How to crack Microprose Soccer on the Amiga by removing the Rob Northen Copylock

How to crack Microprose Soccer

Some of the early copylocks were very easy to crack. This example is taken from the game Microprose Soccer, an early game from 1988 I believe. After loading the first part of the game, you will find the copylock routine. Once that is removed, the game is cracked.

Note that when you get to the actual copylock routine, the initial part of the code looks normal, then the encrypted part starts. There is approximately $400 bytes worth of data (about 1kb) which looks like pure garbage (as it's all encrypted), and then the code will return to normal again.

_MicroSoccer    bsr     _Copylock               ;Do copylock routine

                cmp.l   #$a8d398fb,d0           ;Check for correct value

                beq     _CopylockIsOK           ;If it matches, carry on

                bsr     _CrashGame              ;Otherwise, crash the computer

_CopylockIsOK   move.w  #$7fff,$dff09a

                move.w  #$7fff,$dff09c

                moveq   #0,d0

                ...

                rts

				

_CrashGame      move.l  #$ffff,d0

_Flash          move.w  #15,$dff180

                subq.l  #1,d0

                bne     _Flash

                jmp     0



_Copylock       move.l  #0,d0                   ;This routine reads track 1 of

                pea     _StartCopylock          ;the disk and works out the

                move.l  (sp)+,$10               ;key, returning it in d0.

                illegal

_StartCopylock  move.l  d0,$10

                movem.l 8,d0-d7

                movem.l d0-d7,(a6)

                lea     _NextPart(pc),a0

                move.l  a0,$10

                illegal



                ...tonnes of encrypted data here...

				

                movem.l d0-d7,8

                movem.l _Stack(pc),d0-d7/a0-a6

                rts

This example is an incredibly easy crack for several reasons:

The correct key ($a8d398fb) is listed in the code! (2nd line)
The game crashes neatly if the key is wrong so we can tell if it's cracked properly!
Because we know the key, the original disk or a warp of the copylock track is not required :)
The copylock routine is a subroutine, we can hardwire the correct key and simply rts to go back to the game. Nice and easy.
The game does nothing with the value in d0. It checks it matches and carries on. The game immediately clears the value in d0 with a moveq #0,d0.

The original programmer for whatever reason did a very simple check to see if the copylock track is geniuine. The most efficient way to crack this game is to alter the subroutine _Copylock, hardwire the key the game wants into d0 and you are done.

_Copylock       move.l  #$a8d398fb,d0

                rts

The hex equivalents for the above instructions are $203c $a8d3 $98fb $4e75. In the early days, you could just get a disk monitor out, search for the hex values of the original copylock code, change the 8 bytes to $203c $a8d3 $98fb $4e75, tack an intro on the front and release it as a new crack. And no doubt a lot of groups did do this.

If the programmer wanted to give you a bit more of a challenge, he would have made the value in d0 do something else to the code, altering a lookup table or something. Also, displaying the correct key in the code is a bit like having a home security system with a keypad and having a post-it note on it with the right combination :)

Now for the bad news, this is a very simple copylock and you are unlikely to be this lucky when HD installing a game! Later ones are much more difficult!