6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Thu Oct 31, 2024 11:47 pm

All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Fri Jul 22, 2016 5:41 pm 
Offline

Joined: Wed Apr 27, 2016 2:15 pm
Posts: 141
Location: South Africa
Hi All

Does anyone perhaps have some interesting links about the code obfuscation techniques/algorithms/tools used in the old classic C64 games?

Today I had to debug the machine code of an old classic game for the C64 to determine why it wasn't rendering properly in an emulator I am currently writing.

Well, I managed to find my fault, but in my hunting I discovered a couple of very interesting loops, which in my opinion is code obfuscation techniques. The loops look at random locations in memory, adding them as it goes along and then jump the address formed by the addition and repeats the whole process for 100's of iterations, till it arrives at a final number which is the actual address for a piece of data.

The following trace snippet in VICE gives an idea of what I am talking about:

Code:
.5336 005 044  293719967  A9 00       LDA #$00   3f3ffff8
.5338 005 046  293719969  85 AA       STA $AA    003ffff8
.533A 005 049  293719972  A9 B0       LDA #$B0   003ffff8
.533C 005 051  293719974  85 AB       STA $AB    b03ffff8
.533E 005 054  293719977  CA          DEX        b03ffff8
.533F 005 056  293719979  30 12       BMI $5353  b03efff8
.5341 005 058  293719981  A0 00       LDY #$00   b03efff8
.5343 005 060  293719983  B1 AA       LDA ($AA),Y b03e00f8
.5345 006 002  293719988  29 7F       AND #$7F   1c3e00f8
.5347 006 004  293719990  18          CLC        1c3e00f8
.5348 006 006  293719992  65 AA       ADC $AA    1c3e00f8
.534A 006 009  293719995  85 AA       STA $AA    1c3e00f8
.534C 006 012  293719998  90 02       BCC $5350  1c3e00f8
.5350 006 015  293720001  4C 3E 53    JMP $533E  1c3e00f8
.533E 006 018  293720004  CA          DEX        1c3e00f8
.533F 006 020  293720006  30 12       BMI $5353  1c3d00f8
.5341 006 022  293720008  A0 00       LDY #$00   1c3d00f8
.5343 006 024  293720010  B1 AA       LDA ($AA),Y 1c3d00f8
.5345 006 029  293720015  29 7F       AND #$7F   2b3d00f8
.5347 006 031  293720017  18          CLC        2b3d00f8
.5348 006 033  293720019  65 AA       ADC $AA    2b3d00f8
.534A 006 036  293720022  85 AA       STA $AA    473d00f8
.534C 006 039  293720025  90 02       BCC $5350  473d00f8
.5350 006 042  293720028  4C 3E 53    JMP $533E  473d00f8
.533E 006 045  293720031  CA          DEX        473d00f8
.533F 006 047  293720033  30 12       BMI $5353  473c00f8
.5341 006 049  293720035  A0 00       LDY #$00   473c00f8
.5343 006 051  293720037  B1 AA       LDA ($AA),Y 473c00f8
.5345 006 056  293720042  29 7F       AND #$7F   283c00f8
.5347 006 058  293720044  18          CLC        283c00f8


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 22, 2016 5:57 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10971
Location: England
For Acorn's machines, Kevin Edwards did some phenomenal copy protection. And for Apple machines, see the 4am cracks for very interesting writeups. We posted some collected links here.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 22, 2016 7:19 pm 
Offline

Joined: Wed Apr 27, 2016 2:15 pm
Posts: 141
Location: South Africa
Thanks Ed!

Very interesting links indeed.

Looks like disk protection was be a real pain to crack.

Some twenty years ago someone tried to copy Oxford Pascal for me. The original was a conventional 5.25 inch floppy for the 1541 drive. My drive was a 1581 stiffy drive. So copy protection worked against us. Eventually we got hold of a cartridge from Trilogic that managed to put a workable copy on the stiffy.

These cracked copies were always huge and took long to load.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 22, 2016 7:42 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10971
Location: England
I recommend Matt Godbolt's blog too - in the telling of the story of the development and debugging of the JSBeeb emulator, he covers some gory details which are exposed and exploited by copy protection schemes.
http://xania.org/Emulation
(Actually, that might be included in the previous link...)

I have to confess I paid for very little software either for my Beeb or my Amiga: once it's cracked, it tends to be distributed, and people like me (in those days) could get what they wanted without paying. I don't think I passed anything on, and I didn't crack anything either. I did buy a couple of Amiga games, and a half-share in Matt Dillon's C compiler.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: