[Request] Improperly cracked Spyro 3

Discussion in 'File Downloads - Share and Request' started by PixelButts, Sep 8, 2017.

  1. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Might be really pushing the rules here (and if so please do not hesitate to inform me) but I'm looking for any verified "bad" copies of Spyro 3 which triggered anti piracy measures.

    I wish to fully document how much the game breaks when triggered (and get a much nicer image of this since we've had no better substitutes).

    Ideally version of the game doesn't matter (1.0, 1.1, PAL/JP/US) as long as it's been verified to be improperly cracked.

    I dont need any direct link, just where to look for such.

    [​IMG]
     
  2. Bad_Ad84

    Bad_Ad84 Keyboard Error: Press F1 to Continue

    Joined:
    May 26, 2011
    Messages:
    7,840
    Likes Received:
    789
    Surely you just get the proper iso and install a non stealth modchip.

    The issues happen when you don't patch the game.
     
  3. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    I would be using emulation (namely the PS3 PS1 emulator) so no chips would be at play here. And it seems to work without issue in this way - as in no anti-piracy traps execute.
     
  4. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,125
    Likes Received:
    413
    Well in that case you're SOL. What you'd need would be an "anti-crack" that always enables the AP measures, and I highly doubt that exists. The easiest least complicated way to accomplish this would be to look at what the crack/patch does and retool it to do the opposite, and even then you might not have all the necessary triggers (data injected by a chip) to enter the necessary code paths...
    Or maybe you could extend one of the available open source emulators with a "virtual shitty modchip", after wrapping your head around what they did and where a good place to patch that into the emulator of choice would be.
     
    Last edited: Sep 9, 2017
  5. seandc02

    seandc02 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    48
    Likes Received:
    11
    I Believe the Paradox version is the "bad" version, with all the boobytraps intact.
    Unfornately, there's two versions, the original bad version, and a fixed version two months later, with all the protections manually removed.
     
  6. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Would you happen to know any place this might be located?
     
  7. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,125
    Likes Received:
    413
    Weeeell. Reading up on this (two-layer) protection, I now believe you might get away with just changing a single character in some string anywhere in the main executable (and/or overlays), since what you probably want to trigger is the crack protection, not the copy protection, and that's CRC based. No messing with modchips necessary. And you should be able to start from a clean iso, I think.
     
  8. seandc02

    seandc02 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    48
    Likes Received:
    11
    I Sent you a message containing a link to what should be the glitchy, improper version.
     
  9. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Interestingly When i decided to try messing with a copy i had on hand I changed every instance of a 07 to a 17 just to see what would happen. Unfortunately I made it unbootable (but also broke part of the PS logo in the bios and i really like seeing that)

    I know in Spyro 1 and 2 changing any plaintext will make the text display such in game as long as it's the same byte length. I presume the third title is the same

    Will take a look shortly
     
  10. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,125
    Likes Received:
    413
    > I changed every instance of a 07 to a 17 just to see what would happen.
    No need to go overboard, a single flipped bit (per crc-checked file) should suffice to break the checksum. and human-readable strings (you can almost always find a few leftovers, like a compiler version string) are usually a good target, because there's very little chance of changing the flow of the program while editing them.
     
  11. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Followup. I'm almost done 100%ing the first world (i mean not perfect. Molten chamber is blocked partially til i get the penguin later in time). So far nothing weird gem or egg wise has happened. Nothing game breaking either. (im about to get the last egg in Seashell Shore then Mushroom Speeday)
    game Screenshot 2017-09-09 13-34-24.png

    But it's fun

    Any particular offset in the ISO you think i should go for? Or any file?
    upload_2017-9-9_13-35-52.png
     
  12. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,125
    Likes Received:
    413
    The SCUS_... file is the main executable, so that's the obvious target. In mine, there's some version strings around 0x1f50 and 0x2180 that are just begging to be overwritten. Or maybe you want to rename a level or two, or mess with the intro text?

    The postmortem also mentions overlays that are involved in the checks as well, but those must be inside the .wad file so there isn't any good way to get at them. You can still search for plaintext within the whole wad of course, but wether you hit code with that or just a resource file is anybody's guess.
     
  13. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Renamed the "The Adventure Continues" and "... Begins" with some stuff. Changed a small block of stuff to have any FF be a 00 (was only like 0x100 in length).
    Nothing appears to be different so I'll try changing something more?

    EDIT: I did get it to crash on a loadzone after just mashing my keyboard to overwrite some areas. But even then it's still not making much of a difference.

    game Screenshot 2017-09-09 14-48-45.png
    game Screenshot 2017-09-09 15-16-38.png game Screenshot 2017-09-09 15-21-17.png
     
    Last edited: Sep 9, 2017
  14. seandc02

    seandc02 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    48
    Likes Received:
    11
    If i remember correctly, the goal was to make the game play almost perfectly far into the game, so someone trying to crack the game would playtest a couple minutes of it, assume everything is fine, and release it on the internet.

    I know that if all the other protections are either ignored or manually bypassed, the game deletes your save after you complete the final boss.
     
  15. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Then looks like i'll be playing a shitton of it. Good thing i regularly 100% the trilogy each year
     
  16. Decapicitated

    Decapicitated Site Supporter 2011-13 Lara Croft

    Joined:
    Apr 17, 2011
    Messages:
    402
    Likes Received:
    28
    Seems that first party Sony game developers went into full troll mode due to piracy. I can't tell you the exact "protection mechanism" because there's simply too many. There's variants of this anti-piracy protection implemented in other games but for Spyro it doesn't seem that aggressive...

    The Crash Team Racing E3 Preview Build is an example. It's dongle protected, if you crack that the game will crash when you load a stage. It turns out they use a jump table, because it's not filled in correctly (due to the protection mechanism either removing the addresses or not filling them in) the game will crash. After fixing this by merging code from a later released beta everything runs fine with a couple of bugs which shouldn't even be happening.... There's also further crashes which occur if you drive off the map! Absurd!

    Due to the nature of this protection, it's hard to tell what exactly is triggering it on these games. There's also limited information available, doesn't seem to be libcrypt.
     
  17. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Was wondering if you'd show up to this thread lol (Also check PMs still wanna talk about that spyro build)
    Yeah I see some conflicting information here about what does or doesn't trigger it. If it's "triggered" later in the game then why is the most common screenshot one that happens in the very beginning of the game? Furthering this, if it's also considering progression it should have totally kicked in by now given that I'm 100%ing it in order (I'm at almost 30% now) so why has the rom not done anything abnormal by now?

    I suppose it could be the PS3 emulation "just working" since it handles quite literally every PS1 title so maybe the game isn't starting to act up because it's too good of emulation? I know the triggers start on Bleemcast emulation (cant pass the title screen) and one instance I ran on my PS1 kit before I sold it displayed a big red X saying it was an illegitimate copy (I had changed region of the game to do that)
     
  18. Decapicitated

    Decapicitated Site Supporter 2011-13 Lara Croft

    Joined:
    Apr 17, 2011
    Messages:
    402
    Likes Received:
    28
    Hmm I don't have any new PMs, I get busy often so might have accidentally clicked it and forgot to respond.

    I just took a look at the game, looks like this anti-piracy string is stored in WAD.WAD... Would require additional time to force trigger it which I unfortunately don't have.
     
  19. PixelButts

    PixelButts Site Soldier

    Joined:
    Aug 19, 2014
    Messages:
    2,022
    Likes Received:
    1,400
    Then I know where I'll be messing with the data once i 100% this game
     
  20. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,125
    Likes Received:
    413
    Sure you're not confusing this with Earthbound?
     

Share This Page