Datel Action Replay - The Secret Weapon of the Piracy Scene | MVG

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] if you're a console gamer the words action replay are probably something that you've heard before the action replay name is tied to cheat cartridges that are available for many different game consoles but perhaps best known on the nes or super nes as a device where you would type in a cheat code to get things like extra lives or invincibility for example action replay devices exist on just about every generation of game console including handheld devices up until around the xbox 360 era where encrypted save files and hypervisors would stop the use of such a device we've certainly covered the action replay on the channel before but by the time daytel had entered the console space with their devices for the nes and super nes they were already in their third generation action replay devices also existed for computers the earliest being the commodore 64. and in today's episode we are going to take a look at the action replay mark 3 device for the commodore amiga this device is considered the swiss army knife of hacking games on the amiga and it was used by many scene crackers in the underground wear scene to not only crack protection from games but to train them or in other words to cheat it wasn't the only option but it was widely used the action replay mark iii released in 1991 and is considered the best of the bunch it works on the amiga 500 and plugs simply into the side expansion port on the amiga's left hand side on the face there is a button labelled freeze which we will go into shortly and a switch and a knob for slo-mo when you power on the amiga you might be expecting some custom menu but nothing actually looks different the action replay is loaded and resident in memory ready for you to take control and with that let's walk through some of the features the action replay slo-mo feature can help you get through a difficult section of boss fight in the game by simply slowing it down when you turn on the dial you can really turn down the gameplay significantly and get through that hard section of the game now due to the nature of the amiga's custom chips like the blitter you'll note some flicker at times but this is a pretty neat out of the box feature and one that was added to later generations of action replay on systems such as the snes the amiga action replay is best known however as a freezer cartridge which means that this suspends the entire machine's state and allows you to poke around it all while the game is still running in the background now think of this like a save state in an emulator but it sits in memory while the game is in a frozen state when you press the freeze button the action replay menu loads up and pressing help will show you all the things that you can do with this cartridge and there is a ton of things that you can do but the two that we are going to focus on and what scene crackers used were trainers and copy protection so i'm going to walk you through how a trainer works on the action replay and this is how we can cheat the game and add things like number of lives or infinite lives or infinite time or infant energy so we're going to use the game turrican which is a classic game on the amiga and the way that this works is we simply are going to run the trainer mode on the action replay cartridge and i'll show you how it works and it's very very simple to set up and the way it simply works is you're searching for something in memory a particular memory location so we can see that the game has started with three lives so what we want to do is we want to freeze the game and we want to put the action replay into what's known as trainer mode and we're going to say ts three so what we're saying here is we're interested in the number three and if there's any change in that number then we wanna notify the user on the next go around so if we go back into the game and now we move our character and deliberately lose a live you'll see that the number of lives decreases to two as we would expect now what we can do now is go back into the freezer cartridge and type in t2 so we're basically saying with the trainer that we've already set up see if that particular value of three has now changed to two and if that is the case whereabouts in memory has that occurred so if you press enter now you can see we've got three possible addresses where the number three has now changed to two so let's go ahead and take a look at the first one and that is 7 a d3 so we're looking in memory now and you can see that the value of 2 is set here now if we go ahead and set this to say 9 and we exit out of here let's see what happens now currently it still says two but if we continue to play through this game and again lose life you can see that the number of lives now is set to eight which means that we were set to nine but we lost to life so now we're set to eight so that memory location is telling us this is where the location of the number of lives is i quickly discovered that seven ad2 and 78d3 store number of lives as a short or a word in other words two bytes and the game can have up to 99 lives stored at any given time and adjusting both of these memory locations will confirm that we can have up to 99 lives i should mention though that we haven't really trained the game in a traditional sense in the scene a trainer would completely bypass this check for number of lives and the action replay is ideal for a permanent trainer where we can have an infinite number of lives this does take advantage of the disassembler and assembler that's found on the action replay and i should mention that you'll need some experience with 68 000 assembly language the fa command allows us to search for one or more of the memory locations that we are interested in essentially what we're doing here is we're trying to identify where that memory location where the number of lives are stored is being accessed by the code and as you can see we've got this list of commands now what we want to do is start setting break points to find out when we lose a live if a breakpoint will get hit and that will tell us that we're in the particular piece of code where the number of lives is being adjusted by one or decreased by one by setting break points and then going back into the game as soon as we lose a life one of those break points should be hit indicating that this is the address location that we are interested in and as you can see our breakpoint is hit at 79c2 so this is probably the code where we lose a life that something is happening where the number of lives is getting decreased so what we can do now is call the command d or disassemble the code at 79c2 and what i usually do is i'll disassemble just a little bit before it so i can get a bigger picture about what's going on here so let's say if we disassemble 79b which is a little bit before c0 of course so as you can see our 79c2 is where we're loading the effective address of the number of lives into register address register a2 so if we move down a little further you can see that on 7 9 ce there is a call here that is sub i dot b so this is subtracting the number 1 from a2 so at 79ce this is probably the line where we're subtracting one life from our number of lives now i'm not saying that is exactly what it's going to be but it looks quite suspicious to me so how do we patch this well what we want to do is change the code at this line to be something else so we could say rather than subtract one we could say add one so when you lose a life it actually adds a life to your list or in this instance we could do absolutely nothing and just completely just skip over this line now there is a command called knop or no operation that effectively will just get to that line and then just move to the next one not doing anything at all so let's try that for starters and see if that works for us so to change a particular line with the action replay we want to assemble so if we type in the command a for a symbol 79ce now we can say nop so we're changing that command to be a knob command so when we jump back into the game and we run to a place where we can essentially hit an infinite loop of death like standing on the spikes each time we die we are still at 99 lives this change would be worthy enough of a place to set if you want infinite lives in the game the action replay contains both file and disk writing calls so you can apply this patch to disk and you'll always load with infinite lives the next time you boot into the game and this is the basis of how trainers work however trainers usually will allow the user to turn them off and on via the crack tro or trainer menu when you boot up the game for the first time training is one key part of any action replay but the action replay was frequently used as a tool for piracy copy protection on the amiga took various forms the simplest one is the manual protection which would involve typing in a word or sequence based on information found in the manual or code wheel and we've covered this before but the amiga also had many disk based protections that were a lot harder to defeat this involved a more experienced cracker but the action replay could easily defeat this as well in the right hands the ability to break out into the action replay at any point and snoop the entire machine made it extremely powerful manual base protection is pretty easy to crack but some games made it more sophisticated the easy cracks was where the string that you typed in was compared to the answer which also sat in memory but some games would never store the result in memory and instead they would use a checksum or derive it from a lookup table cracking manual protection would work something like this when you're at the protection screen type in your answer but don't press enter instead press freeze and then enter the action replay find the memory location of where you typed in the text and then that will find hopefully all the addresses that reference it in the case of this game flashbacked by delphine software you can see that we have quite a few this is because there is likely multiple protection checks in the game and not only at the start but from here we can now use a process of elimination to find the routine of the one that we are interested in and by making clever use of the not command once again we can simply work around the protection and then this patch can be then committed to disk now i do want to be clear that i am no expert hacker when it comes to the amiga and this would be considered a pretty bad crack there are other areas in the game that will call its copy protection scene groups had to make sure that the release was fully cracked otherwise it would risk getting nuked but in conclusion the action replay was a must own tool for any amiga cracker and scene group and many cracking guides that you'll read will refer to it it's not the only tool out there and some crackers did swear by other tools but the action replay was extremely powerful the good news is if you want to tinker around with one but you can't source the hardware the amiga emulator win uae has action replay support built in just include it as part of your rom image then you can load into any game press the page up button and break into it like you normally would if you had original hardware and that will just about do it for today's episode let me know what you thought about it in the comments below as always if you liked it don't forget to leave me a thumbs up and i'll catch you guys in the next video bye for now [Music] [Music] [Applause] [Music] you

Info

Channel: Modern Vintage Gamer

Views: 161,034

Rating: undefined out of 5

Keywords: datel, action replay, cheat device, cheat cart, game genie, amiga, commodore amiga, amiga 500, a500, freezer cartridge, copy protection, trainer, hacking, hack, mvg, modern vintage gamer, amiga games, 16 bit, 68000, assembly language

Id: WH3ja70_okA

Channel Id: undefined

Length: 12min 22sec (742 seconds)

Published: Mon Apr 04 2022