WEBVTT

00:00.000 --> 00:17.680
All right, hello, welcome to air correction for Dragon Quest past races.

00:17.680 --> 00:21.440
I almost canceled this talk because I'm recovering from the flu.

00:21.440 --> 00:24.920
So my voice is, I'm not sure if everyone can hear me from the back.

00:24.920 --> 00:28.160
I'm going to do my best to try and speak up.

00:28.400 --> 00:29.840
Yeah, we'll see.

00:29.840 --> 00:39.680
So first of all, let me just start and set up the stage because I'm not sure if everyone here is aware of what a Dragon Quest past races.

00:39.680 --> 00:45.680
Dragon Quest is a game that was released in 1986 in Japan for the family computer.

00:45.680 --> 00:51.760
This is a console that does not have a save function built in.

00:51.760 --> 00:58.080
In this game, you walk around the world, fighting monsters to level up your character until you become strong

00:58.160 --> 01:00.560
enough to save the world.

01:00.560 --> 01:07.120
And you save you have to go back to the initial area in the game, speak to the king who will give you a

01:07.120 --> 01:13.200
spell of resurrection or cutscene or doom on, which is a bunch of gibberish, basically.

01:13.200 --> 01:18.560
Random Japanese, here I got our characters, 20 of them in the first game.

01:18.560 --> 01:22.240
Of course, you'll write to those characters in your trusty notebook.

01:22.240 --> 01:26.160
And when you come back to the game at the later time, you come into the save,

01:26.160 --> 01:37.920
ask the load screen and you will enter your pass race back into the game to restore your save.

01:37.920 --> 01:46.560
Of course, if everything goes well, but sometimes things go wrong and you may encounter

01:46.560 --> 01:53.200
this screen, which is where the password is wrong, either you wrote it wrong or you just

01:53.280 --> 01:58.160
entered it wrong on the load screen and it won't let you save or load your game again.

01:59.040 --> 02:04.560
So in this case, this happened to me, this happened to millions of Japanese children back in the

02:04.560 --> 02:11.680
day, unfortunately. So it happened to me a couple of times and I thought, well, surely there

02:11.680 --> 02:18.480
has to be a way that we can analyze this wrong pass race and be able to restore it to substitute

02:18.560 --> 02:24.160
the characters and find out where it was transcribed wrong. And thankfully, yes, it is possible

02:24.160 --> 02:29.840
and I managed to do it and I'll show you. So first of all, we have to see what makes up this

02:29.840 --> 02:37.120
pass race, how is it constructed and how do we decode it? So this is, these pass races are composed

02:37.120 --> 02:44.160
like I said, of 20, here I got a carcass, there are 120 bits of data here, they are encoded into

02:44.160 --> 02:49.840
six-bit characters, it's a subset of the alphabet in Japanese, it contains information like the

02:49.840 --> 02:56.960
player's name, stats, the inventory, some event flags, there's a three-bit encryption key that's

02:56.960 --> 03:02.800
just a randomizer and there's an eight-bit check-up which is helpful for restoring the correct

03:02.800 --> 03:10.000
values. I'm not going to go too deep into the actual technical details of decoding since it's a

03:10.000 --> 03:16.560
little bit convoluted and we don't have a lot of time but we would first convert those characters

03:16.560 --> 03:23.760
into their indices as seen in this table, then taking those bytes, those encrypted bytes,

03:23.760 --> 03:30.080
this have to be decrypted in this algorithm that you see here. So you can see that I'm doing

03:30.080 --> 03:38.400
some very serious work because there's a lot of complicated rascode on this page. And once those

03:38.480 --> 03:46.160
byte values are decrypted, they can be repacked into bytes and yield the decrypted and decoded

03:46.160 --> 03:53.280
spell and this is how, so there's also, this is where the check-up can be checked to compare it to

03:53.280 --> 04:00.560
the remainder of the byte sequence that you get in the output. And once everything is decrypted and

04:00.560 --> 04:07.600
decoded, this is how basically the values that are saved in the game are laid out and as you can

04:07.600 --> 04:11.760
see, it's not like you have sequentially printed player name and then the player inventory,

04:11.760 --> 04:18.160
et cetera, et cetera. All those values are kind of broken up into individual bytes or even

04:18.160 --> 04:23.280
if you bits at a time and then they are kind of spread out all over the sequence which is also

04:23.280 --> 04:27.680
helpful because it means that if there's an error in a character in the middle of the sequence,

04:27.680 --> 04:35.440
it's going to affect many different pieces of data. So it makes it easier to tell what the correct

04:35.600 --> 04:43.680
sequence is. So now to correct an error in the passphrase, the way that we operate is that

04:43.680 --> 04:48.800
we take the error passphrase that the one that doesn't go through, substitute every single

04:48.800 --> 04:54.320
character with every other possible character that could go in its place and then we try to decrypt

04:54.320 --> 04:59.600
and decode it and if there checks some matches, then it is valid passphrase and it will become

04:59.680 --> 05:07.360
a candidate that we can list out to the user and this is what it looks like without any restrictions.

05:07.360 --> 05:13.600
I just took like a random passphrase that I found online, substituted one character and I passed

05:13.600 --> 05:18.880
it through to my program and here you can see there are two possible substitutions of

05:18.880 --> 05:24.480
characters that yield valid passphrases and there's a few different so obviously this is all

05:24.480 --> 05:30.160
on Japanese so I'm sure it's going to be hard to understand but here's a few differences here

05:30.160 --> 05:35.600
in the equipment and also in the player name that can be used to identify which one is the correct

05:35.600 --> 05:42.640
one and it's in fact the top one not that this matters here but yeah so it could be the number

05:42.640 --> 05:50.160
of valid substitutions is not typically high but it can range from one to six or something and

05:50.160 --> 05:57.200
then unfortunately it didn't stop here in 1987 Dragon Quest 2 came out it also did not come with a

05:57.200 --> 06:04.720
save function and unfortunately it's not just a little bit larger than Dragon Quest 1 it's about

06:04.720 --> 06:11.360
three times larger it has three player characters it has more variable game state it has a larger

06:11.360 --> 06:19.200
alphabet and some more characters that you can use for encoding and that means the passwords are

06:19.280 --> 06:28.000
52 characters long which is very annoying to type in and also much more annoying to transcribe

06:28.000 --> 06:35.360
in your little notebook and it makes you much more likely to make mistakes so it's also a little bit

06:35.360 --> 06:41.760
more convoluted the way that it's the data is encoded you can have bits that are or aren't added

06:41.760 --> 06:47.280
like in the middle of the stream depending on whether or not your inventories full very very strange

06:47.360 --> 06:54.640
stuff thankfully it was documented in this the basic the issue of June 1987

06:55.360 --> 07:00.560
I don't have this issue but I found I managed to find some information based on that magazine

07:00.560 --> 07:07.120
online so this is how I was able to do the the coding and the encryption portion of my program

07:07.120 --> 07:14.400
for Dragon Quest 2 now and because there's so many more characters there's also more possible

07:14.480 --> 07:20.560
substitutions and that means the number of valid passbraces that can be corrected from the

07:20.560 --> 07:28.480
error to one is also larger so we have to find a way to restrict the results that we have one

07:28.480 --> 07:34.000
easy way to do this is we know what the player's name is gonna be so you can just pass it into the

07:34.000 --> 07:39.440
program and whenever the player name is decoded if it's not the right one then we can just

07:39.440 --> 07:45.440
eliminate that result from the pool there's also some other kind of easy to remember

07:45.440 --> 07:52.560
properties like some event flags that can be set just to make sure that you know so obvious

07:52.560 --> 07:59.120
obviously wrong passbraces are not included and then we can also filter some substitutions

07:59.120 --> 08:06.240
that you'll invalid value so for example you have some 16 bit values like your gold or experience

08:06.400 --> 08:14.400
that in fact in game the you know logical maximum is below the limit of 16 bit value so

08:14.400 --> 08:21.040
we can easily tell that if we are between like 10,000 and 16,000 then it's not going to be

08:21.040 --> 08:27.440
an actual valid passbrace on this the player cheated so those are some ways that we can

08:27.440 --> 08:33.680
limit the number of results that we have and this is one example this is another passbrace

08:33.680 --> 08:41.360
which looks like it might you know be bullshit but it's a real one it works and so I took that

08:41.360 --> 08:49.520
and I did a replace a random character and I fixed the name in the input arguments and there's

08:49.520 --> 08:55.360
only one valid substitution which is a correct one of course so that's an example of how to use

08:55.360 --> 09:00.880
this program which is called rejuven and if you want to take a look at the source code if you want to

09:00.880 --> 09:05.600
play dragon quest one or two in Japanese for the family computer it's something you're worried

09:06.800 --> 09:11.600
you don't have to be worried about you know mistranscriptions anymore you can be protected by

09:11.600 --> 09:16.080
rejuven here so thank you very much