nancygold's Journal

1993 Copy Protection
I haven't yet played the game I'm reversing, outside of watching the youtube
videos. But it is useful to have a running copy, to see what the game is
supposed to do. Still my copy of STRONG.EXE is copy protected, and asks
a random word from the manual at page P, line L, serving as a password.

Of course people have published the passwords, there are just 25 of them.
But it is kinda annoying entering them all the time. So I need to mod it
to remove the copy protection dialog completely.

The case of Stronghold a dialog is just a function, which creates a few
superficial UI elements, like labels and text input.
The copyright dialog is at 3381:2ee2, if you directly merger the FBOV section,
like I did and load the executable at 0x10000.

All dialogs are implemented as loops, with process keyboard messages and
respond to them by updating state and graphics. The copy protection dialog
is not an exception. On entry it check if copy protection needs to be done,
then generates a random number below 25 and sets number of attempts to 0.
After that it enters the loop, which repeatedly redraws the dialog, which
contains page and line indices corresponding to the random number.
It then processes the user input and compares it using stricmp() to
the password corresponding to that random number.  If the user fails 3 times
to supply the correct password, the game just exits.

Both page/line numbers and passwords are stored in plain text in the exe's
data section. Although that doesn't make it easy to reach that code with Ghidra,
which tends to mess up the ES segment references, unless ES equals to DS.
But IDA Pro maps everything perfectly, and it got Borland Overlays support
in 1993, so even back in the days cracking this game was easy. Unfortunately
the IDA doesn't support decompiling x86 code, Therefore I will have to somehow
mod the Ghidra to handle the ES correctly to fix all the references.

Anyway, regarding the other difficult part of dumping the files from STRONG.DAT.
The game itself doesn't use filenames to refer to the files, but the file index,
which was apparently generated manually. To produce the STRONG.DAT got,
the exe was run with the "grab" command, which ordered it to grab the files
and place them in the order of the according file indices inside the STRONG.DAT.

Surprisingly the English version still preserves the filenames table, used
to generate STRONG.DAT. But it isn't really required to play the game.
Both Japanese versions (FM-Towns and PC-98) are missing the filenames, as well
as the STRONG.DAT generation code, which makes them significantly smaller.

Luckily for us, the English version preserves names and even includes the code
to remake STRONG.DAT. Bad news is that it is done in two monolithic routines,
which take ages to decompile.

Additionally, the game put the VOC and XMI files into a separate sublist, so
the play_sfx() function takes indices from that sublist. The *.LBM files are
converted to a custom format, reminiscent of PCX, when the STRONG.DAT is made.
The PCX was the defacto standard DOS image format, since it was produced by
the only good graphics editor available at the time - PC Paintbrush.
It was later superseded by Deluxe Paint, which allowed gamedev related features,
like ranges, color cycling and index painting, so some people used Deluxe Paint
up until the modern pixel art editors appeared.
Current Mood: contemplative