Cracking a 35 year old Macintosh Game
One may recall my last post on Reviving a Dead Mac Classic, wherein I repair a damaged Mac Classic. After getting it running again, I wanted to find software for it, and soon ran across the fine folks at macintoshgarden.org. This is one of the main abandonware sites on the net for Macintosh, where vintage computing enthusiasts can still find old software years after society has moved on to other platforms. There is a strong ethical framework: software must be at least 10 years old and no longer for sale by the publisher. This way, creators aren’t harmed by the collection (often theses companies no longer exist), and the software is preserved. It reminds me of a niche focus of the digital archivists at archive.org or reddit’s /r/datahoarder. Equivalent sites exist for many other vintage platforms .
Because I’m such a geek, I first searched for old Star Trek games. The history of Star Trek video games is interesting on its own (after all, the Venn diagrams between Star Trek fans and computer programmers have a lot of overlap) and even predates the concept of selling software a bit. As I was a fan of the original series from a very young age, finding these titles on old platforms is a good way for me to get a good hit of double nostalgia.
Searching for ‘Star Trek’ on macintoshgarden.org revealed a few games, but the one that caught my interest was Star Trek: The Kobayashi Alternative as it also appeared in a thread asking for help with cracking the software so it can be played without the original disk. Looking into it, this was a very early game with a story written by Diane Duane — who had written a few episodes and several Star Trek novels that I’d devoured as a preteen. Wow, exactly what I was looking for! But back to the problem: it had a sophisticated anti-piracy mechanism that hadn’t been cracked, so no one could play it unless they had an original disk that had somehow survived since 1986.
So I decided to crack it.
Reverse engineering can be a lot of fun. I’d done small bits of x86 disassembly and tweaking to get some old DOS programs working in a modern Windows shell, adjusted the behavior of Android applications by modifying its compiled java bytecode, and reverse engineered a DRM solution from its ARM-compiled library and recreated it in python so I could watch movies outside of the walled garden of a well-known streaming television service’s application. So, much like those, I figured this would be a challenge, but doable.
I had to first figure out how the original Macintosh programs worked, and then the tooling for inspecting and modifying such software. The original Macs used the Motorola 68000 (or 68k) processor series, and my favorite tools (like Hopper) don’t support that architecture. But there are other tools I’m reasonably comfortable with, like Ida Pro and GNU’s objdump (cross-compiled for m68k support) that do support it, so I was able to cobble something together.
Getting my head wrapped around the way early Macs were programmed was actually a lot more involved than I’d anticipated, but this also gave me a huge appreciation for the technological wonder the Macintosh was for its time. Concepts that annoyed young sysadmin me — like each file possibly having two sets of data (the data and resource forks)— revealed themselves as being very elegant computer science and user experience solutions (if one doesn’t expect to interface with non-Macintosh systems). The memory management routines allowed for very sophisticated applications to run in only 128k of memory with elegant ROM routines that enabled swapping out segments of code from disk as needed, and the fact that most of what would be made part of the OS or a supporting graphics library today was burned to ROM (and at the last minute!) affirmed what we’re always told: the Macintosh team did something really, really special.
But back to the goal: there are several anti-piracy methods, but a common one during this time period was for manufacturers to start with a brand new, never-formatted disk, and to clone from their golden copy to the disk, but not writing one block located in a locked and hidden file. Because this block never had 1s or 0s written to it and therefore was not magnetized in either direction, the drive head would basically get confused and respond with random data for each read of that block. Anti-piracy routines would read this block a few times, and if it got the same data every time, that meant the disk had been copied.
Narrowing down the anti-piracy code in Star Trek: The Kobayashi Alternative was somewhat tedious and time-consuming, but wasn’t difficult. I’d pour through the assembly code, teaching myself 68000 assembly as I went, look up Macintosh ROM calls in Inside Macintosh as needed, and narrow my focus down to an area of the code I thought might be related to the anti-piracy code. I’d then use a hex editor (such as ghex or hexedit on Linux before transferring the binary over, or ResEdit directly on the Mac) to replace the instructions before or after those points with $A9FF. This custom instruction trap instructs the Macintosh to fire up the debugger (either MacsBug or TMON, depending on which one decides to install). If the anti-piracy code stopped execution before the debugger fired up, the code I was trying to locate was before that point. If I found myself in the debugger, it was after that point. Its not elegant, but it works, and I have to start somewhere when learning a new system. From there it was just a matter of time and iterations before I was able to narrow it down to the exact jump and test instructions that ran the anti-piracy code. I then replaced those with $4E71 (a ‘no operation’ instruction) in the hexadecimal editor, giving me a working game with the piracy protection disabled.
And it turned out the game is horrible! This review says it might actually be the contender for the worst adventure game of all-time…and I think I agree. Its a horrible mishmash of free-text ‘speaking’ to give orders to crew members, clicking through menus to move your own character, weird bugs, and lawn-mowering across empty kilometers of coordinates on away missions hoping to randomly come across the MacGuffin for that planet. If you imagine what kind of game a bunch of creative-types at a publishing company in the 80s would make for the then-brand-new medium of home computer video games, it kind of makes sense from a failed artistic endeavor perspective. Its too bad too, as the overall plot from Diane Duane has some legs to it. But I couldn’t put myself through playing it for more than an hour.
So I might have failed in my mission to locate the missing Captain Sulu on the USS Heinlein, but I did succeed in my mission to bring back a classic Star Trek game to both Star Trek and early Macintosh fans. Check it out on macintoshgarden.org. It only took a few days, and most of that time was just getting my head wrapped around the way Macintosh works.
I suspect many coders will scoff at the relatively brute-force technique I used for cracking Star Trek: The Kobayashi Alternative. But hey, it worked, and I promise I will make up for any lack of technique or elegance with my next post, where I will discuss restoring MacWars to the vintage Macintosh community. This may have been considered the holy grail of early Macintosh copy-protected software, and cracking it was certainly not as simple as locating a chunk of code and replacing it with no-operation instructions.