Spyro: Year Of The Dragon Infamous Anti-Piracy Protection Defeated With GsmeShark Codes Thx To MottZilla

alexfree

Well-Known Member
OP
Member
Joined
Nov 17, 2021
Messages
268
Trophies
0
Website
alex-free.github.io
XP
1,524
Country
United States
MottZilla (mostly) and I have finally figured out a way to bypass the APv1 (detect non-stealth modchip), APv2 (detect swap trick/ no $ unlock), and anti-tamper (kicks you out randomly during final boss, tells you it's a pirated game, etc. due to non-complete bypass that only appears to work) in the game Spyro Year Of The Dragon USA Rev 0. Spyro Year Of The Dragon USA Rev 1 will get a code ported soon. For now, here's this first of it's kind true Spyro Year Of The Dragon USA Rev 0 bypass in GameShark form:

D007F08C 0001
8007F08C 0000
D007F08C 0002
8007F08C 0000
D007F08C 0003
8007F08C 0000
D007F08C 0004
8007F08C 0000
D007F08C 0005
8007F08C 0000
D007F08C 0006
8007F08C 0000
D007F08C 0007
8007F08C 0000
D007F08C 0008
8007F08C 0000
D007F08C 0009
8007F08C 0000
D007F08C 000A
8007F08C 0000
D007F08C 000B
8007F08C 0000
D007F08C 000C
8007F08C 0000
D007F08C 000D
8007F08C 0000
D007F08C 000E
8007F08C 0000

There are existing GameShark codes that are supposed to bypass this at sites like: https://gamehacking.org/game/89897 but they have the same problem that the original Spyro 3 Year Of The Dragon USA Rev 0/Rev 1 patches had, they only disable the first anti-piracy screen. The anti-tamper then kicks in and it will cause all kinds of issues. MottZilla and I's code is the only one to ever defeat both the anti-tamper and anti-piracy.

The game does freeze for about 15 seconds at the point where the anti-piracy screen would usually trigger. But it never does trigger and anti-tamper protection is never triggered either. I tested this by playing the final boss which will always (if anti-tamper is triggered) kick you out shortly after the battle starts, and then delete your spyro year of the dragon progress save file on your memory card. None of that happens with our code.

How it works is, the game checksums the code but not the variables in the anti-piracy routine. We basically just bruteforce every step to step 0 when they are ran at startup. This disables the code for the rest of the game (along with the anti-tamper)
 

Shadow#1

Wii, 3DS Softmod & Dumpster Diving Expert
Member
Joined
Nov 21, 2005
Messages
12,355
Trophies
2
XP
8,052
Country
United States
MottZilla (mostly) and I have finally figured out a way to bypass the APv1 (detect non-stealth modchip), APv2 (detect swap trick/ no $ unlock), and anti-tamper (kicks you out randomly during final boss, tells you it's a pirated game, etc. due to non-complete bypass that only appears to work) in the game Spyro Year Of The Dragon USA Rev 0. Spyro Year Of The Dragon USA Rev 1 will get a code ported soon. For now, here's this first of it's kind true Spyro Year Of The Dragon USA Rev 0 bypass in GameShark form:

D007F08C 0001
8007F08C 0000
D007F08C 0002
8007F08C 0000
D007F08C 0003
8007F08C 0000
D007F08C 0004
8007F08C 0000
D007F08C 0005
8007F08C 0000
D007F08C 0006
8007F08C 0000
D007F08C 0007
8007F08C 0000
D007F08C 0008
8007F08C 0000
D007F08C 0009
8007F08C 0000
D007F08C 000A
8007F08C 0000
D007F08C 000B
8007F08C 0000
D007F08C 000C
8007F08C 0000
D007F08C 000D
8007F08C 0000
D007F08C 000E
8007F08C 0000

There are existing GameShark codes that are supposed to bypass this at sites like: https://gamehacking.org/game/89897 but they have the same problem that the original Spyro 3 Year Of The Dragon USA Rev 0/Rev 1 patches had, they only disable the first anti-piracy screen. The anti-tamper then kicks in and it will cause all kinds of issues. MottZilla and I's code is the only one to ever defeat both the anti-tamper and anti-piracy.

The game does freeze for about 15 seconds at the point where the anti-piracy screen would usually trigger. But it never does trigger and anti-tamper protection is never triggered either. I tested this by playing the final boss which will always (if anti-tamper is triggered) kick you out shortly after the battle starts, and then delete your spyro year of the dragon progress save file on your memory card. None of that happens with our code.

How it works is, the game checksums the code but not the variables in the anti-piracy routine. We basically just bruteforce every step to step 0 when they are ran at startup. This disables the code for the rest of the game (along with the anti-tamper)
Nice can someone turn this into a ips?
 

CoolMe

Well-Known Member
Member
Joined
Apr 16, 2019
Messages
8,181
Trophies
2
Age
29
XP
39,919
Country
United States
@alexfree I assume this is only relevant for backup discs users? I don't think it affects emulators, as i played the game to its completion last summer on PS2 (with POPSTARTER) which is technically an emulator, without any of the known issues that this AP measure causes.
 

alexfree

Well-Known Member
OP
Member
Joined
Nov 17, 2021
Messages
268
Trophies
0
Website
alex-free.github.io
XP
1,524
Country
United States
Nice can someone turn this into a ips?

So the way we are defeating the protection makes this method impossible to turn it into a patch.

MottZilla however already did CD patches (which work in a different way then this does) for both Spyro YOTD Rev 0 and Rev 1 here: https://thegaminguniverse.org/ninjagaiden4/mottzilla/psx_protection.html (bottom of the page)
@Jayro
Post automatically merged:

@alexfree I assume this is only relevant for backup discs users? I don't think it affects emulators, as i played the game to its completion last summer on PS2 (with POPSTARTER) which is technically an emulator, without any of the known issues that this AP measure causes.
Backups or using a real USA disc on a Japanese console via backup/import loader
Post automatically merged:

USA Rev 1 Code:
D007F23C 0001
8007F23C 0000
D007F23C 0002
8007F23C 0000
D007F23C 0003
8007F23C 0000
D007F23C 0004
8007F23C 0000
D007F23C 0005
8007F23C 0000
D007F23C 0006
8007F23C 0000
D007F23C 0007
8007F23C 0000
D007F23C 0008
8007F23C 0000
D007F23C 0009
8007F23C 0000
D007F23C 000A
8007F23C 0000
D007F23C 000B
8007F23C 0000
D007F23C 000C
8007F23C 0000
D007F23C 000D
8007F23C 0000
D007F23C 000E
8007F23C 0000
 
Last edited by alexfree,

MatheusStaffa

Active Member
Newcomer
Joined
Mar 13, 2021
Messages
28
Trophies
0
Age
28
XP
247
Country
Brazil
Thanks for this. I've waited for 20 years to a bypass method for Spyro 3. I am playing with mottzilla's patch and got to the third world. Only found a single bug: the third egg of Sheila's alp disappear after i enter spook swamp and i have to get it again. What do you think it's better: the patch or the GameShark code?
Post automatically merged:

I think I understand what happened. I've used the patch with a widescreen code. Maybe it triggered the anti piracy. I am playing with the patch by mottzilla with Rev 1.1 greatest hits. The code i used was the following:
8004F744 2081
8004F746 0800
80008204 0000
80008206 A5CD
80008208 8007
8000820A 3C04
8000820C 162A
8000820E 8484
80008210 8001
80008212 2405
80008214 0002
80008216 14A4
80008218 0C00
8000821A 2405
8000821C 0000
 
Last edited by MatheusStaffa,
  • Love
Reactions: alexfree

alexfree

Well-Known Member
OP
Member
Joined
Nov 17, 2021
Messages
268
Trophies
0
Website
alex-free.github.io
XP
1,524
Country
United States
Thanks for this. I've waited for 20 years to a bypass method for Spyro 3. I am playing with mottzilla's patch and got to the third world. Only found a single bug: the third egg of Sheila's alp disappear after i enter spook swamp and i have to get it again. What do you think it's better: the patch or the GameShark code?
Post automatically merged:

I think I understand what happened. I've used the patch with a widescreen code. Maybe it triggered the anti piracy. I am playing with the patch by mottzilla with Rev 1.1 greatest hits. The code i used was the following:
8004F744 2081
8004F746 0800
80008204 0000
80008206 A5CD
80008208 8007
8000820A 3C04
8000820C 162A
8000820E 8484
80008210 8001
80008212 2405
80008214 0002
80008216 14A4
80008218 0C00
8000821A 2405
8000821C 0000
You can't use a single GameShark code (besides these bypasses) or it triggers the anti-tamper which does the weird stuff like you've said. The GameShark codes here are safe but anything else is not. Honestly both are equivalent in functionality I wouldn't call one better then the other. The only benefit to the codes are that they are automatically applied when Spyro YOTD Rev 0 or Rev 1 USA are detected in Tonyhax International (this is why I helped develop them and tested them personally), so you can use an original USA disc in a Japanese or European console without patching, or just burn a backup without patching.
Post automatically merged:

Hey @MatheusStaffa I might have a way to do additional game shark codes without tripping anti-tamper. How are you applying the widescreen code?
 
Last edited by alexfree,
  • Like
Reactions: MatheusStaffa

MatheusStaffa

Active Member
Newcomer
Joined
Mar 13, 2021
Messages
28
Trophies
0
Age
28
XP
247
Country
Brazil
You can't use a single GameShark code (besides these bypasses) or it triggers the anti-tamper which does the weird stuff like you've said. The GameShark codes here are safe but anything else is not. Honestly both are equivalent in functionality I wouldn't call one better then the other. The only benefit to the codes are that they are automatically applied when Spyro YOTD Rev 0 or Rev 1 USA are detected in Tonyhax International (this is why I helped develop them and tested them personally), so you can use an original USA disc in a Japanese or European console without patching, or just burn a backup without patching.
Post automatically merged:

Hey @MatheusStaffa I might have a way to do additional game shark codes without tripping anti-tamper. How are you applying the widescreen code?
Actually i am playing on a psvita with adrenaline. I patched my iso with mottzilla's patch and converted to eboot.bin to be compatible with PSP and Psvita. Unlike emulators it does trigger the anti-piracy if you use any cheats like the widescreen. The cheat i added later to use with adrenaline + cwcheats. I can share the file with the code if you want. It's sad it triggers on psvita because the games looks great and plays like a dream on psvita.
Post automatically merged:

Is it possible to make a patch which bypass the anti piracy method and put the game in widescreen? It would be great on modern tvs and monitors.
 
Last edited by MatheusStaffa,

alexfree

Well-Known Member
OP
Member
Joined
Nov 17, 2021
Messages
268
Trophies
0
Website
alex-free.github.io
XP
1,524
Country
United States
Actually i am playing on a psvita with adrenaline. I patched my iso with mottzilla's patch and converted to eboot.bin to be compatible with PSP and Psvita. Unlike emulators it does trigger the anti-piracy if you use any cheats like the widescreen. The cheat i added later to use with adrenaline + cwcheats. I can share the file with the code if you want. It's sad it triggers on psvita because the games looks great and plays like a dream on psvita.
Post automatically merged:

Is it possible to make a patch which bypass the anti piracy method and put the game in widescreen? It would be great on modern tvs and monitors.
I talked to mottzilla and it’s just not possible without stripping the entire anti tamper code out which is a huge feat more then the bypasses we have developed. Unfortunately I don’t think it will ever happen unless someone decompiles the whole game just to be able to add cheats. The idea I had has been confirmed by mottzilla to not be feesable.
 

MatheusStaffa

Active Member
Newcomer
Joined
Mar 13, 2021
Messages
28
Trophies
0
Age
28
XP
247
Country
Brazil
I talked to mottzilla and it’s just not possible without stripping the entire anti tamper code out which is a huge feat more then the bypasses we have developed. Unfortunately I don’t think it will ever happen unless someone decompiles the whole game just to be able to add cheats. The idea I had has been confirmed by mottzilla to not be feesable.
That's sad but i thought that was the case. Decompile the entire game would be a huge task even with a big team and would take several years to be stable at very least. But why emulators don't need the patch to bypass the anti piracy method? Is there somewhere i can read what they made to make this code so hard to crack even for today and newer games doesn't have this kind of security today?
 

alexfree

Well-Known Member
OP
Member
Joined
Nov 17, 2021
Messages
268
Trophies
0
Website
alex-free.github.io
XP
1,524
Country
United States
That's sad but i thought that was the case. Decompile the entire game would be a huge task even with a big team and would take several years to be stable at very least. But why emulators don't need the patch to bypass the anti piracy method? Is there somewhere i can read what they made to make this code so hard to crack even for today and newer games doesn't have this kind of security today?
That's sad but i thought that was the case. Decompile the entire game would be a huge task even with a big team and would take several years to be stable at very least. But why emulators don't need the patch to bypass the anti piracy method? Is there somewhere i can read what they made to make this code so hard to crack even for today and newer games doesn't have this kind of security today?
A console is much more limited then an emulator or PC, in emulation you choose how everything the game requests/receives and is processed you don't get more control then that. The original PCSX emulator does fail on anti-piracy titles because it was one of if not the first emulator for the console and not much info was known about how it all worked back then.

For example though, the very first launch Japanese consoles are immune to anti-piracy (not anti-tamper triggering for other reasons like GameShark codes though) since they don't support all the features these anti-piracy functions in later games required. Me and Mottzilla discovered that last year and documented it. An emulator could just emulate the console like those consoles and not have any issues. Or just process it differently.

Some emulators like PopStarter also have specific anti-piracy bypass systems sorta like what Tonyhax International now offers on real consoles.

There is an interview somewhere with the developers of Spyro YOTD where they mention why they did all of this, mostly because the previous Spyro game was so easily cracked they wanted to mess with pirates.

Some games employ something similar like subtly breaking the game progression when detecting cracks or whatever even before Spyro YOTD. Spyro YOTD is just the only PSX game which such advanced protection.
 
  • Like
Reactions: MatheusStaffa

driverdis

I am Justice
Member
Joined
Sep 21, 2011
Messages
2,867
Trophies
2
Age
32
Location
1.048596β
XP
2,848
Country
United States
Tripping Anti Tamper sucks as I want to play with the double jump hack and 100% the game. The mottzilla patch doesn’t cut it for this or the widescreen code. Really sucks that over 20 year old anti tamper code not intended to block mods years later is doing so.

At least the double jump patcher can add double jump to the first game and the Japanese 2nd game (double jump was fixed in only the Japanese release of Spyro 2 for some reason)

This will keep me busy for now replaying these games.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: +1