TALES of APPLE ][ GAME CRACKING
June 10, 2016 7:00 PM   Subscribe

The Apple II game Gumball is fairly obscure. Copies are very hard to find in the wild, and cracks are uncommon because of devious copy protection. The brilliant Apple II cracker 4am works at the Internet Archive (previously), and recently broke its copy protection and made it playable online. Along the way he found an easter egg that no one had discovered in 33 years, which was confirmed by the game's developer.

The copy 4am worked on apparently came from Jordan Mechner's garage. No one yet knows what the "other game" mentioned in the secret message refers to.
posted by JHarris (33 comments total) 42 users marked this as a favorite
 
haha I saw this on twitter and considered posting it, but decided not to based on the machine language (is that even the term for it?) being basically incomprehensible to me. From the commentary there is some dark majix being worked with instructions being stored in what is meant to be a pointer lookup table and self modifying code etc.
posted by juv3nal at 7:25 PM on June 10, 2016


I remember helping a friend crack some Apple II game in ~1985 and among the tricks it used were loading a page directly into $200 and then doing flow control via RET, and modifying its own code as it was running. Good times!
posted by Slothrup at 7:29 PM on June 10, 2016


I love that the game's creator got to find out. Before general-purpose social networking, this would've been far more unlikely as it appears he is no longer in the games industry.
posted by griphus at 7:33 PM on June 10, 2016 [2 favorites]


My son is the same age (11) that I was when I spent many happy hours playing this game. Thanks for the flashback!
posted by ericbop at 7:39 PM on June 10, 2016


I recall a legend about an Atari 2600 game where the programmer made the last few bytes of the instruction code identical to the first few bytes of the sprite data. To save precious memory. Anyone remember that?
posted by adept256 at 7:43 PM on June 10, 2016 [2 favorites]


The copy protection is a minor work of art in itself, but it looks like the Easter egg is just a substitution cipher which could have been solved just by being perceptive and persistent. Funny that it took 33 years.

Also have I mentioned how cool it is that 4am is doing this?
posted by RobotVoodooPower at 7:45 PM on June 10, 2016 [1 favorite]


made it playable online

How do you move the bins that the gumballs fall into?
posted by 23skidoo at 7:59 PM on June 10, 2016


How do you move the bins that the gumballs fall into?

It looks like the S and F keys move the bins left and right, while the shift key flips the levers within the factory.
posted by lisa g at 8:36 PM on June 10, 2016


Has anyone figured out what the instructions in the easter egg actually do?
posted by a box and a stick and a string and a bear at 8:45 PM on June 10, 2016


>Has anyone figured out what the instructions in the easter egg actually do?

They let cause you to see the easter egg, and be congratulated.
posted by floam at 9:22 PM on June 10, 2016


I picked up a mountain of old Apple II software at an estate sale recently, and sure enough, there was a copy of this one. Man, the names they had back then for games. Alien Typhoon, Krakerjack's Revenge, Aztec Adventure, Gammon Gambler, Space Vikings, Wavy Navy, Mask of the Sun...

So cool.
posted by Slinga at 9:27 PM on June 10, 2016 [7 favorites]


They let cause you to see the easter egg, and be congratulated.

Yeah, I was referring to this, in the easter egg:

IN ANOTHER BR0DERBUND PRODUCT
TYPE 'Z0DWARE' FOR MORE PUZZLES
posted by a box and a stick and a string and a bear at 9:51 PM on June 10, 2016


Gumball has always been one of my favorite games and also one of the toughest to beat.
posted by pashdown at 10:51 PM on June 10, 2016


RobotVoodooPower: it looks like the Easter egg is just a substitution cipher which could have been solved just by being perceptive and persistent. Funny that it took 33 years.

And the internet. 4a.m. said “I recognized it as a simple substitution cipher and put it into an online cipher solver I found through a quick Google search.”
posted by filthy light thief at 11:41 PM on June 10, 2016 [1 favorite]


4am is a hero, it makes me happy every time I see an update.
posted by temancl at 11:49 PM on June 10, 2016 [1 favorite]


For years I've been searching for a way to play "Grotto Run" which appeared on a SoftDisk promotional disk. You flew a little space ship through a cave and could shoot bullets and drop bombs to eliminate barriers, including I believe blasting away at the cave walls. The only reference on archive.org for it is the advertising copy here for the SoftDisk edition.

This was my favourite game as a kid and no one else knows about it.
posted by Space Coyote at 12:33 AM on June 11, 2016 [3 favorites]


If they did this all statically, that's insane and I'm not even that far through it yet. With a debugger it would be merely crazy.

jun3val: assembly or disassembly would probably be the appropriate term.
posted by yeahwhatever at 12:44 AM on June 11, 2016


Now we get to(*) trace the boot process
one sector, one page, one instruction
at a time.

(*) If you replace the words "need to"
    with the words "get to," life
    becomes amazing.
posted by Sauce Trough at 1:11 AM on June 11, 2016 [26 favorites]


For years I've been searching for a way to play "Grotto Run" which appeared on a SoftDisk promotional disk. You flew a little space ship through a cave and could shoot bullets and drop bombs to eliminate barriers, including I believe blasting away at the cave walls. The only reference on archive.org for it is the advertising copy here for the SoftDisk edition.

Ah! I wrote software for those guys, for their Loadstar product! Loadstar had a surprisingly long and weird life after the Commodore 64's eventual obsolescence. The old managing editor, Fender Tucker, has a Mefi account (but never logs in), and still sells CDs of the nearly complete run of their disk magazine. It wasn't his product, but I'll send him an email and see if he knows what happened to Grotto Run.
posted by JHarris at 1:49 AM on June 11, 2016 [17 favorites]


(Softdisk Publishing on the whole is an interesting and mostly unknown piece of the history of computing. Besides selling a number of fairly successful disk magazines and thousands of software programs over its history, the id software guys got their start there, working on the Wolf3D engine while polishing up contributed programs for their PC product Big Blue Disk. I'm sure there's a long and interesting article to be written about it, but myself, I only got to see a portion of it, and from a distance to boot. I still have practically all of my old Loadstar floppy disks though....)
posted by JHarris at 1:53 AM on June 11, 2016 [4 favorites]


This Mr. Do! crack report by the same guy is also awesome reading if you're into eighties copy protection schemes in general and Apple II weirdness in particular.

Doing stuff like this back in the day when your only tools were perhaps a shitty disassembler and a metric asston of (partially incorrect) manuals was an art in itself.
posted by Soi-hah at 5:06 AM on June 11, 2016 [3 favorites]


I liked how the Apple ][ nibbles can apparently hold 64 distinct values. Feels like we may have lost something on the way to modern computers, where nibbles only hold 16 values. (On the other hand, it seems they had 2-bit and 6-bit bytes too, so maybe it just averages out :-)

I never "hacked" on any of the major US 8-bit platforms myself (nor played games on them); the only circumvention I remember doing back in that era was on a system where the floppy drive was managed by its own Z80 and mostly abstracted away as an array of 256-byte blocks; I don't recall if the drive had official support for copy protection or if they used boot loader tricks, but we had some program disks that couldn't be copied by the standard tools since what you got back from the ordinary read APIs was scrambled; didn't take many seconds to crack the encoding, though, since they had chosen one that would have turned this site's name into "Mdvb..."
posted by effbot at 9:14 AM on June 11, 2016


I've seen the 4AM stuff bubbling around before. They always start with a description of how various copying programs fail because the disk doesn't fit the "expected" format in one way or another. Why don't they use a kryoflux which doesn't care about how the disk is supposed to be formatted? I can understand the need for a crack to get it playable in emulation if the emulator isn't accurate enough to handle whatever weird shit the program gets up to in the name of copy protection, but there shouldn't be a problem actually copying the disk these days. Unless I'm missing something?
posted by vibratory manner of working at 10:46 AM on June 11, 2016 [1 favorite]


Why don't they use a kryoflux which doesn't care about how the disk is supposed to be formatted?

That's not what this project is about; afaict, most of these programs were cracked ages ago. 4am is re-cracking them, producing silent cracks that are all carefully documented, and doing it inside a constrained environment.
posted by effbot at 12:21 PM on June 11, 2016 [4 favorites]


As someone who grew up mostly on tape -based systems where copy protection mostly involved making things ludicrously oversensitive and hard for high-speed dubbing (or, you know, regular loading), I have to consciously avoid being (needlessly) sniffy about cracktro-featuring disc copies for other systems. It's really cool to see a project that recracks software, representing it more closely to its original form.
posted by comealongpole at 2:28 PM on June 11, 2016


We had an Apple ][+ way back when, and one of the fun things to do when I had a friend come over was to use the program Copy ][ Plus to search for text strings and then change them. I remember, my friend Mike and I made a version of Taipan! where we replaced the dialog with surfer-speak.
"Compradors Report:
Dude, 24 ships are coming for ya -- that sucks!"
posted by blueberry at 5:19 PM on June 11, 2016 [4 favorites]


I can't remember the game, but there was a copy-protection scheme on an Apple game that had something to do with reading (intentionally) bad sectors from the floppy disk. I seem to remember that the publisher would make the floppies, then intentionally erase a few sectors. These sectors when read, would give disk errors.

If you copied the disk, although the copy might have bad data, in those sectors, it would be a clean copy of bad data, so when running it wouldn't have actual disk errors. I think that the game would detect this by reading the same sector a few times: if it got random results, that indicated that it was genuine, but if it always got the same results, it knew it was a fake copy.

The hack that I remember was to gently lift the eject tab on the floppy drive a few seconds after the program was loading, triggering some disk errors, which would suffice to side-step that copy protection.

It was a really cool analog technique to beating digital copy protection.
posted by soylent00FF00 at 6:27 PM on June 11, 2016 [3 favorites]


soylent00FF00 - something like that is described in the Mr Do! crack linked upthread - intentionally blank tracks, and powering down the drive motor so that the track-reading had to happen before it fully spun down. Very clever.
posted by thedaniel at 5:15 AM on June 12, 2016


It is a crime (not Holocaust-level but easily in the top few hundred) that the Z0DWARE puzzle hasn't gotten more attention.
posted by BiggerJ at 5:46 AM on June 12, 2016 [1 favorite]


And the internet. 4a.m. said “I recognized it as a simple substitution cipher and put it into an online cipher solver I found through a quick Google search.”

Well that definitely makes it faster, but you can solve those with pen and paper. Sherlock did this back in the day.
posted by RobotVoodooPower at 5:53 AM on June 12, 2016 [1 favorite]


@effbot the apple ][ disc system was very direct ... each memory byte was split into 4-bit nibbles which were then encoded as 6 bit symbols (on the newer 16 sector disks). Because the 6 bit symbol encodes a nibble, it often seems to be called a nibble ... I think that's the confusion there.

Yet again, Woz's genius was not what he put in but what he took away ...
posted by nickzoic at 6:17 AM on June 12, 2016


That's not what this project is about; afaict, most of these programs were cracked ages ago. 4am is re-cracking them, producing silent cracks that are all carefully documented, and doing it inside a constrained environment.

Right, I get the benefit of a silent, documented crack versus whatever junk they did in the past, but why is a crack of any kind needed at this point? We have the technology to accurately dump any kind of disk-level shenanigans, which is what SPS is up to, and if you read their write-ups they've seem some shenanigans. A slient crack is better than a sloppy crack, but best is beating the copy protection by having a perfect dump and good enough emulation that any copy protection simply passes.

So is 4am cracking because the perfect dumps can't be produced here? (In which case, why not?) Or because the emulation isn't up to snuff? (in which case, understandable.) Or is 4am cracking because that's their (very impressive) skill set and these broader questions are off-base?
posted by vibratory manner of working at 10:39 AM on June 13, 2016


You can have a perfect reproduction of the media, but if you can't play it, because it requires the original hardware which is now extremely rare, then the distinction is somewhat academic. And a lot of how copy protection works has to do with relying on the physicality of the medium. For example, checking for disk errors are a kind of copy protection that even a "byte perfect" copy of a disk may fail to reproduce. A commercial disk copier can reproduce those kinds of errors on similar magnetic media, but they might be difficult to encode into an file. Image file formats tend to assume all the information is encoded correctly, or at least unambiguously. Such things might need to be cracked if they're ever going to run in an emulator. Well, that's how I explain it.

Update: Fender's trying to contact one of the old Softdisk guys about Grotto Run. Haven't heard back yet, though.
posted by JHarris at 5:14 PM on June 14, 2016 [2 favorites]


« Older Because you catch more flies with honey than...   |   "Oh, you go to Hell, Sean." Newer »


This thread has been archived and is closed to new comments