| |
bugjam
Registered: Apr 2003
Posts: 2589 |
WANTED: SYS-lines from common packers
Hi all,
as the problem pops up time and again that cracks are added here with their attribution to a certain group based on the SYS-line, where it turns out that it is just packed with the group's packer, I'd like to request that we gather as much info on such packers as possible with the respective SYS-lines that they produce; the list could then be even added to the csdb rules, to avoid such confusion in the future (at least to be cautious in such cases and look for further evidence).
I've made that mistake myself several times, and it is very frustrating to create entries only to delete them afterwards, because one didn't know.
What do you guys think?
Best,
Bugjam |
|
| |
icon
Registered: Apr 2002
Posts: 90 |
Sounds like a great idea. I have added cracks that says Computerbrains in SYS-line, but Im FAR from sure it is released by them. |
| |
icon
Registered: Apr 2002
Posts: 90 |
On the other hand many packers starts with 2064 and 2066 so we need more specific information in that database to sort them all out AND what also is a trapdoor here is ofcoz could a group use their own packer for a release. But your suggestion is a step in the right direction. |
| |
Adam
Registered: Jul 2009
Posts: 323 |
nobody should take what is written in a BASIC SYS line as proof of credit or whatever it may be. I don't think collecting every SYS line generated by whatever cruncher would be useful. just don't rely on them to begin with :) |
| |
chatGPZ
Registered: Dec 2001
Posts: 11386 |
indeed.... if anything, it only can give hints, and only for stuff released until 1985 or so |
| |
Zyron
Registered: Jan 2002
Posts: 2381 |
Agreed. Quite a lot of packers were spread/leaked and games packed with them could be done by more or less anyone.
These recent additions f ex were most likely not released by Ikari: Asteroids 64, Frogger, Laser Strike, 1994 - Ten Years After, Starfighter I |
| |
chatGPZ
Registered: Dec 2001
Posts: 11386 |
are you saying those TOSEC names are bullshit? unpossible! |
| |
bugjam
Registered: Apr 2003
Posts: 2589 |
Regarding those IKARI releases, I have already PMed the uploader, explaining the issue.
Of course not every SYS-line needs to be collected; many didn't have the group name in it to start with.
On the other hand, there _are_ legit releases and groups/crackers that used that practice.
But if it's considered a bad idea, fine; so far there seems to be noone with the right knowledge willing to contribute information anway. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11386 |
Quote:On the other hand, there _are_ legit releases and groups/crackers that used that practice.
as said, mostly 1985ish stuff... a year or two later not so much :) |
| |
bugjam
Registered: Apr 2003
Posts: 2589 |
Yes, but how should people know? |
| |
Dymo
Registered: Jun 2016
Posts: 120 |
Perhaps a link to a forumpost, in the certain known "packers" particular group.. Before uploading a release by group XXX, please check here:
Or something like that? |
| |
bugjam
Registered: Apr 2003
Posts: 2589 |
That was pretty exactly my intention when opening this thread. :) |
| |
Xiny6581
Registered: Feb 2004
Posts: 73 |
Bugjam / Dymo: This sounds very great indeed :)
I think it would be great to make a spunk compatible database too, so we can link it to that database or at least make an export(let us keep this on ice to begin with).
?How about a nice structure like:
<groupname> <sys-line> <packer> <note>
!Eg.
"The New Light" - "sys2064 TNL" <Time Cruncher V5.0> <Earlier cracks from 1989 also used Visiomizer V6.0 and A few cracks from 1992 used a variation of Cruel Cruncher 2.1. Most of the cracks uses Crosslinker V2.0 or Beast Linker>
I really like as much details as possible.
and As mentioned above in the thread it was very common the groups/crackers renamed the sys-line just to make it a bit more personal or/and even modified the packer/linker for their own usages. Still, it's possible to trace-back most of the altered sys-lines, as I have done this many times to allocate fake or re-cracks. :-P
Best regards,
Xiny6581 |
| |
bugjam
Registered: Apr 2003
Posts: 2589 |
Hi Xiny6581,
hang on, I think you are shooting too far here - although your concept (as I understand it) would be also very useful. I think you want to compile a list of which group used mostly which packers/crunchers and which SYS line?
My idea was to have a list of generic SYS-lines generated by packers, which contain the grup name of the packer-releasing group by default - and therefore create confusion because it is easy to think that whatever was packed with the respective program (and thus has a SYS-line mentioning the group name), was actually released itself by the respective group.
Your suggestion for a standard structure is very good, but I would suggest <SYS-line (including line number)> <packer which creates that SYS-line> <packer-releasing group> <notes>
Thus, when a program has a certain SYS-line, you can easily go through the list and compare if it was a generic SYS-line or not. |
| |
Xiny6581
Registered: Feb 2004
Posts: 73 |
bugjam: Heh, yeah I went ecstatic here. Now I perfectly understand what you mean.
//<SYS-line (including line number)> <packer which creates that SYS-line> <packer-releasing group> <notes>//
That's a even better structure and it is stronger when you wish to find/pars a specific group/packer.
Now, how to make this possible? :)
If we get some examples and being able to work out the fundamental things, so to say. I can see this getting really awesome. |
| |
Trash
Registered: Jan 2002
Posts: 122 |
Quote: bugjam: Heh, yeah I went ecstatic here. Now I perfectly understand what you mean.
//<SYS-line (including line number)> <packer which creates that SYS-line> <packer-releasing group> <notes>//
That's a even better structure and it is stronger when you wish to find/pars a specific group/packer.
Now, how to make this possible? :)
If we get some examples and being able to work out the fundamental things, so to say. I can see this getting really awesome.
I think I'd start with a lib containing a lot of .d64 and / or .tap files and write a parser that could extract filename and sys-line into a simple database and work some magic from that point... |
| |
Xiny6581
Registered: Feb 2004
Posts: 73 |
Quote: I think I'd start with a lib containing a lot of .d64 and / or .tap files and write a parser that could extract filename and sys-line into a simple database and work some magic from that point...
Trash: Yes, that's exactly the magic of SPUNK, however it does more than just checking the sys-lines.
The parser is kind of easy but furthermore sometimes the actual .prg must be unpacked to reveal the real packer too or at least collide with an unpack database.
That is the main hook to deal with :) |
| |
Zyron
Registered: Jan 2002
Posts: 2381 |
I guess Unp64 V2.32 might be of help. |
| |
Trash
Registered: Jan 2002
Posts: 122 |
Quote: Trash: Yes, that's exactly the magic of SPUNK, however it does more than just checking the sys-lines.
The parser is kind of easy but furthermore sometimes the actual .prg must be unpacked to reveal the real packer too or at least collide with an unpack database.
That is the main hook to deal with :)
So, somekind of 6510-emulator that one could listen to in order to determine that a set of code ends with a jmp (to possible the next depacker orelse to the intro) and store a footprint for the code before that jmp...
Sounds hard, especially since games from before 1990 typically was first packed (<- RLE) and then crunched (<- lzX or huffman, cant remember if anyone made a arithmetic encoder) and more often than not the intro also executed some kind of decrunch...
In my mind it sounds doable but very very hard, surely there are smarter people out there than me that could have a solution fitting my thoughts... |
| |
Xiny6581
Registered: Feb 2004
Posts: 73 |
Quote: I guess Unp64 V2.32 might be of help.
Yes, that's the magic-tool. Using it all the time to get to the bottom with some wack-releases. To unpack and see what's going on :) |
| |
Xiny6581
Registered: Feb 2004
Posts: 73 |
Trash:
Both yes and no.
To make an automated process would require a bit of clever programming and well to get the whole parser and unpacker to cooperate. That way I haven't really thought about.
But to make it manually would be something like this:
-Check the sys-line. If sys-line seems "okay" and hasn't been altered. Get sys-line store into Database where table is "group" and "sys-line.
ELSE
-unpack %filname.prg% check packername... etc :P
Yeah this is very bread and butter explanation but the main thing is to map the packer used.
Hope you get my "idea" ;) |
| |
Trash
Registered: Jan 2002
Posts: 122 |
Quote: Trash:
Both yes and no.
To make an automated process would require a bit of clever programming and well to get the whole parser and unpacker to cooperate. That way I haven't really thought about.
But to make it manually would be something like this:
-Check the sys-line. If sys-line seems "okay" and hasn't been altered. Get sys-line store into Database where table is "group" and "sys-line.
ELSE
-unpack %filname.prg% check packername... etc :P
Yeah this is very bread and butter explanation but the main thing is to map the packer used.
Hope you get my "idea" ;)
I get the idea, but I think it wont be enough to cover all versions timecruncher and other commonly used crunchers with x^55 different versions. I believe that at least footprinting the the primary depacker and possibly the intro should be the way to go. That way (if you just footprint the irq-part of the intro) you also get a nice database of what intro is used for a certain release.
But as I said, it would be hard with emphasis on every single letter in hard... |
| |
j0x
Registered: Mar 2004
Posts: 215 |
I'd recommend having a chat with MdZ. I think his PreserveC64DB V.1.2 might be capable of large scale sys-line harvesting. |
