Tech News
← Back to articles

RoboCop – Breaking the Law. H0ffman Cracks RoboCop Arcade from DataEast

2025-12-27 | original
read original related products more articles

It’s time to take down the future of law enforcement. Following on from my discovery that RoboCop arcade has bootleg protection, see here , I decided it would be fun to crack it.

TL;DR – RoboCop uses a separate HuC6280 CPU as it’s copy protection. The CPU is a variant of the very common 6502 and could be found in the PC Engine console. I’m assuming this was chosen because it wasn’t something you could get off the shelf, like a 68000 or a 6502, so would make replica PCBs a lot more difficult.

So far I’d discovered some wait loops, an obfuscated jump table execution and two functions which dumped a large chunk of data to the sub CPU and read it back later. That last bit I was unsure of but rather than digging too deep, I decided just to patch it out everything I’d found so far and see how the game reacted.

The two CPUs have a shared RAM chip totalling 4kb in size. On the 68000 it’s mapped to address $180000. Thankfully within my disassembly I’ve managed to map that out and found all references to that address space. Based on the references I labelled up the addresses with my best guesses.

Now it should just be a case of patching out anything which points to this memory space.

Startup

To kick things off, the 68000 clears the shared RAM and fills it with a payload. Once the data is in place, it fires a signal to the HuC6280 that it needs to process it and awaits confirmation. If there’s no HuC6280 on your bootleg PCB, then this will get stuck looping forever.

To patch it, we simply put an RTS instruction at $1c8 which ensures calls to this function is disabled. Just for good measure I also apply RTS to the ClearProtectRam and FillProtectRam functions in case there’s some obfuscated call hiding somewhere else.

Hunting for further references to IO_ProtectReq1 I find another busy wait. This one occurs if the 68000 is reset or it hits an exception. It’s a slightly different value being passed it which I think might force the HuC6280 to reset or similar.

Another simple patch. Just apply NOP instructions over the move, cmp and bne instructions.

... continue reading

Related:
January's PS Plus Monthly Games include Need for Speed Unbound and Disney Epic Mickey: Rebrushed
Investors predict AI is coming for labor in 2026
2026: The Year of Java in the Terminal
2026: The Year of Java in the Terminal?
Scaffolding to Superhuman: How Curriculum Learning Solved 2048 and Tetris

© 2025 GoKawiil