Ap Protection

Discussion in 'NDS - ROM Hacking and Translations' started by sired22, Jul 13, 2010.

Jul 13, 2010

Ap Protection by sired22 at 5:41 PM (2,800 Views / 0 Likes) 7 replies

  1. sired22
    OP

    Newcomer sired22 Newbie

    Joined:
    Jun 2, 2008
    Messages:
    9
    Country:
    United States
    I was just wondering what some of the methods used for AP Protection was and if there was some type of scanner program you could run on your files to find them? would that even be feasible? I mean there are virus scanners so why not use the same method to create a type of scanner to help pinpoint AP?

    If you think this is unfeasible or just a dumb idea could you give me some information why? I tried searching the forum but i only found mentions of ap protection on games and not on the general methods and how they do them.

    thanks. Also if this is the wrong forum i apologize.
     
  2. Pong20302000

    Member Pong20302000 making notes on everything

    Joined:
    Sep 8, 2009
    Messages:
    8,076
    Location:
    One's inner self
    Country:
    Japan
    no such thing to my knowledge

    only your eyes

    AP is basically when the game put data in
     
  3. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    http://gbatemp.net/t232338-ez5i-kernel-3-0...t&p=2902630

    There are other potential/existing methods out there but the two detailed in that give a rough overview of the big two ones we face these days.
    First of all though the game code is easily accessed but game devs do use compression in varying amounts (nothing too hard to bypass but does not help automated checking so much) and the DS CPUs feature two instructions sets and developers have been known to do things bury checks in THUMB (the "faster" somewhat lesser instruction set) in an overlay (a piece of code usually loaded to expand functions that are rarely used) that is loaded late in the game.

    Those who crack AP full time do have partially automated methods/search tools for some of the checks-> for the below 8000h stuff there should never be a read there in normal (non AP) operation so any reads there are probably AP. As there is but one method to do this then it is quite easy.
    The other side of it (checks on the binary) is an inherently more difficult task to automate- there are hundreds of ways to do a checksum and modern games display hundreds of checks. They will usually result in a compare/branch instruction afterwards but branching after comparing a result is a fundamental of computing so it is not any and all.
    You can do some things with an emulator and stepping through the program or setting breakpoints on certain instructions/memory reads and working backwards/forwards but this side of an AI it is probably not going to happen as an automated task (as it is it takes a fairly well versed assembly programmer to do it).

    re: virus scanners. These have not worked all that well in about 10 years now which is why they are heading into the more active scanning (similar to the checks semi automated method- flagging any "odd" activity) realms not to mention PC architecture and operating system architecture are somewhat different to the DS (the DS is not designed for multitasking (any code can access anything else) and runs everything "raw and unfiltered" unlike a modern PC which does not do this and that is burned in from the hardware upwards.
     
  4. sired22
    OP

    Newcomer sired22 Newbie

    Joined:
    Jun 2, 2008
    Messages:
    9
    Country:
    United States
    so your saying the game tries to write data to an address that's less then 8000, the flash cards will allow this but the actual game card will not and will calculate the correct offset to forward the data to, then the game card checks if its where it should be and if not triggers a AP function that does stuff (such as disabling saves, or like in zelda makes sure the train controls don't get to the screen)?
     
  5. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    Not write to it but read that actual "rom image" and it is not the game but the underlying DS hardware that does the correction-> http://nocash.emubase.de/gbatek.htm#dscartridgeprotocol (scroll down to "get data").

    After that though yeah the game senses it is running on a flash cart and triggers the "AP mode" as it were.
     
  6. Searinox

    Member Searinox Just a taste~ ;3

    Joined:
    Dec 16, 2007
    Messages:
    1,626
    Location:
    NastyBadPlace Pingas: Yes sir!
    Country:
    Romania
    Any ROMs out there that have heavily used
     
  7. sired22
    OP

    Newcomer sired22 Newbie

    Joined:
    Jun 2, 2008
    Messages:
    9
    Country:
    United States
    Ah i see thank you both for the information. yes i can see now why it would be almost impossible to make a completly automated scanner for such things. It was just an idle curiosity on my part.

    I was originally thinking of the cheat database and then wondered if you couldn't do something similar for common ap protections. that way a scanner could just use a list of what to check for. But from what i gathered from the info such a thing is impractical if not impossible.
     
  8. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,736
    Country:
    United Kingdom
    @Searinox I asked Normmatt the very same question earlier this morning/late last night- apparently all of them he has ever seen are checks.
     

Share This Page