Skyfox (Electronic Arts, 1984)

[toinet]

0 to mach-4 in 4 seconds. The skyfox: a machine you've got to fly to believe. Incredible speed and responsiveness. Powerful, deadly weapons. State-of-the-art radar warning and guidance systems.

An incredible game by Ray Tobey. The game is damn fast, it is a fantastic software!


PROTECTION TYPE
On a standard diskette, track 6 is not copyable. A nibble editor will display lots of $B4 nibbles in it. Another Track Arcing protection (c) EOA


DISK COPY
- Launch Locksmith 6.3 fast disk backup
- Copy the disk


REMOVE THE PROTECTION
Launch your favorite disk editor
Remove the first check routine
- T1/S6/2B: 01 03 79 07 01 0F F5 70 => 01 B8 71 07 01 0F 30 70
Remove the second check routine
- T2/S0/AA: A0 => 60


Your backup copy is now ready,

Toinet

[toinet]

The first protection is our usual call to $A000. Refer to the crack of Seven Cities of Gold to know more about the protection and the m-code routines.

The original m-code code at $A92B is:

[toinet]

The second protection check arises when your Skyfox is on Mother Earth, not in the air!

With that check routine, the memory is cleared with $00 and a jump to $FA62 is performed, just like when you perform a reset. So, let's find where the reset vector redirects to:
- $03F2 : AA BF 1A => $BFAA

Bingo! We have our beloved check that is called twice in the game:
- on track A, sector 5
- on track 13, sector E

Let's change the routine by performing a RTS when it is called:
- T2/0/AA: A0 47 => 60 47

Reboot and... enjoy the game,

toinet