Commodore 64 - Pitfall II (Assembly Language Hack)

Рет қаралды 30,104

11 жыл бұрын

Subscribe to my channel here:
kzfaq.info...
A much better, updated version can be found here on my website:
www.c64brain.com/gamehacks/pi...
Please check out my Twitch channel as hacking is now used with professional tools. Thank you.
/ all
If you have ever wondered how to hack into a Commodore 64 game then you've come to the right place.
Pitfall II Hack explained:
I am now in the process of creating a blog on my website to explain what I learned about David Crane's masterpiece. It provides a background of my experience with the Commodore 64, showing how it eventually led to hacking. You will also find out where the sprites are stored in memory. I hope you enjoy it. Give me feedback on any suggestions you may have.
In this video you will learn how to hack into a game through the assembly language. The trick to this is to search through memory locations for familiar addresses, such as 53278 (collision register). The important point to remember is to not change the operand, but the values, x/y registers, etc. It is therefore necessary to have a basic grasp on assembly before attempting this. Now for the more experienced developer, you can use an alternative operand and replace it with another. As an example, last night I learned how to speed up the balloon rising but replacing a zero page ADC addressing with an immediate ADC. It therefore bypassed the static setting from the zero page location and forced an immediate result to the calculation, which resulted in increased speed.
At the beginning I found where the water level was drawn at and raised it. It didn't occur to me at the time as I thought I was altering the scrolling. So this is actually controlled with a raster interrupt that is drawn when the horizontal beam scans the screen. I changed location 53265 to achieve this effect.
I was able to change the screen character display (seen earlier in the video). However most of the video is simple changes to the background, but finally at the end I managed to turn off the collision detection between sprites (location 53278).
I am using the Final Cartridge III to force a soft reset to my Commodore 64. This then allows you to select a menu where you can access the monitor. From there all you have to do is find the proper starting address to run the game. For Pitfall II a SYS 32777 enables a successful run (it enters the interrupt vector - SEI). Then just start decompiling the program and looking at the memory.
I hope you found this interesting. I used to love breaking into my Commodore 64 software. I once managed to increase my life counter in the game Panther so I had unlimited lives. It's fun once you get the hang of it.
So to recap. The changes that were made did the following:
Changed the scrolling (it appears jumpy).
Changed some of the background characters
Changed the background color
Altered the sprite data pointers (Pitfall Harry and the vulture)
Turned off collision detection
Where the collision detection was found t
LDA $D01E
STA $93,X
RTS
So $D01E converted from hexadecimal to decimal is 53278 which manages the sprite to sprite collisions. What I did was use another page 0 memory location that apparently was not being used by the game and the system then had nowhere to search for the proper setting of this location.
Thanks for watching.
Websites:
www.c64brain.com/
www.atari65xe.com/
programmermind.com/
www.fineartpencil.com/
Discord (Talk with Admin)
/ discord (New)!
Facebook (sign up here to get updates)
/ c64-brain-102232354880493
Mewe:
mewe.com/group/5fb4584ba7e4cb...
Twitter:
/ c64brain
Instagram:
/ c64brain
Pinterest
/ yochatwitme
Reddit:
/ 8bitretroman
Tumblr:
www.tumblr.com/blog/stmorrow
CBM Prg Studio Download (free):
www.ajordison.co.uk/download....

VICE C64 Emulator download (free):
vice-emu.sourceforge.io/

CharPad download (free):
subchristsoftware.itch.io/cha...

Пікірлер: 47

@SteveMorrow8859 11 жыл бұрын

Thanks. Stay tuned, as I am hard at work disassembling the entire assembly language for this game. I hope to discover other hidden tricks soon. Once I posted this last night, I found the sprite for the score counter. Back in the days I didn't know so many sprites were used to design this masterpiece. Thanks for watching.

@peterlamont647 6 жыл бұрын

When you are in the disassembly window in a monitor, if you change the comma to an A so instead of ., 8165 69 40 ADC #$40. If you change it to A 8165 (erase hex codes and scroll over to the assembler instructions) ADC #$41 (by just changing the 0 for a 1 for example) then press enter, it will super impose the new instruction and begin assembly at the next line. It will correct the hex codes for you, and then You don't have to exit to basic to change the assembly in real time using pokes. If you change an instruction by a byte, you can then realign by just scrolling off screen and back to where you were, and it will correct one byte instructions to two byte. So for example if you had a 00 BRK, and you replace it with A9 03 LDA #$03 it will correct the hex codes, go to the next line with the correct address, but now everything looks one byte off afterward. So if you scroll off and on screen again, it will look normal because it is now counting the PC offset of bytes correctly from your change. If you swap byte for byte, there is no need even for that. Just assemble the new byte(s). I just tried this with final cartridge III's monitor to make sure it works, and it does work just like it does on HESMON and SUPERMON. I suppose an even easier way is just to use the M command, but then you can't read the code as well as changing it in real time as the above method does. When you're doing a disassembly, it is doubtless easier to use the disassembly function :D. I am surprised how many people don't know that it is just as capable to assemble at the disassembly screen. I guess you can say this too is kind of a "hack".

@bawbagstromash9452 10 жыл бұрын

If anyone is searching for "Mapping the Commodore 64" you can download at: www.bombjack.org/commodore/books.htm (The site is an absolute gold mine for C64,C128,Vic20,C16,Plus4 and Amiga books + magazines) *Enjoy....*

@SammYLightfooD 7 жыл бұрын

Thanks a lot! This book really is neat and informative. Even have use of it atm because I just re-dig into assembler programming on a real C64.

@americancitizen748 7 жыл бұрын

I used to hack games on a VIC-20 using this method. I would randomly change the data in memory locations just to see what happened! It was fun.

@SteveMorrow8859 11 жыл бұрын

Wow. Thanks. I don't often get positive comments. I will be trying to prepare an ebook for Atari assembly language game design for a few bucks in a month or two. Let me know if you would be interested in something like that. Before that however my goal is to hack apart other games soon. Thanks.

@martijnvanzanen4075 8 жыл бұрын

O wow.. I saw ur video by acident. This I like:)

@SteveMorrow8859 11 жыл бұрын

If I have time maybe later I'll take apart some other Commodore 64 games back in the days. I am hoping to make success with Batman the movie. Still though, it takes time. The hardest part is often finding the starting address of a program. Once you have that then your journey id downhill somewhat since you can rerun the game and see the changes made to the code.

@SteveMorrow8859 11 жыл бұрын

Sorry about that. Were you able to look at the code. It was taken from the Pitfall example. The more I research this the more it is starting to click. I noticed in old Atari examples that an AND #127 would mask bits as inverse and AND #3 masks lower bytes. Then ORA can reverse what AND does. It kinda makes sense especially when doing graphic manipulations.

@SteveMorrow8859 11 жыл бұрын

I am working on it now trying to see how to activate my contacts. I had to disable other features awhile ago because of KZfaq violations.

@SteveMorrow8859 11 жыл бұрын

Thanks. You are right I did overlook that. That's because the C64 defaults in uppercase mode. Do you still have any hacking programs? I hacked games in those days so I can beat them. I got so tired of losing to Panther until I finally cracked the life counter. I stuck it at 0 remaining lives so it would never subtract under that. Then I won the game. Fun times.

@AllGamingStarred 7 жыл бұрын

Simons basic is a blessing compared to vanilla basic. no more peeks and pokes, thank god

@peterlamont647 6 жыл бұрын

lol right? I have simons basic and COMAL-80. Both are great. The latter of which is absolutely incredible. The book 'Science and Engineering for the Commodore 64' by Abacus software just straight up demands that you have Simons basic to use the book. They made no bones about it. It simply says rather than wasting half of the book on line drawing routines in basic, just buy a Simons basic cartridge and then let's move on.

@eddieloius4592 3 жыл бұрын

Wouldn't it be easier to use emulator to run tests and to find information that you need especially with monitors and save states? just wondering

@Infinitesap 5 жыл бұрын

What is the bane og the monitor and where can I get IT?

@TrollingAround 8 жыл бұрын

I don't mean to sound disrespectful, but sir, this is like watching a chimp with a socket set. As an exploratory method, randomly changing the zero page addresses that are incremented/decremented without understanding the original , or modified memory addresses is akin to randomly swapping ingredients on a cake mix.

@SteveMorrow8859 8 жыл бұрын

I know about rasters and that was my point here. Everything is learned by experimentation.

@peterlamont647 6 жыл бұрын

I agree, if you are figuring this out on your own and you are not someone in "the scene" who has ample support from other coders etc... seeing what changes to the code will do is the easiest way to learn from it. Once you have a firm grasp of things, only then can you start by dismantling the constructs into logical blocks of code, and deciphering which sections do what based on what addresses they are changing, how the loops are set up, what addressing modes it is using and why, delineating the RTS commands between subroutines etc. Then you can completely reverse engineer the program and reuse or change large of the game, or even just reuse the engine for a new game. A video like this is valuable to an intermediate user just stepping into assembly.

@bastardtubeuser 6 жыл бұрын

that comment was so funny by the way TrollingAround lol . respect to C64 brain though his channel is doing quite well just now bringing attention to writing c64 6502 for those with a casual interest. its definitely great to hear blunt comments from people who mastered assembler on a theoretical level no matter how cheeky.

@zerobyte802 5 жыл бұрын

I was thinking it was like Mickey Mouse as the sorcerer’s apprentice and his out-of-control broomsticks.

@RetroMarkyRM 8 жыл бұрын

Good video. How did you find the start address? Do you look for some code in particular?

@peterlamont647 6 жыл бұрын

The final cartridge III that he has there is perfect for this. When you load from disk or tape it will tell you the absolute addresses for start and end that are pulled from the file header as it is loading. It displays after you hit the load command on the next line. This is demonstrated in the video but he didn't mention it. He did however mention that the SEI command is usually the beginning of the actual game. So I'm actually not sure if he is aware of this neat feature either.

@AllGamingStarred 7 жыл бұрын

would it be possible to zoom the screen out?

@SteveMorrow8859 11 жыл бұрын

Okay you should be able to get my messages now since I turned back on the option for - Allow only my contacts to send me messages and share videos. It is enabled for public now. Try it and let me know.

@BagoZonde 11 жыл бұрын

I have written some reply (longer than this comment window allowing) but I can't send you as I mentioned before.

@stephaneedwardson1370 9 жыл бұрын

Video turns green with blocky artifacts every 10 secs but very interesting anyways.

@subskybox 7 жыл бұрын

In the video you are converting hex to decimal by printing directly at the ready prompt. For example "? $FF" Have you loaded some utility programs? My Vice doesn't do that.

@SteveMorrow8859 7 жыл бұрын

I am not aware if VICE can do this or not, but the Windows 7 calculator can accomplish this. Open the calculator. Then click on the View menu and select Programmer. Now click on the radio buttons that show "Hex, Dec, Oct, Bin". Type a number such as 169. To convert from hex to decimal just be sure "Hex" is selected on the left, type the number, and then click on the "Dec" radio button and you will see the result. You can also now click on "Bin" to see it in binary. Have fun and be sure to check out the new tutorial I am creating called Machine Language Tutorial for the Commodore 64. Its going to really intense as the goal is to eventually take smaller routines (from games, demos, etc) and then get them to run in CBM Prg Studio as a result of learning. Thanks.

@patwilson8820 7 жыл бұрын

Yes I use the Windows & MacOS calculators all the time for that. I just thought it was neat that you did it at the ready prompt. You can do it in the monitor too (e.g. p c000 is 49152)

@peterlamont647 6 жыл бұрын

He is using a special freezer cartridge which adds all kinds of functionality. If I am not mistaken, that is the Final Cartridge III or something similar. You'll also notice that when he loads stuff, it actually prints the start and end address of the absolute address of storage in memory. This is incredibly useful for disassembly and is one of the included features of final cart, because you know exactly where the program starts and ends. Final cart also adds real time conversion hex to dec and visa vera. That said any monitor like HESMON for example, has this function built in...there is absolutely no need to resort to basic. He is doing that because he programmed assembler from basic long before he had a proper monitor. In fact, he can say 169, 3 in decimal is LDA #$03 or, A9 03, without any hesitation. For most people though, the idea of using basic as an assembler is a nightmare. It is way easier to manipulate memory from a monitor. You can even create small programs in memory within the monitor to process things and shove results back into memory for usage elsewhere...you can fill memory with values, you can move programs, even if they weren't designed to be etc. One of the first things I did when I first got back into Commodores was buy a HESMON cartridge. I didn't have any other tools or software to transfer from the internet back then, so i just paid $25 bucks to a guy making them and selling them on ebay. I still use my HESMON cart quite frequently. Hitting the restore key on that cart will pull you into the monitor from anywhere, or anything you are doing. It has a ton of extras, comprising the entire 8K of the cartridge! It is much better than SUPERMON, but then again, SUPERMON doesn't tie up the cartridge port, and it is also available to type in. The book 'Assembly language for the commodore 64' by Databecker publishing has a very cool two pass assembler, and allows you to enter assembly with line numbers and save from basic. i have not typed it in yet, but if it is anything like their 'fast tape' program, it is incredible. I would therefore recommend using the monitor for the entire proceeding as it is designed for real time disassembly. You can even load straight from the monitor, as all of them have a load command. Usually syntaxed L "name" 01 01 for example to load from tape, and to its absolute address. Would be equivalent to LOAD"NAME",1,1.

@mgabrysSF 9 жыл бұрын

Now if you can hack he camera to not glitch out, or use a standard video codec, you might have something there.

@SteveMorrow8859 9 жыл бұрын

mgabrysSF lol. I now use BB Flashback Express Recorder for my videos and have move elbow room when positioning my setup.

@BagoZonde 11 жыл бұрын

It's working fine, ok!

@SteveMorrow8859 11 жыл бұрын

Great. I could also send you my email through an inbox response if that would be easier. Let me know.

@BagoZonde 11 жыл бұрын

Hello, I want reply to your challenge you sent me private, but I can't! You Tube told me that "user has enabled contact lock. You will not be able to send messages to them unless they add you as a contact".

@storerestore 7 жыл бұрын

A lot of the glitches in the beginning look a lot more like video encoding errors

@SteveMorrow8859 7 жыл бұрын

I totally see. I'm glad to announce that I now understand bits and how they are used when turning them on (ORA) and off (AND) based on what that bit function task is doing. What glitches were you talking about?

@peterlamont647 6 жыл бұрын

The video was artifacting to the point that the floor was bending into sine waves.

@Bernard_Ashtree Жыл бұрын

👍

@HalfEatenDimSim 7 жыл бұрын

just press run stop then type list

@mcedixx1809 9 жыл бұрын

At the time did they programmed this game in Assembly language too??

@SteveMorrow8859 9 жыл бұрын

MCEDIXX yes it was done in assembly language. It was quite popular with personal computers in those days.

@mcedixx1809 9 жыл бұрын

ok the for the reply :)

@jiribudin9902 9 жыл бұрын

why to use POKE for changing memory? use A as asembly command- see example of Daniela programming kzfaq.info/get/bejne/n6iXoLhql7euoKM.html in assembler

@SteveMorrow8859 9 жыл бұрын

Jiri Budin you're right. I am so used to editors rather than monitors. However I am also a die hard Basic fan. Also I had to write them down since the FastLoad cartridge was known then to lock up. People often wonder why I disassemble assembly language. In those days if you wanted to learn often you were forced to tackle the strange numbers in DATA statements. To this day I can now write my own assembly games and I'm doing that in my current videos. Check out my C64 Google Hangouts live each week. I should do another one like this. What do you think? Thanks.