to be able to say I've cracked as many titles as you.

 

Perhaps you have the same "bug" as me. For me, figuring out how these copy protections work and how to defeat them is like a puzzle or challenge. Some people like word searches, sudoku, crossword puzzles, etc...I like playing around with copy protections. I don't even really like some of the games I've cracked, but it's not about the game. To me the "crack" IS the game.

 

I've loved the Atari 8 bit since I was a kid. I did a few cracks back in the 80's but nothing like I can do now. Of course in the 80's I didn't have Altirra emulator with the ability to pause so I can examine memory locations, etc. I only DREAMED of that ability on the 80's on genuine hardware.

[firestorm]

The Seven Cities of Gold atr works fine, it was probably my error with map disk, sorry.

[Diaperboy]

I'm having fun continuing my work on the EA super-tracks copy protected titles.

 

Racing Destruction Set was interesting as it is the only EA title (so far...) to contain subtle copy protection. Subtle copy protection meaning it "lets you through", but alters aspects of the game itself (not in a good way). Because there is little free space on the disk (to hold re-mapped sector images) I tried a shortcut. Instead of re-directing every second read of each double sector to it's correct re-mapped image, I re-directed every second read of ALL double sectors to sector #1. This shortcut, surprisingly enough, boots the disk (strange? because that wouldn't work on other titles in the same series...)

 

It might boot the disk using this shortcut and you can also play the game. (I only tested in 1 player mode) The problem is that the shortcut DOES get noticed. This causes the computer opponent AI to be crippled. The computer CAN'T DRIVE WORTH SHIT and is unlikely to even make it to the first corner. This might sound like a good thing...but you can't move on from the race until your opponent also finishes.

 

I didn't test other parts of the game, but it's hard to say what else taking that shortcut might have effected.

 

Cracking this title in the same way as the others in this series (correctly re-mapping EVERY double sector) eliminated this "subtle" copy protection problem.

 

Finding the "free" sectors to use for re-mapping required it's own custom subroutine to "buy" those sectors. The problem is (on Racing Destruction Set anyways) just because a sector is empty does not mean that it's "free" (for me to use). Most of the empty sectors actually DO get read at some point during various load routines. I'm not sure if this is done to "guard" these empty sectors or just because the program uses those empty sectors as a "spacer" in memory.

[+DjayBee]

To DjayBee,

 

Your work is AMAZING! I hope some day to be able to say I've cracked as many titles as you.

 

Perhaps you have the same "bug" as me. For me, figuring out how these copy protections work and how to defeat them is like a puzzle or challenge. Some people like word searches, sudoku, crossword puzzles, etc...I like playing around with copy protections. I don't even really like some of the games I've cracked, but it's not about the game. To me the "crack" IS the game.

 

I've loved the Atari 8 bit since I was a kid. I did a few cracks back in the 80's but nothing like I can do now. Of course in the 80's I didn't have Altirra emulator with the ability to pause so I can examine memory locations, etc. I only DREAMED of that ability on the 80's on genuine hardware.

 

The pure number sounds bigger than the real effort was.

First the publishers are quite lazy and often reuse the same protection for several titles. Since most protections are much less complicated than EA's, there is a fair chance to find a byte-sequence to search for in a hex-editor and just replace it.

Second cracking with Altirra's debug features is a breeze compared to back then when you had to step through the whole loading sequence. Today I look at the disk trace for unusual entries (bad, duplicates, ...) and then set a sector break point with the interesting sector's number.

 

And yes, I also (still) have fun searching through the haystack of code for the single byte that I have to change which makes it work.

[Diaperboy]

Only 3 titles left to go in the EA super-tracks copy protected titles!

 

I've pretty much got my code (to crack EA super-tracks titles) down to a science. It rarely takes more than 2 hours from start to finish to crack this copy protection now. I actually spend more time re-mapping sectors (on the copy) than doing the actual crack.

 

When I finish all the EA titles, I'm planning on putting all the cracks on a disk patcher program. I'll likely start with Chipmunk (disk cracker / patcher program) and replace all the cracks with my own work. IIRC...I altered Chipmunk in the 80's...it was written in Basic and I think it used data statements to know which sectors to read (from chipmunk) and where to write them (to the copy).

[Diaperboy]

Is there such a thing as an .atx explorer tool?

 

I'm talking about a program (on a PC) that could read / scan an .atx disk image and give information about the image. Information such as track / sector alignment, double sector listings, locations of bad / crc error / missing sectors, locations of sectors with "weak" bits, etc...Really any and all info about an .atx image could be quite interesting.

[+DjayBee]

Is there such a thing as an .atx explorer tool?

 

Look here:

http://atariage.com/forums/topic/192052-atr-tools/page-5?hl=%20atrtools

 

It has most of what you asked for.

[Diaperboy]

Thanks DjayBee!

 

That ATRTOOL is pretty cool. I was looking at an image of Syncalc (1985 version)...oh boy. Alternate Reality the City was also very interesting to look at. I can understand why Alternate Reality is of one of the "holy grails" of copy protection. It would be interesting to make an attempt on that title...but I'm not sure my skills are up to the challenge.

[Diaperboy]

OOOH! I think I have found a better (or more accurately smaller) method for defeating the EA super-tracks copy protection. It's kind of a shame that I figured this out with only 1 title left to crack . My cracks of EA super-tracks copy protected titles required re-mapping ALL the double sectors to another location on the disk as well as re-mapping 3 of the boot sectors. This new method will not require re-mapping double sectors at all.

 

It was actually the last title in the series Age of Adventure - (Side B) - Return of Hercules that was giving me problems...and made me have to get more creative with this crack. There just is not enough free sectors on the disk to re-map 3 boot sectors and 17 double sectors. There might be some dummy data somewhere sectors of that disk, but it's hard to say FOR SURE if a sector gets used or not unless you complete the game.

 

I will post what work I have completed on the EA super-tracks protected titles shortly. These will be the versions with complete re-mapping of the double sectors. I will likely skip releasing Return of Hercules until I clean up the code and get everything figured out.

[Diaperboy]

Here is my (First) release of EA Super-Tracks copy protected titles. These games retain the original EA loading screen and perform all the same checks as an unaltered disk. This release uses re-mapped double sector images during the double sector checks. This is good because all data is preserved...however the problem of this method is the size. This crack requires 17 double sectors to be re-mapped as well as 3 boot sectors (20 free sectors total needed on each disk). A "patch" created for Chipmunk (or another patching program) would be HUGE (23 or more sectors for each patch). The other drawback to using this method is reduced loading time during double sector checks (because of jumping from track to track).

 

Each title has been tested using Altirra emulator and each title is able to reach game-play. Each title has an "easter egg" mode during boot to alter the look of the loading screen. Hold down START / SELECT / OPTION (or any combination of) during load, before the screen changes color to activate this feature. There are 7 variations, depending on which button or combination is held.

 

The titles included are:

 

Age of Adventure - Ali Baba and the Fourty Thieves

Archon II

Lords of Conquest

Mail Order Monsters

One-On-One

Racing Destruction Set

Realm of Impossibility

Seven Cities of Gold (Second edition - Grey disk)

Super Boulderdash

Touchdown football

 

I think these are all the titles in this copy protection series. The only exceptions being Movie Maker (I don't have a copy to work on ) and Age of Adventure - Return of Hercules (This title can't be cracked using the same method used on the other titles because there is not enough free sectors)

 

This release contains copy protected .atx versions and cracked .atr versions of each title. I did not include a cracked .atx version with random sector skew because sector skew alignment is not used by this copy protection. These titles SHOULD be able to be written to a floppy and booted on genuine Atari hardware.

 

I will likely make a SECOND release of these titles using a slightly different crack which does not require re-mapping of double sectors...I did a "proof of concept" crack using this method and it works...and also loads a bit faster because of not jumping to other tracks to read re-mapped sectors.

 

I hope everybody enjoys this release and I hope it works on genuine hardware (fingers crossed)

 

EA Super-Tracks copy protected titles.zip

 

[Diaperboy]

P.S. My notes on each title is also included. This has ALL the needed code and re-mapping charts to crack these titles for yourselves.

 

Hope everybody enjoys!

[a8isa1]

Here is my (First) release of EA Super-Tracks copy protected titles. These games retain the original EA loading screen and perform all the same checks as an unaltered disk. This release uses re-mapped double sector images during the double sector checks. This is good because all data is preserved...however the problem of this method is the size. This crack requires 17 double sectors to be re-mapped as well as 3 boot sectors (20 free sectors total needed on each disk). A "patch" created for Chipmunk (or another patching program) would be HUGE (23 or more sectors for each patch). The other drawback to using this method is reduced loading time during double sector checks (because of jumping from track to track).

 

...

 

I hope everybody enjoys this release and I hope it works on genuine hardware (fingers crossed)

 

EA Super-Tracks copy protected titles.zip

 

I tried all the single disk games in your collection on my SWP ATR8000 (only drives I have for the Atari). They all load and the games respond to controls.

 

I didn't get any play time in but I did set Touchdown Football in computer vs computer as a screensaver while I played around with other projects.

 

When I make more time (and find more diskettes) I'll build the 2-disk games.

 

I was glad to see your ATRs. IIRC, EA games never worked on the ATR8000, at least not for me. I don't know if this was due to the 300 RPM of the industry standard drives the ATR8000 uses vs the 288 RPM of Atari drives or some issue more complicated.

 

Thanks for all your efforts, Diaperboy. Thanks also to Farb, DJayBee and to all involved.

 

-SteveS

 

p.s. to DJayBee. I've made two attempts at converting Ballblazer from your ATXCracks03 set to real disks and in neither case do the disks load. The ATR works fine, loaded from SIO2BSD. With the disks I get "loader error" on a screen the resembles the visualizers of data decompressors. I don't know if it's the SWP ATR8000 that is having trouble or if I had data corruption during the conversion both times.

 

Later today I'll try copying the disks back to ATRs and see if they work.

Edited October 19, 2016 by a8isa1

[+DjayBee]

p.s. to DJayBee. I've made two attempts at converting Ballblazer from your ATXCracks03 set to real disks and in neither case do the disks load. The ATR works fine, loaded from SIO2BSD. With the disks I get "loader error" on a screen the resembles the visualizers of data decompressors. I don't know if it's the SWP ATR8000 that is having trouble or if I had data corruption during the conversion both times.

 

Try the attached images. I found a second different version of Ballblazer and could not apply the same cracking scheme. So I decided to redo the first one as well.

 

But it might also be because Ballblazer uses its own SIO-implementation which relies on exact disk drive status codes.

Ballblazer (1985)(Epyx)(US).atr

Ballblazer (1985)(Epyx)(US)a.atr

[a8isa1]

 

Try the attached images. I found a second different version of Ballblazer and could not apply the same cracking scheme. So I decided to redo the first one as well.

 

But it might also be because Ballblazer uses its own SIO-implementation which relies on exact disk drive status codes.

As it turns out I had sector errors on both disks.

 

All three images worked when I tried again.

 

That will teach me to use Write with Verify, especially seeing that the disks and drives are old now.

 

Sorry to trouble you, DjayBee.

 

-SteveS

Edited October 19, 2016 by a8isa1

[Mechanicjay]

Thanks DjayBee!

 

That ATRTOOL is pretty cool. I was looking at an image of Syncalc (1985 version)...oh boy. Alternate Reality the City was also very interesting to look at. I can understand why Alternate Reality is of one of the "holy grails" of copy protection. It would be interesting to make an attempt on that title...but I'm not sure my skills are up to the challenge.

 

 

I'm sure I'm not the only one who would be super interested in The City.

 

This is all amazing work, by the way.

[Diaperboy]

Glad to hear the EA Super-Tracks titles work on genuine hardware

 

I'm not sure if it would be a drive RPM issue that would make EA titles not load correctly using an ATR8000 (I've never actually seen an ATR8000 in person, I'll have to look that up on the net) Back in the 80's I had a RanaData 1000 drive which ran at 288 RPM. After that drive crapped out, I got an Atari XF551 drive which ran at 300 RPM. Both drives were able to boot the few Original (store bought) EA games that I had.

Lol! Hard to believe that I can remember the correct RPMs off the top of my head, as I have not even seen any Atari 8 bit hardware for at least 20 years. I used to lower the RPM on the RanaData drive to write bad sectors. This worked on very few games, but several games from Activision were able to be copied using this method.

[Shannon]

Atr8000 allows the use of stock 5 1/4" floppy drives on an Atari computer as well as high density modes and the 1.2 diskettes as well.

 

Chances are it is due to the drives having the timing hole available to them.

[Diaperboy]

Well...implementing my other crack method for the EA Super-Tracks copy protected titles has proved to be quite difficult. The code for the crack was not the most difficult part.

 

The most difficult part was finding a memory location for the extra subroutines to "live". I didn't realise how complete the unused memory wiping routines in EA copy protected titles was. My first idea was to alter the STA statement(s) which do the wiping...this does not work because the STA statements are a critical part of the routine and are used countless times for other purposes.

 

I think I have found a safe place for the data to "live". I only needed an additional 32 byte (continuous) memory block. These 32 bytes get copied to memory starting at location $03C0. This replaces the (incorrect) values written to this location when the incorrect sectors are read during the 2nd double sector check. The previous cracked titles I released wrote the correct values starting at memory location $03C0 because the correct (but re-mapped) sectors got read during the second double sector check.

[Diaperboy]

Here is my (Second) release of EA Super-Tracks copy protected titles. This will be my final release of these titles unless someone points out some flaws. These cracks work on the same principal by re-directing the sectors that get read during the double sector check. On the previous versions when the double sector was checked, the read was re-directed to another sector that contained the CORRECT sector image.

 

This version still re-directs the double sector reads, but it does not use re-mapped sector images. This crack takes advantage of the fact that this copy protection checks double sectors in 2 different ways. The 1ST part of the check consists of checking if the 2 reads of the double sector match. The data itself is not important. It ONLY checks for match or no match (it will not continue if it finds a match). The 2ND part of the check consists of taking 1 byte from each sector read and storing it in memory starting at location $03C0 (32 bytes total). After ALL the double sectors have been read the data starting at memory location $03C0 gets verified. Because the copy protection is NOT reading the correct sectors during the double sector checks the data starting at memory location will be incorrect. This crack "patches" the correct data into memory BEFORE it can be verified by the copy protection, thus defeating the 2ND part of the double sector check.

 

The advantage of using this method is a faster load time during the double sector checks. Another advantage of this method is a much smaller footprint. The previous versions relied on using empty sectors to store re-mapped double sector images. This version modifies 9-11 sectors (and does not need empty sectors) unlike the previous versions that modified 23-25 sectors in order to work correctly.

 

The titles included are:



Age of Adventure - Ali Baba and the Fourty Thieves

 

Age of Adventure - Return of Hercules

Archon II

Lords of Conquest

Mail Order Monsters

One-On-One

Racing Destruction Set

Realm of Impossibility

Seven Cities of Gold (Second edition - Grey disk)

Super Boulderdash

Touchdown football

 

This release includes:

 

 

Copy protected .atx versions

 

Cracked .atr versions

 

All my notes detailing each crack. There is ALL the info and code needed to crack these titles for yourselves. Hopefully SOMEBODY will find the notes interesting.

 

 

Enjoy!

EA Super-Tracks copy protected titles V2.zip