Déjà Vu from Rubicon Publishing

[Mu0n]

I've NEVER EVER seen "Déjà Vu", the tile memory game from Rubicon Publishing, anywhere online since I started looking in the late 90's for old Mac software. It seems to be a forgotten title. No acknowledgment, no discussion, no download. This is not the Icom Simulations adventure game with the point and click + window game here, but a totally unrelated tile reveal memory game where you match pairs and can play hotseat or against an AI. Of course, it lives in utter obscurity because of the much more mega popular adventure game of the same name.

It has a full page ad in the very first MacUser issue of October 1985 (page 89). (source: https://vintageapple.org/macuser/pdf/MacUser_8510_Premier_Issue_October_1985.pdf)



I have a physical copy of the original game, no box (maybe it came in a bag, maybe in a flimsly miminal sleeve, it was so long ago) and to my knowledge, that game has some master disk copy protection. I've been able to make duplicates by using DiskDup since I still want to play it and my 3 year old daughter loves playing it. We use the "success" and "failure" sounds of that game in all sorts of unrelated situations together, it's a blast!

 

[Crutch]

Cool. Never heard of this. So are you able to upload it somewhere? I’m sure the copy protection could be cracked if one wanted to do such a thing. 

 

[Mu0n]

I often get them confused. DiskDup 1.2.3+ Pro does not copy the game, there's an error during the reading phase as there's probably a bad sector.

The duplicate I successfully made, which ran flawlessly as well as the original, was with Copy II Mac 5.4.

Maybe someone can crack this with Macsbug or TMON, I tried simply copying the contents of the disk into a 400kb image file made with DiskDup 1.3.2+. I transfered it into my PC, probably losing the resource fork of that file, but it opens FINE inside mini-vMac on my Windows 7 machine. Not as a boot disk, but as a regular disk once you're in the Finder by your own means.

The behavior: when you attempt to run the game, it goes to a black screen, beeps, and freezes. You gotta restart the machine.

https://drive.google.com/file/d/1BdTCL03Z3IVRQ8Rhs3PJMhNRsdRCeT8G/view?usp=sharing

if you want a crack at it, get it from that link.

 

[Mu0n]

I can get TMON going with this without it exploding into a ragequit. I set up an interrupt with the _InitGraf trap. And now, an expert with great debugging strategies should swoop in...

 

[Mu0n]

Oh my, what do we have here?

I'm just STEPing until it crashes. I've gone through a few loops, a _TEInit, a _FlushEvents. I went through CODE001+(relative address) for a spell, and now I've reached into this very....very...interesting code block:

 

[Mu0n]

This is where it breaks. I was caught in a longish loop before getting to that point, I got impatient and just jumped away from a branch instruction to get it over with, and it quickly got to this:

 

[Crutch]

That is hilarious. PIRATED PIRATED PIRATED

 

[CC_333]

Oh my, what do we have here?

I'm just STEPing until it crashes. I've gone through a few loops, a _TEInit, a _FlushEvents. I went through CODE001+(relative address) for a spell, and now I've reached into this very....very...interesting code block:

View attachment 36252

Jeez, they definitely didn't want anyone copying this, did they?

Hopefully you'll succeed despite the programmers' efforts to thwart such efforts.

c

 

[Mu0n]

I finally have time to resume working on this. I'll have so many questions. The only direct hands-on experience I have with assembly language is with a 6502 last year, when I made a silly little game on a breadboard 6502 kit computer (from Ben Eater, who made a great youtube series that escalates into functional assembly programs, interfaced with ROM, RAM and a VIC. Teaching various electronic basics and not-so-basics such as button debouncing, capacitor placement as close as it can get to oft-changing IC legs, intercepting and decoding signals with an arduino at various parts of the breadboard, etc).

My first question while poking into the game's code using Resorcerer, how do you find the point of entry? Does it look like it's the ID=1 Code block because of that little symbol ('Preload') it has that none other have? Basically I want the equivalent of the .ORG address linker instruction of a 6502 assembly source code file.

 

[Mu0n]

My first unsuccessful and naive attempt at thwarting the copy protection is to zero in on the PIRATED subroutine of CODE1, letting the first LINK instruction happen, and then swap in whatever was happening in the next two lines with an UNLINK (why not cancel the stack allocation that was happening, is my rationale....) and just RTS back to whatever called for that subroutine.  This didn't help and running the game produces the same behavior as it did before my modification. The game starts to load, goes to a black screen, beeps and freezes.

Thing is, I'm not sure how to easily find which line(s) of code goes to the PIRATED block, Maybe an important check is done before I get to that point. Knowning which part calls it would allow me to better read the prep code that happens before it, know where to intercept some traps in TMON not too far in advance, etc.

 

[Crutch]

When a Mac application starts, the Segment Loader loads the jump table, which is always CODE resource 0, and reads the first entry. Almost always, that directs it to begin executing the code in CODE resource 1, which is indeed the case here (you can see that the first instructions at the top of CODE resource 0 push a #1 onto the stack then call _LoadSeg). So your entry point is indeed the beginning of CODE resource 1, as you guessed. 

 

[Crutch]

I don’t know anything about TMON, but in MacsBug you could use the “stack crawl” commands (SC6 and SC7) to try to figure out how you ended up at a particular instruction.  I’m sure TMON will have something similar.  So you could start in the debugger at the problem code, then do a stack crawl to look at the prior chain of calling instructions until you get back to the relevant branch that sent you down the wrong path, and NOP it out.

 

[Mu0n]

Welp! Someone uploaded a cracked version in Mac Garden https://macintoshgarden.org/games/dejavu#comment-76349

The game of being the first to bring this to the world is done, but the fun of understanding how it was done is still on. Time to compare the apps side by side... That is, if I don't get a reply from the person who uploaded it. 

 

[BacioiuC]

I think I have a copy of Deja Vu 1 + 2 on a floppy disk, however my SE Floppy is dead. I'll try and get it uploaded when I get a replacement drive.

Edit: Ups, my bad

 

[Mu0n]

I think I have a copy of Deja Vu 1 + 2 on a floppy disk, however my SE Floppy is dead. I'll try and get it uploaded when I get a replacement drive.

I also have them, this is not about the adventure games from ICOM, I'll kindly redirect you to read the first post of this thread to see what this is about. 

 

[cheesestraws]

dread the first post of this thread

And if you can't dread it, at least fear it? ;-) *ducks*

 

[Winterlast]

DéjàVu's protection relies on a single bad sector which disk images don't capture. Here's how some long-ago hacker defeated it:

CODE 4, offset 0564: change 4EAD 007A to 4E71 4E71

CODE 4, offset 0570: change 6708 to 6008

CODE 6, offset 0E5A: change 4EAD 007A to 4E71 4E71

CODE 6, offset 0E66: change 6706 to 6006




There's also this separate set of instructions floating around which don't quite apply to version 2.3, unless you change the 0002 below to 0001.

Search for: 6708 4EAD 019A
Change to : 6008 4EAD 019A

Search for: 6706 1B7C 0002 F58B
Change to : 6006 1B7C 0002 F58B




If you do, they become identical to two of the four edits from the v2.3 crack. Even in that version, they seem perfectly sufficient on their own to branch past the disk check, whereas the NOP'd out JSRs nearby have no obvious effect on the game's operation. I noped out myself rather than second-guess an old-school hacker, but I'll be interested if you can work out what they were doing and how they got themselves there.

I have a physical copy of the original game, no box (maybe it came in a bag, maybe in a flimsly miminal sleeve, it was so long ago)

The box uses the same imagery as the magazine ad. Scanning it is on my extremely long to-do list.

 

[Mu0n]

Here's a direct capture of the gameplay (video captured from the analog board through a RGB2HDMI and sound captured from the headphone jack);

 

[Crutch]

Thanks for posting that! Nice video capture.

Looking back at the first post in the thread, I can’t quite believe that this product was considered a commercial-quality, let’s-advertise-this-in-MacUser type of release in 1985 … one year before Dark Castle! These sound effects, wow ….

 

[olePigeon]

@Mu0n Don't suppose you're in Northern California? I could flux image the disk for you (copy protection included) so you can make a copy of your original disk.