[Hiei-]

Hello.

I added an intro to a snes rom (hi-rom one) but I want to prevent the ability to remove it (right now, it's pretty easy). It's an intro that basically say that I don't support cartmods and that people should be aware there are reproductions, etc... but it don't prevent to run the game on the real harware (the aim is just to inform people, not to prevent them to play the game).

Is it possible to add a little thing which would calculate a checksum (other than the snes one which seems useless and easily fixable with Ipsum for example, so useless anyway) and prevent the game to run if the checksum mismatch (so if one byte of the rom is modified).

The problem is that I don't know ASM at all, so except if it's a little thing easy to learn, that'll be a problem.

I know some friends with some ASM skills so maybe just lead me to the toward direction might be enough.

[Zoinkity]

Checksums are fairly simple.  You need a loop that reads ROM, one register to keep track of the value and another to count your position, then at the end a comparison against a known calculated value.  Usually these branches just branch to themselves, but you could be mean and branch it to something more obscure or intentionally throw a fault to lock the game.

As tempting as it would be to use something standardized (MD5, etc.) it would be a little too easy for somebody to recorrect the values.  You could start with a base value or read everything in backward; skipping every so many words would be funny.  Writing something unique and forcing them to RE it is probably safer.

Another interesting method doesn't require a checksum.  It compares two words in ROM from different arbitrary points and locks if they don't match (or more popularly if they don't mask to 0).  Not as secure by a long shot, but works well for spotchecking names or routine jumps.

[Hiei-]

Thanks for the info.

I'll try to see if one of my friends have enough skills to do that.

[LostTemplar]

Be aware though that a lot of people who are able to make a cartridge out of a ROM probably are capable of removing such a check.

[Hiei-]

I don't think so, it's pretty easy to do a cartmod with the tutorials found on the web (you just have to follow them without the need to understand them), but most of them don't know how to do a romhack (that's what I saw on french boards, at least).

Some of them can think of using an hex editor and compare the rom with and without the intro, but as soon as a debugger is required, 99% of them will give up (french community, of course, and as it's a french translation).

I know how to do some basic romhack and I wouldn't even be capable to break such routines.

[Bregalad]

I think the basic idea of a check sum is to add all the bytes in the ROM together (of course keeping only the low 8, 16, ... bits), and this is how the SNES checkum is done.

This is quite easy to bypass however, for example if they would remove your "jsr checksum" by 3 "nop" instructions, they would have to compute what difference between the bytes it makes and compensate for it somewhere else. However it would certainly stop cartmoders, so I would strongly encourage you to use at least this if not something more complex, because I agree those guys are really not respectful to other people's work and I'm pissed by them.

To have a harder hash to hack than a check sum, you should not do only the sum operation but a combination of :
sum, exclusive-or, substraction, shifts or rotates

and not only with the bytes, but also with their addresses, so that if bytes are the same but in a different order, the hash changes and the test fails.

Possibilities are endless really and I'm sure you could make a simple algorithm with a unique hash that could be a pain in the ass of those annoying "cartmoders" which rip people off and steal our work.

[henke37]

Point is, it doesn't matter how strong the checksum is if the checksum routine can be removed.

[LostTemplar]

You just shouldn't believe that it would keep all repro attempts at bay. If it's just your intention to keep some lazy amateur reproducers away who thought they could make a quick buck then it's probably enough.

[Hiei-]

I don't want to prevent any cartmods, as long as the rom is not modified, I'm fine with them (and it's pretty sure that it'll be enough to stop most frenchs to modify it). In my message, I say that the authors of this translation does not support cartmods and more or less say that the guy got scammed if he paid the cartridge more than 50 bucks, which imply that if paid it less than 50 bucks for the whole thing, I don't really find that a bad thing. That's just some informations, nothing more.

I have a friend who is actually working on such a routine so thanks for the infos

[Zoinkity]

A crc check is as easy to remove as one well placed NOP.

There's always the encryption route though.  Generate a crc, however sloppy, and use that as a key to a decryption routine for some important piece of code, or masked against all values fed into a decompressor, etc.  Just be certain that at least part of your custom code is included, or they could just retro the block with data from an uneditted game.

As a point of interest, since some 64DD expansion titles hijack the running cart, they used a combination of two different encryptions to prevent piracy.  First is a simple add+xor using the loader's memory address as a key.  The second is a funny bytestream; every byte written was +17 after the first, looping around at 256. 

[Nightcrawler]

A crc check is as easy to remove as one well placed NOP.

Not if you sprinkled it several times, in different forms, in various places throughout the game, and included self modifying code that executes from RAM.

Other than CRC, any encryption or check algorithm you devise can be used. If you're really advanced, include some devious hardware exploits in the mix to further obfuscate your methods. Or, interweave it with some very quirky game engine execution that only someone very familiar with the game would understand. Heck, why not use all of the above?

Be creative and make it annoying enough that few (if anybody) would ever bother to reverse engineer it. I think I will be motivated enough to do just that for my next release. I can be very creative. 

[Bregalad]

50 bucks ?
I think it's way too much. Also it depends what you mean by a "buck". 50$ is less than 50€ but in my opinion both would be too much. About 15-20$ or € is the max that should go for a fake bootleg cart which has no collectible value.

And yeah do anything as long as you stop those bastards it'll be a good thing.

[Hiei-]

I don't find that too much for a complete package but everyone has is own in opinion for that and that's a bit off-topic.

I don't plan to stop them, if the intro is kept, I'm okay with the cartmods.

[Lestat]

50 bucks ?
I think it's way too much. Also it depends what you mean by a "buck". 50$ is less than 50€ but in my opinion both would be too much. About 15-20$ or € is the max that should go for a fake bootleg cart which has no collectible value.

And yeah do anything as long as you stop those bastards it'll be a good thing.

I'm totaly agree with you, so i think that better to write a message like this : "if you paid for it, you're a dumbass