Page 1 of 3

Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 1:17 am
by Gooster
Can anyone offer some starter tips trying to reverse engineer a cassette program? I'm looking at Boss 1.5 (I grabbed it from the Tosec archives) which is on a tap file. I tried using cleantap to pull the prg off the tape image but it fails. Vice is able to autoload the game, though, so I think the tap file is good. (Interestingly, booting the Vic and manually trying to load the game from tape does not work, so I don't know what Vice autostart is doing differently from a simple LOAD"",1,1).

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 1:21 am
by srowe
Is the program a single file or is there a fastloader stub with the rest as a non-standard encoding? If you point me at the .TAP file I'll run some Python scripts which can analyze it.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 1:58 am
by Gooster
I really don't know, but if you can take a look it that would be great! Try this link:

https://www.dropbox.com/s/kz7d0fp2d117i ... D.tap?dl=0

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 2:27 am
by srowe
My first attempt seems to suggest it's a single BASIC file

Code: Select all

(venv) [srowe@gilraen python-tapfile (master)]$ python3 examples/tap-dump.py ~/Downloads/Boss\ Chess\ v1.5\ \(1982\)\(Audiogenic\)\[8k\].tap 
DEBUG:tap_file.tap_file:header1: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:header2: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:Header: <TapHeader: data_len - 192, errors? - False>
header HeaderType.PRG 4609 16384 bytearray(b'BOSS.EXE 1.5') False
DEBUG:tap_file.tap_file:data1: <DataStream: data_len - 6295, #errors - 1>
DEBUG:tap_file.tap_file:data2: None
My tool has failed to read the second copy of the payload, either there's a bug in the code or the image is corrupt/incomplete.

[Edit] My tool is truncating the first copy of the payload, the length should be 11775.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 7:28 am
by tlr
If I select NTSC and full memory expansion it loads (with ?LOAD ERROR) in vice, but then starts on RUN. Don't know if it's broken though.
If I select PAL it crashes on RUN.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 7:50 am
by srowe
I'm running on PAL, I've seen a couple of crashes too but it works most of the time.

I'm struggling to scan the file with my tools, I think there's a block of pulses that are close to the timing and that might have introduced uncorrectable (and undetectable) errors.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 9:36 am
by Gooster
Ok it seems like an unreliable copy then, thanks for taking a look!

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 10:08 am
by srowe

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 2:11 pm
by Gooster
There seem to be two versions floating around, the 1.1 version seems to be easier to find (e.g. in GB20). The 1.5 version I've only found this tap image for in Tosec.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Thu Nov 19, 2020 2:21 pm
by srowe
Ah, I'd missed the difference in version. A quick-and-dirty way of getting a .PRG file is to drop into the monitor in VICE and save memory using

Code: Select all

s "boss 1.5.prg" 0 1201 3fff
I'll keep on trying to dump the tape image.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Fri Nov 20, 2020 1:35 am
by srowe
An actual tape copy has just been listed

https://www.ebay.co.uk/itm/Boss-Kavan-S ... SwgFleG4Bi

Wonder which version it is?

Re: Tips for Reverse Engineering a Cassette Program

Posted: Sat Nov 21, 2020 1:19 am
by Gooster
Ha, if I still had my 64 and hardware I'd be very tempted to pick that up!

Re: Tips for Reverse Engineering a Cassette Program

Posted: Sun Nov 22, 2020 2:48 pm
by srowe
I've had some success after improving my code

Code: Select all

(venv) [srowe@gilraen python-tapfile (master)]$ python3 examples/tap-dump.py ~/Downloads/Boss\ Chess\ v1.5\ \(1982\)\(Audiogenic\)\[8k\].tap  
DEBUG:tap_file.tap_file:header1: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:header2: <DataStream: data_len - 202, #errors - 0>
DEBUG:tap_file.tap_file:Header: <TapHeader: data_len - 192, errors? - False>
header HeaderType.PRG 4609 16384 bytearray(b'BOSS.EXE 1.5') False
DEBUG:tap_file.tap_file:data1: <DataStream: data_len - 11785, #errors - 20>
DEBUG:tap_file.tap_file:data2: <DataStream: data_len - 11785, #errors - 492>
DEBUG:tap_file.tap_object:Uncorrected errors remain
DEBUG:tap_file.tap_file:Data: <TapData: data_len - 11775, errors? - True>
There's still too many errors in the second copy to recover the file, I need to explore how to make my code more like the KERNAL.

Re: Tips for Reverse Engineering a Cassette Program

Posted: Mon Dec 14, 2020 12:46 am
by Gooster
Even when I was able to load the game it still ended up being corrupt. It seems the 1.1 version that's around is also corrupt. But I may have found a good copy (albeit on disk) here:

https://vic20reloaded.com/vic20-16k-gam ... ion-1-a-2/

Re: Tips for Reverse Engineering a Cassette Program

Posted: Fri Feb 26, 2021 3:36 pm
by oracle_jedi
Attached is a TAP image with BOSS 1.5 if you are still looking to reverse engineer something.

The VICE dump option shown by srowe earlier will save it to disk, but BOSS has an interesting protection scheme, which will result in an unplayable game. The disk dump you already found has defeated this with an interesting solution. I checked and the disk image is BOSS 1.5