D-Bug & Automation Forum
D-Bug & Automation Forum >> Coding >> Stormtrooper crack
https://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?num=1199806101

Message started by KrazyKato on 08.01.08 at 15:28:19

Title: Stormtrooper crack
Post by KrazyKato on 08.01.08 at 15:28:19
Hi all,
There was a game called Stormtrooper (I still have the original) that ended up on AU121 cracked, filed, packed by Andy Arfling.
I tried to crack this sucker years ago when I was just starting out but it always defeated me  :-[.  Do any of you guys have any tuts or advice on how to beat this protection?  It was a Bootsector loader that trashed the system/keyboard etc, then loaded sectors - if memory serves me right.
I hacked loads of ST game, the last one being Chaos Engine (Rob Northen). Also did BAAL, now that one was a tricky little beggar to file.
I could provide a Pasti'd STX of the game soon when I get my kit set up if that would help?

Title: Re: Stormtrooper crack
Post by ggn on 08.01.08 at 15:32:20
Welcome!

I haven't personally looked into this (I'm new here ;)), but I'd suggest you get a pasti and the debug version of steem. It has a marvellous debugger (you can set breakpoints just about anywhere, as well as memory watches :)). Master that and I think you'll be able to figure it out yourself. If you get frustrated you can attach the pasti and we can all have a shot at it.

Title: Re: Stormtrooper crack
Post by Shw on 08.01.08 at 19:19:15
Hi,

Just had a quick look.

The bootsector disables all interrupts and copies itself to $a.w!!
Way way low down in memory!

The BS uses it's own DMA loader (obviously gemdos can't be used!)
it clears until Ramtop then loads sectors to $17d22 then copies to $200.

As I said I've only had a brief look. I guess Andy would have dis-assembled the BS to
a file then moved on from there.

Quite low and nasty code for an old game ;)

If you want the Pasti let me know.

Shw

Title: Re: Stormtrooper crack
Post by KrazyKato on 08.01.08 at 20:31:52
Thanks for the Pasti image. :)
Yes, I seem to remember it did a nasty trick low down in memory and relocation - time to fire up the debug version of steem and see what i can do until i get my den sorted out with my ST set up.
This may take some time - the brain has gone a bit rusty regarding ST addresses etc.

Title: Re: Stormtrooper crack
Post by ggn on 08.01.08 at 20:42:46

KrazyK wrote on 08.01.08 at 20:31:52:
This may take some time - the brain has gone a bit rusty regarding ST addresses etc.


Don't worry, 68000 is like riding a bicycle! (although I'm 100% sure I can't ride a bicycle at all now ;))

Title: Re: Stormtrooper crack
Post by Shw on 08.01.08 at 20:45:10
I'm busy coding a demo at the moment, but let me know if you get stuck

or drop on

#atariscne (IRCNET)  - most D-Bug members frequent this channel.


Shw

Title: Re: Stormtrooper crack
Post by KrazyKato on 09.01.08 at 23:28:02
Ok,
I'm a bit stuck here with this one - it's a bit nasty.
I've let the bootsector decrypt itself and let it load the first 6 tracks to $17d22.  Easy peasy bit
That data is then relocated (also is partially decrypted) down to $200.  I've got that block saved as a 38k file for future use.
All system is trashed here (Toxic Monst does help though)
Code runs at $200, all traps, vbl, trace / kbd vector / timers are then screwed around with and custom ones setup as more sectors are loaded.
If you manage to get past that and still have a working system then please let me know.
I would ideally like to find where the sector loader is kept.
I did manage to load more tracks but then the system got trashed again from somewhere else.
I've unpacked Andy Arfling (Au121) 1 meg file crack and can't work out what he did with it to stop it loading sectors.!  :-[

Title: Re: Stormtrooper crack
Post by ggn on 10.01.08 at 13:41:02

KrazyK wrote on 09.01.08 at 23:28:02:
Ok,
I'm a bit stuck here with this one - it's a bit nasty.
I've let the bootsector decrypt itself and let it load the first 6 tracks to $17d22.  Easy peasy bit
That data is then relocated (also is partially decrypted) down to $200.  I've got that block saved as a 38k file for future use.
All system is trashed here (Toxic Monst does help though)
Code runs at $200, all traps, vbl, trace / kbd vector / timers are then screwed around with and custom ones setup as more sectors are loaded.
If you manage to get past that and still have a working system then please let me know.
I would ideally like to find where the sector loader is kept.
I did manage to load more tracks but then the system got trashed again from somewhere else.


Tell you what - download the DEBUG version of steem engine, open up the boiler room, set a breakpoint to $200, and start tracing from that. Don't use a software debugger, as steem's one is quite powerful for what you need. Except if you really want to do it with toxic...

[quote author=KrazyKato link=1199806100/0#6 date=1199921282]I've unpacked Andy Arfling (Au121) 1 meg file crack and can't work out what he did with it to stop it loading sectors.!  :-[/quote]

Well, I guess Andy only kept the code that mattered for his version :)

Title: Re: Stormtrooper crack
Post by KrazyKato on 18.01.08 at 10:22:52
Hehe, 20 years after buying the original game and I'm slowly getting there with cracking and filing this game.  Knocked out the protection checks and have written a file loader.  It may even work on  half meg if I can find a little code cave to stick my routine in to make it work in 512k.  :)   Still trying to do a trainer for it but can't spend much time on it atm.
Watch this space.  ;)

Title: Re: Stormtrooper crack
Post by ggn on 18.01.08 at 12:25:59

KrazyK wrote on 18.01.08 at 10:22:52:
Hehe, 20 years after buying the original game and I'm slowly getting there with cracking and filing this game.  Knocked out the protection checks and have written a file loader.  It may even work on  half meg if I can find a little code cave to stick my routine in to make it work in 512k.  :)   Still trying to do a trainer for it but can't spend much time on it atm.
Watch this space.  ;)


Glad to hear you're progressing :) What did you use in the end?

Title: Re: Stormtrooper crack
Post by KrazyKato on 18.01.08 at 13:15:23
Well, The Boiler Room is indeed a fantastic tool (first time i've used it) along with usual tools:Monst2+ and EZ Rider.  I know the Stormtrooper code quite intimately now, especially around $7818, $7a00 where the sector loader is.
One problem I have found is that I now can't get Monst to run from the boot sector like I used to.  Steem just bombs out and resets.  Any ideas why?

Title: Re: Stormtrooper crack
Post by ggn on 18.01.08 at 13:25:09

KrazyK wrote on 18.01.08 at 13:15:23:
Any ideas why?


Does this work from normal steem? Maybe it's a mem issue?

Title: Re: Stormtrooper crack
Post by KrazyKato on 18.01.08 at 14:59:12
Monst2 and Toxic works perfectly from the desktop and Auto folder in Steem but not being bootsector loaded  :'(  Tried the toxic makeboot.tos that came with Toxic too - program loads then resets.

Title: Re: Stormtrooper crack
Post by ggn on 18.01.08 at 15:07:48
Well if something bombs, then steem debug should halt operation, is this your case?

Other than that I'm sure that Shw uses toxic mon, maybe he can assist further.

Title: Re: Stormtrooper crack
Post by Shw on 18.01.08 at 17:33:08
I'm sure I had this problem ages ago. But normally I use Toxic on a real ST. I remember reading a thread recently that said there's no one using Monst when Steem Debug is so powerful..... well I still use Monst(Toxic) so there!!

Tip. Load makeboot into monst, trace through, you'll see a part saying sub #$18000  what this does is make toxic load at ramtop minus $18000 bytes (this happens when you press right shift on boot).  Try changing this to a higher value e.g. $80000 or something. Then execute makeboot.

Shw

If this doesn't work I'll investigate.

Title: Re: Stormtrooper crack
Post by KrazyKato on 19.01.08 at 22:32:28
No joy here.  Tried various different values.  Looks like i'll be sticking to debug steem instead.

Title: Re: Stormtrooper crack
Post by KrazyKato on 04.02.08 at 09:56:47
It's done ! ;)
Stormtrooper is finally cracked, filed, packed AND trained  :o  (optional infinite lives, ammo and level start),
I'll post it along with the cracking source soon.
It's only taken 20 years since I first bought the game but, hey,  we live and learn.

Title: Re: Stormtrooper crack
Post by ggn on 04.02.08 at 10:39:02

KrazyK wrote on 04.02.08 at 09:56:47:
It's done ! ;)
Stormtrooper is finally cracked, filed, packed AND trained  :o  (optional infinite lives, ammo and level start),
I'll post it along with the cracking source soon.
It's only taken 20 years since I first bought the game but, hey,  we live and learn.


Excellent mate! I knew you could do it, since you could handle Baal and all ;)

Feel free to post any files and/or tutorials or anything you fancy :)

Title: Re: Stormtrooper crack
Post by Shw on 04.02.08 at 12:27:13
Well in KrazyKato...

Did you end up using Steem Debug or hardcore Toxic?! :)

Shw

Title: Re: Stormtrooper crack
Post by KrazyKato on 05.02.08 at 10:17:48
I ended up mostly using Steem Debug.  I started using Toxic but decided it was far faster with Steem.  I even fixed my crack of Baal to work under Steem by using it.  Will also post that soon.

Title: Re: Stormtrooper crack
Post by Shw on 05.02.08 at 11:04:15
I still like the 'feel' of Toxic. But you need a real ST to use it to the full.

Steem debug is really useful, however it does have the odd annoyance  for example jumping to MFP time routines whilst tracing and it's failure to stop on breakpoints when conditions are met, eg a4=$23400.

Good work with Baal btw, I remember the protection was quite tough. Dunno why it was never on an Automation menu.

Shw

Title: Re: Stormtrooper crack
Post by ggn on 05.02.08 at 11:28:04

Shw wrote on 05.02.08 at 11:04:15:
Good work with Baal btw, I remember the protection was quite tough. Dunno why it was never on an Automation menu.


Checked menu 49 lately?

Title: Re: Stormtrooper crack
Post by Shw on 05.02.08 at 15:47:31
Pooh!

Title: Re: Stormtrooper crack
Post by ggn on 05.02.08 at 18:04:53

Shw wrote on 05.02.08 at 15:47:31:
Pooh!


If you want I can wave my moderator's stick and send these last 3 or 4 posts to oblivion in a 1984-esque manner :P

Title: Re: Stormtrooper crack
Post by CJ on 05.02.08 at 18:06:52
But only a complete mug would fall for a cheap trick like that.

Title: Re: Stormtrooper crack
Post by KrazyKato on 12.02.08 at 15:20:45
At last.......

Here's the Stormtrooper cracked, filed and trained game (msa) hopefully.  Code to follow in next post.


https://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?action=downloadfile;file=Strooper.zip ( 308 KB | Downloads )

Title: Re: Stormtrooper crack
Post by KrazyKato on 12.02.08 at 15:21:59
...and here's the crack, file, trainer, menu code.
It's been a long, long time since I touched 68k and an ST so be gentle with me ok.  ;)

https://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?action=downloadfile;file=Stormtrooper_Code.zip ( 110 KB | Downloads )

Title: Re: Stormtrooper crack
Post by Shw on 12.02.08 at 17:11:17
Great work and interesting read :)

Maybe we should document how we crack stuff now and again.

Good also to see someone else in the 'noughties' still cracking and FILING ;)

Shw

Title: Re: Stormtrooper crack
Post by ggn on 12.02.08 at 20:43:41
...and NOT taking other people's cracks and re-applying them to a pasti, to make shoddy cracks seem like a bad copy :P

Title: Re: Stormtrooper crack
Post by KrazyKato on 12.02.08 at 22:54:43
Thanks guys, I also fixed my mega-trained version of Baal to run on Steem too. . . ;)
https://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?action=downloadfile;file=BAAL_FIXED.zip ( 346 KB | Downloads )

Title: Re: Stormtrooper crack
Post by Shw on 13.02.08 at 06:44:39
Any idea why it crashes on Level 7? Strange Pasti's do it too?

Did you use the PASTI I sent?

Shw

Title: Re: Stormtrooper crack
Post by KrazyKato on 13.02.08 at 08:39:55
Yep, I used the pasti you sent me.  I'll check the track logfile later to see what tracks are being read at that point.  At work atm.

Title: Re: Stormtrooper crack
Post by KrazyKato on 13.02.08 at 09:29:51
It must be the pasti as I've just tried Au121 and it works ok on level 7.
Looks like it struggles to read the data correctly from track 66 to 69.  It repeats this sequence and then wipes the memory then hangs.

PASTI: Read track. track: 40, side: 0           Disk check
PASTI: Read track. track: 66, side: 0
PASTI: Read track. track: 67, side: 0
PASTI: Read track. track: 68, side: 0
PASTI: Read track. track: 69, side: 0
PASTI: Read track. track: 66, side: 0
PASTI: Read track. track: 67, side: 0
PASTI: Read track. track: 68, side: 0
PASTI: Read track. track: 69, side: 0

I've tried it with max accuracy on pasti too.

Does anyone have another pasti of this game I can try???  :'(

Title: Re: Stormtrooper crack
Post by Shw on 13.02.08 at 10:58:41
I guess it's possible to extract the track data from Andy's crack, although it will be 'faffy'.

I'll see if I have another Pasti... or has any othe group crcaked it but not filed it (Reps?)

Shw

D-Bug & Automation Forum » Powered by YaBB 2.6.0!
YaBB Forum Software © 2000-2021. All Rights Reserved.