Twilight Zone 9.4BH and ROM hacking

659 views
Skip to first unread message

Fox (Mike) Morrey

unread,
Apr 15, 1999, 3:00:00 AM4/15/99
to
In article <37168838.177211509@wingate>, es...@wms.com says...
> What started out as a fun project no longer is. I am saddened.

Well, as far as I'm concerned, this puts the lid on it. I'm not
'debating' with anyone on it anymore..

Me..
--
-----------------------------------------------------------------------------
http://www.frii.com/~foxtrot/Pinball/cirqus.html -- Cirqus Owner's List!
"Thanks For Cleaning Under The Plastic" - Playfield Artwork on CV
Prowd Owner of a Sample TZ and CV! (And one non-functional spellchecker.)

Ted Estes

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to
I have been hesitant to jump into the fray here, as I'm really not in the mood
for an argument (or even a "friendly" debate).

Let me start out by stating that I have, in the past, hacked ROMs for pinball
games. I can probably claim to be one of the first persons to have created
a simulator for an arcade hardware system. I was running ROMs from early
Bally and Williams games on a 25MHz 80386 in 1990. (Poor thing could barely
simulate that lowly 1MHz 6800 in real time, too.) On the other hand, I didn't
distribute my hacked ROMs. I did the work purely for my own education and
and amusement. (I don't mean to imply that what I did was any less illegal,
though.)

Anyway, there are so many points to touch on here, I'm not quite sure where
to start. I will try to type slowly and use small words so that the one or
two people who haven't "gotten it" yet may possibly understand.

First, some issues on the legality:

- Copying and distributing ROM images of copyrighted software is a violation
of copyright law.

This is pretty simple. I don't have much else to say about this. One is
allowed to make a backup copy of software for archival purposes in case of
the destruction of the original. One cannot distribute this backup copy
without also distributing the original.


- The license agreement that is included with software downloaded from the
Williams Electronics, Inc., website states, in part, "You may not decompile,
reverse engineer, disassemble or otherwise reduce the Software to a human-
perceivable form. You may not modify, network, rent, lease, loan, or create
derivative works based upon the Software in whole or in part."

Pretty hard to argue with that. The only place to have received a copy of
Twilight Zone revision 9.4H is from the WMS website, and one must agree to
the license restriction to do so. Getting a copy from somewhere else just
means that the person distributing it violated the agreement, which does
not nullify any portion of the license agreement as it applies to the person
receiving the ROM image.


- The back cover of the Twilight Zone manual reads, in part, "Because this
game is protected by Federal copyright, trademark, and patent laws,
unauthorized game conversion may be illegal under Federal law."

Hard to argue that the hacked ROM isn't an unauthorized game conversion.


Now, the question of why Williams would be concerned about a hacked ROM has
received much discussion. Let me touch on a few of the major issues here:

- The game still says "Williams" on it, whether it has a hacked ROM inside
or not.

The player has no idea that the software running in that Williams game has
a modified ROM. What if it's buggy and the game keeps crashing? What if
someone has put something offensive in it? What if the game just acts
screwy in some way?

Williams puts a lot of effort into developing fun games that will (one would
hope) earn money for the operator and bring entertainment to the player.
Part of that effort is in trying to maintain a consistent level of quality
and a consistent "feel" for both the operator and player. Williams must
retain control of its software for its games in order to accomplish this.

If you don't think this is much of an issue, you are wrong. Witness the
reactions on rec.games.pinball by some people to new games. "I tried <X>
and it's a tilt-monster!" Now, the more knowledgeable players know that
the tilt setting is an adjustable feature -- it is not game specific.
But what about software acting "whacky"? Have you, gentle reader, ever been
confused by a game and wondered if there were rule changes due to a
different software revision, or even just different operator settings?

Another issue is with licensed titles. Williams has entered into an
agreement with the license holder that specifies, in part, how that property
may be presented in the game. Hacking a game ROM that tampers with the
presentation of the licensed property in any way is an unauthorized use
of that license.


- The unwitting operator who installs a hacked ROM may not be aware that the
ROM is not an official Williams release.

This is not as unlikely as one may think. It's one thing to say that a ROM
hacker will distribute a ROM image with the warning "Use at your own risk."
It's quite another in practice. The person updating his/her game may just
see a new version and say "Oh, this is version 9.6. I have 9.2. I should
upgrade." I've heard tales of helpful patrons burning ROM updates and
giving them to an operator who might otherwise not have updated a game on
location. What if that new ROM image has bugs unwittingly introduced by
the hacker, or -- worse -- malicious code intentionally placed there?

This also becomes a support issue. Technical support people at distributors
and at Williams try to do their best at helping debug games over the phone.
One of the first questions is: "What revision of software are you running?"
If the ROM hacker has not been thoughtful enough, or perhaps not
knowledgeable enough, to change the revision number, the operator may be
running a ROM that reports "9.2" but isn't really "9.2". Something in
the program may be mimicking a hardware problem thus greatly complicating
the debug process.


Regarding Home version ROMs:

- My employer, Williams Electronics Games, Inc., is good enough to tolerate
its software developers working on "Home" versions of games.

This work is not encouraged. It is not officially sanctioned. They are
nice enough to let us do it. They could just as easily forbid it. In order
for me to do a Home version of software, I have to use proprietary
information that belongs to Williams. I use inhouse tools that belong to
Williams. It would be perfectly reasonable for them to prohibit the use of
this information and tools by me for any use other than development of new
games and maintenance of old ones. As soon as Home ROMs become too much
of a bother, then I fully expect my employer to institute a policy that
disallows them.

In the past, home ROMs have been distributed through the "friend of a
friend" network. Not a lot of thought was placed on controlling them, nor
considering the ramifications of having them placed on location. Home ROMs
in general are not tested as carefully as production ROMs. Nor are they as
carefully labeled. (For example, more than one version of Twilight Zone
"H-8" has been distributed. Hey, it wasn't an official release, why change
the revision number?)

In order to stem possible problems with Home ROMs, the policy of making them
"Free Play Only" was instituted. This was to prevent the use of these ROMs
on location, to avoid the problems I've outlined above. (Possibly buggy
software; game acting "whacky" or different; etc.)

I offer another real-world example: I made a special version of Twilight
Zone for a friend of mine. His father had had a stroke, and could only use
one arm. I made a version that controlled all the flippers at once from
either flipper button. One selected the option by holding a flipper button
while starting a game. It doesn't take too much imagination to visualize
the head scratching involved in trying to debug a game on location that had
this ROM installed in it. "Darn game flips all the flippers at once. But
only sometimes!"

The "Free Play Only" policy is a perfectly reasonable control on objections
to un-official software revisions. Those individuals with games at home who
desire pay-for-play are welcome to use an official software version.


Regarding the Twilight Zone Home ROM (9.4H) in particular:

- I was motivated enough to spend a significant amount of time making a new,
semi-major software release for the game.

I won't delve into all the details, but if you'd like to read the story of
how this all came about, I invite you to visit http://gameroommagazine.com
and order the February 1999 issue. The cover story is by me and cronicles
the one-year time span of the project. I fixed a bunch of bugs and added a
handful of new features. Through the help of some dedicated beta testers
I went through 4 or 5 revisions of software to finally produce 9.4H.

When I released 9.4H, I intended to followup with a release of a pay-for-
play version of 9.4. It would have had a few of the home-only features
permanently disabled. I decided to let 9.4H percolate a bit before
releasing 9.4, as I didn't want to have other bug reports come in, and have
to further inconvenience those operators conscientious enough to upgrade
their games by a subsequent release of 9.5. As it turns out, 9.4H has a few
minor bugs that were discovered by the people who upgraded. I have been
(slowly) fixing those bugs in anticipation of a 9.5 release.


Regarding the hacked Twilight Zone ROM (9.4BH):

- The changes made in the hacked ROM amounted to a few dozen bytes. Here is a
summary of the changes:

The most significant change is that the "Free Play Only" restriction was
defeated. This allows the operation of the ROM on location. An operator
who does so without also turning off the "Mute & Pause" feature is going to
be in for a surprise.

The hacker was thoughtful enough to change the revision number from 9.4H to
9.4BH. This is handy for being able to tell that this not an official ROM.

The hacked ROM changes the "Door Spots" adjustment. The old settings values
were:
0 - Spot EB panel when EB earned
1 - Spot 10 million panel when skill shot earned (default setting)
2 - Spot Battle the Power panel when Battle the Power earned
3 - Spot Light Gumball panel when GUM-BALL earned
4 - (undocumented) light door knob on first door award

The new settings are:
0 - no panels spotted
1 - Spot EB panel when EB earned
2 - Spot 10 million panel when skill shot earned (default setting)
3 - Spot Battle the Power panel when Battle the Power earned
4 - Spot Light Gumball panel when GUM-BALL earned
5 - (undocumented) light door knob on first door award

The final change was to modify the "1st EX.BALL RAMP" range setting from
4-12 to 4-32. Interestingly, the range for "2nd EX.BALL RAMPS" is 30-70.
Beats me what happens if you set the 2nd one to happen before the first.
I also don't know how that might interact with the auto-EB percentaging
code.


Regarding a few other odds and ends that have been brought up over the last
few days:

- Writing a Home version ROM is in no way comparable to hacking a few bytes
in the ROM.

While the person who hacked 9.4H went to a lot of effort to find the places
to change to make the above modifications, the end result is trivial
compared to the changes I implemented in going from 9.2 to 9.4H. While
anything is possible, I sincerely doubt that anyone would go through the
trouble of trying to implement anything as significant as I did by hacking
on the ROM.

Also note that I introduced lots of bugs along the way. I was working with
source code and a debugger. I wasn't reverse engineering and changing bytes
in the ROM. I was working on source code of which I wrote a significant
portion. Let me repeat my point to drive it home for the one or two of you
who missed it: I introduced bugs.

Anyone who suggests that a ROM hacker can replace a motivated developer
using the tools I had at my disposal has no clue about the work involved.


- "WPC is old news, why not release the source code?" Just because software is
old, doesn't mean it is no longer valuable.

I can hardly fathom the call for releasing the source code to old games
for general consumption. The source code embodies 20 years of knowledge
about embedded systems, coin operated games, and pinball machines. Ever
hear of trade secrets? Do you even comprehend the meaning of "intellectual
property"? A change of hardware, microprocessor, or programming language
doesn't invalidate an algorithm.

Putting that aside, Williams certainly doesn't need dozens of homebrew
software packages running on their hardware in the field. What a PR and
support nightmare!

I fail to see the business sense in this action, no matter how I try to
evaluate it. For example, what if someone reprogrammed an old game in a
way to give it new "legs" on location? How would that help Willliams?
It would only possibly delay that operator's decision to buy new product.


And, finally, my personal feelings on the subject:

I put a lot of conscientious effort in making the Twilight Zone Home ROM. I
fielded suggestions from rec.games.pinball, and implemented quite a few of
them. I took great pains to test and debug the release. I released the
"Free Play Only" software first to avoid problems with someone operating a
game with bugs I may have missed during testing.

Someone took that result of my efforts and disabled the "Free Play Only"
safeguard, implemented another couple of small changes (that I might have
put in myself, had I been asked nicely), and then distributed the result on
the Internet.

What started out as a fun project no longer is. I am saddened.

Ted Estes
Williams Electronics Games, Inc.

(This is my only public statement on this matter. I have tried to include in
this statement what I believe to be the policy of Williams Electronics Games,
Inc. at the moment of this writing. I am not a lawyer. If you have some
questions about the legality of copying, reverse-engineering, and/or modifying
software please consult your lawyer. If you have questions about the Software
License Agreement from Williams, I can put you in touch with the WMS Legal
Department. If you followup to this post, please do not quote me out of
context. If you would like to contact me, please mail to es...@wms.com)
--
"If hard data were the filtering criterion you could fit the
entire contents of the Internet on a floppy disk." -- Cecil Adams

Starwriter

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to
Very well written. Thank you for taking the time to address this issue. In
this disposable age, so many manufacturers have the attitude that once a
new model is released, their ONLY care is selling the current model, and
hoping the previous models die a horrible death. Detroit automobiles are an
excellent example this. I know. I took more pride in fixing them than the
big 3 took in building them. Thank you for your continued support, and all
that you have created for the good of the comercial pinball industry, as
well as the enjoyment of the casual collector.


Bill A

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to

Ted Estes wrote in message <37168838.177211509@wingate>...
>I have been hesitant to jump into the fray here...

Ted, would you consider a new thread for those of us interested in how
firmware development is done at Williams, without getting into trade secrets
and proprietary information?

For instance, the tools that are used both for older machines and now the
new ones: Is it all in 100% assembler (or is any of it done in C) and using
which tools? How is debugging done (your favorite in-circuit emulator or
debugger)? Is simulation used? Is profiling done (performance analysis) and
if so how? Is a real-time operating system used? How are switch presses
and video events queued? With multi-ball, what must be done to keep up with
all of the play activity? Are there times when switch closures can be
missed because of this? Is any new development with 8-bit CPU's continuing?
What are your feelings about having a system with 3 or 4 8-bit CPUs running
together versus a single MediaGX doing all the work in the 2000 model?

Maybe others have questions they've always wanted to ask a developer.

Thanks for reading!
Bill

LRosent345

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to
In article <37168838.177211509@wingate>, es...@wms.com (Ted Estes) writes:

>Ted Estes
>Williams Electronics Games, Inc.

Ted,

Thank you very much for taking the time to reply to the group. I thought your
comments were appropriate and I for one am very grateful to hear how you feel
about these issues. I am also very grateful for all the work you have done for
pinball, both at Williams for which you are paid, and one the side which I
assume you do for the love of thre game. I respect your feeling on this issue
and while I cannot stop people from doing what they do, I will certainly do
everything I can to discourage them.

Thanks again.

Larry

Bernice Hicks

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to
Ted,

Thank you for taking the time to write such a detailed post. As a collector, I am
extremely disappointed that someone would be in such clear violation of both the
license agreement and the intent of your work. I hope the hacker in question and
anyone else dumb enough to try the same understand what a valuable resource they
put at risk. To others on r.g.p. - imagine what a loss it would be to loose all
the ROM update information that WMS so graciously makes available on their site to
the hobbyist community. To many, pinball is a business, to some a hobby. To
most reading this, pinball is pure joy, triggering countless wonderful memories.
It's a crime (pun intended) that some joker has soured you on this whole effort and
tarnished that joy for you. From those of us that appreciate what you continue to
do for the pinball community - thanks.

(For those that don't appreciate what Ted and other at Williams have done for the
pinball and our hobby - go fly a kite. Pinball doesn't need you.)

Jim Hicks

Clive Jones

unread,
Apr 16, 1999, 3:00:00 AM4/16/99
to
In article <37168838.177211509@wingate>, Ted Estes <es...@wms.com>
writes

<Code issues snipped>

>And, finally, my personal feelings on the subject:
>
> I put a lot of conscientious effort in making the Twilight Zone Home ROM. I
> fielded suggestions from rec.games.pinball, and implemented quite a few of
> them. I took great pains to test and debug the release. I released the
> "Free Play Only" software first to avoid problems with someone operating a
> game with bugs I may have missed during testing.
>
> Someone took that result of my efforts and disabled the "Free Play Only"
> safeguard, implemented another couple of small changes (that I might have
> put in myself, had I been asked nicely), and then distributed the result on
> the Internet.
>
> What started out as a fun project no longer is. I am saddened.
>

Well, pop my stack!

I'm not around here much anymore, but is this the Ted I/we used to know?
Obviously this is "not an ordinary day."

Come on Ted, don't let the project go just because some person decides
to change a few flags in your code. Fight back man, it's your code, it's
your project - don't give in and feel cheated. It's your name on the
playfield and your name on the DMD. (Okay, this isn't all that clever if
the hacker didn't have the decency to remove the programming credits on
the DMD and WMS individuals like yourself take a hit for possible buggy
code as a result.)

Look on the positive side - someone was significantly impressed enough
to take your code and modify it (I use the term "modify" in the loosest
possible sense). If need be, place a disclaimer regarding this hacked
release on the web site. But *don't* give up man.

Did I tell you about the time an extremely shady past manager of mine
took the credit for *two* of my projects? He finally came unstuck, much
to my pleasure, but I digress... (Theres's a moral in there somewhere.)

Come on Ted, I've got $8.00 in my wallet from my last trip over there,
with your name on them. (I'd make it $10 but the banks are closed now.)


LDAA $8
STAA T_ESTES


Chin up old boy.


Clive (RTI. Normal RGP processing now continues...)

el...@hal.com

unread,
Apr 17, 1999, 3:00:00 AM4/17/99
to
Hi Ted and others
When I proposed a pinball writers tool for old Bally machines,
I made it clear that I would not disassemble or look at any of the ROMs
used to run these machines. I feel that there would be no conflict
using this method. There is always the issue of someone modifying
code and as you say, someone else thinking that because it was
a Bally machine that somehow Bally was at fault by association.
This is why, I also chose to work with older machines, that for
the most part are in the hands of enthusiast and not used for commercial
use. I recieved several emails from people requesting tweeks
to the code in particular machines. I made it clear that I would
respect the copyrights in what I was doing and write code from
scratch. It also means that the individual would have to devise
their own play stratagy from scratch as well. This would be for
a complete game, not modification or tweeking of a current game.
There will be no disassembler or code viewer part of the tool.
The intent is to add a little flavor to older plays. Things
like timers and combination game and ball rewards come to mind.
Anyone purposely damaging the reputation of some manufacture
would be a rare person. They would have to first be mature enough
to understand how to create a game stratagy, have access to
current commercial machines and be malicious enough to help
destroy a source of enjoyment to them selves. I'm not saying that
this type doesn't exist, just that they are quite rare.
With the tool I am writing, there would be nothing to keep the
user from purposely writing code that would take coins and also
have bugs in it. Although there is some potential for misuse
of Willians/Bally resourses or reputation, it can't be anything
compared to the vast reputation good and bad that they already
have. Unlike aircraft, I don't believe they maintain responsibilty
for the operation or maintance for 15 year old machines.
I do believe that the concept of trade secrets on these old
machines to be wishful thinking for anyone at Williams/Bally,
except maybe some lawyer. Surely, any competitor with half an
ounce of programming and engineering could duplicate the operation
of these machines. Still if I were Williams/Bally, I would not
consider releasing original source code my self. They have copyright
on this information and have the right to keep it.
The real value in these machines is the art and thought that
goes into the playfield and the play action. The programming is
truely a mechanical factor to anyone with a little sense. I
say this, knowing that a game programmer might think differently.
An embedded processor is an embedded processor. They have the
right to protect the art. Don't cry when they defend that.
I hope that anyone who has the knowldge level needed to hack
the machines code will respond as I have. If you really have
the knowldge level to hack the code, you'll also have the
level needed to roll your own. Leave their code alone, you
don't need it.
Still writing code for older machines is about like modifying
an engine in an older car, if you sell it or loan it out, you have
the obligation of notifying that person. I think it is great
that Williams/Bally has found it in their hearts to allow down
load of code to restore these older machines, I don't think
people should try to stretch that welcome too far.
Dwight

-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own

Reply all
Reply to author
Forward
0 new messages