6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Fri Nov 22, 2024 8:20 pm

All times are UTC




Post new topic Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Sun Jan 15, 2017 4:14 pm 
Offline

Joined: Sun Jan 15, 2017 3:15 pm
Posts: 4
Hi,

when I was younger I was very fond of Sabotage and at that time I tried to write a Basic remake on my Amiga. The Amiga was more than powerful enough for such a game but the result was disappointing because I couldn't get the enemies to behave the same and all the fun of this game was in the very balanced difficulty.

Here we are, 20 years later, I want to take my revenge an understand how the original game works :)

So, I did some reverse engineering on this game and put some of my findings here

It's not finished yet, it's taking a bit longer than I thought, and also I don't know how to publish this kind of information.
Publishing a full disassembly of the game with all my comments would probably be tolerated but not 100% legal.
How would you do?
Can you think of websites that would be appropriate for this?
The other option is to write a blog like this one but my work is not that advanced yet.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 15, 2017 5:24 pm 
Online
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10985
Location: England
Just to note, for those of us not familiar, the game can be played online at
https://archive.org/details/a2_asimov_sabotage

I'd say go ahead and publish anything you like. Include a note that you will remove the content if the copyright holder gets in touch. They won't! Publishing on github is easy, or a blog. Github has several nice options: all your progress becomes a matter of record, and you (or anyone) can add comments or notes on any line of code.

Publishing your progress here would also be good, but only with short code snippets inline. Linking to a github project or a gist (as you did) is a good way to do it. Long code pastes here are a bit inconvenient for the reader.

As an illustration of both these principles, Jeff Tranter's project here
https://github.com/jefftranter/6502/tree/master/asm/OSI
contains tweaked disassemblies of several programs from back in the day.

(Remember, in this kind of endeavour, copyright is a civil question, not a criminal one. Only the copyright holder can have any standing to object to what you're doing. That generally means the original author or original publisher. Only something with a present commercial value is likely to draw any attention. There are only a very few 6502 works in that category.)


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 15, 2017 9:44 pm 
Offline
User avatar

Joined: Thu May 28, 2009 9:46 pm
Posts: 8506
Location: Midwestern USA
BigEd wrote:
(Remember, in this kind of endeavour, copyright is a civil question, not a criminal one. Only the copyright holder can have any standing to object to what you're doing. That generally means the original author or original publisher. Only something with a present commercial value is likely to draw any attention. There are only a very few 6502 works in that category.)

Also, there is the "fair use" doctrine that generally protects anyone from legal action if a publication was strictly for knowledge and not intended to circumvent copyright. As you noted, virtually no 6502 programs are commercially viable anymore, so there is not really much about which to worry.

_________________
x86?  We ain't got no x86.  We don't NEED no stinking x86!


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 16, 2017 7:09 pm 
Offline

Joined: Tue Jul 24, 2012 2:27 am
Posts: 679
Looking forward to it! Though I'm a C64 guy and don't know much about the Apple II internals, it's always interesting to see other reverse engineering projects.

One thing I've always been meaning to do is reverse the AI inside M.U.L.E. as it's quite devious.

_________________
WFDis Interactive 6502 Disassembler
AcheronVM: A Reconfigurable 16-bit Virtual CPU for the 6502 Microprocessor


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 16, 2017 9:32 pm 
Offline

Joined: Sun Jan 15, 2017 3:15 pm
Posts: 4
Thanks for your answers, I didn't know that archive.org had an online playable version of Sabotage.
In a first time, I think I will just be using a Gist to take notes and in a second time, I will try to make a more detailed and chronological post about the process I used to reverse the game.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 17, 2017 7:55 pm 
Offline
User avatar

Joined: Wed Aug 17, 2005 12:07 am
Posts: 1250
Location: Soddy-Daisy, TN USA
Looking forward to reading about it.

_________________
Cat; the other white meat.


Top
 Profile  
Reply with quote  
PostPosted: Sun Feb 07, 2021 9:21 pm 
Offline

Joined: Sat Feb 06, 2021 2:50 pm
Posts: 3
This was my go-to game growing up with my Apple ][+ computer. Every once in a while I fire up the Applewin emulator and run this for hours on end…

Then I would get frustrated (especially during the bomber stages) and put it down again, and try to find a cheat. From what I can tell, for all my searching, a cheat for this game simply does not exist, and has probably never existed, like they do for just about all other vintage apple // games…

In my searching for a cheat, I came across this thread and your memory mapping at github.

So I dusted off what I knew about 6502 assembly (which, admittedly, never amounted to much), learned how to use the Applewin debugger, and using your memory map as a primer, I set off to create a cheat on my own.

Yes I know cheating is bad (shame on me!) but I used this as an opportunity to finally learn 6502 machine level programming (better late than never). So really I see this as a learning experience, which is a good thing in the grand scheme of things.

So in my quest to develop a cheat for Sabotage, I raised my general understanding of 6502 assembly by a very large amount, and specifically for sabotage found some more important memory locations for the game…

If you are interested (and I really hope you still are), I would like to submit these changes to you for your validation, and perhaps add some of these mappings to your memory map there. I will post it formally as a comment to the github repository. In the meantime, I will post the cheat code here, so for folks that come across this thread they could load it up and run sabotage in a “cheat mode” if they want.

About the cheat:

So I am modifying these 3 memory locations:

Code:
$5930 : 04 <- # of men on right side (game over) <- Modify this value (to > 4) for cheat
$593F : 04 <- # of men on left side (game over) <- Modify this value (to > 4) for cheat
$6A78 : FF <- Modify this value (to 0) for cheat (bomb proof, recommended mod for bomb proof cheat)


So what I think is great about this cheat is that it is scalable, in that you can change the number of paratroopers on the floor before game-over to any amount. Normally the game is over when 4 men collect on either side of the turret, but you can change that to 5, 6, or any number of men, or you could just set it to 255 ($FF) for basically unlimited men on either side (the game will never drop >3 paratroopers in the same column). You could even make the game more difficult and set it to even fewer than 4 if you like, although the ending animation does some funky weird stuff if you choose fewer than 4.

After I figured that out, I discovered a lot more about how the bomber stages work, and I found several places to modify to make a “bomb proof” cheat, but I think the $6A78: 00 mod is likely to be the most stable of these. I will detail more of these locations in the memory map additions.

I implement this cheat in some applesoft basic code (since this post is getting a bit long and rambly, I will post it separately). This assumes you have a disk image with regular DOS 3.3 and the common (57 sector) Sabotage binary file to run. It will (B)LOAD up the sabotage binary, make some poke modifications, and start execution at $1D00.

One quirk of this cheat implementation, is that this particular sabotage binary loads up at $1D00, but then it takes the bulk of its payload starting at $2000, and move it all up to the $4000 range. It does some other stuff (I’m not quite sure what its doing in there), but after the memory move it starts execution at $42BC, where it does yet some more stuff and continues execution at $4000. Perhaps this has to do with the packaging of the hack/crack of the game, or perhaps this is part of the original software. In any case the result is that I need to poke in the memory locations at [location] - $2000 rather than at the proper/final location in the memory map. So, as an example, rather than poking at location $6A78 for the bomb proof cheat, I actually poke at location $4A78 instead, prior to the call to $1D00, and that will map to its final location at $6A78 after the move.

One other thing: The cheat does not make you completely invulnerable. If a man lands directly on the turret, or 3 men land on the columns to the immediate left/right of the turret, you will still die. If I (or someone) can figure out how to prevent that, then in theory the game could just run on and on forever, without user input. It would probably end up filling all the columns of men up to the maximum of 3, and just keep sending out helicopters and/or bombers forever and ever...

Anyhow, I will post the applesoft basic cheat in a separate post..

I hope all this makes sense, and for those that come across this thread, please enjoy my cheat code

… Howard


Last edited by HowardF on Sun Feb 07, 2021 9:28 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sun Feb 07, 2021 9:24 pm 
Offline

Joined: Sat Feb 06, 2021 2:50 pm
Posts: 3
Anyhow, here is the basic code for the cheat implementation. I pokes at 3 memory locations for the # of right side men, the # of left side men, and for bomb proof (in that order). Of course you can modify how many men you would like in the first 2 pokes, or remove any of the 3 poke statements to remove any part of the cheat if you like...

Anyhow, here is the code:

Code:
10  HOME
20  PRINT  CHR$ (4);"BLOAD SABOTAGE,A$1D00"
30  POKE 14640,255
40  POKE 14655,255
50  POKE 19064,0
60  CALL 7424


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 08, 2021 8:46 pm 
Offline

Joined: Sun Jan 15, 2017 3:15 pm
Posts: 4
Hello Howard, thanks for your cheat!

Looking at this thread I feel a bit ashamed, 2017... I expected to finish this work by 2018 at worst! But I'm glad someone find it useful even if it is not finished.
I did some progress on Sabotage Reverse, I used Ghidra to reverse it a bit better. I will, I promise, release my Ghidra file once it is cleaned up, I worked a bit on it during the lock down.
The final goal is to produce a decent remake of Sabotage, I started working with pygame. In my wildest dreams, I'd like to make a Gameboy port...

But I started, and mostly finished another Sabotage related project...A Crank stick! Well I don't know how to call it but it's a controller I built with Sabotage in mind.

There was one thing I liked about the game, it was the frantic button bashing you had to do when you had to move the turret on the opposite side, I though it would be fun to have a more "physical" device, to make more ample moves, a bit like Nintendo did with the Wii.
I'm not 100% happy with the result but I learnt some things and had fun in the process.

So stay tuned, I should publish my Ghidra reverse before the summer and at least a work-in-progress, mostly faithful, python remake.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 13, 2021 1:56 am 
Offline

Joined: Sat Feb 06, 2021 2:50 pm
Posts: 3
So before I loose it, I wanted to post this revised cheat code...

This one actually addresses the last 2 vulnerabilities that were not addressed before:

    1) One man landing on-turret,
    2) Three men landing next-to turret

With these extra memory mods (line numbers 60-90), the game can run forever without any user input. Set the emulator speed up to full machine speed and watch the whole playfield fill up almost immediately and the helicopters and bombers whiz back and forth forever!! Oh what joy!!!!!

Code:
 10  HOME
 20  PRINT  CHR$ (4);"BLOAD SABOTAGE,A$1D00"
 30  POKE 14640,255
 40  POKE 14655,255
 50  POKE 19064,0
 60  POKE 14604,255
 70  POKE 14611,255
 80  POKE 14618,255
 90  POKE 14625,255
 10000  CALL 7424


Top
 Profile  
Reply with quote  
PostPosted: Sun Aug 18, 2024 10:17 pm 
Offline

Joined: Tue Mar 31, 2020 4:24 am
Posts: 2
Completed disassembly: https://6502disassembly.com/a2-sabotage/


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC


Who is online

Users browsing this forum: Google [Bot] and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: