From 95cdc711cfa2b34703fa4aeea2082b36e05749a5 Mon Sep 17 00:00:00 2001
From: Franklin Wei <frankhwei536@gmail.com>
Date: Mon, 7 Nov 2016 18:39:20 -0500
Subject: bypass protection works

Change-Id: I5faeed8e94af065ae51437dc36d7f48a03acad54
---
 apps/plugins/xworld/vm.c | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

(limited to 'apps/plugins')

diff --git a/apps/plugins/xworld/vm.c b/apps/plugins/xworld/vm.c
index 2863d69..10c3957 100644
--- a/apps/plugins/xworld/vm.c
+++ b/apps/plugins/xworld/vm.c
@@ -52,8 +52,13 @@ void vm_init(struct VirtualMachine* m) {
 
     rb->memset(m->vmVariables, 0, sizeof(m->vmVariables));
     m->vmVariables[0x54] = 0x81;
-    /* constant seed for code wheel */
-    m->vmVariables[VM_VARIABLE_RANDOM_SEED] = 0;
+    m->vmVariables[VM_VARIABLE_RANDOM_SEED] = *rb->current_tick % 0x10000;
+
+    /* rawgl has these, but they don't seem to do anything */
+    //m->vmVariables[0xBC] = 0x10;
+    //m->vmVariables[0xC6] = 0x80;
+    //m->vmVariables[0xF2] = 4000;
+    //m->vmVariables[0xDC] = 33;
 
     m->_fastMode = false;
     m->player->_markVar = &m->vmVariables[VM_VARIABLE_MUS_MARK];
@@ -155,8 +160,7 @@ void vm_op_condJmp(struct VirtualMachine* m) {
 
     //debug(DBG_VM, "Jump : %X \n",m->_scriptPtr.pc-m->res->segBytecode);
 //FCS Whoever wrote this is patching the bytecode on the fly. This is ballzy !!
-#ifdef BYPASS_PROTECTION
-
+#if 0
     if (m->res->currentPartId == GAME_PART_FIRST && m->_scriptPtr.pc == m->res->segBytecode + 0xCB9) {
 
         // (0x0CB8) condJmp(0x80, VAR(41), VAR(30), 0xCD3)
@@ -178,7 +182,8 @@ void vm_op_condJmp(struct VirtualMachine* m) {
 #endif
 
     uint8_t opcode = scriptPtr_fetchByte(&m->_scriptPtr);
-    int16_t b = m->vmVariables[scriptPtr_fetchByte(&m->_scriptPtr)];
+    uint8_t var = scriptPtr_fetchByte(&m->_scriptPtr);
+    int16_t b = m->vmVariables[var];
     uint8_t c = scriptPtr_fetchByte(&m->_scriptPtr);
     int16_t a;
 
@@ -196,6 +201,22 @@ void vm_op_condJmp(struct VirtualMachine* m) {
     switch (opcode & 7) {
     case 0:     // jz
         expr = (b == a);
+
+#ifdef BYPASS_PROTECTION
+        /* always succeed in code wheel verification */
+        if (m->res->currentPartId == GAME_PART_FIRST && var == 0x29 && (opcode & 0x80) != 0) {
+
+            m->vmVariables[0x29] = m->vmVariables[0x1E];
+            m->vmVariables[0x2A] = m->vmVariables[0x1F];
+            m->vmVariables[0x2B] = m->vmVariables[0x20];
+            m->vmVariables[0x2C] = m->vmVariables[0x21];
+            // counters
+            m->vmVariables[0x32] = 6;
+            m->vmVariables[0x64] = 20;
+            expr = true;
+            //warning("Script::op_condJmp() bypassing protection");
+        }
+#endif
         break;
     case 1: // jnz
         expr = (b != a);
-- 
cgit v1.1