Tips for Reverse Engineering a Cassette Program

[Gooster]

Can anyone offer some starter tips trying to reverse engineer a cassette program? I'm looking at Boss 1.5 (I grabbed it from the Tosec archives) which is on a tap file. I tried using cleantap to pull the prg off the tape image but it fails. Vice is able to autoload the game, though, so I think the tap file is good. (Interestingly, booting the Vic and manually trying to load the game from tape does not work, so I don't know what Vice autostart is doing differently from a simple LOAD"",1,1).

[srowe]

Is the program a single file or is there a fastloader stub with the rest as a non-standard encoding? If you point me at the .TAP file I'll run some Python scripts which can analyze it.

[Gooster]

I really don't know, but if you can take a look it that would be great! Try this link:

https://www.dropbox.com/s/kz7d0fp2d117i ... D.tap?dl=0

[srowe]

My first attempt seems to suggest it's a single BASIC file

Code: Select all

(venv) [srowe@gilraen python-tapfile (master)]$ python3 examples/tap-dump.py ~/Downloads/Boss\ Chess\ v1.5\ \(1982\)\(Audiogenic\)\[8k\].tap 
DEBUG:tap_file.tap_file:header1: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:header2: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:Header: <TapHeader: data_len - 192, errors? - False>
header HeaderType.PRG 4609 16384 bytearray(b'BOSS.EXE 1.5') False
DEBUG:tap_file.tap_file:data1: <DataStream: data_len - 6295, #errors - 1>
DEBUG:tap_file.tap_file:data2: None

My tool has failed to read the second copy of the payload, either there's a bug in the code or the image is corrupt/incomplete.

[Edit] My tool is truncating the first copy of the payload, the length should be 11775.

[tlr]

If I select NTSC and full memory expansion it loads (with ?LOAD ERROR) in vice, but then starts on RUN. Don't know if it's broken though.
If I select PAL it crashes on RUN.

[srowe]

I'm running on PAL, I've seen a couple of crashes too but it works most of the time.

I'm struggling to scan the file with my tools, I think there's a block of pulses that are close to the timing and that might have introduced uncorrectable (and undetectable) errors.

[Gooster]

Ok it seems like an unreliable copy then, thanks for taking a look!

[srowe]

The prg file is in GameBase20

http://www.sleepingelephant.com/ipw-web ... f=4&t=6329

[Gooster]

There seem to be two versions floating around, the 1.1 version seems to be easier to find (e.g. in GB20). The 1.5 version I've only found this tap image for in Tosec.

[srowe]

Ah, I'd missed the difference in version. A quick-and-dirty way of getting a .PRG file is to drop into the monitor in VICE and save memory using

Code: Select all

s "boss 1.5.prg" 0 1201 3fff

I'll keep on trying to dump the tape image.

[srowe]

An actual tape copy has just been listed

https://www.ebay.co.uk/itm/Boss-Kavan-S ... SwgFleG4Bi

Wonder which version it is?

[Gooster]

Ha, if I still had my 64 and hardware I'd be very tempted to pick that up!

[srowe]

I've had some success after improving my code

Code: Select all

(venv) [srowe@gilraen python-tapfile (master)]$ python3 examples/tap-dump.py ~/Downloads/Boss\ Chess\ v1.5\ \(1982\)\(Audiogenic\)\[8k\].tap  
DEBUG:tap_file.tap_file:header1: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:header2: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:Header: <TapHeader: data_len - 192, errors? - False>
header HeaderType.PRG 4609 16384 bytearray(b'BOSS.EXE 1.5') False
DEBUG:tap_file.tap_file:data1: <DataStream: data_len - 11785, #errors - 20>
DEBUG:tap_file.tap_file:data2: <DataStream: data_len - 11785, #errors - 492>
DEBUG:tap_file.tap_object:Uncorrected errors remain
DEBUG:tap_file.tap_file:Data: <TapData: data_len - 11775, errors? - True>

There's still too many errors in the second copy to recover the file, I need to explore how to make my code more like the KERNAL.

[Gooster]

Even when I was able to load the game it still ended up being corrupt. It seems the 1.1 version that's around is also corrupt. But I may have found a good copy (albeit on disk) here:

https://vic20reloaded.com/vic20-16k-gam ... ion-1-a-2/

[oracle_jedi]

Attached is a TAP image with BOSS 1.5 if you are still looking to reverse engineer something.

The VICE dump option shown by srowe earlier will save it to disk, but BOSS has an interesting protection scheme, which will result in an unplayable game. The disk dump you already found has defeated this with an interesting solution. I checked and the disk image is BOSS 1.5