toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Jeu 05 Juil 2007, 8:26 Sujet du message: Summer Games (Epyx, 1984) |
|
|
That game from Epyx has started a long series of simulation games for the Apple II line. I have played so many hours trying to beat my scores and defeat my opponents.
Protection scheme
- disk protection: D5 AA 96, FF FF EB, D5 AA AD, FF FF EB
- desynchro
Diskette type
- a DOS 3.3 format with a standard RWTS on track 0
Cracking method
Step 1- launch Advanced Demuffin
- replace FF with DE at $B935 and $B991
- replace FF with AA at $B93F and $B99B
- copy both sides of your diskette
Step 2- launch your favorite sector editor
Track 0/Sector 2/Offset 9E : DE (to allow score recording)
0/2/A3 : AA
0/3/35 : DE
0/3/3F : AA
0/3/91 : DE
0/3/9B : AA
0/6/AE : DE (to allow score recording)
0/6/B3 : AA
Step 3- Remove the desynchro checking routine
22/0/4D : 2C (was 20 aka JSR)
Comments
If you do not change the value on track 22, the game will boot, display the Epyx picture then reboot...
If you listen carefully to the disk drive, the arm is moved at the end of the diskette (on track $22), then the desynchro check routine is called:
On track 22, sectors 0..2 are loaded at $D000..$D2FF.
Code at $D000 moves $D200.D2FF to $B700.B7FF then goes back to $B700
The protection routine is at $D100 and is called by a JSR at address $D04D (JSR $D100)
Just replace the JSR opcode with a BIT one (20 to 2C)
Reboot the diskette... your backup copy is ready
Toinet |
|