Post ApXPf3fcCSsrmdad3Q by foone@digipres.club
(DIR) More posts by foone@digipres.club
(DIR) Post #ApXPdkWxsIps8Lv4pE by foone@digipres.club
2024-12-28T01:14:11Z
0 likes, 0 repeats
I don't know if I'm weird or if it's just normal to get random reverse engineering urges.like right now I have like 5 major RE tasks I'm halfway done with, I'm hacking a bunch of games (and more interesting things), but my brain is just like "you need to reverse engineer a game that uses a software 3D renderer"
(DIR) Post #ApXPdlmxCLDg2EPMO0 by sneak@s.sneak.berlin
2024-12-29T12:32:34Z
0 likes, 0 repeats
@foone "i don't know if i'm weird"
(DIR) Post #ApXPdp58xAYIFVwQee by foone@digipres.club
2024-12-28T01:16:05Z
0 likes, 0 repeats
me, yearning: man, I wish I could reverse engineer something with a software 3D renderer...3D Movie Maker: what? are you serious? Corncob 3d: AM I A JOKE TO YOU?hell, Office 95: YOU STILL NEED TO GET BACK TO ME
(DIR) Post #ApXPdtmBV5MEoA6rIW by foone@digipres.club
2024-12-28T01:28:40Z
0 likes, 0 repeats
3D game ideas I might could hack on for just why not reasons:1. MindTrap (it glitches on later windows, would be nice to fix it, even if no one but me cares)2. Betrayal at Krondor: The overworlds are cool! 3. Abrams Battle Tank by Dynamix/EA ? 4. 688 Attack Sub
(DIR) Post #ApXPdyVhtm9FUVRGoC by foone@digipres.club
2024-12-28T01:29:23Z
0 likes, 0 repeats
on the other hand, 3/4 of those are DOS games. I have done so many DOS games and I think I'm overdosed on having to deal with segments and overlays.maybe win9x games are a better idea for relaxation
(DIR) Post #ApXPe2stdV4f3aJqVc by foone@digipres.club
2024-12-28T01:52:56Z
0 likes, 0 repeats
maybe I should just go back so far I find a DOS game that doesn't need segments and overlays because it's only 64kb
(DIR) Post #ApXPe7IvCgGilSWgd6 by foone@digipres.club
2024-12-28T02:00:48Z
0 likes, 0 repeats
1987 Wireframe flightsim/puzzle Echelon?
(DIR) Post #ApXPeBhWr8KSOw4OXY by foone@digipres.club
2024-12-28T02:03:21Z
0 likes, 0 repeats
Echelon was technically the first video game I ever owned. Shortly after my family got our first PC (a Heavily Used Packard Bell 486), my dad picked up a copy at a thrift store or something. I never beat the game, especially because it only had a 50/50% chance of launching on my PC
(DIR) Post #ApXPeGEI1GuYRhQc9w by foone@digipres.club
2024-12-28T02:03:46Z
0 likes, 0 repeats
I think that system had some PIC problem, because it crashed more than once while games were doing weird CPU-based animation/audio tricks
(DIR) Post #ApXPeL8RmQCzf1jWFM by foone@digipres.club
2024-12-28T02:06:27Z
0 likes, 0 repeats
and I have crashed the game. maybe this isn't emulated terribly well
(DIR) Post #ApXPePUvYmZFBuHWqG by foone@digipres.club
2024-12-28T02:12:28Z
0 likes, 0 repeats
okay so I set a interrupt breakpoint (bpint in the DOSBOX debugger) on AH=3D, and AH=0F. Those are the two main ways to open files on DOS, the early way (0F) and the later way (3D). Flew around until the game pauses, and it's trying to load A2.ARE
(DIR) Post #ApXPeTNd7r6hEQtl1U by foone@digipres.club
2024-12-28T02:13:20Z
0 likes, 0 repeats
the game has 36 .ARE files, named A0 through AZ.
(DIR) Post #ApXPeXfrA23yY7SMzI by foone@digipres.club
2024-12-28T02:16:34Z
0 likes, 0 repeats
Which makes sense if we look at the map included in the box:It's a 6x6 grid, labeled A-F, 1-6.So clearly the game is storing map chunks in these .ARE files and loading them as needed.
(DIR) Post #ApXPec2gv4ho66Af8S by foone@digipres.club
2024-12-28T02:17:31Z
0 likes, 0 repeats
Each .ARE file is only 3 kilobytes so all 36 of them only use up 96 kilobytes, but this game was born on the c64, where that was more RAM than the whole system had
(DIR) Post #ApXPegHj976rFtEj7w by foone@digipres.club
2024-12-28T02:20:56Z
0 likes, 0 repeats
arg I don't have a memory scanner that'll work on the game right now. I can't easily make cheats for infinite health and fuel and shit
(DIR) Post #ApXPel6ZE29aCj3NvU by foone@digipres.club
2024-12-28T02:27:25Z
0 likes, 0 repeats
EXE isn't packed, it's about 90 kilobytes.Other files: 16 CMP files, and a bunch of HUF files.6 labeled P0 - P5, TITLE, DASH0/1, COVE0/1? Sounds like they're image files .
(DIR) Post #ApXPeplpsXXcfsOOo4 by foone@digipres.club
2024-12-28T02:31:25Z
0 likes, 0 repeats
there's a reference to a covex.huf file in the EXE, but it's not included in this version. Maybe COVE0/COVE1 are short for COVEX?
(DIR) Post #ApXPeufHgKGtr0Mjmy by foone@digipres.club
2024-12-28T02:34:54Z
0 likes, 0 repeats
I think the HUF files are compressed, at least somewhat. Just not very well.Either that or they're some kind of image drawing microcode but I kinda doubt it
(DIR) Post #ApXPezPA3hLUYRrQqu by foone@digipres.club
2024-12-28T02:36:00Z
0 likes, 0 repeats
anyway, the game starts up by showing you TITLE.HUF. let's just swap out all the other HUF files one by one and see what they are!
(DIR) Post #ApXPf3fcCSsrmdad3Q by foone@digipres.club
2024-12-28T02:39:43Z
0 likes, 0 repeats
it seems to only render the first half and then the rest is gibberish. I bet it's something to do with these files being multi-format, since they have to encode the image for VGA/CGA/Monochrome
(DIR) Post #ApXPf88pZmd9ePI19E by foone@digipres.club
2024-12-28T02:42:26Z
0 likes, 0 repeats
okay so P0-5 are the artifact pictures, DASH is the dashboard, COVE is some castle (end of game?) and title is... the title
(DIR) Post #ApXPfD2dMFe0qdQdgO by foone@digipres.club
2024-12-28T02:42:47Z
0 likes, 0 repeats
for the ones with 0/1 versions (COVE and DASH), 0 seems be the CGA/Monochrome version, while 1 is the VGA version
(DIR) Post #ApXPfHOPBFR6LJe5Am by foone@digipres.club
2024-12-28T02:44:01Z
0 likes, 0 repeats
here's P0.HUF to show what I mean about corruption:
(DIR) Post #ApXPfMB7O4mLBYT2em by foone@digipres.club
2024-12-28T02:49:25Z
0 likes, 0 repeats
CMP files seem to contain object info, since I see text in them.the game supposedly has 240 objects on the map, which can be transported onto your ship when found. Some are useless, some are clues to The Main Puzzle, and some are instant death bombs
(DIR) Post #ApXPfQlQL2CFPJU5nk by foone@digipres.club
2024-12-28T02:52:51Z
0 likes, 0 repeats
I suspect the maps are compressed too. time to find the decompress routine in the exe!
(DIR) Post #ApXPfUvUrWdAJiEC3c by foone@digipres.club
2024-12-28T03:03:25Z
0 likes, 0 repeats
interesting. this code that opens A2.ARE reads 1536 bytes and then closes it.the file is 2432 bytes, though
(DIR) Post #ApXPfZjcz56jELiHke by foone@digipres.club
2024-12-28T03:06:36Z
0 likes, 0 repeats
I think this game was programmed in assembly. passing one pointer in SI is not a calling convention I have seen compilers use
(DIR) Post #ApXPfeIrzzftOoEUEq by foone@digipres.club
2024-12-28T03:12:10Z
0 likes, 0 repeats
ahh, I think I was looking at a custom loader that just handles TITLE.HUF(which is 7687 but presumably the files is re-opened later?)
(DIR) Post #ApXPfisoyGoDbT5FpY by foone@digipres.club
2024-12-28T03:13:22Z
0 likes, 0 repeats
yeah the version that works for maps loads 8194 bytes.which is an annoying number.
(DIR) Post #ApXPfnGMgg1DBe875E by foone@digipres.club
2024-12-28T03:14:08Z
0 likes, 0 repeats
but I bet it's because it can read non-huffman'd files, and 8192 + 2 byte header?
(DIR) Post #ApXPfriW7wul07KeWG by foone@digipres.club
2024-12-28T03:18:58Z
0 likes, 0 repeats
ahh. so it's got a string in the EXE that's A0.ARE.Then it has another string that's 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ.So when it wants to load area N, it indexes into the Nth item of the second string, then shoves it in over the 0 in A0.ARE and opens that file
(DIR) Post #ApXPfw7pjlXefnCvXE by foone@digipres.club
2024-12-28T03:30:53Z
0 likes, 0 repeats
Ghidra: I support disassembly of 16-bit DOS programs!also Ghidra: WHAT THE FUCK IS "DS"? all segment-relative poitners are aimed at segment 0000, right?
(DIR) Post #ApXPg0ZdCM9cTAFBQ0 by foone@digipres.club
2024-12-28T03:34:36Z
0 likes, 0 repeats
either ghidra's set-register doesn't work or I don't understand what it's doing
(DIR) Post #ApXPg5SN2mJjc5sxIO by foone@digipres.club
2024-12-28T03:44:34Z
0 likes, 0 repeats
uh-oh.after loading the file, it calls two functions. One seems to just be shoving it into memory, but the other shows up as blank, and instant ret.That smells like dynamic code loading and I don't like that
(DIR) Post #ApXPgA7dhHhm5FDyAy by foone@digipres.club
2024-12-28T03:48:53Z
0 likes, 0 repeats
16bit assembly is so silly.You enter a function and step one is you make a pointer to 2, and then increment from there
(DIR) Post #ApXPgEyxcyjZ9mCbqK by foone@digipres.club
2024-12-28T03:49:18Z
0 likes, 0 repeats
the calling code changes the data segment to one just used for your specific buffer, so you don't need a pointer, it's just in the implicit state of the processor. you just work from 2
(DIR) Post #ApXPgJQ38CmMuwuIca by foone@digipres.club
2024-12-28T03:55:31Z
0 likes, 0 repeats
okay I haven't checked against the actual output (since I haven't gotten the actual output yet) but I think this isn't huffman, it's not even regular RLE, it's Very Simple RLE: You can represent all bytes 00-7F normally, but if the high bit is set, it instead means "repeat this many zeros"
(DIR) Post #ApXPgOAdSwQ7eajYn2 by foone@digipres.club
2024-12-28T03:56:20Z
0 likes, 0 repeats
so 44 82 44 turns into 44 00 00 44
(DIR) Post #ApXPgSPJiIXanHdLEG by foone@digipres.club
2024-12-28T03:58:56Z
0 likes, 0 repeats
the files have a 2 byte header that's ignored and not checked, then a number of things.those things are 6-byte chunks that get copied into the buffer above 0x1427. No idea why yet.
(DIR) Post #ApXPgXCjsURzfimrom by foone@digipres.club
2024-12-28T04:00:53Z
0 likes, 0 repeats
It seems the way the function works that it's passed a buffer as DS, then it loads the file starting from address 0, and writes that into 0x2CEF and up That's 11k into the buffer, so well above any real file.
(DIR) Post #ApXPgbCB2WNU38YTUu by foone@digipres.club
2024-12-28T04:06:14Z
0 likes, 0 repeats
okay I'm following through the decompress loading A3.ARE. I can see in the data segment we've got the data in the file, but up at 2CEF? all zeros. now if I wait for this function to return, that should get filled out
(DIR) Post #ApXPgfobrZUsNUZDxQ by foone@digipres.club
2024-12-28T04:08:12Z
0 likes, 0 repeats
NOPE I'm completely wrong. They've got ES and DS pointing at different segments.2CEF is the start (I guess?) of the output buffer, in a different segment
(DIR) Post #ApXPgkY8GGHt3ptdT6 by foone@digipres.club
2024-12-28T04:12:51Z
0 likes, 0 repeats
there's some values over 0x80 in the decompressed out so I think I'm misunderstanding the decompression
(DIR) Post #ApXPgpBd1MG1RUPEaO by foone@digipres.club
2024-12-28T04:16:14Z
0 likes, 0 repeats
I wonder of those 6-byte chunks are objects? like, x-pos, y-pos, z-pos, look up object ID in the CMP file?
(DIR) Post #ApXPgtyhCrsqIpOTce by foone@digipres.club
2024-12-28T04:22:54Z
0 likes, 0 repeats
the game hangs if you try to copy the wrong .ARE file into the place, so I suspect there's some internal location references or something that break
(DIR) Post #ApXPgyXEGPsqR5a70K by foone@digipres.club
2024-12-28T04:24:01Z
0 likes, 0 repeats
so when the game launches it asks me what video mode I want (Hercules, CGA, Tandy/Amstrad, or VGA) and then asks me to insert the data disk. This is not fun, since I always give it the same answers. So let's fix that
(DIR) Post #ApXPh2v7xVNQ2MnFoG by foone@digipres.club
2024-12-28T04:25:12Z
0 likes, 0 repeats
the what video mode do you want? string starts at 1000:6648 and it's referenced from... nowhere. or so ghidra thinks.
(DIR) Post #ApXPh6xOwzZYYZt7uS by foone@digipres.club
2024-12-28T04:25:52Z
0 likes, 0 repeats
so lets instead search the whole program for the scalar 6648 and OH LOOK IT'S REFERENCED AFTER ALL
(DIR) Post #ApXPhBQGLd2GPFQES0 by foone@digipres.club
2024-12-28T04:26:06Z
0 likes, 0 repeats
ghidra: I know decompilers that understand segments and they're all cowards
(DIR) Post #ApXPhFrhpXMeBWICmW by foone@digipres.club
2024-12-28T04:27:01Z
0 likes, 0 repeats
okay so video mode hercules is actually CGA but with a flag set.
(DIR) Post #ApXPhKQEt5MeJmTqAC by foone@digipres.club
2024-12-28T04:30:32Z
0 likes, 0 repeats
weird.it stores the video mode selected (1-3) in 1000:912d, then stores the video mode TIMES TWO in 1000:912e and 1000:6646
(DIR) Post #ApXPhOkEofjpixrrtI by foone@digipres.club
2024-12-28T04:33:21Z
0 likes, 0 repeats
why bother using the DOS api for changing interrupt handlers, when you can just address segment zero? WHY NOT INDEED, ECHELON?
(DIR) Post #ApXPhTHhwAt5nvYecC by foone@digipres.club
2024-12-28T04:36:08Z
0 likes, 0 repeats
at least they remembered to call CLI first
(DIR) Post #ApXPhY6C2PeEjfD1rU by foone@digipres.club
2024-12-28T04:40:15Z
0 likes, 0 repeats
I think they're dynamically loading code and stuffing it into the tick handler
(DIR) Post #ApXPhcYhSMpMZEZqqm by foone@digipres.club
2024-12-28T04:40:33Z
0 likes, 0 repeats
the best place to stick dynamically loaded code: INSIDE AN INTERRUPT HANDLER
(DIR) Post #ApXPhh1upgZeR0HEwa by foone@digipres.club
2024-12-28T04:45:13Z
0 likes, 0 repeats
I need to turn my patching shit form Super Solvers Gizmos & Gadgets into a generic thing I can use on any game. That'd be sweet
(DIR) Post #ApXPhl1LziV8oQ2qci by foone@digipres.club
2024-12-28T04:46:15Z
0 likes, 0 repeats
anyway for now I can just skip the disk swap check by patching out CALL DiskSwapCheck, since it has no side-effects.The video mode check unfortunately does, so I gotta leave it in but hack it to think I said "VGA"
(DIR) Post #ApXPhpSnTcpWaguoxE by foone@digipres.club
2024-12-28T04:51:01Z
0 likes, 0 repeats
patch 0xDF0A with 90 90 90 to skip disk checkpatch 0xE2BF with C6 C0 33 90 90 90 to skip video check. 33=VGA, 32=Tandy/Amstrad, 31=CGA, 68=Hercules
(DIR) Post #ApXPhtpdEfTM8fd76O by foone@digipres.club
2024-12-28T04:58:50Z
0 likes, 0 repeats
I think this was written with a macro assembler by someone who loved macros.Like there's a lot of times where the code would be like LEA EAX, SomeStringCALL PRINTFin a saner world, but instead there's a loop that uses global memory addresses and calls the BIOS TELETYPE OUTPUT call letter by letter. and that loop appears in every function that needs to do printf()
(DIR) Post #ApXPhyepIGnf6bc3SC by foone@digipres.club
2024-12-28T04:59:17Z
0 likes, 0 repeats
I guess it's puts(), not printfBut yeah. It doesn't feel like an inlined function, it's just a macro
(DIR) Post #ApXPi2zXBDk0XzKeHo by foone@digipres.club
2024-12-28T05:04:52Z
0 likes, 0 repeats
the way ghidra handles interrupts is profoundly broken and someone needs to fix it. someone might have already, I just haven't installed that incomplete dos loader
(DIR) Post #ApXPi7cfxdQYuXfxqq by foone@digipres.club
2024-12-28T05:35:44Z
0 likes, 0 repeats
oh ghidra is just completely wrong about where this call goes. that's... fine
(DIR) Post #ApXPiCL8QHMpXaVWhk by foone@digipres.club
2024-12-28T05:47:25Z
0 likes, 0 repeats
for some reason ghidra thinks some of the calls are going into the data segment instead of CS
(DIR) Post #ApXPiH78fk8uLczv5E by foone@digipres.club
2024-12-28T08:41:36Z
0 likes, 0 repeats
interesting. so the .ARE files have a 140 near the top, and the manual says each AREA is 140 kilometers.
(DIR) Post #ApXPiLTGTQDZrPNe7s by foone@digipres.club
2024-12-28T09:53:42Z
0 likes, 0 repeats
the RLE compression seems to only affect the first 256 bytes of the file (after the 6-byte chunks). fucking weird. But I wrote some code that does the same, and it matches.
(DIR) Post #ApXPiPuLyeGNca5Ku8 by foone@digipres.club
2024-12-28T09:55:16Z
0 likes, 0 repeats
this compresses the file from 2.36 kilobytes down to an amazing 2.25 kilobytes
(DIR) Post #ApXPiUUevbgHqL6O36 by foone@digipres.club
2024-12-28T10:25:39Z
0 likes, 0 repeats
I tried to glitch up the map to see what it meant, but I accidentally glitched it too hard and got stuck in an infinite divide by zero glitch
(DIR) Post #ApXPiYp0psL3GcehKS by foone@digipres.club
2024-12-28T10:55:17Z
0 likes, 0 repeats
it keeps crashing when I modify it. I think I found the font routine, though, which'll help hack more
(DIR) Post #ApXPidTDYKsLgTUrYG by foone@digipres.club
2024-12-29T04:08:44Z
0 likes, 0 repeats
I think the map format might be tile-based rather than wireframes. You see (on the map) how the rocks in the sector to the bottom-left are the same as the ones in the top-right? That'd make sense if it's just a single value selecting what set of 3D geometry to stuff in the square
(DIR) Post #ApXPihyYnkK7eqBwxc by foone@digipres.club
2024-12-29T04:11:37Z
0 likes, 0 repeats
also based on the scale this game says it functions at, your one-man fighter jet/spaceship is approximately 500 meters (1640') long
(DIR) Post #ApXPimhjDkpYK5M4v2 by foone@digipres.club
2024-12-29T04:28:49Z
0 likes, 0 repeats
I'm gonna have to expand my patching system to let me patch PNGs into EXEs as binary data
(DIR) Post #ApXPiqeKYKUOYhnQB6 by foone@digipres.club
2024-12-29T04:42:04Z
0 likes, 0 repeats
So the game has an alien language that's written on lots of artifacts, right?You can see some of it here, on this mining probe I picked up
(DIR) Post #ApXPiuMkjco05LbRKq by foone@digipres.club
2024-12-29T04:42:50Z
0 likes, 0 repeats
But like most alien languages in games, it's just a alternate alphabet on english. So I found the alphabet in the EXE and overwrote it with one of the other two fonts, and now it's plain english:
(DIR) Post #ApXPiyEkLKmI5ft6PY by foone@digipres.club
2024-12-29T05:02:54Z
0 likes, 0 repeats
okay I think that 6-byte-chunks thing at the top of the file is items. I went and sat on top of an item, then edited the file so instead of 5-chunks it had 0, then reloaded the area (by hyperspacing out and then back in ) and suddenly the item is gone
(DIR) Post #ApXPj29vlBIoFtfJSa by foone@digipres.club
2024-12-29T05:03:23Z
0 likes, 0 repeats
which does mean I can figure out how many items are in each area, easily. Read the 3rd byte of every area file!
(DIR) Post #ApXPj6G6WAcKyCaIdc by foone@digipres.club
2024-12-29T05:11:02Z
0 likes, 0 repeats
I have done so. The Area you start in is the only one with zero items.
(DIR) Post #ApXPjAXyZfI2Gmyd3A by foone@digipres.club
2024-12-29T05:21:02Z
0 likes, 0 repeats
yeah I narrowed down the item I'm floating over to one specific chunk.I set the last short in the chunk to 4312 and the item changed Z coord to (approx) 4761. The value was original 4615 and it was at Z coord 6794. ugh.
(DIR) Post #ApXPjFCtFUOUiq9MNU by foone@digipres.club
2024-12-29T05:21:12Z
0 likes, 0 repeats
WHY ARE THE SCALES DIFFERENT
(DIR) Post #ApXPjJdykiRIU0r39k by foone@digipres.club
2024-12-29T05:21:30Z
0 likes, 0 repeats
I'm gonna need a spreadsheet for this
(DIR) Post #ApXPjOPH2oeDFr0sQi by foone@digipres.club
2024-12-29T05:40:28Z
0 likes, 0 repeats
yeah this makes no sense.
(DIR) Post #ApXPjSnWiaQMsEOImu by foone@digipres.club
2024-12-29T05:42:42Z
0 likes, 0 repeats
the first byte seems to be which icon to use. I can adjust it, and the thing still picks up as the mining probe, but it looks different in the preview
(DIR) Post #ApXPjXNTgrYh4tF4Nc by foone@digipres.club
2024-12-29T05:46:49Z
0 likes, 0 repeats
next byte seems to be what it is. I set it to 08 and got a Data Storage Laser Disk [sic]I think this guy was murdered, I found out from looking at the files that there's a dead body you can find somewhere, and I think it's mr. Allen
(DIR) Post #ApXPjbzYXEOVO95XHs by foone@digipres.club
2024-12-29T05:51:34Z
0 likes, 0 repeats
ahh. I think it's (effectively) using big endian numbers. See, the coordinates aren't linear X/Y, they're "which sector" and then (maybe) "where within the sector".
(DIR) Post #ApXPjgHQaj4CgjTrhQ by foone@digipres.club
2024-12-29T05:52:43Z
0 likes, 0 repeats
which I think means it has a positional resolution of like 35 meters, given that each sector is 10km across
(DIR) Post #ApXPjkuZN8kl3HpBGS by foone@digipres.club
2024-12-29T05:55:52Z
0 likes, 0 repeats
fuck me these are nibble addressesI entered "87", which is hex 0x57, and it's in sector E07 E is the 5th letter of the alphabet. so it's sector E07.
(DIR) Post #ApXPjpu2oWIuX6cKdk by foone@digipres.club
2024-12-29T05:56:42Z
0 likes, 0 repeats
so if I change it to 71 (hex 0x47) it should move to sector D07
(DIR) Post #ApXPjuYxULPMz9n3y4 by foone@digipres.club
2024-12-29T05:57:27Z
0 likes, 0 repeats
hey look there it is.
(DIR) Post #ApXPjz8CVFyX9cJGSG by foone@digipres.club
2024-12-29T05:58:10Z
0 likes, 0 repeats
okay so the 6-byte format is:byte 0: iconbyte 1: what it is byte 2: what sector it is inbytes 3-5 are for intra-sector positioning (presumably). now to try and figure that shit out
(DIR) Post #ApXPk3mlCOnPaZJiEK by foone@digipres.club
2024-12-29T06:11:36Z
0 likes, 0 repeats
okay this is weird. Byte 3 is the x-position within the sector, and it can have (valid) positions between -19 and +19. If you go above or below that range, it'll get placed into neighboring sectors, which fucks up the game's item detection. It only looks in the current sector for items, but it won't see an item that's one sector over but positioned at -50
(DIR) Post #ApXPk8cfDMgsahdDge by foone@digipres.club
2024-12-29T06:15:43Z
0 likes, 0 repeats
byte 4 is Y-position using the same rules (origin is at bottom left)No idea what byte 5 means. it's set to 18, but changing it to 0 or FF or anything in between seems to change nothing
(DIR) Post #ApXPkD8MRSQEaAUaeG by foone@digipres.club
2024-12-29T06:25:47Z
0 likes, 0 repeats
okay I can figure out where all the items are now C:\DOSBox-X\drive_c\Echelon\py>python decode.py ..\Az.ARE az.outheader=(0, 144),n_items=5icon=0,itemid=2,sector=D04,x=6528,y=4992,c6=31icon=96,itemid=128,sector=D11,x=7552,y=7040,c6=3icon=108,itemid=152,sector=D11,x=3712,y=4992,c6=33icon=20,itemid=41,sector=E06,x=5760,y=6784,c6=18icon=18,itemid=38,sector=L11,x=3456,y=7296,c6=1
(DIR) Post #ApXPkHp30gwb7iUjjs by foone@digipres.club
2024-12-29T06:58:58Z
0 likes, 0 repeats
I wonder if it'll break if I put all 242 items into one area
(DIR) Post #ApXPkM9ktdswZ6DKZU by foone@digipres.club
2024-12-29T08:02:10Z
0 likes, 0 repeats
so the game works by only having a 3x3 sector grid rendered, but those sectors are inside of Areas, and it can only have one area loaded at once. So if you're at sector B02, you have A01, A02, A03, B01,B02,B03, C01,C02,& C03 loaded.
(DIR) Post #ApXPkQP96MZZjzRg7E by foone@digipres.club
2024-12-29T08:02:57Z
0 likes, 0 repeats
but it can only have on area loaded.So when you're at A01, you should have parts of three other areas visible... it solves this in a silly but simple fashion: There's nothing at the borders.
(DIR) Post #ApXPkUo6jUutOZ9fZw by foone@digipres.club
2024-12-29T08:04:47Z
0 likes, 0 repeats
when a sector isn't loaded it's rendered like it's there anyway, but empty.So when you're at A05 and looking west, you should be seeing what's in B14. And you are... because B14 is empty. The stuff doesn't start to B13, which you can only see by traveling into B14 and loading that area instead
(DIR) Post #ApXPkZ5Gpd1QexDQsy by foone@digipres.club
2024-12-29T08:07:23Z
0 likes, 0 repeats
you can REALLY tell this game was born on a c64. Each area is like 3kb. Loading the maximum of 4 of them would take up a massive TWELVE KILOBYTES
(DIR) Post #ApXPkdp9D061MOi7wu by foone@digipres.club
2024-12-29T08:26:26Z
0 likes, 0 repeats
I went and bought the GOG version.The one I was hacking on was version 1.0 from 1988, the gog one is 3.40 from 1989
(DIR) Post #ApXPkiQW60MfdSE1ke by foone@digipres.club
2024-12-29T08:26:48Z
0 likes, 0 repeats
the main difference is the addition of Access's RealSound tech which let them play PCM sound effects over a PC speaker
(DIR) Post #ApXPkmoPn5rFEjRAYa by foone@digipres.club
2024-12-29T08:30:47Z
0 likes, 0 repeats
annoyingly the map PDF gog provides is the one out of the pirated version.I was kinda hoping they'd rescanned it, but no
(DIR) Post #ApXPkrSyUEg7fgRcKe by foone@digipres.club
2024-12-29T08:35:33Z
0 likes, 0 repeats
and this version of the EXE is compressed with SEA-AXE, which UNP apparently doesn't support? ugh.
(DIR) Post #ApXPkvjmbgV4uyL65Q by foone@digipres.club
2024-12-29T08:45:59Z
0 likes, 0 repeats
I found a version of Stick Buster that says it can extract SEA-AXE but it seems to contain any-piracy stuff that breaks on DOSBox. arg
(DIR) Post #ApXPkzPiwCpcJuz8NM by foone@digipres.club
2024-12-29T10:28:48Z
0 likes, 0 repeats
yep I found two different programs that can extract SEA-AXE and both of them just crash when I launch them in dosbox or virtualbox
(DIR) Post #ApYfGPXfXLXonq6Oe0 by foone@digipres.club
2024-12-29T10:29:14Z
0 likes, 0 repeats
so I'm just gonna have to reverse engineer this EXE myself like some kind of caveman
(DIR) Post #ApYfGQKEcmOPESpBLM by foone@digipres.club
2024-12-29T11:09:23Z
0 likes, 0 repeats
I have now tested 86box.the unpacker crashes in exactly the same way
(DIR) Post #ApYfGQj38WF4TQR01Q by foone@digipres.club
2024-12-29T11:31:06Z
0 likes, 0 repeats
went and found to other copies from other places, they both crash in the same way. weird. Here's the link if anyone wants to take a crack at running it:http://cd.textfiles.com/smmodem/ARCHIVE/SBUST24R.ZIP
(DIR) Post #ApYfGRC7ORUhva2DKa by foone@digipres.club
2024-12-29T11:41:00Z
0 likes, 0 repeats
the program seems to do some kind of self-modifying code and then it ends up overwriting actual code with gibberish which obviously doesn't workand we end up in an infinite loop of invalid instructions
(DIR) Post #ApYfGRe7iJtbKR8Zyy by foone@digipres.club
2024-12-29T11:47:33Z
0 likes, 0 repeats
correction: the memory gets repeatedly overwritten before it ends up in the endless invalid-instruction loop.I think it's trying to do some kind of unpackery nonsense but it breaks for god only knows what reason and it ends up uncompressing over itself
(DIR) Post #ApYfGSKJBTdjRGsGjg by foone@digipres.club
2024-12-29T11:47:50Z
0 likes, 0 repeats
wait this is shareware. did they timebomb this?
(DIR) Post #ApYfGT56NV4PmOldfk by foone@digipres.club
2024-12-29T11:50:07Z
0 likes, 0 repeats
no, unless they're getting tricksy with it. Like, timebombed software sometimes doesn't just check the date: it checks if you're cheating at the date. One easy way to do this is to look at what files you have on your drive. if there's a bunch from 2010, you are probably lying about it being 1994
(DIR) Post #ApYfGTldpL67uKfbyi by foone@digipres.club
2024-12-29T12:11:04Z
0 likes, 0 repeats
dude! I was just reading the Echelon manual and you can send off to Access software, for 5$ (plus 0.50$ shipping and handling) they'll send you a COMPLETE patrol zone map, with all areas filled in! It's only been 37 years or whatever, you think that offer is still good?
(DIR) Post #ApYfGUW52gFEEMOhMW by foone@digipres.club
2024-12-29T12:12:11Z
0 likes, 0 repeats
Access Software hasn't existed since 1999. Microsoft bought them. Maybe Microsoft has that somewhere in their archives...HEY MICROSOFT, OPEN SOURCE ECHELON!
(DIR) Post #ApYfGVDgQZ7gPanWKG by foone@digipres.club
2024-12-29T12:15:27Z
0 likes, 0 repeats
that rarely works. but it's worth trying. ANYWAY I looked through all the echelon copies on eBay, none have the filled-out map (or if they do, the owner doesn't know, because they're still sealed)
(DIR) Post #ApYfGW2NO5fkwoW0LA by foone@digipres.club
2024-12-29T13:55:11Z
0 likes, 0 repeats
huh. in this code, it uses the pre-assigned AX register when MS-DOS calls the entry point.I... don't know what's in AX at the start of a DOS program? I'm sure that's documented somewhere, but I'm not sure where
(DIR) Post #ApYfGWYzQplCZxm3Au by foone@digipres.club
2024-12-29T13:56:30Z
0 likes, 0 repeats
this at least says what it'll be: it's 0000, in nearly all caseshttps://www.fysnet.net/yourhelp.htm
(DIR) Post #ApYfGXGaoidelCAs8e by foone@digipres.club
2024-12-29T13:56:41Z
0 likes, 0 repeats
I wonder if DOSBox sets it differently
(DIR) Post #ApYfGXr6cxqUaRG23E by foone@digipres.club
2024-12-29T14:16:14Z
0 likes, 0 repeats
Nah. Whatever is going wrong is elsewhere.
(DIR) Post #ApYfGYJSvWWy0OWgFs by foone@digipres.club
2024-12-29T14:31:06Z
0 likes, 0 repeats
I tried using UNP again: it throw a memory error from AXE.and I was able to confirm (since I have AXE2.2, the packer used) creates a file that breaks in the same way in UNP.
(DIR) Post #ApYfGYmtA84BTeIB7I by foone@digipres.club
2024-12-29T15:28:29Z
0 likes, 0 repeats
I missed that there was a -l option to UNP for bigger memory blocks, which makes it "succeed" at decompressing.I say "succeed" because running the resulting EXE causes an immediate crash to IBM ROM BASIC NOT AVAILABLE
(DIR) Post #ApYfGZD7ab3An0Z80O by foone@digipres.club
2024-12-29T15:31:40Z
0 likes, 0 repeats
I tried doing the same on an IBM XT with actual ROM BASIC but sadly it just hung
(DIR) Post #ApYfGZe3yQbK8ZAe00 by foone@digipres.club
2024-12-30T02:25:32Z
0 likes, 0 repeats
so it turns out there is a filled out map! It's just not for the PC version. I forgot to check ports. This is thanks to @growf who alerted me to it:https://worldofspectrum.org/pub/sinclair/games-maps/e/Echelon.png
(DIR) Post #ApYfGaMjIMKWN64JcW by foone@digipres.club
2024-12-30T02:40:57Z
0 likes, 1 repeats
I think the different versions use the same map & puzzle solutions, but I've never tried.
(DIR) Post #Ay890m4qgiPSJqCQRE by philpem@digipres.club
2025-09-12T12:46:56Z
0 likes, 0 repeats
@foone oh. I was searching to find out if there was a way to force segment selectors in Ghidra (I'm pulling apart the Tandy VIS option ROMs) and I find out that it's been bad since 2024.ah.