NovaSquirrel wrote:
Owlia's password reminds me of tepples's suggestion for an RPG password with its "chapter" and "event flags for chapter" bits.
Yeah, that looks like good advice to me too. I think the really great thing about this is that a lot of different programmers have independently approached this problem over the years and come up with similar solutions. When I first looked into this about 10 years ago there didn't seem to be much information about it at all which is one of the reasons I ended up digging in myself.
I didn't know that homebrewers would eventually pick up the mantle. I wonder how much NES programmers back in the day collaborated?
NovaSquirrel wrote:
I had no idea that it was common for games to include decoy password characters.
I can only speak to what I've seen personally but yes I've seen this in multiple games. One is the
GI Joe NES game which lets you select from a larger set but only uses 16 of the total characters and it changes which subset it uses based on the checksum.
Bavi_H wrote:
I noticed the total number of possible passwords didn't match up to a whole number of bits and wondered how the conversion dealt with that. The decoy characters makes it much simpler!
Yeah, I can only think of one other way to deal with the fractional bits by grouping digits but I've never seen anything that does anything other than just use a subset that is an even number of bits.
Bavi_H wrote:
Did you use FCEUX's debugger during your work? In the two password systems I have analyzed, I did lots of analysis myself first, but eventually used the debugger to help me figure things out.
When I first started I always used the debugger. With experience I am now able to break the simpler systems without examining the code. Owlia didn't try hard to hide the encoding or the key so it was easy to decipher by hand. I couldn't have done it if I haven't already worked with other systems before though.
Bavi_H wrote:
Here's my encoder and decoder for Ufouria's passwords. It uses a method to scramble the password that I didn't completely understand, I just copied the algorithm I saw the code was doing. Also, I remember having problems getting the table of data that it uses for the scrambling method because the right bank wasn't switched in.
Wow, that's a big one! I've seen programs like that for games like Metroid but I've only worked with games that use short single line strings usually 5 to 12 characters. I have a spreadsheet that I use and just keep writing Excel macros to encode and decode as a reverse new games.
Bavi_H wrote:
I figured out how the password system in the Lizard demo works, but didn't write up the details. (I still have the files from when I worked on it, maybe I'll write up some notes sometime.) I remember I had assumed the checksum would be at the end of the password, but it was actually in the middle! Sneaky.
Awesome, post it! From Brad's screenshots looks like he's changed the system in the final version. His kickstarter was before I knew about homebrew so I hope I can snag a copy once he ships.
I don't think there's any particular pattern on this. Gargoyle's Quest for the GameBoy splits the checksum between the front and end. I think it does that so the those characters of the password change more so it creates more apparent randomness to the player.
tepples wrote:
Run a diffusion algorithm on the whole password. This would obscure the relationship between an individual character and an individual part of the state, and it would make invalid money values behave as a stronger checksum.
Yeah, I've wondered about using more modern cryptographic techniques but everything seems to just use simple classical encryption like substitution or transposition. Modern cryptography might be overkill for this application and probably more code on the NES in 6502 assembly. Most of the math for real modern encryption is a little above my head.
tepples wrote:
Use vowels as the decoys, if only so that a valid password can never include well-known obscenities (such as an infamous Metroid password that begins ENGAGE RIDLEY MOTHER.
I didn't know about that. I did know about the one password that works that is somebody's name. I've always thought about that if I ever make a game I'd design the password encoding so that my name would be some super-powered password.