The Adventurers' Guild

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

This is a bit of the breakthrough we have been waiting for. After i've gotten some hints from the old documents in Hardcore Computist that the protection was identical with BT 1 on Apple II, I started to suspect that the same was a fact on the C-64 - something which Zerozero leaned towards aswell. I decided to take a peek today, and guess what?

The copy-protection on BT II is byte by byte identical with the one i've examined on BT I.

Since Zerozero allready had decloaked some of the files, I encoded (EOR #$EA) the file which is known to be "the first file" on EA-disks with these kind of protections, located at track 03, sector 00. This file loads to $C000 in the C-64 memory and is very alike the one found in BT 1. The loader seems to be identical with the one in BT 1 aswell, and here are some interesting snippets from the disassembly of the file from BT II. I believe the JSR $0200 is the load-routine:

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

Essential downloads:

* The nibbled, original BT II - in G64 format with copyprotection intact.

More to come...
_________________
/Twoflower

Darendor · Posted: Fri Apr 10, 2009 6:00 pm Post subject:

So you mean, the NMxx file format that makes up the BTI disks are files that were compiled by someone who dissected the game after it was distributed by EA?
_________________
The Bard's Tale Wiki!

Help me build a city!

Darendor · Posted: Fri Apr 10, 2009 6:03 pm Post subject:

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

A G64 is a nibbled C-64 diskimage. All the faults and extra information is still on the disk - meaning that it replicates copyprotections. The files you have been found floating around are with 90% security more-or-less cracked versions. This is the digital 1:1 representation of the original, untampered, disks. The SID-file is only there for completeness - if you look in the sid-file you can see where the music is located within the engine.

The NMXX files that makes up the BT I disks is the original format implemented by Interplay. The first diskside is the only thing that is copyprotected on both of the games. You can copy all the B,C,D sides (which is why only the first file in the pack is a .G64) without any problem. The difference is that they have chose to hide the files, and use the Pirateslayer-loader as a framework for the entire game. On BT 1, that ends when the main program is loaded. On BT 2, all files are track/sector-loaded through the Pirateslayer-loader.
_________________
/Twoflower

Darendor · Posted: Fri Apr 10, 2009 7:52 pm Post subject:

Is the NMxx file scheme used for BTII as well?

And, I'd like something to do. Something that doesn't require arcane knowledge of ML and hexadecimal. Confused

_________________
The Bard's Tale Wiki!

Help me build a city!

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

Nope, no NMXX-scheme used in BT II as far as I have seen so far - but I haven't dived into the game-engine yet, so I can't tell 100%. My theory is that it works in several layers:

1) Interplay-Layer Game requests to load a file - let's say file #10. This is probably done by a LDA#$0A (load accumulator with the value of the file), followed by a JSR $1000 (jump to subroutine located at $1000). Pretty straight so far. The game simply requests a file to be loaded.

2) Pirateslayer-Layer this is an interpretation layer. It probably takes the value in accumulator A and picks the (in this case) 10:th value from a list, storing that value in accumulator Y, picks the 10:th value from another list, storing that value in accumulator X. These lists contains the track (Y) and sector (X) locations for the file. The layer changes the info in accumulator A to a job-code - f.ex #$E0 (=read normally) and does a JSR $0200 (location of the loader).

3) Pirateslayer-Loader. The Pirateslayer loader can only read the information given to it through the three accumulators - X, Y and A. In this case it gets the information to load a file located at track 12 (=Y), sector 00 (=X). The jobcode #$E0 (=A) tells it to trackload normally, using the Pirateslayer loader.

What needs to be done is to intervene with this process at either point #2 or #3. The earlier we intervene, the more memory will be gained, and the less structure will need to be preserved - but that also means that more stuff needs to be recoded. Hope this wasn't too complicated.
_________________
/Twoflower

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

Current status:

Big progress! After converting the files I found referenced in the file located on T3S0 on the bootdisk I copied them to a separate disk. I replaced the Pirateslayer-loader with the loader from GI-Joe which I recieved from a friend the other week. The copied files have been given names after their respective track+sector.

After 1) activating the loader and 2) making it use the address Pirateslayer uses for fileloading and finally 3) activating the control routine at $C000 I managed to fileload the entire intro and startup-sequence - then I ran out of converted files and got the game to give me a load-error message. But the game is now file-loading from a separate disk! I believe that this won't work when we enter the town as the current location of the loader will be overwritten by the city graphics. If we can find some other space for it, we have possibly replaced the loader completely with a fileloader.

How does the Pirateslayer-loader work?

The game calls the loadroutine at $0200, feeding it a track, a sector and a jobcode. I haven't found the track/sector tables yet. Jobcodes known to be used so far are E2 (load track+sector?), E0 (load file?), 80 (save file?), 90 (save track+sector?) and F0 (reset drive, clear drivememory and revert to CBM-Dos). Neat, huh?
_________________
/Twoflower

Darendor · Posted: Tue Apr 14, 2009 1:27 am Post subject:

You spoke Spanish to me, except for the "Big progress!" bit.

But nevertheless, it sounds very cool.
_________________
The Bard's Tale Wiki!

Help me build a city!

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

Darendor · Posted: Tue Apr 14, 2009 2:09 am Post subject:

What is in each of the files on this boot disk?
_________________
The Bard's Tale Wiki!

Help me build a city!

Darendor · Posted: Tue Apr 14, 2009 2:11 am Post subject:

And what's with the "LET DRIVE INIT..." bit? Did you do that?
_________________
The Bard's Tale Wiki!

Help me build a city!

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

Twoflower · Joined: 19 Mar 2009 Posts: 92 Location: Haarlem, NL

More progress:

Track and Sector tables for the Citydisk have been located in the BT II engine - the tracktable is located at $649E and the sectortable is located at $6522.
The routine which utilizes them can be found at $62D6 - this is what I referred to as the Pirateslayer-Layer above.
_________________
/Twoflower

Darendor · Posted: Tue Apr 14, 2009 2:50 am Post subject:

So the track/sector tables for the city disk allow us to reorganize the cities then.
_________________
The Bard's Tale Wiki!

Help me build a city!