Aptly named tonyhax, this exploit uses a classic buffer overflow found in the “Create Skater” mode in Tony Hawk 2, 3, and 4. When the game sees a custom character saved on the memory card it will automatically load the name field to show it on the screen, but it turns out the developers didn’t think to check the length of the name before loading it. Thanks to this oversight, a long and carefully crafted name can be used to load an executable payload into the console’s memory.
That payload could be anything, such as a homebrew game, but in this case [Marcos] went all in and developed a simple tool that unlocks the console’s optical drive so it will play games burned to CD-Rs. Once the tonyhax exploit has been loaded, you simply swap the authentic Tony Hawk disc for whatever burned title you want to play. So far every game tested has worked, even those that span across multiple discs.
[Marcos] is providing not only the save files ready to load on your PlayStation memory card (either through a PC tool, or with the help of a hacked PS2), as well as the complete source code for tonyhax. This opens the door to the exploit being used to load other tools, emulators, and indie games, but as the PlayStation homebrew scene is relatively limited when compared to newer consoles, the demand might be limited.
Compared to the traditional physical modifications used to play copied games on the PlayStation, this new software approach is far more accessible. Expect to see memory cards with this exploit preinstalled hit your favorite import site in the very near future.
When floppy disks were the data storage medium of choice, software companies and in particular game developers came up with ever more inventive ways to make them difficult to copy. Tinkering at the edges of the disc format standards didn’t come cheap though, and for example the Dungeon Master game for the Atari ST was reported as using $40,000 worth of custom hardware to achieve its so-called “fuzzy bit” technique. [Chris Evans] set out to recreate it, not by building a modern version of the custom hardware, but by doing it the hard way, with an early-1980s 8-bit BBC Micro home computer.
One could be forgiven for thinking that a computer sporting a 2 MHz 6502 would be unable to manage this task without extra hardware, and were it simply the 6502 itself you would of course be right. So to get anywhere he had to get creative with the Beeb’s built-in peripherals. Eschewing the floppy controller it was hooked up directly to the parallel port, and after a voltage problem courtesy of the drive’s termination resistors we’re taken through some of the 6522 VIA’s different modes in order to achieve a higher speed data burst than would normally be possible. All of these approaches hit the buffers though, until he looks at the 6845 video chip and uses its video output as a very fast shift register. With a custom cable and some work on special video modes, a home computer that would have cost several hundred dollars in the early 1980s can do the work of $40,000 custom hardware from later in the decade. Colour us impressed!
Making a copy of a purchased game used to be as simple as copying a disk. As the game industry grew, so did fear of revenue loss which drove investment in countermeasures. These mainly consisted of preventing the easy duplication of magnetic diskettes, or having users jump through tiresome hoops like entering specific words from the printed manual. These measures rarely posed much of a challenge to the dedicated efforts of crackers, but the copy protection in the classic 80s game Dungeon Master for the Atari ST and Amiga was next-level. It implemented measures that went well beyond its contemporaries, and while it was eventually defeated, it took about a year to happen. In an era where games were cracked within days or even hours of release, that was remarkable.
Dungeon Master was a smash hit at the time, and while the details of its own brand of what we would now call DRM may not be new, this video presentation by [Modern Vintage Gamer] (YouTube link) does a wonderful job of stepping through everything it did, and begins with an informative tour of copy protection efforts of the era for context.
Oh, for the old days when sailing the seas of piracy was as simple as hooking a couple of VCRs together with a dubbing cable. Sure, the video quality degraded with each generation, but it was so bad to start out with that not paying $25 for a copy of “Ghostbusters” was a value proposition. But then came The Man with all his “rules” and “laws” about not stealing, and suddenly tapes weren’t so easy to copy.
If you’ve ever wondered how copy protection worked in pre-digital media, wonder no more. [Technology Connections] has done a nice primer on one of the main copy protection scheme from the VHS days. It was dubbed “Analog Protection System” or “Analog Copy Protection” by Macrovision, the company that developed it. Ironically, Macrovision the company later morphed into the TiVo Corporation.
The idea for Macrovision copy protection was to leverage the difference between what a TV would accept as a valid analog signal and what the VCR could handle. It used the vertical blanking interval (VBI) in the analog signal, the time during which the electron beam returns to the top of the frame. Normally the VBI has signals that the VCR uses to set its recording levels, but Macrovision figured out that sending extra signals in the VBI fooled the VCR’s automatic gain controls into varying the brightness of the recorded scenes. They also messed with the vertical synchronization, and the effect was to make dubbed tapes unwatchable, even by 1985 standards.
Copy protection was pretty effective, and pretty clever given the constraints. With Digital Rights Management, it’s easier to put limits on almost anything — coffee makers, arcade games, and even kitty litter all sport copy protection these days. It almost makes us nostalgic for the 80s.