Tag: reverseengineering

Poking Technology Reverse Engineers A Supercheap Console

It’s been a while since I linked a good solid ultra-geeky hacking video. Poking Technology is really good at this sort of thing. Here he takes apart one of those extremely cheap portable game consoles (1 hour 12 minutes), the kind you might find at the checkout line at Walmart for ten bucks, put logic analyzers on it, run it through Ghidra, and basically figure out how it works.

I find this stuff fascinating. Look, I’m not going to claim everyone will be interested in it, but that’s one of the advantages of running a daily blog that casts a super wide net, if you’re not interested in this there’ll probably be something more to your liking tomorrow. And if this is your kind of thing, take it from me, it’s really going to be your kind of thing. I’ve been munching on this video a few minutes at a time, and I’m still not at the end of it yet, I don’t know where this leads. I hope it goes somewhere where he puts his own code on it, which I kind of suspect he might.

Here is a bonus video, also from Poking Technology! He’s the guy who made that 6502 version of CP/M I linked a while ago. Here he uses his reverse engineering skills to make a port of classic Z80 CP/M to one of those bespoke LCD word processors that they made in the early 90s (1 hour 18 minutes):

CP/M fascinates me. It was the first real crossplatform OS for microcomputers, and it was also extremely small. It could be implemented in as few as 5KB of memory, and those 5,120 bytes got you a character-based screen, disk access, a file system and I/O support. If it looks like DOS to you, it’s because it was originally created as a clone of CP/M, and so lots of CP/M’s limitations transferred over to DOS, like its single-letter drive names and its 8.3 filename structure. But CP/M was first released in 1974! It was silly for Microsoft to have adapted that limitation too, and as a result until Windows 95 their consumer OSes had to live with the same limitation, when even Commodore 64s could have 16-character filenames. Jeez! PC-DOS/MS-DOS would soon get directory support, which CP/M didn’t get until the under-adopted version 3; until then it had to use a less-flexible system where a disk could be split up into numbered “user areas.”

CP/M being so small, it was also very simple, enough that one person could understand everything going on under the hood, something you really can’t say about OSes these days. That complexity has been used, in recent times, in service of their makers against their customers, to push in all kinds of misfeatures that many people would rather not have.

Nowadays CP/M is a footnote, its founding company Digital Research is a mere bag of property rights owned by Lineo, while Microsoft is worth hundreds of billions of dollars, and it’s very much because of a single decision by people at IBM to go with PC-DOS, later MS-DOS, from Microsoft. IBM offered both OSes, but they sold CP/M for 8086 for $240, several times what they sold PC-DOS for, and that’s why Windows is huge today and CP/M is a footnote. But there is no reason to believe definitely that, if the decision had gone the other way, that we wouldn’t be bemoaning Digital Research’s terrible decisions now instead of Microsoft’s.

But it’s also the case that DR might have turned out differently, while we know Microsoft would become the uncaring behemoth that harmed people’s perceptions of computing since the 80s, and is now propping up OpenAI and trying to shove it into everything. Remember everyone, to always strive to be better than your hypothetical replacement, or someone on a random blog decades in the future might ask aloud if we’d be better off without you.

Mr Wint’s Investigation Into The Games: Winter Edition’s Copy Protection

This is a deep one. As linked by one for the books over on Metafilter, a GitHub user with the username MrWint was looking at the code of the Olympics-like DOS minigame collection “The Games: Winter Edition.” They wondered why it seemed to be impossible to achieve better than a certain score in some of the events. It turns out to be because of failed copy protection checks in most of the versions of the game produced after the initial release. Most of the cracks of that game that can be found on the internet are affected. They even affect two later official physical releases, and GOG’s release, which is a terrible problem for people who bought any of those versions expecting a working game.

If you’ve played it and never been able to score higher than 86.7 meters in the Ski Jump, it’s not you, it’s the game practically gaslighting you into thinking you failed. It’s impossible to land the jump if you’re affected by the bug and have gone that far!

Here’s their description of the result of the checks, and here’s their lengthy writeup of the problem, what causes it, what it does, which versions don’t fail the check, and a fix for it. Both pages have animations of the bug in action. Here’s their patcher.

Here’s a tl;dr summary, although the most interesting part of it all is the reverse engineering and description of the problem. But in case you aren’t interested in that and just want the gist:

The original release came with a code wheel copy protection system, and performed a number of checks for the event that the protection was bypassed. A value was created as the result of the check, and was modified and stored in various other places. Each of the events itself checked one of those places against a second, obfuscated copy of the code wheel’s lookup table. If the original wheel check is bypassed, which happens for most of the versions of The Games: Winter Edition now, illegal or legal, those places won’t have the correct value, and the game will sabotage those events during play in different ways.

It’s really sneaky, and as it turns out, it also affects the GOG release of its sequel, The Games: Summer Edition in a similar manner, although cracks of that game managed to fix the sabotaged events.

Figuring Out Yars’ Revenge Code From Its Graphics

What is Set Side B about? We talk about old arcade and NES games, Nintendo things, weird gaming-related videos, ancient MMORPGs, and other weird and idiosyncratic things largely as they inspire us, much as how beta particles and gamma rays inspire random atoms as they pass through them, causing mutations and cancers along the way. (Alpha particles are too bulky to pass through, but that’s really just highly energetic ionized helium anyway!)

One foundational aspect of what we choose to highlight, though, are the extremely technical things, and wow, in that regard today’s link delivers. The brilliant Youtube channel Retro Game Mechanics Explained, which appears here semi-frequently, did a video on the Atari VCS/2600 game Yars’ Revenge that has to be seen to be believed, if not always quite understood.

It’s been random floating game knowledge for a while that the “Neutral Zone” area in Yars’, a flashing and coruscating band of lights that serves as something of a safe zone for the player’s bug, was the direct result of reading the game’s own code out of memory translated and displayed on screen. After all, machine language opcodes are just data, and the VCS has such a hugely limited address space that any reuse of that data is helpful.

RGME went through the graphics displayed on-screen and tried to see how much of the game’s code could be pieced together using it. The answer was, a fair bit, but not all. The process is really the most interesting part about it. Here it is:

Of particular note, the top comment on the video (because it got pinned there by RGME) is from Yars’ Revenge creator Howard Scott Warshaw himself!

In passing, let me just comment for a moment on what a weird phenomenon Yars’ Revenge is? It’s the best-selling original (non-port or license) piece of software for the old Atari. It’s such a weird artifact. It’s not a traditional style of game design. It’s got atmosphere, and strangely evocative sound. And it has that odd easter egg that can just outright end your game if you’re not careful. It really feels like an object of its time, that couldn’t have both come about and be as popular as it was in any other age. It didn’t inspire many imitators. But, it did come about, and it was popular, and I’m glad that’s true.

I watch this video and I wonder that it seems targeted so directly at me personally, that I wonder if anyone else might enjoy it at all. But then I look at its view count and see it’s approaching 200 thousand in around two weeks, so someone else out there must like it too. So: please watch the video, if you care about bits and bytes, opcodes and operands, and Exclusive-Ors. Or want to learn about those things. If neither is true for you, I’m sure there’ll be something more to your tastes tomorrow.

Reverse Engineering Game Code from the Neutral Zone in Yar’s Revenge (Youtube, 41 minutes)