Ok, I'm preparing to install IDA (the Interactive DisAssembler) to see if I can figure out how to depack these files. I'm not much for programming x86, and I haven't really programmed the Amiga specifically, but I do have 68k experience, so I should be able to fumble my way through such a small amount of code. If nothing else, it can be disassembled and clumsily translated to another language. It doesn't have to be efficient, it just has to do the job of spitting out an uncompressed file.
Before I do this, though, I'm going to take a little break and watch the new Doctor Who. Yay for the Internet, allowing us Americans to get the new episodes two weeks before they air here
Edit: Before watching Who, I decided to look up the Amiga executable format, and have determined the following about esq:
Two hunks, one code, one data
Code hunk goes from 0x24 to 0x29c, so 0x278 bytes (seems like fairly decent length for a depacker)
Data hunk goes from 0x2a8 to 0x20c48, so 0x209a0 bytes
Data hunk is given a size of 0x3dd48 bytes in the main header - I'm going to assume this is to allocate enough space to write the depacked executable without stomping on any other task's memory.
I'm going to go ahead and assume that the data hunk is the compressed executable itself, seeing as that's the only thing it could be.
Looking at sel, the code hunk is identical. The data hunk goes from 0x2a8 to 0x2290, so 0x1fe8 bytes. The executable reserves 0x2f5c bytes for this hunk.
For the record, the info I'm using to determine this comes from this textfile, which is (amusingly) a "guide to infecting Amiga executables". Not that we'll necessarily need it, but there is a full list of Amiga hunk types on the Wikipedia article about the Amiga hunk format.
Edit 2: Ok, I have a basic, uncommented, straight-out-of-IDA disassembly of the code hunk. I will shortly also be extracting esq's data hunk's data into a binary file, and will also do the same with sel.
TV Guide Channel Emulation Working!
Re: Select code
Conveniently, I already have my own IRC server running, :p. It was originally intended for communication between my business partners and I but we ended up settling on Skype. About a year ago I repurposed it for the Chronic Dev Team, a group of hackers I work with to develop jailbreaks for the iPhone and iPod touch platforms. Anyways, the server is irc.squishsoftware.com or irc.chronic-dev.org, it has SSL enabled on port 6697 if you desire, and we can use the channel #prevueguide. Other main channels on the server include #ih8sn0w and #iphone.LocalH wrote:I just had a thought that might help us further with regards to collaboration - we need an IRC channel somewhere
No, they're not PowerPacked... They would start with "PP20". Congrats on figuring out whatever you seem to have found in your last post, howeverLocalH wrote:I'm almost certain that they are compressed - if you boot the system at standard 68000 7MHz speed, you can see the classic decompression effect of tweaking one of the palette entries, specifically the red color on the mouse pointer. Testing this by running some stuff manually from the initial CLI shows me that PD, sel, and esq are definitely compressed. Possibly PowerPacked?
Re: TV Guide Channel Emulation Working!
Haven't really figured anything out yet. I have only isolated the code that decompresses the payload and jumps to it. Have not analyzed it one bit yet, that will take more knowledge of the Amiga. Might even post a thread over on EAB in the coders' forum, to get some help. Might try to repurpose the code to read the data hunk from disk and write the depacked data, then it could work with any executable packed with this method (handy if we get another version). That might be easier than trying to understand the depacker itself, and it'd be fitting to have to depack these on the Amiga
Re: TV Guide Channel Emulation Working!
LOL! I was there for a little while going:- "this doesn't do anything, it's not interesting at all , wonder what he meant.... all it seems to do is the same as ESC....ahhhhhhhh!!! I GET IT"swest77 wrote: 3) This one is just for Tin: Press Ctrl-[ and watch what happens.
Re: TV Guide Channel Emulation Working!
Well, hm.
According to this post, it's PowerPacker 4.0. I confirmed this by downloading a copy of PP4.0 and was able to successfully depack both it and sel. Found an interesting "undocumented" function for sel - you can change the baud rate with it as well, just pass either 2400 or 9600 after the select code. This really just adds 9600 to the line that starts esq in uv-startup. Now looking through esq for interesting strings.
According to this post, it's PowerPacker 4.0. I confirmed this by downloading a copy of PP4.0 and was able to successfully depack both it and sel. Found an interesting "undocumented" function for sel - you can change the baud rate with it as well, just pass either 2400 or 9600 after the select code. This really just adds 9600 to the line that starts esq in uv-startup. Now looking through esq for interesting strings.
Re: TV Guide Channel Emulation Working!
Awesome, I'm very surprised... file was able to identify PowerPacker 2.0, but not PowerPacker 4.0? I guess because it was inside an executable file. Anyway, looks like there are some interesting strings in here for sure.LocalH wrote:Well, hm.
According to this post, it's PowerPacker 4.0. I confirmed this by downloading a copy of PP4.0 and was able to successfully depack both it and sel. Found an interesting "undocumented" function for sel - you can change the baud rate with it as well, just pass either 2400 or 9600 after the select code. This really just adds 9600 to the line that starts esq in uv-startup. Now looking through esq for interesting strings.
Here's one cool string I found so far: "df1:g.ads"... I'll have to try putting some ILBMs into DF1:g.ads and see if it shows them
Re: TV Guide Channel Emulation Working!
Am impressed by your hex detective work and preparation to try unpacking the executables yourself, LocalH. You're old hat. I read the infection guide just for the fun of it. Reminded me of equally fun days in the x86 univese. Virus collections were great teachers by example for aspiring coders then. You didn't learn to code artistically and creatively at universities or from books. You scrutinized the disassemblage of bohemians with idiot savant-like rapports with hardware and machine language who broke into hysterics at the idea of millions of drives worldwide spontaneously xoring their FATs against their pet lizard's name on its birthdate.
Alas I'm solid rust these days: haven't tinkered with things at this level since my late teen years. Cool you're still at it. And Ari, you jailbreak fones? God, now I feel twice as puny amongst the company here.
About the palette tweaking by decompressors being mentioned: just curious, was that something their authors in Amigaland collectively did as a "calling card"? Or was there an abstract reason for it? (Like, can I see someone in those days of limited resources, in a bind, resorting to using palette DACs for temporary variable storage? Yes I can. (You wonder sometimes how fast pigs like Ubuntu, OSX, and Windows would be on modern quad core processors if they were coded by guys who eschewed convention for what was just fastest and most elegant.))
About the unpacked binary, awesome. And now it's in-your-face obvious. Look at all those %s's and %d's and %ld's and ... it's C alright. The references to "<filename>.c" everywhere help too.
You know, having toyed with the software a bit now, I'm really wondering why all the glitches. Like this at startup. And this and this and this and this when you enter/exit the menus. And with previous menu activity leaving newly-drawn graphics with incorrect palettes. I saw these same problems with Prevue 4.x on my old cable system's A2000, but theirs faithfully reported "memory allocation is bad" with every boot and back then, I assumed that explained all this. (At least in 9.0.4, I also notice the normal palette doesn't match the menu mode palette).
@Ari - Yeah, the second diskette is how they maintained ads locally. It should work just fine, unless graphical advertisements were a "privilege" that had to be paid extra for, and the software only checked DF1 if told to by the satellite feed.
Incidentally, two very interesting things I discovered yesterday. First:
http://www.cbtricks.com/pub/secret_cb/v ... g65_68.pdf
It's an old time satellite loading chart pre-dating Prevue Guide. Scroll down to the bottom of the first page and look at transponder 3 on SATCOM F3. Sure enough, it's WGN. Now scroll to the next page and look at the list of subcarrier auxiliary services (audio subcarriers) for SATCOM F3. On WGN's transponder (3), you'll see several audio carries but one in particular is interesting. Appears the VBI wasn't the only way they sent data! 7.237 MHz must have been data as audio -- literally, one-way modem transmission. That got me thinking about something I noticed while looking at http://www.amiga-hardware.com/showhardw ... ?HARDID=54 once. It notes that the VBI decoder card had "separate Control Data and EPG Data traces." Hmm. I wonder if all the VBI ever contained was an instantaneously-accurate time clock reference and maybe cues for exactly when promos started/ended; with the 2400 baud listings and other machine-addressable data and software distribution all being piped in modem-style? This wouldn't change anything we already know about how the Amigas/Ataris were setup. Would just mean the decoder cards decoded two things instead of one... but still sent out the sum of it all via RS-232.
The other very interesting thing is this. This satellite loading list comes from July 1984. One year before the EPG was supposed to have been introduced. One year before the 130XE and Amiga 1000 existed. Huh! Maybe EPG Jr. and EPG Sr. weren't their first generation products? Maybe before that, it was just "The EPG", and only on the 600XL? *moments pass* Aha. Check out this S.E.C. 10-K filing by United Video. "The Company launched the Electronic Program Guide (now marketed as EPG), the industry's first satellite-delivered, 24-hour electronic program guide for the cable television industry, in 1981." Wow. That would put it even before the 1983-vintage 600XL. I wonder what the first one ran on. Though probably the only way to find out would be digging through the Tulsa library's newspaper archives looking for a "local business hits it big" story. And I ain't going to Tulsa.
Anyway, I'm off now to look for interesting strings myself. About 9600 -- that must be something they were testing before everything got pulled on the Amiga platform. I always wondered, in the later years, with thousands of machines in the field (about 2,000 according to that SEC article), how 2400 was ever enough to sustain them. It must have been a constant bottleneck.
One last thing. Tin, I listened to that theme music file again, and I'm also starting to think it might have been a mod file. Some of the instrument sounds have sudden, unnatural stoppages in their reverberation as if they're truncated samples. Like the "kff-kssshh!" that syncs in my video with the appearance of "(Cercopithecoid)". Maybe they did develop it as a mod after all. Perhaps playing it 24/7 out of an Amiga. All's I know is, it was on a tape loop by the time I was consulting for 'em. Maybe later they just figured a tape deck would suck up less electricity.
Alas I'm solid rust these days: haven't tinkered with things at this level since my late teen years. Cool you're still at it. And Ari, you jailbreak fones? God, now I feel twice as puny amongst the company here.
About the palette tweaking by decompressors being mentioned: just curious, was that something their authors in Amigaland collectively did as a "calling card"? Or was there an abstract reason for it? (Like, can I see someone in those days of limited resources, in a bind, resorting to using palette DACs for temporary variable storage? Yes I can. (You wonder sometimes how fast pigs like Ubuntu, OSX, and Windows would be on modern quad core processors if they were coded by guys who eschewed convention for what was just fastest and most elegant.))
About the unpacked binary, awesome. And now it's in-your-face obvious. Look at all those %s's and %d's and %ld's and ... it's C alright. The references to "<filename>.c" everywhere help too.
You know, having toyed with the software a bit now, I'm really wondering why all the glitches. Like this at startup. And this and this and this and this when you enter/exit the menus. And with previous menu activity leaving newly-drawn graphics with incorrect palettes. I saw these same problems with Prevue 4.x on my old cable system's A2000, but theirs faithfully reported "memory allocation is bad" with every boot and back then, I assumed that explained all this. (At least in 9.0.4, I also notice the normal palette doesn't match the menu mode palette).
@Ari - Yeah, the second diskette is how they maintained ads locally. It should work just fine, unless graphical advertisements were a "privilege" that had to be paid extra for, and the software only checked DF1 if told to by the satellite feed.
Incidentally, two very interesting things I discovered yesterday. First:
http://www.cbtricks.com/pub/secret_cb/v ... g65_68.pdf
It's an old time satellite loading chart pre-dating Prevue Guide. Scroll down to the bottom of the first page and look at transponder 3 on SATCOM F3. Sure enough, it's WGN. Now scroll to the next page and look at the list of subcarrier auxiliary services (audio subcarriers) for SATCOM F3. On WGN's transponder (3), you'll see several audio carries but one in particular is interesting. Appears the VBI wasn't the only way they sent data! 7.237 MHz must have been data as audio -- literally, one-way modem transmission. That got me thinking about something I noticed while looking at http://www.amiga-hardware.com/showhardw ... ?HARDID=54 once. It notes that the VBI decoder card had "separate Control Data and EPG Data traces." Hmm. I wonder if all the VBI ever contained was an instantaneously-accurate time clock reference and maybe cues for exactly when promos started/ended; with the 2400 baud listings and other machine-addressable data and software distribution all being piped in modem-style? This wouldn't change anything we already know about how the Amigas/Ataris were setup. Would just mean the decoder cards decoded two things instead of one... but still sent out the sum of it all via RS-232.
The other very interesting thing is this. This satellite loading list comes from July 1984. One year before the EPG was supposed to have been introduced. One year before the 130XE and Amiga 1000 existed. Huh! Maybe EPG Jr. and EPG Sr. weren't their first generation products? Maybe before that, it was just "The EPG", and only on the 600XL? *moments pass* Aha. Check out this S.E.C. 10-K filing by United Video. "The Company launched the Electronic Program Guide (now marketed as EPG), the industry's first satellite-delivered, 24-hour electronic program guide for the cable television industry, in 1981." Wow. That would put it even before the 1983-vintage 600XL. I wonder what the first one ran on. Though probably the only way to find out would be digging through the Tulsa library's newspaper archives looking for a "local business hits it big" story. And I ain't going to Tulsa.
Anyway, I'm off now to look for interesting strings myself. About 9600 -- that must be something they were testing before everything got pulled on the Amiga platform. I always wondered, in the later years, with thousands of machines in the field (about 2,000 according to that SEC article), how 2400 was ever enough to sustain them. It must have been a constant bottleneck.
One last thing. Tin, I listened to that theme music file again, and I'm also starting to think it might have been a mod file. Some of the instrument sounds have sudden, unnatural stoppages in their reverberation as if they're truncated samples. Like the "kff-kssshh!" that syncs in my video with the appearance of "(Cercopithecoid)". Maybe they did develop it as a mod after all. Perhaps playing it 24/7 out of an Amiga. All's I know is, it was on a tape loop by the time I was consulting for 'em. Maybe later they just figured a tape deck would suck up less electricity.
Last edited by swest77 on Sat Aug 14, 2010 6:35 pm, edited 1 time in total.
Re: TV Guide Channel Emulation Working!
1981? Wow. I always thought it was 1985. Thanks for pointing to that SEC form, by the way, it seems to have a whole lot of interesting information about the Prevue services (Quikvue? :O) and finally helps me understand the difference between Prevue Express and Prevue Interactive (Prevue Express was an add-on for analog cable boxes that overlaid its own program guide on top of the bottom half of the Prevue Channel that you could navigate through yourself, Prevue Interactive was a full-fledged IPG that ran on both analog and digital boxes).
As far as the satellite data transmission discovery... Wow... Why did you see the VBI data being transmitted up until 2005 in your frequency monitor thing then? And what do you think the data demodulator thing that they had did? What did they feed into it?
Do you think the Prevue data was transmitted as an audio feed too?
Also, there were two different Sneak Prevues... One that was analog and used Laserdisc, and one that received MPEG files over satellite to be displayed. Do you think the latter one used the Amiga platform? What satellite did it use to transmit these MPEG files?
As far as the satellite data transmission discovery... Wow... Why did you see the VBI data being transmitted up until 2005 in your frequency monitor thing then? And what do you think the data demodulator thing that they had did? What did they feed into it?
Do you think the Prevue data was transmitted as an audio feed too?
Also, there were two different Sneak Prevues... One that was analog and used Laserdisc, and one that received MPEG files over satellite to be displayed. Do you think the latter one used the Amiga platform? What satellite did it use to transmit these MPEG files?
Re: TV Guide Channel Emulation Working!
Interesting little tidbit - this video shows the same behavior that I've seen with Ctrl-U (which doesn't always make it unresponsive, sometimes you have to hit it a few times).
Re: TV Guide Channel Emulation Working!
As further evidence to swest's finding that the EPG channel was started way before 1985, check out trademark serial number 73398017 for the Electronic Program Guide (and logo). It was filed in 1982.