Video game password
A video game password is a series of characters or symbols which store a portion of a game's state (i.e., the player's progress in a game). This usually includes the level a player has reached in the game, but may also consist of other attributes like the character's statistics and items, major events in the game's plot, and so forth. Passwords are used in games which require a save feature, but don't have access to permanent storage. Using a password involves the game encoding a portion of the player's progress into a series of characters, displaying those characters to the player so they can record the password, and, finally, the player entering the password back into the game at the start of their next session. Passwords are usually encrypted and make use of error detection to prevent copying mistakes and tampering.
A video game password is not the same as a security password which grants users access to private information, although, there is some overlap in their function since video game passwords allow a player to access areas of a game that aren't initially available.
Contents
Personal
I first started seeing passwords in video games on the NES in the late 1980s from games like Mike Tyson's Punch-Out!!, Mega Man II, and Gauntlet. While I liked the fact that they allowed me to continue my game, I hated having to painstakingly enter them, and remember getting very frustrated when I realized I had written down a password incorrectly, and, with no way to know which characters were wrong, lost all of my progress. I remember being especially annoyed with the massive password in River City Ransom, which had the longest password of any game I knew. I didn't understand at the time that, the more information you wanted to store about a game's state, the more complicated the password has to be. Because of this, I preferred games which had battery save states, and even saw a battery save as a mark of quality compared to inferior password games.
Since all of the computers I owned or used had hard drives or disk drives, I saw passwords solely as a console problem. However, I would occasionally play a computer game which used a password, but they were always the kind that only gave you access to a new level, not the kind which store entire save games.
History
Video game passwords were created as a workaround of the technical limitations of video game platforms from the early 1980s and prior which didn't have a guaranteed way to save information; consoles hadn't yet introduced battery-powered RAM in their cartridges and most 8-bit computers were sold without built-in storage. Permanent storage was available in the form of optional peripherals like cassette recorders and diskette drives, primarily for home computers, though some consoles had them as well, but game designers couldn't rely on every user owning one. So, the problem of being able to save a player's progress in a game was, at the time, solved with passwords. One of the first games to use a password system was The Pharaoh's Curse in 1983.
Because the length and complexity of a password is directly relational to the amount of game data stored in it, and, developers kept wanting to save more and more information about their games, they quickly realized that passwords were not a feasible solution. Games like River City Ransom and Swords and Serpents have long cumbersome passwords that players often complained about, and they would only get longer as games became more complex. So engineers looked for other ways to solve this problem. Due to the differences in hardware, computers and consoles took separate approaches.
As computers moved into the 16-bit realm in the mid-1980s, permanent storage became more commonplace. The vast majority of computers being sold by 1990 included a disk drive or hard drive, so developers took permanent storage as a given and saved to disk. This also afforded computer game developers an abundance of space and their save games often included most of the game state allowing there to be a rather seamless transition between play sessions. There were still a few games which used passwords even into the 1990s, Lemmings for example, but these were typically used for bypassing levels, not for storing game states.
Some console manufacturers offered cassette and diskette peripherals, but these were never successful, so the predominant storage method in the 1980s was to attach a long-lasting battery to an area of the game's volatile RAM to keep it powered even when the game was not running, but this solution had two big disadvantages. First, adding batteries to ROM cartridges was expensive to manufacture, and second, the amount of space available was quite limited. Still, it was much easier to work with than passwords.
By the late-1990s, most home consoles were using removable memory cards for save game storage, and games designed for home consoles stopped using passwords. The final hold out platforms were portable consoles which still weren't using memory cards even into the 2000s, and frugal game developers continued to use passwords instead of opting for the more expensive batteries. However, the release of the Nintendo DS and PlayStation Portable in the mid-2000s set a new standard by both natively supporting removable memory cards. To compete, subsequent portable platforms also included memory cards, and passwords were finally rendered completely obsolete. Although games are still being made which use passwords, they are usually retro games made for discontinued consoles or unnecessarily added to games for nostalgic purposes.
Usage
Deciding to use passwords
Today, game developers for pretty much all platforms have copious amounts of permanent storage at their disposal, so there is no need to even consider passwords, but, during their heyday, it was a serious question developers needed to address. Some games just don't really benefit from a password, like Pong or Space Invaders, but there are still plenty of games where a password would be a nice selling point. Before implementing a password system into a video game, designers probably weighed the pros and cons.
Cons include:
- Programming a password system requires technical resources which could be better spent on improving the game elsewhere.
- The amount of data you can save in a password is extremely limited.
- Players hate having to enter passwords.
Pros include:
- A limited save feature is better than none.
- Passwords work on every base system and don't require optional peripherals.
- It's cheaper to manufacture a game with a password than a battery.
If the designer does choose to use a password system for storing save game information, they then have a number of different options.
When to display passwords
Games which use passwords almost always display them at a game over or continue screen, but they sometimes allow a player to view there password at any time as part of a menu screen. This is convenient because players sometimes need to end their gaming session in the middle of play and it's a chore to have to purposely force a game over, especially if doing so would negatively affect their password.
Types of passwords
There are two clear categories of passwords: premade and generated. Premade passwords are those where the game stores a premade set of passwords internally in a lookup table. This can be seen with a game like Krusty's Super Fun House where passwords includes words such as BARTMAN, SKINNER, and MILHOUSE. This type of password serves as a gatekeeper to take the player to a certain level, similar to a magic word. Sometimes games will also include hidden passwords in this way for debugging purposes or an Easter egg. Premade passwords are very easy to program, and were the first to be used by game developers, but they're not very useful because there isn't any actual data encoded in the password. Also, since you have to store the passwords in the game, they can take up a large percentage of the game's space if you need a lot of them.
Krusty's Super Fun House uses premade passwords.
As does Marvel Land.
The second type of passwords are those which are generated. This type actually stores information in the password using an algorithm. Generated passwords are used in games like Metroid and Castlevania II: Simon's Quest. Because these passwords have to store information, they are usually longer and more complicated than premade passwords, and they're typically encrypted and include error detection. This makes them much harder to implement, but also much more useful, as a competent programmer can store much more game information in them. And, since they're generated, the game doesn't have to actually store any of the passwords. Because they are a jumbled mess of characters, they could more accurately be described as a pass "code" rather than a pass "word."
Entering a password in Metroid.
Entering a password in Castlevania II: Simon's Quest.
River City Ransom has obnoxiously long passwords.
Generated passwords can get fairly long, but sometimes they're short because they function just like a premade password, storing only a level number. Games like Adventures of Lolo, Bubble Bobble, and Lemmings have short and simple generated passwords which are nothing more than a shortcut to a level and don't save the player's score, lives, or power-ups. However, because they're still generated, they are still a jumble of characters instead of words. Since they aren't storing very much information, and strong encryption is too CPU intensive to run on the 8-bit platforms, it's often pretty easy to see patterns form. For example, the first five passwords of Adventures of Lolo are: BBBV, BCBT, BDBR, BGBQ, and BHBP. There is an obvious pattern to these passwords, and a determined player could probably guess the password for the next level.
Although most passwords are composed of letters, numbers, and maybe a few punctuation marks, a few of the more creative designers opted for graphic symbols. These may look like they're unique, but the difference is only cosmetic. The graphics, just like letters, map to numbers internally, and they work in the same manner as those described above. For example, in the Castlevania III: Dracula's Curse example below, there are 4 possible values per square, and 16 total squares, so the password in the picture could be represented as: 3102-0303-1000-0020. By using an alphabet of 16 characters (hexadecimal), we could condense it in half to: D2-33-40-08.
The Mega Man games use colored balls.
Castlevania III: Dracula's Curse uses symbols from the game.
How passwords work
Premade passwords are pretty straight forward. The designer chooses a set of passwords when they're making the game, and, if the player enters one of the valid passwords, they are sent to the location associated with that password. Generated passwords, however, are more complicated.
At their most basic level, generated passwords are just a textual representation of the value in some of a game's variables. For example, the passwords for Mike Tyson's Punch-Out!! store the values in four variables: the number of wins (0-99), KOs (0-99), losses (0-2), and the circuit you're on (0-2 referring to minor, major, or world). If the password wasn't encrypted, it might look something like this: 12-09-1-2, which would relate to 12 wins, 9 by KO, 1 loss, and in the world circuit. However, if the password were presented in such a clear manner, a player would be very tempted to tamper with it and give themselves 99 wins by KO and no losses, it is for this reason why passwords are encrypted and incorporate error detection which is described below.
Hacking passwords
Because a password describes a game state, if a player were to alter their password, they would also alter the game state. In order to prevent players from doing this, game programmers encrypt passwords. However, because the processing power of old platforms was so weak, the encryption process was quite primitive, so it could more accurately be described as "obfuscation" by today's standards. Regardless of the terminology, before a password is generated, the value of the game's variables which are to be stored in it are modified with the end result being a series of values which look nothing like the originals.
An example of very basic encryption can be seen with the following steps: first, reorder the digits to split apart numbers so they don't look like they're associated with each other. So, for a password with six digits are currently ordered as AB-CD-E-F, but we can reorder them to FC-BE-A-D. This means, the original password, 12-09-1-2, would be rewritten as 20-21-1-9. Next, we remove the dashes and stick in a fake dash to throw-off the player even further: 202-119. To really mess with the number, we use modular addition to increase each digit by 7 and throw away the ten's column carry over which turns 202-119 into 979-886. We now have a series of numbers which don't obviously relate to the numbers we started with, but, because all the modification we did to encrypt it is perfectly reversible, we can just perform the same steps in the opposite order to decrypt it. Decryption uses modular subtraction to decrease each number by 7, then we arrange the digits back to their original order, and we're back to the original values which the game can load.
However, simply encrypting the password isn't enough to prevent tampering. If a player alters a digit, they may not know which value they're altering, but they will certainly alter something. For example, let's say the player has sloppy handwriting and they wrote down the last 8 in such a way that it looks more like a 6. When they come back to playing, they enter the password as 979-866. The game will decrypt the password, first using modular subtraction, to get 202-199, then reorder the digits to 92-09-1-2, and the player would immediately notice that their 12 wins became 92 wins! After learning that this is possible, a simple mistake can quickly turn into a totally broken password system with just a little trial and error. To prevent this from happening, either purposely or accidentally, programmers incorporate error detection.
A common form of error detection is to incorporate a checksum into the password. A simple example of a checksum is to sum every digit in the code using modular addition and then append the result to the end of the password. So, we take our encrypted password, 979-886, and add each digit together: 9 + 7 + 9 + 8 + 8 + 6 = 47. We keep only the right-most column, which is 7, and we append this check digit to our password to get 979-886-7.
Now, if the player made the same mistake as before, so 979-886-7 is entered as 979-866-7. The first thing the game does before it even attempts to decrypt the password is to perform error detection. It sums up everything except the check digit using modular addition: 9 + 7 + 9 + 8 + 6 + 6 = 45, and keeps only the right-most column, 5. The game then compares the result to the check digit on the end of the password and discovers that 5 does not equal 7, and tells the player the password is invalid. This form of error detection isn't prefect and can still be fooled if someone understands the process.
Game programmers typically used encryption and error detection that was a bit more sophisticated than what I've demonstrated here, but not by much. The combination of encryption and error detection was usually enough to prevent the average child from figuring out how to hack a game's passwords, but, many of the children who played these games grew up to become computer scientists and used their education to hack their old games.
Initially, many of these passwords were hacked through painstaking trial and error, but, as video game emulators matured, and it became possible to debug a game's machine code while it was generating a password, it became much easier to reverse engineer the password generation process, and, now, many old games have their passwords completely cracked. Many of these are now online and playing with them will help illustrate the password generation process. One fantastic graphic password generator is truepeacein.space which generates passwords for Metroid.
See Also
Links
- nerdlypleasures.blogspot.com/2015/06/types-of-nes-passwords.html - Types of passwords on the NES.
