Reverse Engineering MacWars

MacWar’s title screen. The icons were actually stored as custom font characters in the system file.

0: movq.b 0, d0 #set register d0 to 0
16: movq.b $20,d1 #set register d1 to 32
32: cmp.b d0,d1 #compare registers d0 and d1
48: bgt pc+$40 #if d0>d1, then skip 64 bytes ahead
64: _sysbeep #call the system trap to make a beep
80: addq.b 1,d0 #add 1 to register d0
96: jmp pc-$40 #jump back 64 bytes
112:

Figured it out? It basically does the same as this C-like code:

i=0;
while (i≤32) {
beep();
i = i + 1;
}

Now, imagine doing this for a couple thousands of lines of code, and this is what I took on for reverse engineering MacWars. For those researchers wanting to follow along at home, I’ve published my code on github at https://github.com/barberd/depace/. The line numbers I refer to later in this article refer to specifically https://github.com/barberd/depace/blob/main/decrypt/macwars-D-decrypt.py. Researchers may want to note that the hexadecimal addresses in the comments of that file are the corresponding location in the original file’s resource fork. Also note I don’t provide a copy of the MacWars software; to use my scripts, one will need to obtain it and then extract a copy of the application files into MacBinary format.

Just fly around randomly; eventually one will find the enemy space station… or decrypted code routine, whatever.
Prepare to enter the tunnels…of encryption!
The enemy space station. Maybe the final encryption key is somewhere inside?
The application was decrypted, revealing the ‘core’ of the anti-piracy routines.
Enemy space station go boom. The galaxy is now safe for vintage gamers.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store