toinet
Inscrit le: 15 Juin 2007
Messages: 326
Localisation: Paris, France
|
 Post� le: Jeu 09 Ao� 2007, 23:08 Sujet du message: Indoor Sports (Mindscape, 1987) |
 |
|
Superstar Indoor Sports offers four high-quality, challenging games that will keep you entertained long after other games have been retired from competition.
That's true it is a nice game so is its protection 
PROTECTION TYPE
On a ProDOS diskette, the protection lies in a change of values used to 'denibbilize' data read from the diskette.
A standard read routine cannot read the entire data correctly...
BOOT TRACE
Please note I have a IIgs, then my changes in the $C6xx data occurs at $96FB not at $96F8 as it would have been with another computer.
- 9600<C600.C6FFM
- 96FB: AD E8 C0 4C 59 FF
- 9600G
Bing! A nearly standard ProDOS boot0 loader. At $0876 there is a call to $932 which is not normal. Keep that in mind!
- 96FB: A9 98 8D FE 08 A9 01 4C 01 08
- 9800: A9 C2 8D E8 24 4C 00 20
- 9600G
ProDOS is now loaded and has displayed the "CANNOT FIND A X.SYSTEM FILE". That is what we have changed in our $9800 code: we have replaced SYSTEM with BYSTEM so that ProDOS is not able to launch the program, we just have to press CTRL-RESET to go into the monitor...
ProDOS is now loaded into memory starting at $2000. After hours of search, it appears that the disk read routines are normal but that the data of the tables used to "denibbilize" disk data have been changed...
Please note that the addresses given are not the final ones as ProDOS relocates itself into the $D000..$FFFF space. The addresses are the one after our "break" step:
- $5496: FC but should be 00
- $54FF: 00 but should be FC
- $5503: FF but should be 96
- $55FF: 96 but should be FF
The data above are linked to the tables used by ProDOS to convert nibbles from the disk to data put in memory. What shall we do then?
DISK COPY
As ProDOS is active, why not use the READ_BLOCK MLI function? That is what I have decided to do: read a block, copy to my IIgs memory, loop until the end of both sides of the disk.
As the program is really easy to write, I will not go into the details but it is freely available upon request.
We now have both sides of the game into our IIgs memory. You reboot to a normal/standard ProDOS 8 version. I have written the same program as above using the WRITE_BLOCK MLI function.
Our disk is now copyable but not bootable...
REMOVE THE PROTECTION
Remember our call to $932? The one just below...
| Code: | LDA #$00
STA $3D5
LDA #$3F
STA $36C |
...it changes the index values used to convert nibbles to bytes! We need to skip it:
- Launch your favorite disk editor
- Read track 0, sector 0
- At offset $76, set $2C (BIT opcode) where it was $20 (JSR opcode)
- Save the sector
Boot the disk... INSERT SYSTEM DISK - ERR F... Aargh! That is but normal as index and values of the tables used to convert data from the disk are also in the ProDOS file (see the DISK COPY part), we must make a decision:
- go and lose time on changing bytes in the ProDOS file or
- replace the ProDOS file?
I have replaced the ProDOS V1.4 file with ProDOS V1.8 from the New Print Shop by Broderbund
Boot the disk... Bingo! Your backup copy is now ready,
Toinet |
|
FAQ 
Rechercher 
Liste des Membres 
Groupes d'utilisateurs
S'enregistrer
Profil 
Se connecter pour v�rifier ses messages priv�s 
Connexion 
