[david-given]

Yeah, putting tight loops into fast RAM for extra speed is a very old trick --- I've done it myself. Likewise multiple stores.

Using a non-standard copy of the address --- well, it's an emulator, on a slow system; the ARM requires 32-bit constants to be read from a constant pool. If it can use certain addresses that are cheaper to construct, somehow, that'd be a performance boost. Can't tell without knowing which addresses, though.

My first thought on the save type masquerading and the pre-fetch queue testing is that it's testing for particular hardware. e.g. if it's running on a cart with SRAM, do the SRAM thing, otherwise do the flash thing. Likewise, testing the pipeline size might be trying to figure out what processor there is. That doesn't explain why it just crashes rather than following some other code path --- if the code to do the SRAM thing was there, and the emulator tells the game that there's SRAM, then the emulator should see the game doing the SRAM thing.

It might be something as trivially stupid as that the game contains the code to check for development hardware, but that the run-time support for the development hardware isn't present and instead the game is just crashing. There may not be anything malicious here.

If I wanted some sort of antipiracy or antiemulation feature, I wouldn't put a big obvious crash up front. Instead I'd introduce some sort of random failure elsewhere in the game, so it superficially looks like it's working, but isn't any fun to play...

[jpfau]

Instead I'd introduce some sort of random failure elsewhere in the game, so it superficially looks like it's working, but isn't any fun to play...

This isn't mentioned in the article, since one of the anti-piracy/-emulation techniques I didn't discover at the time of writing it (due to my dump being an overdump) is that many of the games do this. They screw up input so it either boots but you can't play it at all, or input is unplayably slow. It detects it by having an interesting memory mirroring quirk in the cartridges that no other GBA carts have.

[mikejmoffitt]

This is one effect I discovered when I was working on getting around the anti-piracy effects of an arcade game[1][2] in order to run it on similar hardware. I think it is a more clever copy defeat mechanism than stopping the game from booting.

[1] http://mikejmoffitt.com/articles/0047-puyopuy2.html [2] https://tcrf.net/Puyo_Puyo_Tsuu_(Arcade)

[Cpoll]

> Instead I'd introduce some sort of random failure elsewhere in the game, so it superficially looks like it's working, but isn't any fun to play...

Doesn't that defeat the purpose? If people don't realize that they're being punished for pirating, you're just collecting bad review scores and not pushing anyone to buy a legitimate copy.

[CocaKoala]

It's actually a not-unheard of trick. Arkham Asylum, for example, would have a failure case about halfway through the game where Batman's cape would fail to open when he jumped down into a deep (plot-required) pit if the game had been pirated. Batman would crash into the ground and die, the users would take to developer forums or the steam forums to complain that they couldn't get past this one section because of a gamebreaking bug, and then the developers would say, "Yes, that's an anti-piracy measure. If you purchase the game, it won't happen".

Another game, Game Developer Tycoon, would run as normal, but as you got further and further along, in-game pirates would pirate all the games you made and your profits would keep on dropping. People came to the developer forums to ask for ways to keep people from pirating their games, because they couldn't make any money because of all of the pirate. The irony was lost on some.

[Cpoll]

I think the Game Developer Tycoon one is the only actual success story, and that's because the story went viral.

For every person who goes out of their way to complain on the forums, there's probably five that just caution their friends not to buy the game.

I also recall (obviously difficult to verify) accounts from people who claimed that the Arkham Asylum (I recalled it was City...?) bug happened to them with legitimate copies. From a development perspective, an "Easter egg" of that sort requires a LOT of QA effort.

[bluedino]

This is exactly what games like Spyro the Dragon do - the cracker would give up after fixing n protections

[jacobush]

Yes, it makes it more time consuming to fix all the protections. It's like all debugging, the crash bugs are usually easier to fix. It's the little ones a long way in which are harder to fix.