Finding strings in California Games. Does Surfing go beyond Quintiple?

[BadPricey]

During the high score competition I played this game to death and not once did I think I could achieve greater than a quadruple 360 without falling off. That doesn't necessarily mean a quintuple 360 can't be done though. If I get time I will have a go at it, but capturing it with photographic/video evidence might not be possible. 

 

[SavagePencil]

I don’t have my Lynx in front of me, but I believe it goes 360 -> Double 360 -> Triple 360 -> Quadruple 360 -> Unreal 360.  Can anyone confirm?

[SavagePencil]

2:39 in this YT vid shows an Unreal 360:

 

 

[Nop90]

Since in Italy we all have to stay closed at home, I'm really bored, so made some cripto analysis to search the strings in the code.

 

Used the simplest method to search text patterns, i.e. searched for values that matches the difference in letters position in the alphabet (haveing letters in order is a good way to organize an array of sprites in a font).

 

To search a patterrn I needed word that I know should be present: "double". Decided to search only the first 3 letters "dou"

 

With a perl script searched three value where second - first == 11 (o - d) and third - second == 6 (u - o).

 

Found 4 matches and the one at 0x11BF6 is the good one.

 

The strings are null terminated, so easy to identify.

 

I found in the code:

 

0F 1A 20 0D 17 10 00 double    
1F 1D 14 1B 17 10 00 triple    
1C 20 0C 0F 1D 20 1B 17 10 00 quadruple
20 19 1D 10 0C 17 26 26 26 00 unreal

 

unreal has three trailing 0x26 values, that I suppose are blank spaces, maybe it was "quintuple" originally, than was changed in "unreal" during beta testing modifying the rom (???) instead of rebuilding everything (to not encode again the rom???).

 

With a little more analysis you can find other strings there, letters a-z are in the range 0x0c - 0x025, 0x26 should be the space, numbers are befor the 'a' and the font should have some signs at beginning.

 

That's all folk.

 

 

 

 

[SavagePencil]

This is awesome!  No strings after unreal?

 

and are the other games encoded with the same offset?  For example, does BMX’s “As good as James” use the same ASCII offset?

[42bs]

36 minutes ago, SavagePencil said:

This is awesome!  No strings after unreal?

 

and are the other games encoded with the same offset?  For example, does BMX’s “As good as James” use the same ASCII offset?

If I remember correctly the Atari assembler (like lyxass) allows to set the offset according the font used.

 

[SavagePencil]

Yeah, it’s common for games to do that.  I was more curious how consistent it was within California Games itself.  Each game was written by a different programmer; I was curious how much (if anything) was shared between them.

[Nop90]

1 hour ago, SavagePencil said:

No strings after unreal?

All the strings I can find at that memory location are:

 

0F 20 20 20 0F 10 26 00 duuude
22 14 1B 10 01 1A 20 1F 00 wipe out
12 10 1F 01 1D 10 0C 0F 24 00 get ready
0C 1D 10 01 22 10 00 are we
13 01 0C 01 21 01 14 01 19 01 12 00 h a v i n g
11 20 19 01 24 10 1F 01 30 00fun yet
0F 1A 20 0D 17 10 double        
1F 1D 14 1B 17 10 triple        
1C 20 0C 0F 1D 20 1B 17 10 00 quadruple    
20 19 1D 10 0C 17 26 26 26 unreal    
1F 14 18 10 28 1E 01 20 1B 26 00 time's up

 

1 hour ago, SavagePencil said:

and are the other games encoded with the same offset?

i's possibe, coders often reuse their code structure.

 

Knowing what to search it's easy to find at a glance with an exeditor other parts in the code that could be strings usig the same encoding.

 

Made a fast try and found at 0x3DF6:

 

1B 10 1F 10 01 22 14 10 1D 25 0D 14 0E 16 14 pete wierzbicki

 

That is the name of the coder.

 

I leave to other people further researches.

Edited March 15, 2020 by Nop90

[Nop90]

double post

Edited March 15, 2020 by Nop90

[Nop90]

Waiting for my pizza to be delivered at home decode some other strings.

 

at 0x3D1B there are the strings for the comlynx connection:

 

1B 1D 10 1E 1E 01 0D 20 1F 1F 1A 19 01 0C 01 1F 1A 01 00 press button a to
1E 1F 0C 1D 1F 01 23 01 1B 17 0C 24 10 1D 01 12 0C 18 10 00 start x player game
23 01 1B 17 0C 24 10 1D 1E 01 0E 1A 19 19 10 0E 1F 10 0F 00 x players connected
01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00

 

the x is replaced at run tim with the number of lynx connected, and there is a blanked line, someone should put there a custom message and test if it is showed when conlynx game is actived.

 

At 0x3DDA there are the credits showed in the title screen under the rotating plate:

 

11 1A 1A 1F 0D 0C 12 00 0D footbag        
24 00 by        
01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00                        
1B 10 1F 10 01 22 14 10 1D 25 0D 14 0E 16 14 00 pete wierzbicki    
13 0C 17 11 1B 14 1B 10 00 halfpipe            
1E 1F 10 1B 13 10 19 01 15 20 19 12 10 17 1E 00 00 stephen jungels    
0D 01 18 01 23 00 b m x                
15 0C 18 10 1E 01 0F 1A 19 0C 17 0F 00 james donald        
1E 20 1D 11 14 19 12 00 surfing        
17 0C 1D 1D 24 01 0C 0D 10 17 00 larry abel        
0C 1D 1F 01 0D 24 00 art by        
18 0C 1F 1F 01 0E 1D 24 1E 0F 0C 17 10 00 matt crysdale        
1E 20 25 14 10 01 12 1D 10 10 19 10 00 suzie greene        
15 10 19 19 24 01 18 0C 1D 1F 14 19 00 jenny martin        
0C 1D 1F 01 0D 24 00 art by        
0C 1D 1F 01 16 1A 0E 13 00 art koch        
1B 0C 20 17 01 21 10 1D 19 1A 19 00 paul vernon        
1E 13 10 1D 24 17 01 16 19 1A 22 17 10 1E 00 sheryl knowles    
18 20 1E 14 0E 01 0D 24 00 music by        
0D 1A 0D 01 21 14 10 14 1D 0C 00 bob vieira        
17 23 01 1D 20 0F 14 1E 00 lx rudis        
0E 0C 18 10 01 14 19 00 came in        
1D 10 0C 17 01 13 0C 19 0F 24 00 real handy        
1D 15 01 18 14 0E 0C 17 00 rj mical        
0F 0C 21 10 01 19 10 10 0F 17 10 00 dave needle   

 

If someone wants to customize the rom with a message instead of the credits, now he knows where to edit the rom ?

 

But the interesting thing is that there is a blanked credit after the Footbag string.

 

Putting a text in that place, it is showed (twice) under the rotating plate with a gray font. Probably a watermark for the beta test rom.

 

Look here:

 

 

[42bs]

I guess after the Corona crisis there are a more Lynx games and a lot of findings like these ?
Too all of you: Stay healthy and protect yourself and your beloved.

[SavagePencil]

BMX strings?

[power]

i seem to remember doing more than 5 and it still only saying Unreal.

[Nop90]

10 hours ago, SavagePencil said:

BMX strings?

 can't find bmx strings. Searched for "AS GOOS AS JAMES" that I saw in a YT video at the end of a BMX run, but nothing.

 

The only other strings I could find are the highscores labels at 0x61D6

 

13 14 12 13 01 1E 0E 1A 1D 10 1E 00 high scores
0D 18 23 01 01 01 01 1E 20 1D 11 14 19 12 00 bmx    surfing
13 0C 17 11 1B 14 1B 10 01 01 11 1A 1A 1F 0D 0C 12 00 halfpipe  footbag

 

Other texts could be stored as images or could have a different encoding.

 

[Zendocon]

19 hours ago, Nop90 said:

20 19 1D 10 0C 17 26 26 26 00 unreal

 

unreal has three trailing 0x26 values, that I suppose are blank spaces, maybe it was "quintuple" originally, than was changed in "unreal" during beta testing modifying the rom (???) instead of rebuilding everything (to not encode again the rom???).

Interesting.  I seem to remember the quintuple 360 being "s u p e r" which would have been 9 characters.  We have the original cart shape which is flat with the Atari logo embossed.  Maybe it changed after the first production run?  I also have a cart shape which is also flat but has a little ridge at the end.  Are there multiple ROM dumps from the original carts?

[Nop90]

Just a little correction: 0x26 value is a "!" char, not a space. So my idea of a modifed rom is wrong. If it had differents strings in a previous version, try to find the other rom and I'll check the differences.

[SavagePencil]

1 hour ago, Zendocon said:

Interesting.  I seem to remember the quintuple 360 being "s u p e r" which would have been 9 characters.  We have the original cart shape which is flat with the Atari logo embossed.  Maybe it changed after the first production run?  I also have a cart shape which is also flat but has a little ridge at the end.  Are there multiple ROM dumps from the original carts?

I dumped curve lipped and ridged variants, both with the same MD5 checksums.  I don’t think I have the fully flat cartridge of the game to dump.

Edited March 16, 2020 by SavagePencil

[+karri]

Now I got too interested in dumping this.

 

The memory allocation is really weird:

 

BOOTLDR               000000  0001FF  000200  00001
DIRECTORY             000000  000037  000038  00001
EXEHDR                000000  00003F  000040  00001
FILLER_RODATA         000000  000FC4  000FC5  00001
FILE002_RODATA        004CDD  006F96  0022BA  00001
FILE003_RODATA        006F97  00A0EC  003156  00001
FILE004_RODATA        006F97  00C036  0050A0  00001
FILE005_RODATA        006F97  00D674  0066DE  00001
FILE006_RODATA        006F97  00D6B3  00671D  00001
FILE007_RODATA        006F97  00DF24  006F8E  00001
FILE001_RODATA        00E400  00EFC9  000BCA  00001

Obviously the screen buffers are at the start of the memory space up to 4CDC.

The main code starts at E400.

My guess is that the different sports are at 6F97..DF24.

There seems to be plenty of unused space in RAM at DF25..E3FF

 

So far I have only checked the init routines.

There was no graphics in that segment.

 

init.s

[ChildOfCv]

The PC version has the strings as ASCII (at least it does in the BMX section).  It may be worth looking at the abandonware sites and trawling through that.

 

I remember hacking some of the superlatives to say different silly things such as "Holy awesome!"

[sirlynxalot]

If I remember correctly, I think As Good as James is the highest aware level in BMX.  I think I've gotten it when scoring 500+, and I watched a youtube video once where a guy scored 3000 (really, 3000 points!) in BMX and it said As Good as James when he finished. 

[power]

31 minutes ago, sirlynxalot said:

If I remember correctly, I think As Good as James is the highest aware level in BMX.  I think I've gotten it when scoring 500+, and I watched a youtube video once where a guy scored 3000 (really, 3000 points!) in BMX and it said As Good as James when he finished. 

 

I'm very good at BMX (used to be better) and As Good as James is a pretty disappointing one as yeah you can score well over and still only get that.

[sirlynxalot]

59 minutes ago, power said:

 

I'm very good at BMX (used to be better) and As Good as James is a pretty disappointing one as yeah you can score well over and still only get that.

I guess the developer anticipated people would only score in the 100-500 range

[power]

2 hours ago, sirlynxalot said:

I guess the developer anticipated people would only score in the 100-500 range

 

once you learn a few tricks 500+ is very easy to attain regularly, you need to fluke some stuff too like clipping the front or back wheels and setting off forward and back spins. You play this one long enough and some of the stuff it does is just awesome.

[Nop90]

5 hours ago, power said:

I'm very good at BMX (used to be better) and As Good as James is a pretty disappointing one as yeah you can score well over and still only get that.

That seems to be a single sprite: the numbers on the top of the screen has a shadow with an offset of 1 px on the right, while this phrase has letters with a shadow of one pixel right and one pixel down. Since it's the only text in the game it makes sense that it's made with an image, using a font would use more memory.

 

The same for halfpipe, they use a different font for the messages and for the numbers, and the messages seem to be limted, so in this case too sprites are very likely.

[Turbo Laser Lynx]

Who is James (that we're as good as) anyway?

Edited March 17, 2020 by Turbo Laser Lynx