Oldskooler Ramblings

the unlikely child born of the home computer wars

Archive for February, 2015

Annoying adventures in disassembly: SNATCHIT

Posted by Trixter on February 5, 2015

SNATCHIT is a program written in the 1980s that loads COPYIIPC (a protected-disk copying program) and then interacts with it runtime to provide disk image saving and loading (features it did not ship with because such features expressly encouraged software piracy).  We used this in the 80s to transfer protected disk images around BBSes until someone could figure out how to crack the game and release it properly.

I recently had a need to run SNATCHIT on a 1GHz system.  I recycled an old system to become a box for dumping all my media, from floppy disks to memory cards to hard drives, something that can do it in the background without tying up my main machine. Because it’s a 1GHz system, SNATCHIT won’t run, even with hardware and software slowdowns.  I wanted to run it there because I have some 3.5″ protected disks I want to preserve, so I investigated patching it to work around whatever is tripping it up.  It’s a .COM file, the very easiest type of executable program for old PCs to reverse-engineer, debug, and patch — should be easy, right?

When I try to debug SNATCHIT.COM, I see it’s encrypted. Okay, not totally unexpected; simple encryption schemes were common at that time.  Let’s try patching it to decrypt and continue…  Okay, now it exploits a HLT bug to, I guess, fool debuggers (I didn’t see any PIC code disabling hardware interrupts, but whatever, maybe it was only partially implemented).  Loading in the DOSBOX debugger bypassed that.

Protip: As soon as you see anti-debugger tricks in something you’re debugging, bypass all of them by loading the program into an emulator debugger (such as the DOSBOX debugger).  This is an advantage that 25 years has given our hobby; in the 80s and 90s, the best we had was something like SoftICE, which wasn’t foolproof.  Running in an emulator debugger view is fantastic because the target program has no idea it is being inspected.

Work continued.  In a neat trick that I don’t fully understand yet, I found that on real hardware it puts a certain value in a register, but in the DOSBOX debugger it puts the wrong value and locks up. I don’t quite understand why, but DOSBox debugger lets me force a value, so I forced the correct value and kept going…

An hour later, I was tearing my hair out.  SNATCHIT, in that fine software pirate impress-your-friends-and-bury-your-enemies tradition, has multiple sections that decrypt, but not all at once, argh!  (In a pirate voice: “aarrrrrgh!”)  I had some of it decrypted in non-contiguous chunks, enough to see this:

db '(C) Copyright 1991, Software Pirates, INC.'
db ' Software Pirates will try to fool you'
db 'and hide code that you cannot find'
db 'and then decode it and then execute'
db 'this is to fake out the opposi$$$n,'

…and later:

; anything in (parenthesis) is not in the text, but implied

db '(they think) that they are smarter than us but no one can ever b'
db 'the infamous programmers that bring you the new and'
db 'fangled code thatknocks your socksoff and stinks up'
db 'the room and probbly your computeralso. Sometimes t(he)'
db 'best way to beat them is to look t(hem)'
db 'straight in the eye and ask them w!' (why) 

Great. Later, the somewhat ominous:

seg000:01D4 db 'PARITY ERROR, Continuing processing.',0Ah

Not only should that wording strike fear into your heart (parity errors are a BAD THING that should NOT CONTINUE PROCESSING), but this message proves they’re redirecting the NMI at some point. Gee, thanks.  I can’t wait to get to THAT chunk of joy.

In the end, I decided it was faster to pull a vintage system out of storage and put a 3.5″ drive in it.  I’m a Generation X guy going through multiple mid-life crises — I haven’t got time for this shit.

I would love to see the actual source code someday, if the programmer would ever come forward (statute of limitations is way over, so I’m crossing my fingers).  Hooking and patching copyiipc runtime was, and still is, incredibly impressive; the source would make a great read.  The last version of this tool was 1991, and I remember seeing Software Pirates, INC. stuff as early as 1984. That’s a pretty good run.

Posted in Software Piracy, Vintage Computing | 6 Comments »

Gone Home’s horrifying alternate ending

Posted by Trixter on February 2, 2015

(This article spoils Gone Home, so if you haven’t played it and want to, stop reading.)

Last year I played Gone Home, and loved it — not for its gameplay (more on this later), but for its near-perfect capture of teenage girl angst in the 1990s.  It’s a wonderful mental snapshot that is difficult to evoke in more traditional visual media; it raised genuine emotion in me, which is rare for a game.

Or, rather, narrative.  Gone Home only barely qualifies as a game; it’s more of an interactive narrative where the pace is controlled by the player and can be explored non-linearly.  To qualify as a game, the user’s actions would have a bearing on the narrative; for example, actions would dictate branching paths, alter the choices given to the player, the ending would be different, etc.  The developers changed the Gone Home page at some point to describe it as “A Story Exploration Video Game”, maybe to mitigate some of the (admittedly very small) criticism from journalists and gamers who point this out.

What’s interesting is that you actually do have a single choice to make, and it can change the ending completely.

Credit for finding this one goes to my wife Melissa, who stumbled into this completely by accident.  The narrative towards the very end of the game flows essentially like this:

  1. Sam loses girlfriend
  2. Sam gets girlfriend back
  3. Sam apologies to sister that she’s leaving

(#3 implies that she’s running away from home to be with her girlfriend again.)  These are told in the form of journal entries that you click on as you navigate the game world.  You have to find and click on them to activate them, or you’ll never read/hear them.  So what happens if you skip journal entry #2?  The narrative now becomes:

  1. Sam loses girlfriend
  2. Sam apologies to sister that she’s leaving

That last part is the end of the game, and is portrayed with the following text as somber grunge music starts to play:

Katie… I’m so sorry.
That I can’t be there to see you in person.
That I can’t tell you all this myself.
But I hope, as you read this journal, and you think back, that you’ll understand why I had to do what I did.
And that you won’t be sad and you won’t hate me, and you’ll just know…
that I am where I need to be.
I love you so much, Katie. I’ll see you again. Someday.

Without knowing why Sam is leaving, this reads like a suicide note.  Imagine the horror in my wife’s face as she missed the relevant journal entry by accident and arrived at this ending.

The good thing about this unintended consequence is that Gone Home can now officially be called a “real” game, as a player choice can result in a second ending.

Well, there’s a third ending too, but you’ll need guns.  Lots of guns.

Posted in Gaming | 2 Comments »