There were 18 stages in Castlevania III, thus there were a minimum of 18 passwords. Each stage could be played on either Normal or Hard, increasing the number of passwords to 36. Each level could be played either as Trevor solo or with one of three allies; there were 4 allied states per level, which were denoted in the passwords; the number of passwords increased from 36 to 144 passwords. Things get only more complicated (and convoluted) from there.
To make it harder for people to just use passwords from friends or strategy guides (such as Nintendo Power), the player's name determined what password was given as well. There are 173,059,286,400 permutations of names in the name entry screen in CVIII. Each character (A-Z, !, ?, _) has a value which is added to each slot, which are themselves valued like so:
7 3 1 6 2 4 5 0
However, only the lowest three bits were accounted for, limiting the value of any name to no more than 7, increasing the number of passwords to 1152.
To add insult to injury and to fuck with young gamers' heads, Konami
randomized the password generation, thus further increasing the number of passwords to a whopping 2304. (18 * 2 * 4 * 8 * 2) Good luck writing them all out!
So how was the password actually generated?
The password generator takes into account the player's name, the stage, Trevor's ally, and the difficulty.
As mentioned earlier, it starts with the player's name. By default, a name of _ _ _ _ _ _ _ _ (all blank) has a value of 28. Each character had a value that was added to the value of each slot. Then the lowest 3 bits were taken from the sum (NAME & 7).
The name, ally and difficulty are arranged in a single byte:
AAAXYBBC | AAA | Name | X | Parity | Y | Random | BB | Ally | C | Difficulty |
|
Bit X was reserved for the parity of the stage, not the stage itself. The reason for this is the stage took up 5 bits, whereas the password was restricted to 8 bits and only 2 were available for use. The benefit of this was it made the password harder to crack. Interestingly, the parity is essentially saved twice, as can be seen by the decryption code.
As for bit Y, that was for the randomizer (0 or 1).
The upper and lower nybbles (every 4 bits) are added together. After that, the password generator did some stuff for reasons I cannot figure out yet, although I have been trying to wrack my brain over it. However, what is important is that at this point the stage was worked into the password formula.
The two generated variables were then analyzed on a bit-by-bit basis, with the bits of the first variable given higher weight (i.e., they were shifted left 1 place). This was the actual heart of the password - each icon was a representation of these values.
The stage was handled inappropriately, although Konami may have decided it would be better to use the decryption hash in reverse for the encryption. Basically they took the stage value, halved it, hashed it twice through a transformation and then compared the result. Since the result was based on just one variable, it was a needless process.
The results from the previous step were used to further hash the password. The outcome determined where each icon would be placed, calculated via a look-up table. What this means for you is that's one more aspect of the program that can be customized.
When the player entered a password, each modified cell in the password screen had a value of 4
n, where n was the index in the cell array. Each icon had a value from 0 (blank) to 3 (heart). The value of the icon was added to the value of the cell. The program basically then just worked backwards, running all the values through the hasher and comparing the results, extracting each of the bits, then assigning them to their appropriate variables. The whole process - even after reworking my own interpretation of the code - was twice as long as the encryption phase. mostly because it handled decryption by comparing every single hashed value.
Also, due to how the stage is encrypted, cells 0, 6 and 13 are the only three cells where the stage is stored.