This document provides a detailed description of the floppy disk of Dungeon Master and Chaos Strikes Back for Atari ST.
You may get an overview of the copy protection, including on other platforms, on Copy Protection.
All versions of Dungeon Master and Chaos Strikes Back for Atari ST were studied:
The first part of the document contains general information explaining how data is stored on a floppy disk and how it is read. This technical information is required in order to fully understand the second part of the document that describes the contents of the game’s floppy disk and particularly the sectors used by the copy protection scheme.
Please read Basics of data storage on floppy disks if you are not already familiar with the way data is stored on floppy disks because this is required to understand how the copy protection works.
Floppy disks on Atari ST use an encoding named ‘Modified Frequency Modulation’ (MFM). This simple encoding is used to prevent long series of ‘0’ bits from being written to the floppy disk. In MFM encoding, the stream of data bits that you want to write to the floppy disk is modified by inserting an additional bit, called a clock bit, between each pair of data bits. The value of a clock bit depends on the values of the two data bits around it: if both data bits are ‘0’, then the clock bit is set to ‘1’. Otherwise, the clock bit is set to ‘0’.
This encoding ensures that there are no sequences of more than three consecutive ‘0’ bits.
Figure 2 illustrates the MFM encoding of two data bytes of value $68 by highlighting the data bits and clock bits with different colors. It also shows the shape of the writing and reading current in the head.
Note: this MFM encoding is also used on other computers like on PC. There are also other encodings like FM or GCR.
Figure 2
The FDC needs a clock so that it knows the rate at which it should output data bits interpreted from the electrical signal it receives from the floppy disk drive. For this purpose, it uses an ‘inspection window’ which is a time frame during which the FDC waits for an electrical pulse (a flux reversal) to occur.
The size of a bit cell is the amount of time it takes for the drive’s head to move across a bit cell on the disk. On Atari ST, the floppy disk rotates under the head at a constant angular speed of about 300rpm (rotations per minute) but there can be small speed differences from drive to drive (a more or less 1% tolerance).
For MFM disks on Atari ST, the bit cell size is standard at 2µs (microseconds), but the small possible variations of disk rotation speed means that the bit cell size can appear shorter or longer when read by the FDC.
Note: In this document, a bit cell refers to an area on the disk surface that either contains a flux reversal or does not contain one. Using this definition, an MFM bit cell is 2µs wide. In some other documents, the term bit cell may be used to refer to a bit of useful user data, each of which is stored on the disk as the data bit itself and the additional clock bit. With this alternate definition, an MFM bit cell is 4µs wide because it contains both a data bit and a clock bit.
The FDC contains a part called a ‘Phase-Locked Loop’ (PLL) which is responsible for automatically adjusting the inspection window to the input signal. When pulses are found, the PLL automatically adjusts the size and position of the inspection window so that pulses occur right in the middle of the inspection window.
In a perfect case, the inspection window would be exactly 2µs (microseconds) and each pulse would occur exactly in the middle of the inspection window.
When adjusted, the FDC monitors the electrictal signal for a 2µs time frame. If a pulse occurs during this time frame, the FDC interprets it as a ‘1’ bit and outputs it. If no pulse occurs during this time frame, the FDC interprets it as a ‘0’ bit and outputs it.
The result is a raw sequence of bits. The next step is to separate the data bits from the clock bits.
This task is performed by a part of the FDC called the ‘data separator’ and is achieved by searching for a very specific bit pattern in the raw sequence of bits. This pattern is called a ‘synchronization mark’ as it indicates to the data separator where to start its job. This mark is written using a special command of the FDC. It cannot appear in normal user data because the mark violates the MFM encoding rule: it contains a ‘0’ clock bit inserted between two ‘0’ data bits (note that it does not violate the rule of the 3 maximum consecutive ‘0’ bits). This mark is called A1 because it is similar to the encoding of the hexadecimal value $A1. The mark is also noted $4489 as it is the exact value written to disk when including data bits and clock bits.
Binary representation of $A1 byte: 1 0 1 0 0 0 0 1
MFM encoded representation of $A1: 100010010101001
The synchronization mark value is: 100010010***0***01001 (which is $4489 in hexadecimal)
The MFM encoded representation is the value written to the disk when writing $A1 as part of normal data.
The synchronization mark value is written to the disk when using the appropriate special FDC command. When reading this bit sequence, the FDC will know it is a synchronization mark because one bit (the one in bold) is a ‘0’ instead of the ‘1’ it would be for normal MFM encoded data.
Once the synchronization mark has been found, it is easy for the FDC to tell which bits are the clock bits and which ones are the data bits.
The track layout defines the logical structure of a track. Each track contains an ‘index mark’ to indicate the beginning of the track. This index mark is preceded by a gap and synchronization marks. Gaps are locations where no useful data is written. This data is used to help the PLL synchronization process and also to avoid any overlap between sectors when overwriting a single sector (because there is an imprecision about where the writing will start exactly).
Following this index mark are the sectors in the track. Each sector contains a header field and a data field. The sector header field is preceded by a gap and synchronization marks. It contains the following information about the sector:
The sector data field is also preceded by a gap and synchronization marks. It contains the following information:
There are many possible floppy disk formats that use varying numbers of tracks, sectors per track and sector sizes. The format of a floppy disk is defined when the disk is formatted. When a floppy disk is formatted, each track is written at once (not sector by sector), thus defining the number of sectors and their size, the size of gaps, etc. This operation is called low-level formatting. High-level formatting means installing a file system on the floppy disk. Usually low and high level formatting are performed together.
A standard Atari ST floppy disk has two sides, 80 tracks per side (numbered 0 to 79), 9 sectors per track (numbered 1 to 9) and 512 bytes per sector. The resulting storage capacity is 2 sides x 80 tracks x 9 sectors per track x 512 bytes per sector = 737280 Bytes = 720 KB. It is possible to store 10 or even 11 sectors per track by reducing the size of gaps.
All versions of Dungeon Master and Chaos Strikes Back for Atari ST use the same floppy disk format. The format is similar to the standard floppy disk format but with 10 sectors per track instead of 9 in order to store more data on the floppy disk. However, they use only one side of the floppy disk (single sided certified floppy disks were cheaper back at that time, and the first generation of Atari ST had only a single sided disk drive). The resulting storage capacity is: 1 side x 80 tracks x 10 sectors per track x 512 bytes per sector = 409600 Bytes = 400 KB.
This storage capacity is fully used by the game as all sectors contain data. It would have not been possible to store all the game data on a single side of a standard Atari ST floppy disk that could only contain 360 KB.
While non standard, this format should not be considered a part of the game’s copy protection scheme because there is no technical difficulty in copying such a disk format.
Track 0 contains a standard Atari ST boot sector and file system as well as two special sectors used by the copy protection scheme. The last two sectors in track 0 and all sectors in other tracks are used to store the game’s files. These last sectors will not be described further in this document as they are completely standard and just contain the game’s program and data files.
This sector is identical in all versions of Dungeon Master and Chaos Strikes Back for Atari ST.
When the computer starts, the BIOS performs some hardware initialization, then it tries to boot from the floppy disk.
For that purpose, it will load in memory the first sector of the first track (sector 1 of track 0).
The Atari ST BIOS ensures that the floppy disk is bootable. This check is performed by computing a checksum on the 512 bytes of the boot sector data. This checksum algorithm adds the 256 words in the boot sector. If the result is $1234 then the BIOS assumes that the sector is bootable.
The sector is then executed starting at offset 0.
The floppy disk contains a standard Atari ST boot sector including the default loader code. The boot sector contains:
The loader is configured to load in memory the file named SWOOSH.IMG and then run this program.
The code in the boot sector will load in memory the appropriate sectors containing the File Allocation Table (FAT) and the root directory listing. It will use this data to search for the SWOOSH.IMG file. The file is then loaded in memory at address $40000. The program is then executed starting at address $40000.
Here is an hexadecimal dump of the data in this sector:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 60 38 4C 6F 61 64 65 72 00 00 00 00 02 02 01 00 `8Loader........
00000010 02 10 00 24 03 F8 02 00 0A 00 01 00 00 00 00 00 ...$.ø..........
00000020 00 00 00 00 00 00 00 04 00 00 00 00 00 00 53 57 ..............SW
00000030 4F 4F 53 48 20 20 49 4D 47 00 70 07 32 3C 07 77 OOSH IMG.p.2<.w
00000040 48 E7 C0 00 3F 3C 00 25 4E 4E 54 8F 4C DF 00 03 HçÀ.?<.%NNT.Lß..
00000050 20 7C FF FF 82 40 30 81 04 41 01 11 51 C8 FF E2 |ÿÿ‚@0..A..QÈÿâ
00000060 20 7C FF FF 82 40 70 0F 42 58 51 C8 FF FC 33 FA |ÿÿ‚@p.BXQÈÿü3ú
00000070 FF AE 00 00 04 82 3F 39 00 00 04 46 3F 3C 00 07 ÿ®...‚?9...F?<..
00000080 4E 4D 58 4F 4A 80 67 00 00 F6 2A 40 41 FA FF 9C NMXOJ€g..ö*@Aúÿœ
00000090 4A 90 66 06 20 B9 00 00 04 32 30 2D 00 08 E1 48 J.f. ¹...20-..áH
000000A0 D0 80 38 40 D9 FA FF 84 30 3A FF 76 67 10 3C 3A Ѐ8@Ùúÿ„0:ÿvg.<:
000000B0 FF 72 38 3A FF 70 26 7A FF 6E 60 00 00 B4 3C 2D ÿr8:ÿp&zÿn`..´<-
000000C0 00 0A 38 2D 00 08 D8 6D 00 06 26 7A FF 5E 61 00 ..8-..Øm..&zÿ^a.
000000D0 00 B0 66 00 00 AA 20 4C 30 2D 00 06 E1 48 E3 48 .°f..ª L0-..áHãH
000000E0 41 F0 00 00 43 FA FF 48 90 FC 00 20 B1 CC 6D 00 Að..CúÿH.ü. ±Ìm.
000000F0 00 8E 70 0A 12 30 00 00 B2 31 00 00 66 EA 51 C8 .Žp..0..²1..fêQÈ
00000100 FF F4 7E 00 1E 28 00 1B E1 4F 1E 28 00 1A 2C 7A ÿô~..(..áO.(..,z
00000110 FF 1A 26 7A FF 12 42 84 0C 47 0F F0 6C 52 36 07 ÿ.&zÿ.B„.G.ðlR6.
00000120 55 43 C6 ED 00 02 D6 6D 00 0C 0C 44 00 40 6C 08 UCÆí..Öm...D.@l.
00000130 4A 44 67 0E B6 45 67 10 61 46 66 42 E1 8C E3 8C JDg.¶Eg.aFfBáŒãŒ
00000140 D7 C4 3C 03 3A 03 42 84 D8 6D 00 02 DA 6D 00 02 ×Ä<.:.B„Øm..Úm..
00000150 34 07 E2 4A D4 47 12 36 20 01 E1 49 12 36 20 00 4.âJÔG.6 .áI.6 .
00000160 08 07 00 00 67 02 E8 49 02 41 0F FF 3E 01 60 A8 ....g.èI.A.ÿ>.`¨
00000170 4A 44 67 04 61 0A 66 06 2F 3A FE AC 4E 75 60 FE JDg.a.f./:þ¬Nu`þ
00000180 3F 39 00 00 04 46 3F 06 3F 04 2F 0B 42 67 3F 3C ?9...F?.?./.Bg?<
00000190 00 04 4E 4D DE FC 00 0E 4A 40 4E 75 00 00 00 00 ..NMÞü..J@Nu....
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 7D ..............$}
Detailed content of the boot sector:
Offset | Size | Values | Notes |
---|---|---|---|
000 | 2 | 60 38 | BRA.S instruction to branch to the loader code at offset $3A ($38 bytes forward). |
002 | 6 | 4C 6F 61 64 65 72 ‘Loader’string | |
008 | 3 | 00 00 00 | Volume serial number. |
00B | 2 | 00 02 (512) | Number of bytes per sector (Little endian word). |
00D | 1 | 02 (2) | Number of sectors per cluster. |
00E | 2 | 01 00 (1) | Number of reserved sectors (Little endian word). |
010 | 1 | 02 (2) | Number of File Allocation Tables (FAT). |
011 | 2 | 10 00 (16) | Number of entries in the root directory (Little endian word). Each entry is 32 bytes so 16 entries occupy exactly a sector (512 bytes). |
013 | 2 | 24 03 (804) | Number of sectors on media. This number of sectors should normally be 800 (80 tracks of 10 sectors). However using 804 works around a TOS limitation and allows using 2KB of additional storage that would otherwise be wasted. |
015 | 1 | F8 | Media descriptor. |
016 | 2 | 02 00 (2) | Number of sectors per FAT (Little endian word). |
018 | 2 | 0A 00 (10) | Number of sectors per track (Little endian word). |
01A | 2 | 01 00 (1) | Number of sides on media (Little endian word). |
01C | 2 | 00 00 (0) | Number of hidden sectors (Little endian word). |
01E | 2 | 00 00 (0) | A word value that is copied to the system variable named ‘_cmdload’ (Big endian word). |
020 | 2 | 00 00 (0) | Load mode (Big endian word). 0 instructs the loader to load a file by its name and using the filesystem. Other values instruct the loader to load a sequence of sectors without refering to the filesystem. |
022 | 2 | 00 00 (0) | First sector to read (Big endian word). Only used when Load mode is not 0. |
024 | 2 | 00 00 (0) | Number of sectors to read (Big endian word). Only used when Load mode is not 0. |
026 | 4 | 00 04 00 00 | Load address (Big endian double word). Memory address where the file or sectors will be loaded. |
02A | 4 | 00 00 00 00 | FAT address (Big endian double word). Memory address where the FAT and root directory data will be loaded. The value $00000000 will automatically select an appropriate address. |
02E | 11 | 53 57 4F 4F 53 48 20 20 49 4D 47 ‘SWOOSH IMG’ string. | File name and extension (8.3 name without the ‘.’). Only used when Load mode is 0. |
039 | 1 | 00 | Reserved. |
03A | n | - | Boot code (padded with 00 bytes at the end to fill the whole sector). |
1FE | 2 | 24 7D | Word value computed so that the checksum of the boot sector is $1234. |
The floppy disk is formatted using the FAT12 file system that is used on standard Atari ST floppy disks. The same file system is used on IBM PC floppy disks.
FAT file systems manage disk space in logical chunks called ‘clusters’. A cluster is a set of one or more sectors.
Each file on the disk is stored in one or more clusters. A cluster is only affected to one file at a time which means that there can be unused (wasted) space at the end of a cluster.
There is a directory structure that contains an entry for each file. Such an entry stores the file name, the size, the date and time of last modification and the ID of the first cluster used by the file. The other clusters used by the file can be determined by parsing the FAT which is a table with an entry for each cluster on the disk. Each entry in this table contains either the ID of the next cluster of the file, or a special value marking the last cluster of the file.
For robustness, the FAT is duplicated on two separate locations on the disk to ensure that files can be read even if one sector used to store the FAT itself becomes unreadable.
On the Dungeon Master and Chaos Strikes Back for Atari ST floppy disks:
Sectors 2 and 3 store the first FAT
Sectors 4 and 5 store the second FAT (an exact copy of the first FAT)
Sector 6 stores the root directory. There can be 16 entries (16 files) in the root directory.
Here is a list of the files that can be found on all versions of the games:
File name | Clusters used | Size and Date/Time | |||||||
---|---|---|---|---|---|---|---|---|---|
DM 1.0 EN (1987-12-08) | DM 1.0 EN (1987-12-11) | DM 1.1 EN | DM 1.2 EN | DM 1.2 GE | DM 1.3 FR | CSB 2.0 EN | CSB 2.1 EN | ||
BOOTER | 002 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 |
08-12-87 12:34 pm | 11-12-87 11:52 am | 07-01-88 08:53 pm | 31-12-99 04:54 pm | 31-12-99 04:56 pm | 20-11-85 12:04 am | 31-12-99 04:54 pm | 31-12-99 04:54 pm | ||
SWOOSH.IMG | 003-005 | 3016 | 3016 | 3016 | 3016 | 3016 | 3016 | 3016 | 3016 |
08-12-87 12:34 pm | 11-12-87 11:52 am | 07-01-88 08:54 pm | 31-12-99 04:54 pm | 31-12-99 04:56 pm | 20-11-85 12:04 am | 31-12-99 04:54 pm | 31-12-99 04:54 pm | ||
START.PRG | 006 | 770 | 770 | 770 | 770 | 770 | 770 | 770 | 770 |
08-12-87 12:34 pm | 11-12-87 11:52 am | 07-01-88 08:54 pm | 31-12-99 04:55 pm | 31-12-99 04:56 pm | 20-11-85 12:04 am | 31-12-99 04:55 pm | 31-12-99 04:55 pm | ||
GRAPHICS.DAT | 007-272 | 271911 | 271918 | 271917 | 271918 | 272288 | 271995 | 272069 | 272069 |
08-12-87 12:34 am | 11-12-87 02:51 pm | 07-01-88 09:01 pm | 18-02-88 12:18 am | 01-03-88 11:36 am | 20-05-88 06:03 pm | 15-11-89 12:00 am | 15-11-89 12:00 am | ||
START.PAK | 273-365 (DM) 273-368 (CSB) 372 (CSB 2.1) | 95180 | 95226 | 95012 | 95148 | 95202 | 95208 | 97712 | 98516 |
08-12-87 09:19 pm | 11-12-87 03:10 pm | 08-01-88 04:30 pm | 24-02-88 05:06 pm | 24-02-88 04:05 pm | 20-05-88 06:04 pm | 15-11-89 03:59 am | 08-01-90 01:25 pm | ||
DUNGEON.DAT | 366-398 (DM) 369-371 (CSB) | 33286 | 33314 | 33442 | 33442 | 33792 | 33774 | 2098 | 2098 |
08-12-87 06:23 am | 11-12-87 02:10 pm | 07-01-88 08:47 pm | 01-03-88 11:04 am | 01-03-88 11:37 am | 20-05-88 06:05 pm | 22-04-87 04:17 am | 22-04-87 04:17 am |
Notes:
This sector contains (see sample hexadecimal dump below):
The ‘FB’ strings at the beginning and end of the sector are probably for ‘First Byte’ which is the name of the company where the copy protection scheme was designed before being bought by FTL.
At least one non-FTL game is known to have used that kind of copy protection sector before it was bought and patented by FTL: ‘Harrier Strike Mission’ by Miles Computing Inc, released in 1986.
The same copy protection sector is present on the Oids floppy disk for Atari ST, another game developed by FTL Games, with the same sector number on the same track.
The same copy protection sector is also present on the Amiga versions of Dungeon Master and Chaos Strikes Back (only on the game disk, not on the Chaos Strikes Back Utility Disk). Track 0 on side 1 is formatted as a 10 sectors Atari ST track just like all tracks on the Atari ST floppy disks (and not an Amiga track like all other tracks on the floppy disk). The copy protection sector is sector 1 for Dungeon Master 2.x versions and it is sector 2 for Chaos Strikes Back versions 3.x. Other sectors in the track are not used and filled with $E5 bytes. Dungeon Master 3.6 is not copy protected and this Atari ST track is not present.
The values of the five bytes located after the ASCII string ‘Seri’ are different on each floppy disk that has been studied in the making of this document. This makes each copy really unique and suggests the bytes form a serial number. It was a feature of the machine that performed the copy protection during disk duplication (FTL Games bought the rights to the patent when the company went out of business). The game does not use or check it. The first four bytes form the unique serial number value, and the fifth byte is a CRC value. Note that in all disks that were studied, the fourth byte is always $00. The third byte is $00 for all Atari ST versions, and $02 for most Amiga versions except one where it is $00.
The CRC can be computed with these custom settings (two possibilities that give the same results):
CRC width: 8 bits
Polynomial: 1
Initial value: 2d / b4
Input reflected: false / true
Output reflected: false / true
Output XOR: 0
You can compute and check these CRC values for yourself with this online tool (or any other customizable tool of your choice).
Example:
reveng.exe -w 8 -s 030200002C 0C00000021 141D020026 1500000038 1803000036 182A02001D
width=8 poly=0x01 init=0x2d refin=false refout=false xorout=0x00 check=0x1c residue=0x00 name=(none)
width=8 poly=0x01 init=0xb4 refin=true refout=true xorout=0x00 check=0x1c residue=0x00 name=(none)
The following command lines compute a CRC value using the specified settings:
reveng.exe -c -w 8 -p 1 -i 2d -b -x 0 03020000
2c
reveng.exe -c -w 8 -p 1 -i b4 -l -x 0 03020000
2c
Here are the 82 sample serial numbers and CRC values that were used for this study (gathered from many sources and various types of disk images like ST, STX, STT, Kryoflux, ADF/DMS, SCP):
51 AC 00 00 D0 Dungeon Master version 1.0 English (1987-12-08) (Atari ST)
18 03 00 00 36 Dungeon Master version 1.0 English (1987-12-08) (Atari ST) (42crew crack)
9A 03 00 00 B4 Dungeon Master version 1.0 English (1987-12-08) (Atari ST),
Chaos Strikes Back version 2.0 English (Atari ST),
Chaos Strikes Back Utility Disk English (Atari ST)
(STX images created by Jorge Cwik author of PASTI - it looks like he copied the
serial number from one of the three floppy disks to the three STX files)
8F 09 00 00 AB Dungeon Master version 1.0 English (1987-12-11) (Atari ST)
1C 02 00 00 33 Dungeon Master version 1.1 English (Atari ST)
61 03 00 00 4F
D4 12 00 00 EB
20 0D 00 00 00
60 03 00 00 4E
42 26 00 00 49 Dungeon Master version 1.2 English (Atari ST)
63 0A 00 00 44
71 04 00 00 58
75 00 00 00 58
81 04 00 00 A8
AB 03 00 00 85
C2 04 00 00 EB
CA 08 00 00 EF
A6 02 00 00 89
3B 04 00 00 12
D1 01 00 00 FD
9A 00 00 00 B7
19 07 00 00 33
EA 00 00 00 C7
24 12 00 00 1B Dungeon Master version 1.2 German (Atari ST)
94 11 00 00 A8
3E 0E 00 00 1D Dungeon Master version 1.3a French (Atari ST)
AF 01 00 00 83 Dungeon Master version 1.3b French (Atari ST)
F7 09 00 00 D3
2D 00 00 00 00 Chaos Strikes Back version 2.0 English (Atari ST)
48 01 00 00 64
6C 00 00 00 41
81 08 00 00 A4
83 01 00 00 AF
87 02 00 00 A8
B7 03 00 00 99
9A 03 00 00 B4
C9 04 00 00 E0
CE 00 00 00 E3
DF 01 00 00 F3 Chaos Strikes Back version 2.0 English (Atari ST) (Automation Disk 192, Was not Was crack)
15 00 00 00 38 Chaos Strikes Back version 2.1 English (Atari ST)
31 01 00 00 1D
35 00 00 00 18
3D 02 00 00 12
93 04 00 00 BA
CB 03 00 00 E5
21 06 00 00 0A
03 02 00 00 2C Chaos Strikes Back Utility Disk English (Atari ST)
0C 00 00 00 21
34 02 00 00 1B
3D 03 00 00 13
3D 05 00 00 15
55 00 00 00 78
59 03 00 00 77
5E 0B 00 00 78
6A 00 00 00 47
87 09 00 00 A3
88 11 00 00 B4
C8 05 00 00 E0
D5 0A 00 00 F2
C3 01 00 00 EF
22 0D 00 00 02 Oids (Atari ST)
DA 9E 00 00 69
20 33 02 00 3C Dungeon Master version 2.0 English (Amiga)
D8 58 02 00 AF
50 14 02 00 6B Dungeon Master version 2.0 French (Amiga)
B4 7C 02 00 E7
74 23 02 00 78 Dungeon Master version 2.0 German (Amiga)
14 1D 02 00 26 Dungeon Master version 2.2 English (Amiga)
18 2A 02 00 1D
20 00 02 00 0F
58 1D 02 00 6A
70 16 02 00 49
CC 42 02 00 A1
00 0F 02 00 20
CC 20 02 00 C3 Chaos Strikes Back version 3.1 English (Amiga)
37 03 00 00 19 Chaos Strikes Back version 3.1 Multilanguage (Amiga)
80 4A 02 00 E5
30 01 02 00 1E Chaos Strikes Back version 3.3 Multilanguage (Amiga)
E4 08 02 00 C3
28 5E 02 00 59 Chaos Strikes Back version 3.5 English (Amiga)
5C 19 02 00 6A
EC 00 02 00 C3 Chaos Strikes Back version 3.5 Multilanguage (Amiga)
This sector is most interesting because it contains ‘fuzzy bits’. A fuzzy bit is a bit whose value seems to be random: if you read the same bit of data several times, the value will sometimes be ‘0’ and it will sometimes be ‘1’. There are several ways to create fuzzy bits on a floppy disk and they all require the use of special hardware (FTL duplicated their games in-house with a ‘Formaster’ machine that they possessed). The floppy disk controller in the Atari ST cannot create them. This is the reason why they are useful as a copy protection mechanism: if you try to copy a sector containing fuzzy bits on a regular Atari ST, the written data will not contain fuzzy bits anymore and will only reflect the bits as they were read when the copy was made. The program can check whether the floppy disk is an original by reading this sector several times and comparing the results. If the value of some bits is different across multiple read operations, then the disk is an original. But if all read operations produce the same result, then the disk is a copy.
Using this method, it is fairly easy to write a program to detect fuzzy bits. However with the standard FDC in the Atari ST it is not possible to analyse how these fuzzy bits are produced: it is only possible to detect the symptom (bits with random values) but not what causes them.
In order to find out how this works, DrCoolZic performed a very detailed analysis of track 0 on the floppy disk. This was done on an Atari ST equipped with a ‘Discovery Cartridge’ which is a hardware add-on containing a much more advanced floppy disk controller than the built-in one.
The MFM encoding ensures that between two bit cells containing flux reversals (two ‘1’ bits) there are at least one and at most three bit cells without flux reversals (‘0’ bits). With the standard MFM bit cell being 2µs, it means that two consecutive flux reversals can be spaced only by 4µs, 6µs or 8µs. These three possible patterns are represented on figure 2.
Or course, depending on the drive speed and other factors, there can be slight variations on these values. The role of the PLL in the FDC is to constantly adapt the inspection window to these variations. The size of the window is adjusted based on the frequency of the flux reversals encountered in the input signal. The position of the window (also called the phase) is adjusted so that flux reversals occur in the middle of the inspection window. Only a few flux reversals are needed for the PLL to be fully synchronized.
Here is a graphic representation of track 0 of the Chaos Strikes Back version 2.1 for Atari ST game disk:
Figure 3
It was generated by Aufit from track data captured with Kryoflux. Each point on this graphic represents a flux transition. The X axis represents the time in milliseconds when the flux transition occurred, starting at 0 at the beginning of the track reading. As the floppy disk rotates at about 300 rotations per minute = 5 rotations per second, reading a full track takes approximately 200ms. The Y axis represents the time since the previous flux transition occurred, in microseconds. You can see that most flux transitions occur around 4µs, 6µs or 8µs after the previous one, just as required by the MFM encoding. This is true for all sectors except sector 7 which contains a lot of flux transitions with abnormal timings between 4µs and 6µs. Here is a graphic representing only sector 7 and only the area between 4µs and 6µs:
Figure 4
When the PLL is synchronized, if a flux reversal is not correctly placed and occurs at the very border of the inspection window (1µs sooner or later than the ‘perfect’ expected timing), then the PLL gets confused and outputs a random value:
Note that the misplaced flux reversal is never missed: the FDC just cannot reliably determine which bit cell it is part of, hence the random result.
In order to create this fuzzy bit effect, one way is to put flux reversals right on the edge of the PLL’s inspection window. For example instead of the standard timings of 4µs or 6µs between two flux reversals, an uncertain flux reversal could be written exactly 5µs after the previous flux reversal. The PLL compensates for variations in the disk rotation speed (it may be different from one drive to another or from one rotation to the next), however smaller instantaneous variations can occur during one rotation of the disk. These small variations are responsible for the appearance of the fuzzy bits: the uncertain flux reversals will not always be detected in the same bit cell.
In order to maximize the probability of having fuzzy bits detected, the copy protection relies on the very special timing pattern as seen on figure 4. The pattern used in Dungeon Master and Chaos Strikes Back has timings between transition pairs that are slowly increasing from 4µs to 5.5µs and decreasing from 6µs to 4.5µs in small 0.1µs increments so that there will always be some ambiguous transitions right on the edge of inspection windows. Note that the total time for two consecutive transitions is always around 10µs, just as it would have been if normal timings were used (with pairs of 4µs and 6µs transitions).
Here is the sector data as it was defined when being written by the disk duplicator (this is validated by the fact that the CRC value for this sector data matches the one found on the original disk at the sector data field. Note that to compute the CRC value you must include three A1 sync marks and the FB data mark, so A1 A1 A1 FB before the 512 bytes of sector data):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 07 50 41 43 45 2F 46 42 09 53 65 72 69 CA 08 00 .PACE/FB.SeriÊ..
00000010 00 EF E9 01 68 68 68 68 68 68 68 68 68 68 68 68 .ïé.hhhhhhhhhhhh
00000020 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000030 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000040 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000050 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000060 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000070 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000080 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000090 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000A0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000B0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000C0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000D0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000E0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000F0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000100 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000110 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000120 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000130 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000140 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000150 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000160 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000170 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000180 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
00000190 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001A0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001B0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001C0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001D0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001E0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000001F0 68 68 68 68 68 68 68 68 68 68 68 68 68 AC 46 42 hhhhhhhhhhhhh¬FB
Note that the duplicator needed additional information about the exact timings to use to record this sector, instead of using the standard timings. The use of carefully chosen custom timings while writing this sector is the real cause of the fuzzy bits. Look at the sector data as it is read from the floppy disk (this is only one example: each read operation would return a slightly different result because of the fuzzy bits producing random values):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 07 50 41 43 45 2f 46 42 09 53 65 72 69 ca 08 00 .PACE/FB.Seri...
00000010 00 ef e9 01 68 68 68 68 68 68 68 68 68 68 e8 e8 ....hhhhhhhhhh..
00000020 e8 e8 e8 e8 e8 e8 e8 e8 e8 68 68 68 68 68 68 68 .........hhhhhhh
00000030 68 68 68 68 68 68 68 68 68 68 68 68 e8 e8 e8 e8 hhhhhhhhhhhh....
00000040 e8 e8 e8 e8 e8 e8 e8 68 68 68 68 68 68 68 68 68 .......hhhhhhhhh
00000050 68 68 68 68 68 68 68 68 68 68 e8 e8 68 e8 e8 e8 hhhhhhhhhh..h...
00000060 e8 e8 e8 e8 e8 e8 68 68 68 68 68 68 68 68 68 68 ......hhhhhhhhhh
00000070 68 68 68 68 68 68 68 68 e8 e8 68 e8 e8 e8 e8 e8 hhhhhhhh..h.....
00000080 e8 68 e8 e8 e8 68 68 68 68 68 68 68 68 68 68 68 .h...hhhhhhhhhhh
00000090 68 68 68 68 68 68 e8 e8 68 e8 e8 e8 e8 e8 e8 e8 hhhhhh..h.......
000000A0 e8 68 68 e8 68 68 68 68 68 68 68 68 68 68 68 68 .hh.hhhhhhhhhhhh
000000B0 68 68 68 68 68 68 e8 e8 e8 e8 e8 e8 e8 e8 e8 68 hhhhhh.........h
000000C0 68 e8 68 68 68 68 68 68 68 68 68 68 68 68 68 68 h.hhhhhhhhhhhhhh
000000D0 68 e8 68 68 e8 e8 e8 e8 e8 e8 e8 e8 e8 e8 68 68 h.hh..........hh
000000E0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 hhhhhhhhhhhhhhhh
000000F0 e8 e8 e8 e8 e8 e8 e8 e8 e8 e8 68 68 e8 68 68 68 ..........hh.hhh
00000100 68 68 68 68 68 68 68 68 68 68 68 68 68 e8 e8 e8 hhhhhhhhhhhhh...
00000110 68 e8 e8 e8 e8 e8 e8 e8 68 68 e8 68 68 68 68 68 h.......hh.hhhhh
00000120 68 68 68 68 68 68 68 68 68 68 68 68 e8 e8 e8 68 hhhhhhhhhhhh...h
00000130 e8 e8 e8 e8 e8 e8 e8 e8 68 68 68 68 68 68 68 68 ........hhhhhhhh
00000140 68 68 68 68 68 68 68 68 68 68 68 e8 e8 68 e8 e8 hhhhhhhhhhh..h..
00000150 e8 e8 e8 e8 e8 e8 68 68 68 68 68 68 68 68 68 68 ......hhhhhhhhhh
00000160 68 68 68 68 68 68 68 e8 68 68 e8 e8 e8 e8 e8 e8 hhhhhhh.hh......
00000170 e8 e8 68 68 e8 68 68 68 68 68 68 68 68 68 68 68 ..hh.hhhhhhhhhhh
00000180 68 68 68 68 68 e8 68 68 e8 e8 e8 e8 e8 e8 e8 e8 hhhhh.hh........
00000190 68 68 e8 68 68 68 68 68 68 68 68 68 68 68 68 68 hh.hhhhhhhhhhhhh
000001A0 68 68 68 68 68 68 e8 e8 e8 e8 e8 e8 e8 e8 68 68 hhhhhh........hh
000001B0 e8 e8 68 68 68 68 68 68 68 68 68 68 68 68 68 68 ..hhhhhhhhhhhhhh
000001C0 68 e8 e8 68 68 e8 e8 e8 e8 e8 e8 e8 68 68 e8 68 h..hh.......hh.h
000001D0 68 68 68 68 68 68 68 68 68 68 68 68 68 68 68 e8 hhhhhhhhhhhhhhh.
000001E0 e8 68 e8 e8 e8 e8 e8 e8 e8 e8 e8 e8 e8 68 68 68 .h...........hhh
000001F0 68 68 68 68 68 68 68 68 68 68 68 68 68 ac 46 42 hhhhhhhhhhhhh.FB
As you can see, many 68h bytes have been transformed to E8h bytes. Here is what happens at binary level:
Two consecutive 68h bytes, along with their MFM representation:
0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 0
MFM 001010001001010***1 0***010100010010101
When the fuzzy bit effect takes place, the clock bit between the two bytes of data and the first data bit of the second byte are swapped:
0 1 1 0 1 0 0 0 1 1 1 0 1 0 0 0
MFM 001010001001010***0 1***010100010010101
The hexadecimal value of the second byte then becomes E8h.
This sector with fuzzy bits is also found on the Chaos Strikes Back for Atari ST Utility Disk.
The game disks of all Amiga versions of Dungeon Master and Chaos Strikes Back (except Dungeon Master version 3.6) also contain this sector in a dedicated track using an Atari ST format. Other sectors in this track are not used. All other tracks use the regular Amiga format. The Amiga versions of the Chaos Strikes Back Utility Disk do not contain this sector.
This sector is identical in all versions of Dungeon Master and Chaos Strikes Back for Atari ST.
In the sector header field of the eighth sector of track 0, the sector number specified is 247 ($F7) instead of the expected value 8.
Having a sector number which is not in line with other sectors is not a problem by itself. This sector can be read as any other sector as long as you give the FDC the correct sector number to read, which is 247. This may cause trouble to many programs because they will try to read sectors numbered from 1 to 10 and they will fail in reading sector number 8 because there is no such sector on the track. It is also quite easy to write a sector with pretty much any number while formatting the track (writing the whole track at once). However, $F7 (and a few other values) is a sector number that cannot be written by the standard floppy disk controller in the Atari ST computer. This value is interpreted as a special command by the FDC when it formats the track and thus this value cannot be written to the disk in a sector header field. It means that a disk copy made on a standard Atari ST cannot have this value correctly copied. Only special equipment can be used to write this value in the sector header. This provides a copy protection mechanism as it cannot be reproduced on a standard Atari ST computer.
There is nothing special with the contents of this sector data field. The protection relies only on the special sector number in the header field.
Here is an hexadecimal dump of the data in this sector:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 Copyright (c) 19
00000010 38 37 2C 20 53 6F 66 74 77 61 72 65 20 48 65 61 87, Software Hea
00000020 76 65 6E 2C 20 49 6E 63 2E 00 FF FF FF FF FF FF ven, Inc..ÿÿÿÿÿÿ
00000030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000080 44 75 6E 67 65 6F 6E 4D 61 73 74 65 72 00 FF FF DungeonMaster.ÿÿ
00000090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000130 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000140 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000150 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000170 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000180 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000190 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000001F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 9C 9C ÿÿÿÿÿÿÿÿÿÿÿÿÿÿœœ
Jean Louis-Guérin (DrCoolZic) for his detailed analysis of the original floppy disk as shown in his great document about the many copy protection schemes that were used by Atari ST games, and for the help he gave me in writing this article.