Date   : Fri, 11 Aug 2000 09:28:41 +0100
From   : "Rich Talbot-Watkins" <Richard_Watkins@...>
Subject: Re: More tape to disc transfer fun: Alien 8

James Fidell <james@...> wrote:
>
> [Alien 8 tape protection]
> Hmmm, I'm not really sure, to be honest -- it was quite some time ago.  I
> was probably only 14 or 15 and so had plenty of time on my hands to for
> the trial and error method.  I seem to recall that there was one section
> of code which decoded another.  That second section decoded the main program
> using a similar method to the first decoder.  I basically worked on just
> getting to the point where the first decoder produced something that looked
> like a viable program for the second decoder, after which I'd learnt
> enough to do the second stage quite easily.

Yep, this is how it worked:  There was a small loader program which contained
a decrypter and a &100 byte long piece of encrypted code directly afterwards.
This encrypted code was a custom tape loader which effectively loaded and
decrypted the main code file as one very large block.  So the key was cracking
the loader, but this was a very evil piece of code that modified itself and
the hardware timers and then checksummed itself before dropping straight into
the code it had decrypted.  It also looped a huge number of times and took
about 10 seconds to run, so it was very sensitive to timing errors.

Then to add insult to injury, at the beginning of the game code it then
decrypted itself again by a very similar method :)

> I've even just discovered that I still have the code I wrote to do it :)
> It's all of 5k of assembler source.

I'd love to have a look at that if you could dig it out (though I guess it's
on the wrong type of disc).

cheers
Rich :)
Rich Talbot-Watkins
Sony Computer Entertainment Europe, Cambridge.
Richard_Watkins@...