Date : Mon, 28 Apr 2003 19:37:15 +0200
From : John Kortink <kortink@...>
Subject: Re: BBC Micro Games Copy Protection
On Mon, 28 Apr 2003 15:54:20 +0100, you wrote:
>[BBC games protection]
>
>[...]
>
>Here are my memories...
I have a couple too, see below. I bought quite a few games in those
days (20 or so in total I think), most of which were on tape, and
protected in some way, which became unacceptable as soon as floppy
discs became common and I wanted to be able to run them from disc.
>I had a BBC Master. Any game with any kind of protection system would
at
>some point have issued a *FX 200,2 so that memory was completely cleared
>when Break was pressed. On the Master (but not a BBC B) it was possible
to
>get around this by hitting Break twice in very quick succession, the
second
>keypress interrupting the memory clear and allowing you to have a look
>around memory to see what was there.
Like others, I had fixed this by removing this 'feature' from OS 1.2
and while I was at it planted some more hacking code behind the FRED
and JIM pages (after disabling them on the beeb motherboard, I never
had a Master by the way, only a plain BBC B). I remember having a few
well placed interrupt routine hooks which (via some specific hook code
suitable for the occasion) enabled me to take control of the machine
whenever needed. Most protection code didn't disable interrupts so
this was a useful hacking tool most of the time.
>[...]
>
>One of my favourite protection systems was Exile's.
>
>[...]
>
>I remember discing Starquake from tape. Its main code was in a
>custom-format tape file called "F£@& OFF!" which had incredibly small
gaps
>between the blocks. This protection was developed by Gary Partis. The
>tape loader routine accessed the tape hardware directly in order to load
>this file, and meanwhile the block numbers were counted down on the
screen
>so you could tell how long you had left! Makes sense really. In order
to
>get to this actual loader routine, it was necessary to decrypt about 500
>tight little loops which exclusive-ORed the subsequent block of code
with
>some value or a VIA timer or something. At the time, I could see no
>solution other than to do this by hand, which took a reasonably long
time!
>What a git!
I encountered that protection too on two or three of the games I
bought back then. I eventually decided to go for simply presssing
BREAK at the right moment (FX 200 effects having been disabled ...).
=46iddly, yes, but you could tell how far it had got by looking for
where the code got garbled, and I simply adjusted my timing in
pressing BREAK accordingly ... After about ten minutes of trying,
there it was, decoded 'n all ... ;-)
>I can't think of any more at the moment. Anyone else with good hacking
>memories?
I can remember what a nightmare the tape version of Elite was.
It used every trick in the book, fake tape blocks, interrupt
routines, tricky timing, garbled routines, jumping all over
the place, using almost every free byte in the machine. I did
manage to hack it (still have the hacked version). I later bought
the disc version as well though. I had got to see so much of the
Elite code by then that I built some code to hack out all the
spaceship wireframe models so you could print them (published
in A&B Computing June 1986, 'Elite fleet') and increase the
number of random Saturn dots plotted on the opening screen).
John Kortink