toinet
Inscrit le: 15 Juin 2007
Messages: 326
Localisation: Paris, France
|
 Post� le: Mer 15 Ao� 2007, 17:59 Sujet du message: Karate Champ (DataEast, 1985) |
 |
|
A karate simulation. Written for the Apple II by Quicksilver Software in 1985. That game has been rewritten for the IIgs by the French band named F.U.C.K.
PROTECTION TYPE
On a standard 16 disk:
- desynchro routine
BOOT TRACE
- 9600<C600.C6FFM
- 96FB: AD E8 C0 60
- 9600G
At $0800, data from T0/S1 to T0/S5 are loaded from $BB00 to $BFFF. Then code goes to $084B, $BB1A clears memory from $0900 to $BAFF ! Then other data are loaded with the use of the Quicksilver file loader:
- A contains the file name to load
- X the low address in RAM
- Y the high address in RAM
JSR $BB00
The VTOC is located on T11/SF just like the DOS 3.3 one.
Please read the code at $BB00, then discover a call to $BF00 at $BDDE. Then read the code at $BF00: that is desynchro protection scheme searching for the pattern: D5 E7 E7 E7 EE FC EE EE FC E7 EE FC E7. You leave the routine with the carry clear if the original disk is in the drive, with the carry set instead.
| Code: |
JSR $BF00
BCC *+3
JMP $BE93
|
The code at $BE93 clears memory then reboots...
DISK COPY
Launch Advanced Demuffin
Copy all tracks with B942:18
REMOVE THE PROTECTION
- Launch your favorite disk editor
- Search for the pattern 2000BF, find one on T0/S3/BE.
- As T0/S3 is memory address $BD00, read T0/S5 for memory location $BF00
- At offset 0, replace A0 00 with 18 60
- Save the sector
Reboot and enjoy your new backup copy,
Toinet |
|
FAQ 
Rechercher 
Liste des Membres 
Groupes d'utilisateurs
S'enregistrer
Profil 
Se connecter pour v�rifier ses messages priv�s 
Connexion 
