| |
6R6
Registered: Feb 2002
Posts: 245 |
Disabling AR freeze button
Is it possible to disable the Action
Replay freeze function 100% ?
In that case, please enlighten me... :)
|
|
... 83 posts hidden. Click here to view all posts....
|
| |
AlexC
Registered: Jan 2008
Posts: 299 |
Quote: Nice revival of the thread :)
@AlexC: very nice article on codebase - didn't read it completely but thought you'd like this:
"Freezepoint is using however JSR $DFD3. [this needs further explenation]"
Using a freezepoint requires the $DExx/$DFxx area to be active and CLI - otherwise it will fail (hope I am correct on the CLI :) ) -- DFD3 is AR specific to V5 and V6 only - DExx to 64k ROMs on RR and DFsumthing on AR V4 and even on some V5.2 versions.
Basically what happens on SF in monitor freeze mode is that the 3 bytes which are going to be trashed by the JSR $DFD3 are stored, the 20 d3 df inserted and on entering the freezer the bytes are restored --- there was some interesting small difference between using JMP and JSR - you might want to experiment. :)
Otherwise there is no real difference nor a way to detect whether the program was frozen using a freezepoint or the button.
Defeating the button is senseless anyhow - take it as the debugger it is supposed to be. :)
(Some nice posts and some interesting assumptions as well here - keep it up :))) )
l8r
Count Zero/CyberpunX/SCS*TRC
Thanks man. As for my article what happened is: I've sent working version to codebase for review and they posted it right away. Anyway a new version is in the works including some of Expert cart hacking. Now that I finally could get my hands on MMC Expert driver I will post some info regarding it. |
| |
AlexC
Registered: Jan 2008
Posts: 299 |
Quote: I'd have to agree. Rather than just the fun of trying to "disable the button", there probably isn't a real reason anymore. In the past you used to try to stop people from copying you game or seeing some cool tech you'd worked for months on. Now.... I suspect not.
Still - its good fun trying! :)
I still remember the 1st time I saw a Plus4 game diable the reset into the montior. I didn't know anything back then (some might say not much has change..), and it was just so impressive. Course.... My plus4 was fab, you could actually turn the power off/on and the data would still be there!
Well I agree that today there might be not a good reason to try to detect and/or disable different cartridges. Cracking with emulator is too easy anyway. However this is part of C64 knowledge base and important one. This is why I think it is important to talk about it and document it just like many disk protection systems got their description.
Just my 2 cents, |
| |
Zaphod
Registered: Jun 2012
Posts: 63 |
Yeah, stopping the freeze button is no help with emulator cracking.
This is because you can always use breakpoints and stop it before the anti freezer code runs, and remove it.
Emulator breakpoints are REALLY powerful tools.
I suppose in theory if you set up the anti freeze routine inside the loader, such that it's active before the main program loads, it should work, but making a loader that actually works under these constraints is non trivial.
TO avoid emulator cracking, you must write anti-emulator code. which is a great way to reveal emulator bugs, and get them fixed.
Also as far as i know you CANNOT detect a tri-logic expert in off mode (physically disabled by flipping the switch). Has anyone confirmed beating 1541U or Tri Logic Expert? |
| |
chatGPZ
Registered: Dec 2001
Posts: 11386 |
to avoid emulator cracking, implement a proper protection and ship on disks :) |
| |
oziphantom
Registered: Oct 2014
Posts: 490 |
yeah but zoomfloopy etc lets you get a G64 to which you can then start to look at the disk and find the parts if you can't just load it into VICE to start with... |
| |
oziphantom
Registered: Oct 2014
Posts: 490 |
Maybe Tape is the way to go, as all Leet crackers ditched their tape drives years ago and hence won't be able to read it? |
| |
Tao
Registered: Aug 2002
Posts: 115 |
Quote: Maybe Tape is the way to go, as all Leet crackers ditched their tape drives years ago and hence won't be able to read it?
Except the Leet gamers also ditched their tape drives years ago; I think it's more likely that you'll find crackers with tape drives than gamers--and if there are no gamers, what's the point of releasing the games on tape?
But yeah, tape protections are fun to crack. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11386 |
Quote:yeah but zoomfloopy etc lets you get a G64 to which you can then start to look at the disk and find the parts if you can't just load it into VICE to start with...
there are a couple things you can do that will make it at least non trivial to create a proper g64, ie requiring manual analyzing of the protection first and manual patching of the g64 to make it work. basically requiring to crack the protection before you can make a g64 :=) not many ppl in this cracking scene left who would be able to do this :)
a tape on the other hand is rather easy to dump, and it will certainly work in the emulator. |
| |
Krill
Registered: Apr 2002
Posts: 2980 |
Quoting ZaphodAlso as far as i know you CANNOT detect a tri-logic expert in off mode (physically disabled by flipping the switch). Has anyone confirmed beating 1541U or Tri Logic Expert? Not sure what "beating 1541U" means in this context, but the drive portion can definitely be detected as being a 1541U.
FWIW, 1541U (up to and including current versions) detection code.
drvch1541u: .byte "m-e", .lobyte($0205), .hibyte($0205); read forward
sei
ldx #$ff
stx $0300
stx $1803; set all port pins as outputs
lda #$a4; bit 0 may be forced to GND (1541-II) or connected to track 0 sensor (1541-C, normally 0 = not on track 0)
sta $1801
cmp $1801
bne is1541u
anc #$8a; and #imm, but no asl/rol, bit 7 of result goes to carry
beq is1541u
bcc is1541u
txa
arr #$7f; bit 6 of result goes to carry
ror $0300
is1541u: inc $1803; set all port pins as inputs
cli
rts
drvchkued:If $0300 has a negative value after execution, 1541U detected. |
| |
AlexC
Registered: Jan 2008
Posts: 299 |
Quote: Yeah, stopping the freeze button is no help with emulator cracking.
This is because you can always use breakpoints and stop it before the anti freezer code runs, and remove it.
Emulator breakpoints are REALLY powerful tools.
I suppose in theory if you set up the anti freeze routine inside the loader, such that it's active before the main program loads, it should work, but making a loader that actually works under these constraints is non trivial.
TO avoid emulator cracking, you must write anti-emulator code. which is a great way to reveal emulator bugs, and get them fixed.
Also as far as i know you CANNOT detect a tri-logic expert in off mode (physically disabled by flipping the switch). Has anyone confirmed beating 1541U or Tri Logic Expert?
Actually Expert can be programmed with switch set to OFF position. Take a look at this release: MMC Expert V2.10c
So yes, it is possible to beat it. Secondly there were different versions of Expert. First batch used only NMI generated by Restore key so blocking NMI resulted in Expert being dead. The ESM circuitry if I remember correctly acknowledges NMI to simple NMI lock based on issuing it without ACK is not working any more. (This works in ON mode obviously).
In case of 1541U are we talking about any particular freezer ROM? |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 - Next |
