
Classic NES Series Anti-Emulation Measures - kibwen
https://mgba.io/2014/12/28/classic-nes/
======
eric_the_read
From the "Dolphin Progress Report" article
([https://news.ycombinator.com/item?id=13544514](https://news.ycombinator.com/item?id=13544514)):
there were two Disney games that wrote garbage data to a region of memory
where important data was stored, but not enough to cause the CPU to flush the
cache, and then invalidated the cache, causing the writes to never actually
happen on real hardware, but on Dolphin (which didn't actually implement a CPU
cache in its emulation layer), it caused the writes to actually happen.

~~~
jedimastert
That's super clever

~~~
LoonyBalloony
All this effort to claim possession over something. Imagine if all the effort
regarding possession and wealth were used to make something actually useful.
What a waste.

~~~
pasiaj
I actually believe the exact opposite.

That so many useful innovations are lost & forgotten, because there was no
incentive to market & distribute the innovation.

It is lost on many, that the usefulness of an idea does not guarantee it's
popularity. It is very, very hard to get visibility & traction for even the
most useful of inventions.

Protections on ownership & wealth create the incentives to invest in creating
new innovations, but also to productise, distribute and market those
innovations.

It is only a small fraction of products that can exist without the proper
incentives to build out the whole chain from idea to r&d, productisation, to
distribution & marketing.

~~~
ajamesm
Run the Jewels just released their latest album entirely for free, and hit #1
in sales anyway, so

~~~
Groxx
That a counterexample exists doesn't really impact the claim that "many"
(though they imply "most" imo) do not work this way.

~~~
qwertyuiop924
Indeed: Not everybody is the kind of person who pays for Jonathan Coulton's
music instead of downloading it for free.

------
gp2000
It is difficult to take a binary program and establish intent. I'd rather call
these "interesting and unusual programming tricks" than "anti-emulation
measures" until more evidence is presented.

Mirrored memory is a side effect of unconnected lines on the address bus thus
making the content of those bits irrelevant. Code can take advantage of this
to run faster or put tag values into addresses.

On a GBA, VRAM is faster than ordinary RAM. Programs can do well to use it for
tight inner loops.

Using STM (store multiple) to DMA registers? Again, go faster.

Save type masquerading might be code that helps when running on a development
kit, but I admit that I can't think of what use it might have.

Self-modifying code that depends on the pre-fetch queue might be the best
place to look for intent. Might be easy to tell if the program is doing it for
some larger purpose or simply to fail subtly or overtly if it sees unrealistic
processor behavior.

Any why would a program do extra work writing to an audio FIFO than need be?

~~~
david-given
Yeah, putting tight loops into fast RAM for extra speed is a very old trick
--- I've done it myself. Likewise multiple stores.

Using a non-standard copy of the address --- well, it's an emulator, on a slow
system; the ARM requires 32-bit constants to be read from a constant pool. If
it can use certain addresses that are cheaper to construct, somehow, that'd be
a performance boost. Can't tell without knowing which addresses, though.

My first thought on the save type masquerading and the pre-fetch queue testing
is that it's testing for particular hardware. e.g. if it's running on a cart
with SRAM, do the SRAM thing, otherwise do the flash thing. Likewise, testing
the pipeline size might be trying to figure out what processor there is. That
doesn't explain why it just crashes rather than following some other code path
--- if the code to do the SRAM thing was there, and the emulator tells the
game that there's SRAM, then the emulator should see the game doing the SRAM
thing.

It _might_ be something as trivially stupid as that the game contains the code
to check for development hardware, but that the run-time support for the
development hardware isn't present and instead the game is just crashing.
There may not be anything malicious here.

If _I_ wanted some sort of antipiracy or antiemulation feature, I wouldn't put
a big obvious crash up front. Instead I'd introduce some sort of random
failure elsewhere in the game, so it superficially looks like it's working,
but isn't any fun to play...

~~~
Cpoll
> Instead I'd introduce some sort of random failure elsewhere in the game, so
> it superficially looks like it's working, but isn't any fun to play...

Doesn't that defeat the purpose? If people don't realize that they're being
punished for pirating, you're just collecting bad review scores and not
pushing anyone to buy a legitimate copy.

~~~
CocaKoala
It's actually a not-unheard of trick. Arkham Asylum, for example, would have a
failure case about halfway through the game where Batman's cape would fail to
open when he jumped down into a deep (plot-required) pit if the game had been
pirated. Batman would crash into the ground and die, the users would take to
developer forums or the steam forums to complain that they couldn't get past
this one section because of a gamebreaking bug, and then the developers would
say, "Yes, that's an anti-piracy measure. If you purchase the game, it won't
happen".

Another game, Game Developer Tycoon, would run as normal, but as you got
further and further along, in-game pirates would pirate all the games you made
and your profits would keep on dropping. People came to the developer forums
to ask for ways to keep people from pirating their games, because they
couldn't make any money because of all of the pirate. The irony was lost on
some.

~~~
Cpoll
I think the Game Developer Tycoon one is the only actual success story, and
that's because the story went viral.

For every person who goes out of their way to complain on the forums, there's
probably five that just caution their friends not to buy the game.

I also recall (obviously difficult to verify) accounts from people who claimed
that the Arkham Asylum (I recalled it was City...?) bug happened to them with
legitimate copies. From a development perspective, an "Easter egg" of that
sort requires a LOT of QA effort.

------
derefr
> I’m not really sure why Nintendo went all out with these games, considering
> that these are just ports of NES games.

I've always suspected that Nintendo cares a lot less about PC emulation, than
it does about mostly-chip-compatible knock-off hardware.

Think of those consoles you see at Walmart that claim to come with "100 games
built in!" Those frequently contain chip-compatible designs of Nintendo's old
hardware, and a library of ROMhacks of NES games (or the ROM from a single one
of those 100-in-1 NES carts.) They're not emulating Nintendo ROMs; they're
just _running_ them, directly.

The manufacturers of these consoles never bothered to clone newer ones after
the NES, because all the demand for these knock-offs seems to be some weird
combination of nostalgia and clueless-parent value-purchasing (e.g. "oh hey,
it has Super Mario Bros on the box! That game was great. My kids would like
that!")

But the GBA is just as easy to clone the internals of as the NES is (ARM7
cores are just as easy to find—and cheap—as 6502s), and has a _far_ larger
library of games (~17000!) So if these companies could transition to a GBA
chip-compatible design and still ship these NES ports, they'd increase value
immensely, while still being able to put NES nostalgia on the box.

And so, for these ROMs that might have been just the thing to spark this
switch-over, Nintendo went to some extra effort.

It would have been funny, had any of these knock-off manufacturers already
finalized a hardware design based on tests with other GBA ROMs and started up
their logistics pipeline to assemble consoles, had they flashed one of the NES
Classics ROMs onto their new-off-the-line console, and realized that it was
far more stringent than other games were about faithfulness to the GBA's
architecture. It might be enough to kill a whole company.

\---

Of course, none of this ever materialized, because for _some_ reason, the
knock-off manufacturers are _still_ just making consoles that are chip-
compatible with NES games, rather than speccing out builds based on what chips
have become equally cheap since then. Who knows why.

~~~
einr
_Of course, none of this ever materialized, because for some reason, the
knock-off manufacturers are still just making consoles that are chip-
compatible with NES games, rather than speccing out builds based on what chips
have become equally cheap since then. Who knows why._

Actually, there are now quite a few Chinese GBA clones on the market, and my
understanding is that they do not use emulation but are hardware-compatible
reimplementations of the GBA hardware.

Some examples:

[http://www.k1gba.com/](http://www.k1gba.com/)

[http://exeq.ru/produkcija/pristavki/detskie/gamebox.html](http://exeq.ru/produkcija/pristavki/detskie/gamebox.html)

[http://obscurehandhelds.com/2010/08/the-nintendo-game-boy-
ad...](http://obscurehandhelds.com/2010/08/the-nintendo-game-boy-advance-
clone/)

~~~
qwertyuiop924
If I could find a good one, I just might buy it, too. My AGS-101 isn't exactly
an ideal system. But then, a GBASP might be cheaper...

~~~
hanasu
The 101 is the most desirable SP because of the nicer backlit screen, so don't
just get rid of it.

~~~
qwertyuiop924
Wait, did I say AGS-101? Sorry, mistake on my part. I meant my _AGB-001_

------
jonawesomegreen
Part of me wonders if this is just some experienced game dev working on a
boring porting project that decided to have a little fun and see how he could
cause issues with emulation, not some large sanctioned measure to defeat
emulation software. Might explain why this effort went into such a seemingly
unlikely game.

~~~
rhinoceraptor
If I were a game dev, I would want my work to be preserved past the life of
the specific hardware it was written for. It's sad that so much culture is
lost due to proprietary hardware and software.

~~~
brokenmachine
True.

I recently "bought" Titanfall 2, on DVD. I put "bought" in quotes because I
wonder how much I actually own it, if at all.

It wouldn't run at all without first connecting to the internet and
downloading multiple gigabytes of updates.

I wonder what would happen in the future when EA decides to shut up shop or
change their DRM platform. Will I ever be able to play it again?

This is why I often feel like pirates "own" the content more than legitimate
buyers.

~~~
qwertyuiop924
Yeah. Compare this to the 90s games I've been playing: I can still take a copy
of Q3A or UT from '99 and install it on my computer (although why you wouldn't
use the IOQ3/UTPG patches is beyond me). Ditto for Doom and Descent (although
you need a src port). Thief, Deus Ex, System Shock 2, and Baldur's Gate are a
little harder to get running (you have to use wine, and in the case of Deus
Ex, figure out how to get the shoddy programming to work with modern
hardware), but it's still doable.

Will that be true of FTL, Bastion, Shadow of Mordor, Limbo, or Assassin's
Creed?

~~~
leni536
Better yet, the Q3A engine is open-source and is still maintained in the form
of ioquake3. Just look at how many architectures it's compiled for on Debian.
It's going to stay forever with us without emulation.

[https://packages.debian.org/sid/ioquake3](https://packages.debian.org/sid/ioquake3)

~~~
qwertyuiop924
I did mention that...

------
qwertyuiop924
I've been reading about the gameboy's architecture and internals (in the hopes
of making a game with it), and it's pretty amazing how much specialized
hardware there was in earlier generations of consoles, especially compared to
the more general modern consoles. And yes, new consoles have GPUs, but those
are everywhere.

Your computer has a GPU. It probably doesn't and didn't have scrolling
registers or hardware sprites (unless, like the C64, it had a gaming focus).

~~~
iflowfor8hours
There is an excellent video from 33c3 about Gameboy internals and all the
wonderful tricks that can be utilized when writing software for it.
[https://media.ccc.de/v/33c3-8029-the_ultimate_game_boy_talk](https://media.ccc.de/v/33c3-8029-the_ultimate_game_boy_talk)

~~~
qwertyuiop924
C3 never ceases to surprise me. Thanks!

------
bondjsbond
Does Legend of Zelda: Minish Cap have something similar? I played that game on
a raspberry pi but it always freezes and dies when I enter a certain room in
the final boss castle... Not sure if just a bad port or a security feature...
I would love to finish it, but don't feel like replaying the rest of the game
just for the ending...

~~~
voltagex_
Which emulator?

~~~
bondjsbond
I want to say it was running Retro Pie? Edit: I don't have it with me, but I
think it was the mGBA emulator, sorry.

~~~
jpfau
That's not an emulator, it's a frontend. You'd need to know the core, e.g.
mGBA or VBA-Next.

------
webreac
I wonder if these tricks to defeat emulators have the opposite effects. They
give truly interesting chalenges that can motivate talentuous developpers.

~~~
derefr
Yep. See, for example, 4am's cracks of the Apple II software collection
([https://archive.org/details/apple_ii_library_4am](https://archive.org/details/apple_ii_library_4am)),
done half for the sake of preserving old games, but also half for the sake of
discovering (and documenting!) the many kinds of anti-piracy measures that
went into them.

------
AdmiralAsshat
Article is from 2014. Suggest adding info to submission title.

~~~
jpfau
Indeed, I even posted it back then:
[https://news.ycombinator.com/item?id=8808754](https://news.ycombinator.com/item?id=8808754)

------
kibwen
I find it very interesting to read about these sort of tactics, given that not
only does their design require a high degree of expertise with console
hardware (which Nintendo's developers obviously have), but also a high degree
of familiarity with emulators themselves in order to understand the techniques
that are likely to defeat the common optimizations and shortcuts that
emulators make in order to make up for the discrepancy in speed.

------
Fej
If I remember correctly, Nintendo also implemented tough DRM like this for the
GBC Video series. Same light gray cartridges, I think.

(GBA Video was a short-lived series of video content available on GBA carts. I
remember having a cart with an episode of The Fairly Odd-Parents on it. The
video quality was terrible. Nothing worth protecting.)

------
patmcguire
Why bother? If these are ports of NES games, couldn't they just emulate the
NES versions?

~~~
patmcguire
Welp, I commited the sin of posting before reading. That was the last
paragraph of the article.

