Konami game protections

Page 1/3
| 2 | 3

By NYYRIKKI

Enlighted (4599)

NYYRIKKI's picture

08-07-2017, 23:56

I made a list of 8KB-32KB Konami games that have copy protections in the ROM and how to remove them. This list may have quite a little practical value, but removing the protections is sometimes needed with some ROM-loading tools. (ie. SymROM and similar tools that load the games to MSX internal RAM)

The document is here

Login or register to post comments

By Manuel

Ascended (13218)

Manuel's picture

09-07-2017, 08:49

How about putting it on the Wiki?

By Louthrax

Paragon (1466)

Louthrax's picture

09-07-2017, 13:00

Nit-picking sequence: I think some of these Konami games have alternative versions, with different patching addresses. It's good to have the originial CRC32 of the file to patch somewhere (for example in the name of the IPS file: Aleste 2 (1989)(Compile)(JP)[cr][f RAM slot][f Intro] disk 1 (original CRC32 0x234b534c).ips).

By Louthrax

Paragon (1466)

Louthrax's picture

16-07-2017, 02:42

Hi Nyyrikky,

I had a look at your copy protection patches for the Konami games. I realized most of the cracks made at the time were only changing the ROM-area poke addresses to BIOS area instead (works, but not so good if you want to play with a modified BIOS in RAM or something).

Everything looks fine, except the last patch sequence from Ping-Pong, and the Q-Bert patch (code at these addresses does not look like the other usual protection patterns). Let me know, maybe that's just a typo, something I did not understand, or maybe I have different ROM dumps?

By Louthrax

Paragon (1466)

Louthrax's picture

16-07-2017, 14:16

Louthrax wrote:

I realized most of the cracks made at the time were only changing the ROM-area poke addresses to BIOS area instead (works, but not so good if you want to play with a modified BIOS in RAM or something).

I was talking about the "old cracks" we had in the 80's here, not Nyyrikky's patches (which are removing the "poke" instructions, not only changing addresses).

By mohai

Hero (622)

mohai's picture

17-07-2017, 13:07

What do those copy protections exactly do?
I remember the "dumps" in the eighties worked fine when loaded into RAM. Where those already patched or were alternate versions? (please, do not blame, as I was a child with very limited incoming to buy a cartridge).
I remember some of those "dumps" had some graphic glitches, but I always thought it was because of bad dumps or copies.

I remember there was a "version" of Goonies that showed instructions on how to start to play (press CTRL+P for password ...), as a loading screen. Then, after game was loaded and tape stopped, Konami logo was shown, but not opening screen (so, you had to press CTRL+P or something to start playing...). I always though that was because of a bad dump.

By Louthrax

Paragon (1466)

Louthrax's picture

17-07-2017, 15:11

mohai wrote:

What do those copy protections exactly do?

For the Konami games, they were just poking things in the ROM area... if it's RAM, the game will crash or be crippled a bit later. As Nyyrikki said, those protections were quite easy to identify and fix. Also, not all of the Konami ROMs were protected.

By nikodr

Paladin (714)

nikodr's picture

20-07-2017, 03:38

Metal gear 1 the sma international crack Version for 128 kbytes memory mapper suffered from copy protection maybe? . Elevators crashed game and made random glitches. A simple Ei instruction had to be Di, because game was transferring data from vram to ram. That version, so i am sure konami didnt want anyone to use vram as temporary storage location. With di the game music is slower like the movement of elevator but Game works ok after. That loop that does the transfer of data is done when you go up down elevators.

Could it be considered a bad disk hackers version? Or a bad hacked protection? When i fixed it i thought about it.

By NYYRIKKI

Enlighted (4599)

NYYRIKKI's picture

20-07-2017, 06:36

Louthrax wrote:

I think some of these Konami games have alternative versions, with different patching addresses.

At first I thought that no... they are not that different, but then I found that I'm wrong. Indeed something to have a closer look.

Manuel wrote:

How about putting it on the Wiki?

Sure... Have to look the previous issue first.

Louthrax wrote:

Everything looks fine, except the last patch sequence from Ping-Pong, and the Q-Bert patch (code at these addresses does not look like the other usual protection patterns). Let me know, maybe that's just a typo, something I did not understand, or maybe I have different ROM dumps?

I think you indeed have different versions... Ping-Pong I already confirmed to have two different versions with different patch addresse.

nikodr wrote:

Could it be considered a bad disk hackers version? Or a bad hacked protection? When i fixed it i thought about it.

The mapper it self was propably best copy protection they ever came up with although it was only it's secondary function. What comes to your DI/EI issue... I'm sure they didn't ever even think that someone would try to go around the limitations by copying part of the data to VRAM, so it definitely goes in to category of bad cracks.

Some times I anyway wonder why these copy protections were so bad? The issue of pirated games was quite obvious anyway. Maybe Konami just thought that if there is even something it will keep "script kiddies" away. If someone can crack even most obvious protection then the game is anyway lost in a week or month... but still... Does that protection even work ie. in Q-Bert? And why they released SCC+ as it is? It is like it was designed for playing pirated Konami games... yet it was released to public by Konami it self! They tweaked the chip anyway, so removing this option would have been dead easy... or maybe they though the cartridges time had gone already and this was kind of a gift to boost last disk game sales.

By Jipe

Paragon (1239)

Jipe's picture

20-07-2017, 13:07

sure vampire killer exist with many cartridge version
i copy with MGSAVE and obtain 2 différent files

By NYYRIKKI

Enlighted (4599)

NYYRIKKI's picture

25-07-2017, 20:54

Louthrax wrote:

Everything looks fine, except the last patch sequence from Ping-Pong, and the Q-Bert patch (code at these addresses does not look like the other usual protection patterns). Let me know, maybe that's just a typo, something I did not understand, or maybe I have different ROM dumps?

With Ping-Pong the problem was that there was indeed two versions that were a bit different. Q-Bert I had somehow just completely messed up. I think this might be due to bug in openMSX debugger (it might show completely outdated stuff compared to what is actually in memory) This routine is not actually a protection, but a routine to initialize ROM-mapper... How ever AFAIK this game hardware does not really have a mapper, so the patch removes the initialization.

I've updated now the list and also added it to Wiki.

Page 1/3
| 2 | 3
My MSX profile