Pyriel

April 19th, 2009
Lazy Bastard: Aside from hacking many great codes, you created OmniConvert. What was your inspiration for doing this?

Pyriel:  Need.  OmniConvert grew out of MAXConvert, which came about because of MAXCrypt.

After seeing how the Action Replay Max codes were structured, it was pretty obvious that manual conversions would be tedious, and that most code users would not be willing to do manual conversions, period.  I wound up coding MAXConvert more out of curiosity than anything.  Another hacker had been working on it, and I had given him some of my crypt routines for other devices.  After a few months, there was no tool, despite a lot of chatter and apparent work, and I became curious as to just how difficult it could possibly be.  So I took a few hours one night, looked at the code types, and produced a quick and dirty routine to reject all the incompatible types and to convert the simplest types.  After that, it seemed like it would be a waste of effort not to put it all together.  I spent a few weeks working through the finer points, pulling together code, and getting it all to work together.  Once I had a working tool, I showed it to GMO and a few others.  I was reluctant to release it at first--I did not want to step on the other guy's toes--but GMO convinced me.  That led to MAXConvert version 0.5 being released, with apologies to the other coder.

About a year later, MadCatz started using one of the additional encryption keys hidden in the GameShark/Xploder software.  I suspect someone took a look at the MAXConvert source, and discovered that it only handled one key.  (I do like to pretend that it took them so long because they failed to notice it was open source and had to reverse engineer the software to find the deficiency.)  I had done maintenance releases up until that point, but that resulted in me spending four or five days reversing the additional algorithms.  Shortly thereafter, GameShark started using the only algorithm I had not put into the tool, which led to some backlash from their users.  It was absent from MAXConvert because the GameShark itself did not contain the decryption algorithm, and could not use the codes.

At the beginning of 2008, I decided to update MAXConvert to include the CodeBreaker version 7 encryption.  It had been about two years since the last release.  I had been waiting because both tools, CB2Crypt and MAXConvert are open source, and I was sure somebody else would take the initiative and merge the two.  When no one stepped up, I decided to do it myself.  To make the project interesting, I decided to make it also create single-game code save files (.cbc, .p2m, etc.) for popular devices.  The project essentially turned into a complete rewrite, and I wound up incorporating a lot of new features and improvements.  Quite a few of them are things that will never be known unless you compare the source of both tools.



Lazy Bastard: What is your favorite code/hack that you hacked?

Pyriel:  I think my favorites would have to be the Super Modifiers for Disgaea 2.  They are not the most difficult codes I ever hacked, but I thought they were fairly elegant.  You can place the cursor on any item, skill, or specialist and modify it and its attributes with a few button presses.



Lazy Bastard: What is your favorite code/hack of all time?

Pyriel:  Anything that circumvents protection is high on my list.  These codes are wallflowers to most people, but they are some of the most difficult things to come up with.  The Valkyrie Profile game, Star Ocean, games that use checksums and hashes and clock checks to constantly block cheating; the codes that work around protection on games like that are difficult and tedious to hack, and very rarely get the credit due them after the codes have been out for about a week.



Lazy Bastard: Who would you say influenced you the most in the video game hacking scene? Who did you 'look up to' when you first entered the scene? (doesn't have to be the same person for both)

Pyriel:  Initially, I think GMO influenced me the most.  He was pretty prolific, and produced quite a few guides.  They left out some of the intricacies, but I would have had a hard time finding a place to start without them.  I started console hacking on the PS2, which was not the simplest system to cut your teeth on.  At the time, I think PS2Dev.org was nonexistent, so information was scattered and spotty.  Any little bit of technical information, undetailed or not, was helpful.

I looked up to Nachbrenner when I first started, even though I have never spoken to him.  He knew what he was doing, and seemed to have worked quite a bit out in a relative vacuum.  I found that impressive.



Lazy Bastard: What was your first code/hack?

Pyriel:  I hardly remember.  It was for Suikoden III.  Beyond that, it could have been an item modifier, a skill modifier, etc.  Who knows any more.  I can tell you it was exceedingly simple by my standards now, though.



Lazy Bastard: What do you think is the most difficult type of code/hack to hack, and why?

Pyriel:  That is a tough one.  Any code can be difficult if the developers have worked hard enough to make it so.  In general, I would say protection circumvention is generally difficult to accomplish.  If the developers have taken the time and trouble to protect the game from cheating, then you already know life is going to be difficult while you hack that game.  Provided the protection is something other than laughable, that is.  I ran into one game that "encrypted" its persistent (save) data segment by XORing every byte with 0x1F or something ridiculous like that.  You can hardly call that protection.  Genuine and devilish tricks to block cheating can be a pain, though.

Hackers can be lazy bastards, too.  Nippon Ichi games checksum their data segments when loaded.  It can sometimes be tricky to get around, but it is generally relatively trivial.  It takes a few hours, perhaps, to circumvent the protection the first time (without a trainer).  Since they typically use the same check with a few minor modifications in all their games, it becomes much easier to locate and disable subsequently.  Nevertheless, Datel and MadCatz still resort to putting button activators on all their codes to bypass the checksum by forcing the user to punch random buttons for infinite money, etc.  With a trainer, it would probably take fifteen minutes, tops, to find and disable the check.



Lazy Bastard: What is your favorite type of code/hack?

Pyriel:  I like the complex subroutines.  Anything that breaks away from the game's programming to create some complex or highly customizable set of effects is endlessly amusing to me.



Lazy Bastard: What is your least favorite aspect of hacking?

Pyriel:  Top of the list would be how time-consuming it can be.  However, I am obsessive about solving puzzles, so others might find it eats up less of their time.



Lazy Bastard: Which game did you find the most fun to hack, and why?

Pyriel:  I am tempted to say Nippon Ichi games in general, but they are too easy.  The games' executables are not labeled or anything like that, but the coding style often makes hacking somewhat effortless.  I would have to say Suikoden III.  It was the first game I ever hacked.  The thrill was still there, and I spent quite a bit of time learning on it.  I think I eventually employed almost every technique I ever devised on it, and I have revisited it multiple times over the years.



Lazy Bastard: Did you ever hack an awesome code, or find an address in memory that would've yielded an awesome code, but then lost it somehow?

Pyriel:  All the time.  I used to post at CMGSCCC a lot, and the webmaster often forgets to back up the board database.  I lost quite a few codes to crashes there, combined with thoughtlessly reformatting the drive on my laptop.  Some of them may have been on memory cards I misplaced or cleaned up as well.



Lazy Bastard: What was the most difficult, 'hair-pulling' hack you've ever accomplished?

Pyriel:  Probably the encryption on the P2M files for the GameShark.  I messed up one line of code somewhere, and it resulted in the seed table being scrambled improperly, but only once every thousand or so times.  The damage only became apparent when you created a file of sufficient size, and even then it might only affect ten bytes or so out of several kilobytes.  It took me forever to chase down that bug.

As far as codes go, I really have trouble remembering.  Possibly the protection and indirection on Sega Genesis Collection.  Nobody else who had tried could get that game to allow codes without it throwing up an error screen and halting the game.  I eventually managed to circumvent that and devised a method that could be applied to all the Genesis games it could load, but each one of them was structured slightly differently, and you had to find a stable, usable pointer before any codes at all would work.  Then I had to learn Motorola 68K assembly (emulation framework) for some things, and was mystified by the game programmers' using BCD data in some places.  It was screwy.



Lazy Bastard: Was there ever a code you just couldn't get to work quite correctly (something you hacked/attempted to hack)?

Pyriel:  Yeah.  My biggest hair-puller of this sort was the Live Memory Card Dump Code.  I was working on Suikoden IV at the time, and it loaded large amounts of code from compressed files on the DVD.  I had a way of getting small amounts of data to dump, but I was finding it tedious.  So, I decided to try writing a code to call the memory card routines and write a file when a specific combination of buttons was pressed.  I had the code mostly working.  It did everything it was supposed to do, except it did not work.  I added error-code displays to it, but the error codes are not exactly well-documented for unlicensed peons, so that helped very little.  Eventually, I had to go away on business, and set it aside for a few weeks.

When I returned, I found that someone I had described the idea to had taken it to someone else who had gotten it working for some games.  What had been produced was virtually identical to what I had done, but still did not work on Suikoden IV.  I cannot recall the details, but something about the state of the hardware and something the game was doing made it impossible for this simple process to work correctly.  I imagine this is the reason some games just will not work with the live dump code.

If I had switched games, I probably would have discovered my code worked as well as it could.  I would have saved myself several weeks of mulling over it when my mind was not otherwise occupied.  I also would not have been beaten to the punch by someone who unceremoniously borrowed my idea, but such is life.



Lazy Bastard: Aside from hacking and gaming, how do you like to spend your time?

Pyriel:  My day job is in IT.  I also volunteer with, and am occasionally employed by local, live theaters.  I volunteer as often as I can with any group that can give me work that does not involve a desk (Habitat for Humanity, hurricane clean-up).  I take classes whenever my work schedule permits.  Sooner or later I will probably have a degree in everything interesting to me, though it will probably take until I reach 80.  I read; I mess about on the guitar; I drink and rag on my friends; and I occasionally play golf because everyone else in my family is into it.



Lazy Bastard: What do you think must happen for the video game hacking scene to continue to thrive?

Pyriel:  My interest in video games has been steadily declining, and I have not given this a lot of thought.  The main thing is that the protection on the current generation of consoles, and any future generations must be overcome.  Without the ability to load unsigned and unlicensed software, hacking will simply die off on consoles.  Eventually it will be restricted to PC games and emulators, and that would be pretty boring.



Lazy Bastard: One last question: if you had one thing to say to current, aspiring, and future hackers, what would it be?

Pyriel:  Hopefully the current hackers have learned this already, but to everyone else:  Do not be afraid to break stuff.  This is something I eventually tell everyone who asks me how to hack.  Hacking is not about conceiving your ultimate goal, and achieving it straight away, no matter how good or experienced you are.  You have to experiment.  You have to break things.  This is software (typically), so you will not being doing any permanent damage.

"Hacking" is a process whereby you incrementally discover more facts about what you are attempting to modify, emulate, what have you.  It is not a cookie-cutter process you can follow to get exactly what you want in some arbitrary number of steps.  Your immediate goal is always to establish at least one more fact, and eventually the accumulation will permit you to do exactly what you want to the game, or whatever you happen to be hacking.

As you work, you will probably find that you learn more by failing, and by breaking things, whether inadvertently or deliberately, than you do by succeeding.  I could provide an example of what I am talking about, but I hate to get mired in that.  This is the sort of concept that is hard to teach.  It is a way of thinking and reasoning.  It is applying the scientific method, if you will.