atari email archive

a collection of messages sent at Atari from 1983 to 1992.

Slapstick

(1 / 2)

Date: February 10, 1989 11:47

From: CHARM::LOGG

To: @SYS$MAIL:ENGINEER

File:	[LOGG.DND]BYPASS.DOC
Date:	February 10, 1989

	A company in the UK has come to us with a kit for Gauntlet II which
bypasses the slapstick.  This is how they did it.  Please keep this technique
in mind when you are doing your next game.

	The slapstick works by taking an address space of length 8000 and
selecting one of four banks of length 2000.  In general, the same bank
repeats itself four times in the address space.  If the slapstick is removed
and two wires are substituted, then the full 8000 address space is available.
In the case of Gauntlet, and I assume other Atari games, the addresses used 
to reference data or program in the slapstick area are for bank 0 only.  Now,
if someone were to change the addresses in all instructions which reference
the slapstick to the appropriate bank, then they would have defeated slapstick 
completely.  This is an oversimplification but you get the idea.

	This is what happened in Gauntlet.  They changed our jump table from
address in the range 0-1FFF to 0-7FFF.  They never had to discover how the
banking works.  They could have easily tried all four possibilities to get
the right address.  In Gauntlet, I thought we were safer because the data
was compacted in a very obscure fashion.  This apparently didn't stop them
either.   We also checksummed portions of our program so they couldn't change
our program.  Unfortunately we did not checksum our jump tables in the 
slapstick area.

	Their method can be defeated in many ways.  We could have used one
instruction, like JSR 1000, to jump to either of the four banks depending on
a condition set up previously.  We could have put code in the slapstick area
to make it a little harder.  We could have put a JSR in the slapstick area
which would return to another bank.  There are many other techniques which
I will not go into here.

SLAPSTIC usage

(2 / 2)

Date: February 10, 1989 12:49

From: KIM::SNYDER

To: @SYS$MAIL:ENGINEER

SLAPSTIC USAGE
ATARI GAMES
DOUG SNYDER
890210

When using slapstic to protect a game from being copied, two important items
should be kept in mind.

1. The SLAPSTIC hardware should use the 2 SLAPSTIC select bits (BS0 and BS1)
	to page memory, not just select one of four areas of a homogeneous
	address space.  Although banking makes SLAPSTIC slightly harder to
	work with, it more difficult to analyze and work around.  TETRIS is
	a recent example of banking.  It banks four 16K chunks into one
	16K address space.

2. The SLAPSTIC software should bank program and data, not just data.  The
	best way to use SLAPSTIC is if the program jumped from bank to bank
	within the banked address space.  Rivera and Avellar did this very
	well in EMPIRE, but this technique is tricky to implement.

Each project leader should verify that at least one, (preferably both), of
these items are included in every game.  Item 1 should be checked before
the PCB is released and item 2 before the final software release.

← Previous

STATUS

February 09, 1989

Next →

Ed Rotberg new S.T.U.N. Runner Project Leader

February 13, 1989
Message 1 of 2

Feb 10, 1989