| |
Burglar
Registered: Dec 2004
Posts: 1051 |
Event id #2314 : C64 Cracking Competition 2015
Howdy Crackers!
These days the cracking scene is pretty active, but it seems most effort is spent on rushing out a version first with non-protected games.
Now that we found this nice original that hasn't been cracked, we thought, let's turn it around. Have a cracking competition with all of you with a full price EA game, including a nice protection. So here we go with the first C64 Cracking Competition 2015!
You are invited to crack "Return of Heracles" (C) 1983-1986 Electronic Arts.
Download the original here: http://sh.scs-trc.net/return_of_heracles.d64
Please read the rules carefully, and take all the time you need, quality over speed please :)
Rules:
- Submit your entry before or at 23:59 saturdayevening the 28th of March 2015 by email to c64crackingcompetition@hushmail.com
- Your release must fully run on a stock c64 + 1541.
- Your release must be filecopieable and packed.
- Your release must contain a crack intro, but you also must provide an introless version. This will be used to accurately measure size.
- Recracking is strictly forbidden, you must crack the original we provide. When in doubt, we will dig through your release and ask a few questions to confirm you really cracked it yourself.
- Individuals may only be part of a single release, so a group may enter multiple cracks, provided they are done by other members.
- You are allowed to use whatever tools you want.
Calculating Results:
50% of the result will be determined by public voting, either using or own voting system or on csdb. Stay tuned for additional info.
The other 50% of the result is calculated by the compo organizers using the following criteria:
- The shorter the better *)
- The faster it loads the better
- Proper saving capabilities
- Full PAL/NTSC compatibility
- Amount of bugfixes (if any bugs present in game)
- Amount of trainers (no double trainers)
- Minus points if you introduce bugs and need multiple versions
- The more devices besides 1541 (or compatible) you support, the better
- Optional REU support is also nice
*) We explicitly do not want to discourage the use of large intros, hence
the introless version requirement.
Most of all, have fun cracking this full price game!
The Organizers,
Peacemaker/Hitmen
Burglar/SCS*TRC |
|
... 158 posts hidden. Click here to view all posts....
|
| |
Smasher
Registered: Feb 2003
Posts: 512 |
I've found the g64 and passed it to Bacchus, didn't check it was identical to the d64, sorry. someone should upload a .nib, that would help I think.
about the game, I'll play a bit (even if the type is not my fav) and check if ECA and Quality versions are really that different or just in the title screen.
greetz! Ze' |
| |
Bacchus
Registered: Jan 2002
Posts: 154 |
Dear all,
As Enno said, the "original" D64 had a few bytes patched that kills the error check. This means the D64 actually works and the actual protection is gone. So it's a crack we base this on, and technically we are asked to recrack. If you want to spend your time to find a version with a few bytes that are different to ensure you have a non-working copy, please feel free. I will not be bothered. This is a competition and we are all given the same basis.
I never fully cracked Pirate Slayer boot before but it's a very complex protection indeed. Wedge, myself and a guy named Harald Fragner (known from the early days of Datormagazin where he taught us to remove the border) hacked ourself through the cipher loop for Bard's tale and managed to extract the deeply hidden piece of drive code. After this we didn't know what to do with it so we were just proud to have been able to beat the ciphering, but didn't really crack the game. Holy smoke it took time.
Not that I am a big fan of the monitor of Vice but it makes life is A LOT easier than it used to be... ;-) Placing breakpoints anywhere and no timing risk breaking up. Feels like cheating...
Remark: Interesting there is an ASCII sequence that is used in the deciphering. "k.e.h". I guess that means Kris Hatlelid's middle name is something with E ;-)
I am documenting my steps in a textfile that gives every byte of every step. Will be happy to share once I am done.
I still worried my main challenge will be to understand how to play the game so that I can validate that the crack is working ;-)
Also trainers for a game you don't understand it SOME challenge. |
| |
Goat
Registered: Oct 2007
Posts: 42 |
Quote: So if any group releases this more than 48h prior to deadline its -at least in CSDB terms- a firstie? :)
According to http://en.wikipedia.org/wiki/The_Return_of_Heracles , the game was "Built on an engine that was a precursor to Adventure Construction Set". And being made with a game creator it might not really qualify for firstrelease points. ;-) |
| |
Fungus
Registered: Sep 2002
Posts: 629 |
If you wanna recreate the key track or understand what it's looking for, I'll throw you a bone.
track construction
track formatted by writing $3000 * $55
$44F of $D7
$EB
$200 of $CC $AD
$AD $55 $AE $9B $55 $AD $55 $CB $AE $6B $AB $AD $AF $AB $AD $AD (this is the key)
repeated 3 times
sometimes a block of $100 to $400 $00 written (weak bits) after
creates pattern $11 $22 $44 $88 when read back
The actual booter is just stage 1 of this protection, it is both a copy protection (nothing could copy that syncless track) and a "crack protection" which makes it difficult break the game back into normal files.
I have given Burglar a tool to recreate the key track, but it needs to be run a real c64 I think in order to work, due that disk rotation and stepping stuff is hard to emulate to act like analog equipment.
You'll need an original that hasn't had the bytes in the loader patched however.
Bacchus: Have a look into the "junk" data too, there's a little surprise in it ;) |
| |
Smasher
Registered: Feb 2003
Posts: 512 |
the original is here:
http://www.ebay.com/itm/Stuart-Smiths-Age-of-adventure-commodor.. |
| |
Fungus
Registered: Sep 2002
Posts: 629 |
No one has released Ali Baba either, UCF crack doesn't work. |
| |
Bacchus
Registered: Jan 2002
Posts: 154 |
Fungus:
"Lick my userport" and "Out of my code hacker!" - is there more? I'm still not done with the "loader" file. Just done the deciphering and then I had to call it a night. I'm not 18 anymore ;-) |
| |
Burglar
Registered: Dec 2004
Posts: 1051 |
ok, guys, I have now the real protected original for you in .g64 format: http://sh.scs-trc.net/return_of_heracles_real_original.g64
- runs fine in vice
- copying with 15 sec copy failed ;)
- as expected, compared to the first version, there are 3 bytes different, just where its gonna check the keytrack.
so, if you want you can use this version now, but the patched original is fine too. there really isn't any difference in cracking it.
Many thanks to Zer0x for digging up the real original! |
| |
Fungus
Registered: Sep 2002
Posts: 629 |
Baccy: It's not text :)
Burgie: +1 for real ori, Thanks ZrX. |
| |
Maxlide
Registered: Apr 2003
Posts: 30 |
Quote: If you wanna recreate the key track or understand what it's looking for, I'll throw you a bone.
track construction
track formatted by writing $3000 * $55
$44F of $D7
$EB
$200 of $CC $AD
$AD $55 $AE $9B $55 $AD $55 $CB $AE $6B $AB $AD $AF $AB $AD $AD (this is the key)
repeated 3 times
sometimes a block of $100 to $400 $00 written (weak bits) after
creates pattern $11 $22 $44 $88 when read back
The actual booter is just stage 1 of this protection, it is both a copy protection (nothing could copy that syncless track) and a "crack protection" which makes it difficult break the game back into normal files.
I have given Burglar a tool to recreate the key track, but it needs to be run a real c64 I think in order to work, due that disk rotation and stepping stuff is hard to emulate to act like analog equipment.
You'll need an original that hasn't had the bytes in the loader patched however.
Bacchus: Have a look into the "junk" data too, there's a little surprise in it ;)
Fungman, r u sure that the key consists of 16 values?
I c 12.
$55, $AE, $9B, $55, $AD, $55, $CB, AE, $6B, $AB, $AD, $AF
...
cmp $0617,y
bne ...
iny
cpy #$0c // <- 12
bne ...
When found jump to T/S 3:0. |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | ... | 17 - Next |
