Re: [stella] Emulator detection

Subject: Re: [stella] Emulator detection
From: Joseph Thompson <jrt1@xxxxxxxxxxx>
Date: Mon, 4 Jul 2005 11:55:30 -0400
B. Watson wrote:

>On Mon, 4 Jul 2005, atari2600 wrote:
>>So, my question is -- should this 'exploit' be published and thus allow
>>the emulators to more correctly emulate the hardware, or should it be
>>kept private and allow authors (me! me! choose me!) to release binaries
>>that can only be played on real hardware?
>I'd say anything that lets code determine whether it's running on an
>emulator or not, is a bug in the emulator (inaccurate emulation). Whether
>or not it should be published openly... well, Stella and z26 sources
>are both published openly. Share and share alike would be my preference.
>As somebody else already mentioned in another mail, the emulators'
>sources are available, so nothing's stopping anyone from forking an
>"evil" version of either Stella or z26.
>Actually, since we have no idea what the "exploit" is right now, there'd
>be no need for a fork: somebody who reverse-engineered it can just report
>it as a bug and send us the code snippet that causes the problem as though
>he were writing a game and discovered the emulator bug by accident. We'd
>see it as an emulation bug, fix it, and the "magic binary" would start
>working in the emulator in the next release. This social engineering
>attack would work even if the emulators were closed source.
>Once a binary like that is released, the "exploit" has been published
>anyway. We'd all be able to debug or just trace the binary and see exactly
>what it does. Even if everyone who currently knows how to do this were
>to all agree not to publish their results, it wouldn't stop new people
>from reading the stelladoc, learning 6502 asm, and getting knowledgeable
>enough to reverse-engineer it and publish it themselves. Most of the
>point of this list is helping people learn who want to learn... but even
>without the list, all the pieces are available for anyone who wants to
>solve the puzzle.
>I'd say the genie is already out of the bottle... I'd also say that this
>is "security through obscurity" and bound to fail in the long term.
>>An even better question is:  should emulators allow such detection
>>so that those who want to release binaries that cannot be played on
>>emulators, can do so.  My personal opinion is that emulator authors
>>SHOULD include such an official hook as an encouragement for collectors
>>to buy actual homebrew cartridges.  Otherwise we get into an 'arms race'
>>where such exploits as found above are NOT shared with the community,
>>and the emulators are therefore not as perfect as they otherwise might be.
>You're right, that's a better question. A hook like that wouldn't even
>have to depend on emulation bugs: we could steal one of the many JAM
>instructions for the purpose, or else look for a signature at the front
>of the ROM image (the ASCII bytes 'NOEMU' perhaps). Of course, anyone
>could read the emulator source and comment out the protection code,
>or use a hex editor to remove the protection from the cartridge. Still,
>it avoids the "hey, I found this emulation bug" social exploit: we could
>all agree that the official versions of the emulators would respect
>whatever signature/code we agreed on. Any version that doesn't is by
>definition a forked version, not the real McCoy.
>With a scheme like that, it all boils down to the honor system in the
>end: all the information on how to crack it is freely available from
>anywhere in the world. You'd be trusting people to play along and be
>good citizens... but if you're ultimately relying on trust, you might as
>well go all the way and trust people enough not to feel the need for a
>"magic binary".
>I actually don't know which side I'm on here: I just read what I wrote
>and noticed I'm arguing both sides. I guess that's what makes it such
>a good question :)
>Another question is: What if I bought the game, but want to play it on an
>emulator for convenience. I bring my laptop with me everywhere, but not my
>2600 and TV. Shall I be prevented from playing the game I paid for just
>because I'm not at home sitting in front of the TV? I personally would
>consider it 100% ethical to disable any such protection for that purpose
>(even the DMCA has an interoperability clause). Of course, I also would
>consider it 100% UNethical to give anyone a copy of the ROM... but there
>are plenty of smart, unethical people out there.
>Maybe the best answer is to include such protection in the emulators,
>but add an --i-bought-this-game command line option to override it. That
>way, people who legitimately bought the game will have a way to play it
>on the emulator. People who didn't will be liars as well as thieves..
>They have no honor anyway, so the honor system won't help.
What about including the unprotected binary of the game on a floppy with 
the purchase of the homebrew cart?  This would enable legitimate owners 
of the game to play it wherever they'd like, but would keep it out of 
the hands of others for the most part.  I don't think the same people 
who actually buy homebrews are converting them to .a26 and putting them 
in the GoodSet.  They're grabbing them from here, which can't be stopped 
without defeating the purpose of this list.

>Archives (includes files) at
>Unsub & more at

Archives (includes files) at
Unsub & more at

Current Thread