I'm suspicious that in development they had some memory corruption bugs (which of course they fixed), and they decided to force the same bugs with the piracy detection.
@@pfcrow No way, this is 100% intentional. Using the low byte of the player score is a cheap source of randomness. All of these tricks are designed to be difficult to debug, and I take my hat off to the elegant malevolence of their author. I once had to solve a similar problem of building a cheater-detection algorithm in a javascript game where it would be trivial for lots of people to inspect the minified-then-reexpanded source code. It was similar because all of my mechanisms would be in code that my opponent could freely read and inspect, so security through obscurity is the name of the game. In my case, the cheater's modified code would be sending a fraudulent game state to a server where it would then become visible to the honest players. I figured most cheaters would try to hack the bytes being sent to the server without tracing all the way through the code to find their origination, so as deep as possible down the stack I computed a checksum of the game state and stored it in the nanoseconds digits of a timestamp that existed primarily to serve this purpose. A user could then hack the score report being sent to the server, and it would seem to work, to them, but unbeknownst to them the checksum mismatch would be detected on the server and their account would be segregated into a "cheaters only" pool where their bad behavior couldn't discourage honest users. It might take them some time to figure out that their account had been poisoned, at which point they'd had no idea how it happened. And debugging it would require constantly generating new user accounts. It could be done, but would take a rare level of dedication. Point is, you want to separate the method from the action, such that the code doing the check lays a landmine that doesn't explode until later so that when the black-hat debugs into the problem, there are no obvious hints as to how and why the bad state came to be. They then have to run the code again watching for changes to a memory address, but maybe the next time the landmine is laid elsewhere. You might have to build special-purpose debug tooling to ever figure it out.
Although with arcade games, it really feels like punishing the player, who just came into the arcade and tossed in a quarter, when they would have had nothing to do with the pirating. All the while, who ever put together the counterfeit cabinet or sold the board to put into a bare one, still made money on it, so these tactics likely didn't do anything to stop those actual pirates. So like with more modern DRM from recent decades, it's end users who give their money to play who get screwed by the game's maker (and/or publisher.) Edit: typo
one reason why they likely bound the checksum to the copyright notice specifically is that it gives them an extra legal avenue to pursue in that they aren’t just altering the code to work, they would have to fraudulently misrepresent something with altered copyright information as that’s the only valid set of values. that’s why for example, the sega genesis would display ’licensed by sega’ etc, because an unlicensed game would cause that message to display and essentially become a legal claim. there were some interesting court cases around this, and i imagine the copyright notice here being the checksum serves a similar function.
Nintendo tried something similar with the GameBoy, since the logo is loaded off from the Cartridge, and displayed on the screen. If the logo shows up correctly, a check passes and it boots up normally, if it doesn't, it doesn't boot. However, pirates found out how to bypass the check by changing the values the check sees compared to the ones being displayed, so if you see any Cartridge displaying a logo other than Nintendo's and still booting up, now you know why.
I remember that Sega's implementation was tested in a court. The affected party claimed that the licensing message was just a techical requirement to get games to work and not actual violation of the trademark, and the court agreed. But this happened years after Tempest was released.
Yep, that’s Sega v. Accolade case from ’92. However, in this situation this wouldn’t work the same way since there is no hardware or firmware check that the copyright notice exists. It’s likely more so that it’s hard to remove the notice and having the notice makes it simple to notice and prove that the code was copied.
Makes sense, iirc back in the 80s legal protection for software was pretty much nonexistent so relying on the "classic" copyright laws was probably the only way to get some protection at all.
@@mina86 true. absolutely not a 1 for 1. i just imagine if atari sniffed out an arcade or distributor or whatever 'altered attribution' or something it could be an extra thing to tack on. it would make it harder to plead ignorance at any rate.
The checksum mattered to ATARI because pirates would remove copyright messages, allowing arcade owners and bootleg manifacturers to go "but I didn't know" by "forcing" copyright messages, ATARI could then point to the copyright notice, and claim that they had to know, they were told on the title screen.
Also, it means even if you have a bootleg Tempest cabinet in your arcade, it still shows Atari's name to everyone in the arcade, including anyone who sees the game and decides they want to buy it for *their* arcade, so Atari still has a shot at getting some sales out of it.
I once went to an arcade, it’s probably been five years since this happened, but it was one of those typical “we put smartphone games on a bigger screen and called it a day” type of arcades. Yet, for some reason, literally sitting UNDER a set of stairs, there was a Tempest machine. You know damn well what ensued afterwards. Best arcade I’ve ever been to, not that that’s saying much, since most of them don’t even have anything besides the aforementioned smartphone games, and I haven’t been to all that many. (By the way, this wasn’t some reproduction or an emulator in a box. It was a genuine musty old piece of work, and why it was in this place, I have no clue.)
I hate those giant smartphone games. I went back to an arcade of my youth expecting to see the faithful old HOTD 4 and Mario Kart Arcade GP 2 machines and there they were. It hurt.
One fun thing about the graphical glitches, if displayed on a real machine there is a chance the monitor will be damaged. WG K6100s are pretty delicate, if the deflection input is out of range (ie drawing shit outside of the normal bounds of the screen) it can cause too much current to flow through the transistors that drive the yoke, causing them to short, blowing out the voltage regulator transistors and causing you to have a very sad monitor. Almost anyone who has or had a color vector atari machine knows the pain. They're pretty annoying to repair.
...and that means the rest of "anti-piracy screens" in videogames are fake as some type of videos showing false and not accurate "anti-piracy screens" which most of them are maded with modern hardware and software, most common video editors, image editors or music production software for try to recreate it? I mean, although the Tempest one it's really impressive for a game I don't know games with methods almost comparable or superior, if you want some real anti-piracy screens check out most of the classical "Error: Pirated copy" text or something in a plain background.
With how formal and instructive your videos always are, that little "...apparently" caught me off guard, I probably laughed much harder than I should have
@@imveryangryitsnotbutter What they did was essentially screw up your save as time went on. And the same thing is done in Earthbound on SNES. However, that game also resets all your progress when you go to the final boss.
These "slow pirates down so much that people early on are just going to buy the dang game" are so cool. It's sad that they've fallen out of fashion but... that's also literally what modern anti-piracy does. Denuvo is possible to crack, but it takes weeks for the One Person Who's Capable Of It to manage it-if you follow modern games and piracy, you'll notice that most of the hype around a new game will have died down before cracked copies are available. When a lot of modern games live or die on their first week of sales, just stopping people pirating for a fortnight makes a ton of difference. Denuvo just does it with complicated and weird maths, rather than making the game slowly fuck up as time goes on , but the impact to pirates and consumers of pirated games is the same.
I remember during a behind the scene video about Tempest, there was a glitch/failsafe that if the copyright wasn't in a specific place, the game would automatically add a large number of free credits. this kept machine owners/renters form using unlicensed products.
I think I've heard the same thing about Asteroids. Though, that one also had a "trick" where people would get down to a single small asteroid and spawn-camp the small ships, racking up insane points and lives. Enough to be able to take a bathroom break during marathon sessions, for instance. Arcade owners didn't like that, since they were playing on a single quarter.
Tempest has a brilliant hidden feature in the v1 and 1.1 versions of the game back in 81. I stumbled across it while playing it in the arcade then never spent more than a quarter ever playing it from then on. You ensure that the last two digits of your score ended with a specific value, then let the game and go back to demo mode. At the second loop of demo mode the game would then react depending on the digits. 99 free games, ability to start at any level, unlimited deaths etc. It was intentional - a thank you to us obsessive players.
It is interesting that if the game's software or hardware is modified, you will still have a free trial, but then the game breaks completely after the trial ends.
By putting antipiracy checks at difficult levels, they all but guarantee that the pirates who are good at messing around with the code but likely not experienced Tempest players, won't trigger it. Then they get the joy of deploying a bunch of these clone cabinets and then the complaints pour in from arcade owners when players keep complaining that the machines are crashing. This would be far less of a nuisance if the pirates knew there was a problem before they manufactured and sold a bunch of these things.
@bensmith3890The GBC only checked the top half of the logo, as well. Also, there were some clever workarounds based on the fact it was loaded into vram and then checked afterward, meaning that if you supplied your own logo for the first one and then swapped it back to the Nintendo logo for the second one it'd still boot properly while showing something different onscreen.
Would any pirate leave the copyright information intact? I doubt they'd want to advertise that they are ripping off the owners. So of course they will get rid of it,
It's a legal cover-your-own-ass move, iirc. Sharing pirated games or romhacks was a legal grey area back then, but copyright infringement is *not* so legally grey. It gave atari a much easier avenue to go after pirates.
Final Fantasy 1 does a similar check on the programmer's name on the title screen. It's much more obvious though; the game just freezes when you enter a door.
This was rather interesting. Years ago I was quite heavily involved involved with software and hardware development on PCs. One anti piracy technique I developed was based on floppy disk storage. The way data is normally stored on disk is as a series of Sectors on each track. Each sector is numbered but generally, not (as you might expect) in order. Instead, the sectors were arranged so that, after reading the sector No 1, you'd skip the next and then the sector after that would be Sector No. 2. This would give the bios time to be able to process the first sector before reading the second. After a complete rotation of the disk, you'd then have half of the sectors on that track. A second revolution would follow the same pattern but reading the alternate sectors that had been skipped on the first revolution. So it would take two complete revolutions of the disk to read one complete track. This was actually faster than having the sectors in order because if the bios missed the beginning of just one sector, it would have to wait a full revolution of the disk to get back to the missed sector. Having an intervening sector made this less likely to happen. Now for my anti piracy method, I'd run a custom low level format on the disk, such that one track (eg. track 7) had all the sectors stored in reverse order. This made the time to read that track take much longer to read than any other track. (typically 16 revolutions of the disk compared to 2). Once the disk had been put through this low level format, it could be written to in the normal fashion but when reading that track, it would take 8 times as long to read, compared to the other tracks on the disk. If anyone ever used standard tools to copy the disk, all the data would be perfectly copied over BUT, when reading that track, it would read at the same speed as any other track. Thus giving away that it was not an original copy. The beauty of this was that the client could even format the original disk (using the dos Format command) and download an updated version of the software and write it to the disk and it would still work. (formatting doesn't overwrite the low level format, it uses the existing sector markers). So effectively, there was nothing to see in the software, it was the disk itself that had been "marked" as authentic. I used some similar methods on CDs and obviously we had other techniques at our disposal. I was asked to implement a process that would copy the serial number of the CPU onto the floppy disk on first setup to bind the software to that one machine, but I refused to implement that, as I felt, if someone has paid for a copy of the software, they should be allowed to upgrade their machine without loosing functionality of our software.
Lots of Apple II titles also did wonky things to the on-disk format (resizing sectors, changing required spindle speeds for specific tracks, etc.) so as to make it more difficult to produce working copies even if you had the binaries. The Apple didn't have a "smart" disk controller and did everything in software with the CPU, so it was possible to make the drive physically do all kinds of weird things to accommodate non-standard protected disk formats.
@@stevepreskitt283 I also used to write the BIOS routines to access disk drives. One of the easter eggs I put into one of our bios chips allowed you to play a tune on the floppy drive. It was quite a crude routine that just drove the head stepper motor at the required frequencies. This was discovered by my boss when he asked me "Why is my floppy drive playing La Marseillaise?" I then informed him "That's odd, it should be playing the intro to All You Need Is Love"
Wow, this is absolutely diabolical! As a kid I used to crack 8-bit computer software, and once the idea of delayed validation occurred to me, it was always in the back of my mind. I only ever found one case, though - a cartridge game that clobbered itself with garbage at random intervals to thwart RAM-based execution. I think this sort of thing was rare because protection was usually bolted on by the publisher rather than baked in by the developer. Anyway, thanks for the amazing video!
It was a common practice for bootleggers to alter or erase copyright strings in games. I remember reading on TCRF the ways Konami would put anti-piracy checks in their late-gen NES games and the way they'd mess with the player if they were tripped, such as making Super Shredder invincible in TMNT3 so you couldn't beat the game. In all those cases, it was the removal of the word Konami that triggered the check, so what Atari did for Tempest is not that unusual.
And then Russian kids would be wondering in frustration why can't they beat Shredder when they bought the game from Steepler on a licensed Dendy cartridge.
Similarly for cracks of home videogames, the crack group would put their names and greets to other crack groups in the game (this eventually became the demoscene). While any half decent cracker would just remove these checks, you would assume the theory was to catch crackers out when they gloated about cracking the software.
LFSR was used by David Crane who wrote the game Pitfall to generate random yet repeatable scenes/pages within a game when moving left or right. It was mainly done for saving memory in those early machines, rather than drawing out each scene/page individually. It was quite clever and worked great. ;)
Emperor of the Fading Suns had a devious method - if you failed or otherwise found a way to by-pass the anti-piracy check, they would let you play the game and it might seem like everything was playing normally, but as you went along it would slowly start subtracting cash from your treasury. The longer you played, the more it would subtract, so by the time you realized what was going on and found yourself mysteriously bankrupt, you had already invested a huge amount of time into the game, which was now guaranteed unwinnable.
turning on decimal arithmetic is hilarious, that's my favorite one! 😆 I also really like the hardware RNG function in general, making crappy RNG values but doing it really frickin fast so it's good enough to work. I haven't researched this era of games very much so i never saw that before, i'm more used to NES/SNES RNG where it's in software. Spyro 3 also famously has a bunch of individual anti-piracy checks that are triggered at different points in the game to make it frustrating for hackers to bypass them, making the game just slowly get less playable over time. I don't recall the exact method used for the checks though, but there's probably a dozen videos about it.
pseudo rng is still the most common. True random numbers are generated by non-deterministic things which circuits are incapable of. Id look at tom scott’s lava lamp that keeps the internet safe video
Yeah, I've heard of Spyro 3's anti-piracy measures, and Mother 2/EarthBound's anti-piracy measures are really interesting too. If I remember right, when making a new save file, the game checks the amount of RAM on the cartridge, and if the RAM amount is incorrect _(because bootleg carts usually have more RAM than legit carts),_ it makes the enemy spawn rate EXTREMELY high and also places enemies in locations that don't normally have enemies _(e.g. Onett after beating Frank),_ causing EarthBound to become nearly unplayable. Oh yeah and it also crashes and deletes all of your save files if you manage to make it to Giygas
I love these types of videos. Do you think you could take a look at how Earthbound anti-piracy measures work? It has a pretty devious payload of wiping save data. It also shows some random corrupted visuals and sound effects that seem to be different every time, so I've always been curious about how exactly it works.
*Reveals that the name of Atari's RNG producing chip is called the "Pokey" Chip. The Five-Year Old in the back of my brain: "You do the hokey-pokey and you turn yourself about. That's what it's all about!"
I wonder how much this actually helped the business in the long run, rather than making a lot of people think 'wow these Atari games are buggy'. In fact I wonder how many games available now as abandonware were better at the time because we don't realise they have copyright bugs? Most of the versions of Gunship for the C64 definitely have issues that didn't used to exist.
The piracy check definitively is interesting with the side effect it also caught emulators and is almost like an accidental forethought of anti-emulation like performing a division on the SNES when the result is not ready (which would trigger ZSNES, an emulator infamously known for its inaccuracy like instant arithmetics). The last phrase when you mentioned your supporters also is a very good point given that DRM measures are bound to be broken and thus mainly focus on the release (where the hype is typically the largest) and coding knowledge of the game is naturally the smallest for any outsider. The software protection also made me realise that according to some Discord messages or RU-vid comments, pirated SNES games often are dumped on cartridges which have more than enough to not deal with not having enough RAM which in turn also has been used for anti-piracy measures by taking advantage of mirroring. As a realistic example, a game comes with 8KiB ($2000 bytes or the mapped address range $0000-$1FFF) of cartridge RAM stores some value at $1FF0 and then a different value at $7FF0 (which is valid for 32 KiB or $8000 bytes of memory / has the range $0000-$7FFF). By mirroring, $7FF0 is reduced to $1FF0 (because $7FF0 & $1FFF or $7FF0 % $2000 = $1FF0) on the 8 KiB cartridge. It then compares the latter value with the one of $1FF0 and if both are unequal, it means the game has more RAM than it's intended and thus must be pirated.
Super Mario 64 not crashing on officially emulated rereleases when the camera enters a parallel universe is also this. The Wii/U/Switch uses its own FPU rather than emulating the N64's; and their FPUs don't have the glitch that causes the crash.
Few if any SNES games actually used division and multiplication for this check. IIRC Byuu himself mentioned that BSNES doesn't use it by default because it's inconsequential in practice when dealing with official games.
@@fungo6631 That's why I mentioned "accidental forethought" (or rather, accidental futureproofing") in the OP because most pirates used physical cartridges and original hardware while emulators became important only later on. It's also very much a thing in BSNES to accurately calculate mult/div with at least the version I use so the information you have are likely outdated.
4:31 Maybe this check is the source of the misconception some pirate groups (particularly in the nes/famicom scene) had that if you remove all copyright information from the game you are safe from the legal standpoint.
Kinda-sorta. Proving reams of machine code are identical would be a challenge for the courts, but having the copied game flash in bright letters, "COPYRIGHT ATARI" makes proving infringement trivial.
I wonder if some very carefully crafted TAS would be able to manipulate what instructions were being implemented by triggering this purposefully (assuming that it can be triggered by the TAS itself on an otherwise non-pirated game).
I think an interesting video would be one covering all anti-piracy measures in Spyro: Year of The Dragon. It's perhaps one of the first games to really go at people trying to pirate it with multiple checks through the whole game, it erases resources from you as well, but it doesn't crash nor prevent you from playing the game. It just makes it impossible to beat.
I remember a 3D fighter jet game on the Commodore Amiga, a pirated copy would play for about a minute and the plane would then lose power forcing a literal crash into the ground every time. Back in those days I was a naughty boy, I found the code responsible and disabled it.
@@melissawickersham9912 In those days I showed it off to a few friends, but that was all, it was more of a challenge, I was fascinated how the code worked and I usually made cheats for games even from the Commodore 64, some got in Zzap!64 magazine. Piracy on the Amiga was everywhere, there was even a market stall selling pirated games for not much more than the cost of the disks that didn't get caught, I never did that. The scene was establishing itself with quite a few cracking groups already around (I never became part of anything like that) and there was what you call copy parties where people would turn up with their Amigas and see disk drives lined up copying, one I heard got raided.
the copyright message is probably an excellent vector to enable legal attacks on pirates. Later Nintendo wound up doing something similar with the Gameboy. The lockout code was a tiny bitmap image of Nintendo's own trademarked logo, which is why pirated cartriges were a trademark violation. I suspect in this case, by forcing the pirates to leave the copyright messages intact, they'd legally be "on the hook" for damages.
Honestly games just messing with you instead of just stopping you from playing at all is my favorite type of this Earthbound also did this where enemy spawns get greatly increased and the final boss crashes the game and resets your save before you can beat it
I'm surprised these sort of checks and stuff were done back then. But it seems like a clever and multilayered system. You should do a video on the Mac Wars antipiracy system that was only defeated in 2020, more than 30 years after the game's release.
Another good checksum method is a dummy file; or data that a copy program would normally ignore; some devious Famicom Disk games used the dummy file method. "There are 13 files on the disk", says the index file. But that's a lie, and there's actually 14.
Some commodore 64 games had intentional bad sectors and unusually specific errors on the floppy. You need a very specific floppy copier to extract a correct image.
@@viscountalpha But of course, nothing was ever a bad as an anti-piracy measure as LensLoc, the physical measure which (while leading to the creation of Escape Velocity) could lock legitimate buyers out of the game.
want to make a more memorable antipiracy system? make a code that straight up turns the game into a creepypasta melt the graphics. make sound play progressively deeper. add some threatening messages make players so terrified that their pants disintegrate from whatever comes out of their body
Earthbound does that quite well; it has a dozen checksum sets that once tampered with cause vicious backlash from the game engine; it cascades at the final boss where upon swapping to the final boss it swaps your SRAM (Save Data) into an active bank and hammers it front-to-back with a RNG. There's also DKC; notably 2; most emu's mimic the required hardware well enough and once the initial checksums are passed it loads normally and checks region next. If you play through the game there'll be missing items, and some interactions are handled badly resulting in strange interactions between characters. DKC2 also hammers your save data once some antipiracy junk is triggered; I suspect it's to defeat copiers with massive RAM; and can load the SRAM into live data and hammer it with a boatload of RNG calls. It can go further and actively save your broken data, and when the cartridge loads it seems to pull wrong values from somewhere and immediately crashes when it can't load the title screen and copyright screen from Rare. Earthbound makes terrifying noises, DKC2 causes mind-melting alterations to your world as it becomes unstable and melts down under the intense pressure of corruption acid. They're hard to find but some of them are out there with how they handle machine code.
Checksumming the copyright message made sense back then because the only way to copy it was to put the copyright message (it wasn't but Atari thought it was), and if someone put it, Atari could sue them to hell.
I randomly came across this video in my feed and I have to say I'm really impressed with how you presented your video. Usually these topics go over my head but it's explained very well and I learnt a lot! Definitely earned a subscription and I'll be watching more of your videos 😊
If the game devs have tightly integrated control of custom chipsets and are writing code at assembler level, I'm actually more impressed with pirates being able to copy a game at all, it seems almost impossible to detect the fairly trivial ways asm code could check that it is running in an expected way.
4:00 Atari had good reasons for it. The digital piracy prevention was a lot less sophisticated and with these devices being standalone and not networked, there are very little legal ground for them to go after. However, temperament of the trademark can call for immediate legal action. That's why the Gameboy had similar checking to counter both piracy and unlicensed games
Sweet. That loop off-by-one thing happens a lot more than you’d think. If it doesn’t break anything, no one notices. I was once disassembling the C64 ROM and saw where it initializes sprite colors during a cold reset it goes one address too far. How about that. :)
@@grantofat6438 rewrite Tempest in C++ using the vector layers and write your own graphics engine to render these vector graphics as console characters right now. or, are you, perhaps, too incompetent to do so?
@@grantofat6438Honestly it's not so much incompetence as it is that coding is hard. And tedious. In thousands of lines, you're always going to miss SOMETHING, espcially when your ability to feed yourself and pay your bills depends on getting the product up and running well within a certain time frame.
E5A8 LDX #$2F E5AA LDA $ECB8,X E5AD STA $CFFF,X E5B0 DEX E5B1 BNE $E5AA Interesting! I had to go looking for this code. Here it is. The table at $ECB8 is missing the last byte (presumably 8, "orange") but instead uses 76 (the letter "L" of LOAD) to initialize the last sprite color to medium grey instead. Harmless, but neat. The table of actual values begins at $ECB9 which makes sense because the destination is also off by one.
Oftentimes this is completely true, and people will just pay what you're asking, if your service is actually superior to what pirates are giving away for free, because they do _want_ to support you.
@@ferociousfeind8538 Yep...that's how I normally am until companies start making the purchased copies actually inferior to the pirated copies, and giving legitimate players hassle while pirates get to play without issues. Then I just pirate.
Common misconception. Almost all pirates just don’t want to pay. There is “legal alternative” the thieves would accept that isn’t releasing expensive-to-make games for free/pennies, which is counter-productive to the industry.
@@SuperM789 Common misconception[original research]. Almost all[weasel words] pirates just don’t want to pay[citation needed]. By paying for inferior, official products that promote anti-consumer practises (e.g. DRM, digital-only copies that can be revoked, or just plain broken/inaccurate software) you are morally wrong, even if you are legally in the right.
Back in the day, I had some gaming disks (5.25 disks) and one had a checksum on resistors in a DIP header on the game port, and another version looked for a certain character at startup that was pressed on the keyboard. If it wasn’t seen, an increment would happen. After about 10 increments if I remember correctly, the whole disk would just stop working. This was stuff I was doing back in the 80’s with Apple computers. Fun stuff! Watching this video brought back memories of the sneaky copyright schemes we could do.
This is pretty clever because it basically turns pirated copies into demoware. You get a chance to play and if you like the game you have a reason to buy the full game.
I didn't figure it out code-wise, I did it with statistics. But check out the C64 version of Steve Jackson's OGRE. It does a disk check for a specific error on the disk that your 1541 cannot create. If it doesn't find it, it shifts the combat tables by 1 in favor of the OGRE. Your 33% chance to hit treads? Just became 17%. The OGRE will win every time. It's diabolical.
I thought all games crashed for antipiracy reasons in order to make it hard for hackers to pass checks. On Bubble bobble arcade, the "original game" cheat is a hardware piracy check also, if it fails it gives the player 100 credits (thus making the arcade cabinet useless for profit reasons) and leads to "DEAD COPY GAME" message, pass leads to "ORIGINAL GAME" message + the cheat.
Xevious was infamous for this as well. when you do the name trick, as long as the checksums pass, you get the "original program by evezoo" message. but if you mess with the game title or copyright, a different message is printed. DEAD COPY. MAKING COPY OF NAMCO PROGRAM. You only thougth you removed het word namco from your bootleg... :) and with this evidence, copyright infringement is proven.
wikipedia: "The Atari 2600's CPU is the MOS Technology 6507, a version of the 6502, running at 1.19 MHz in the 2600." In effect the same as the C64 but with an alternate set of peripheral chips.
It's always cool to see the anti-piracy measures implemented by old games. Simple, yet effective to give pirates a hard time when creating bootlegged systems and games.
i find it extremely funny how atari decided that the copyright string _must be displayed at all costs_ and will prevent the game loading otherwise. I know this would prevent most pirates from messing with the game and avoid lawsuits or smth, and yet i still find it funny.
Pretty clever stuff from atari,especiay back then. BTw i really like your video’s as how they are,no ‘funny’ jokes,no stupid annoying generic parts,no sarcasm,no overdoing attempts of being spontanious,not showing any private situations, no missury,it’s just perfect, Thing is that if i am in for funny jokes,i will go watch commedy,it’s just simple as that.
Tempest was my absolute favorite video game, bar none!!! On another note, my cousin was married to the late Jerry Logg, father of Ed Logg who created Asteroids :)
Interestingly, the exact same POKEY RANDOM register read test is done on the 8-bit computer series to detect malfunction/missing POKEY chips, as well as detecting additional chips on the address bus for stereo setup
How does that work? The POKEY chip has 16 registers mapped at D200-D2FF. The way the memory mapped chips worked is that they had just enough address bits for the registers (4 for POKEY's 16 registers) and a chip select line where the motherboard determined if the upper addresses matched the range it was mapped into (D2xx on the 800). That means on a stock Atari, the POKEY's registers are duplicated 16 times. I believe most stereo POKEY add-ons put the first POKEY at D200 and the second at D210 (likely duplicated 8 times instead of 16). This was trivial to implement, as the POKEY has two chip select lines, so one of them can be the added address line. So if you read the RNG on the "second" POKEY on a stock system, you'll still get good RNG values; they'll just be the same as the first POKEY would produce. And presumably they booted on the same clock cycle, so both would likely be producing the exact same values anyway. But for detecting a malfunctioning chip, that would be a valid test.
I gotta be honest, I had no idea piracy was so prevalent back in 1980 that they felt the need for these check sums! Now I am kinda interested in the history of arcade game piracy... Also interesting that they would base all but one of the checks on the copyright information! I feel like if I was making a hack or pirating a game, that would be extremely low down on the priority list to mess with whatsoever, since it's basically entirely non-functional unless it's being drawn where you want to draw something else. It's almost...arrogant and assholish to have the idea to mess with the copyright information.
@@Tinil0 No problem! As for why the bootleggers didn't just try to make a perfect recreation of a genuine Atari machine: Copyright law vs Counterfeit law. Copyright enforcement takes a lot of digging and court time, counterfeits (items made by someone else, trying to pass as made by the real manufacturer) often dont even have to go to court. You just get arrested. Think about how counterfeit sports merch gets seized and destroyed. Re-skinning the game to hopefully kinda pass as a "off-brand" version of the game was a safer bet, as the code would have to be extracted and compared to prove copying, vs if the entire cabinet is a clear forgery. After a certain point, arcade cabinets became too advanced, and it became too difficult for small-time bootleggers to copy and build their own video game hardware.
That's beautifully evil. I love the old Atari vector machines. There's probably a video's worth of stuff to be done about the pseudo 3d math hardware in the atari mathbox. I have a bunch of documentation on it that I reverse-engineered, drop me a line if you're interested.
It’s tricky and clever, but I wouldn’t call it evil. These developers are trying to defend their software creations against pirates, after all. The legitimate creators and owners of the software are the good guys in this case.
That BPL instruction should have been BNE. And the checksum is calculated backwards. This is something that I very often do because DEY sets the Z flag in the status register. If you calculate the checksum forwards, you need a CPY instruction. Doing it backwards allows you to lose that compare instruction, but it does also mean that you have to store your text backwards too if using an offset to print text. Nearly all additions require you to CLC before doing the ADd with Carry. The same as you SEC before doing subtractions. What you are getting wrong when you explain this checksum code is that the Accumulator is 8bits. It never reaches a point where you only look at the lower 8 bits because it's ONLY ever 8bits. Also if you look, the result of the addition is stored in Zero Page which some other code will need to check. That just involves an LDA and BEQ.
Looking at 5:40 in the video, using BPL did no harm except include the X-position into the checksum, just as the LDY #16 caused it to reach one value too far. It exits the loop when Y decrements into the "negatives" (255). This is a good way to include the zeroth item in a list sometimes. You are right, he "shows" the addition happening forwards, when the processor is actually adding last term first. The CLC is only here so the carry flag starts from a known state - the carries that occur along the way have been expected and accounted for in the final check.
It's kind of amazing to realize that this falls prey to the same fallacy any other security usually does. It's not really designed to keep out the people you would most expect able to do something like this. All these ingenious protections that check certain parts of the data is intact will do well at screwing up the game if it's not being emulated correctly, or has been tampered with in a haphazard way. But someone who knows what they're doing can just rewrite the checks. Most early copy protection, no matter how devious, can be nullified as simply as NOPing a few specific instructions or blocks of code specifically made to tamper with the normal game function. If anything, it just makes the code less resilient to corruption, more likely to crash if a cosmic ray flips a bit, etc. You can ironically have a situation where a pirated version of the game if the hacker knows what they're doing is actually superior to the official version. Disable the piracy checks and it's possible that hardware faults can be run through. So even back then, the adage that DRM causes more problems for paying customers than pirates, in the end, is still theoretically true. Even back in the 80s. Just a thing to think about! Also, doesn't constantly nannying the hardware RNG kind of beat the purpose of having a hardware RNG in the first place?
It is such a funny thought. I'm an electrical engineer, but i have more in common with the devs of yore that worked on these games. Than your average programmer does. Cause they too had to know how the processor was interacting with its peripheral circuits. To know exactly how the Interface chips like the POKEY and the C64 CIA operated.
What if we just draw a black credit over the existing one? The Atari copyright will still be there, but there's just something over it preventing the player from seeing it.
This is a vector-based arcade game, so you're essentially drawing with light. Drawing with "black" is the same as drawing nothing. Though I suppose you could draw a solid rectangle over the text making it unreadable.
i cant get enough of these. your voice is so nice to listen to, it helps me sleep! that and these are interesting as hell so I gotta end up listening to them over and over so they stop being interesting lmfao
Very nice presentation! We had to learn assembly in school. You really had to know the architecture of the CPU and the peripheral hardware. But, it gave you real control and speed when programming.
So the practical upshot is, If you’re making a ROMhack of Tempest, dupe the chip and solder them on in series, then only hack levels 1-10 of each “game” ROM, then add a relay or switch to go to the other chip any time level 10 is completed.
A similar anti piracy method that was used on Spyro the Dragon on the PS1. If the game found it was a pirate copy, it would make later levels impossible to complete. But the hapless pirate would not find out there was a problem until he was a couple of levels in.
There is a lot more History to what is going on than mentioned! Here is just one example, keep in mind this only works on older original Tempest Rom Sets. Get a Score of >180,000 ending your game with the last two digits of "06" so for example 181206, let the game end and let the Demo Level Complete its cycle. After you travel down the Level to the next Level the High Score Screen appears, wait and watch your credits!! It will start adding credits until the maximum is reached. It was always 40 as long as I was aware of this. This is just one example there are others including one that allows you to start on any Level up to 81!
Never get killed in Tempest: For each level find a 'slot' with the highest angle from the adjoining slots (the higher the angle the better your chances). For example a slot with an angle of 90 degrees or more are the best, 180 degrees are even better (End slots with a high angle are the best since attackers can only approach from a single direction (side). Low angle between slots is not ideal. Then 'park' your 'ship' in that slot and stay there, meaning don't ever move away. Slots with high angles force the targets to take longer to flip into your slot and low angles mean that the targets will flip into your slot at a much higher rate. After you are stationed there you can take one of two similar approaches: 1) Low skill required= simply tap the 'fire' button at a fairly high rate over and over (don't be concerned with the targets as they are approaching, you want them to get to the end so that they are 'flipping' towards you on the end ring). Make sure you are tapping the fire button as they flip into your slot and you will eliminate them successfully every time. 2) (Skill required) Fire normally as they are flipping into your slot, not necessarily a single shot, like the tapping method. You can get really far into the levels by doing this, its important to keep in mind, however, that you want to be parked in a slot with an angle that is of a high value, which takes the target longer to flip into your slot, which increases the amount of time that you have to hit them. Another well known hint is that firing on the 'green spike trails' causes your firing rate to be much higher then firing into an empty slot, so if you fire on a flipping attacker while in a spiked slot you're chances of eliminating the attacker are greatly increased....
I know a lot of old games like SNES games have such anti-piracy measures by introducing bugs or making the boss fights impossible to win. But I simply can't understand why that's a good idea. Back then, people would buy a game (either knowing or not knowing that it is an illegal copy) and find out that it crashes or that the boss fights are impossible to win. What would they do? Go to the seller and tell them that they gave them a pirated copy, or do they tell all their friends that this new game is bad quality and that they shouldn't buy it? I guess the latter.
games were simple enough back then that at least smart humans would see one game screwing up and all the others not screwing up, and immediately think that something was up. its also entirely possible that if a game did screw up there was a chance that the person didnt want to be outed for copying (even if they bought it innocently) so it never left the player or his circle of friends
So basically Atari owes me .00042 cents for every quarter I put in. At an average allowance of 6 dollars weekly allowing for inflation and a ten percent increase semi annually and the fact that tempest is still in use at the same arcade I've grown up in. I'm owed 5711.0042 dollars. I'll call my lawyer thanks, no wait that means I put 16 million in quarters into the machine, sounds right....calling the law office of summeroff and winteroff
Back then protection did work again piracy as there was no emulators and you need to buy hardware with the game or physical roms either way, they been againts bootleging and unlicenced use of hardware, for that all you needed was to force to use tradmarked logo or copyright to boot the hardware, so hardware force you to illegally (or else you got legal licence) use trademarks and they can chase you for that. Consoles used that too and used logos as a key to boot the game and display it on screen, most known example Game Boy or PlayStation 2
I Think it would be very interesting if you did make a video of how you go about and analyze these arcade games. Where do you find the raw assembly in the first place? and how do you make sense of it? Would be very interesting :)
I'm currently reverse engineering a H.E.R.O. C64 cartridge image. I'm finding that there are multiple locations where it technically writes break commands to code points in cartridge, but if the cartridge had been dumped to load from disk to RAM, these commands would corrupt the game and cause it to reset or crash.
I don't know about this anti-piracy stuff, but I fondly remember ending my score with certain numbers for certain effects.... including 99 free game credits.
