CRACKING ELECTRONIC ARTS' CUT & PASTE ===================================== THE CURRENT ELECTRONIC ARTS GAMES ALL USE SIMILAR PROTECTION SCHEMES; IN FACT THE PROTECTION SCHEMES USED IN CUT & PASTE, ONE ON ONE, LAST GLADIATOR, AND PROBABLY HARD HAT MACK ARE ALMOST EXACTLY THE SAME... TRACK $21 IS UNUSED ON EA'S PROTECTION, AND TRACK $22 IS RESERVED FOR A NIBBLE COUNT. OTHER THAN THE NIBBLE COUNT, EA USES THEIR OWN SOUPED-UP RWTS, WHICH LOADS VERY FAST, BUT CAN BE MODIFIED VERY EASILY TO READ NORMAL DOS 3.3 FORMAT. THE PROCEDURE FOR CUT & PASTE FOLLOWS: COPY TRACKS 0 THRU 2 WITH ANY NORMAL DOS COPY PROGRAM. THESE TRACKS ARE UNPROTECTED... THEN CONVERT TRACKS $03 THRU $20 BY READING FROM THE ORIGINAL WITH THE DATA MARKER SET TO "D5 BB CF" INSTEAD OF THE NORMAL "D5 AA AD", AND WRITING TO YOUR COPY WITH NORMAL RWTS. THIS CAN BE ACCOMPLISHED BEAUTIFULLY WITH ADVANCED DEMUFFIN: ]BLOAD ADVANCED DEMUFFIN ]CALL-151 *B858:BB *B8F1:BB *B85D:CF *B8FC:CF *801G (CHANGE DEFAULTS TO COPY TRKS $03-$20, AND COPY IT..) THEN MODIFY THE EA'S RWTS TO READ IN NORMAL DOS (WITH D5 AA AD INSTEAD OF D5 BB CF) BY EDITING: TRACK $02, SECTOR $03 --> BYTE $47 WAS $BB CHANGE TO $AA BYTE $51 WAS $AD CHANGE TO $CF THEN YOU MUST FIND AND DISABLE THE NIBBLE COUNTS. THE ONLY WAY TO DO THIS IS TO SEARCH THE DISK FOR CODE THAT ACCESSES THE DRIVE ("89 C0" ARE GOOD BYTES TO SEARCH FOR; THEY ARE USED WHENEVER THE DRIVE IS TURNED ON). THE FOLLOWING IS WHAT HAS TO BE EDITED: TRACK SECTOR BYTE FROM TO: ----- ------ ---- ---- --- $01 $0C $05 $A0 $18 $01 $0C $06 $20 $60 $01 $0C $68 $20 $18 $01 $0C $69 $A2 $60 $01 $0F $68 $20 $18 $01 $0F $69 $A2 $60 $01 $0F $6A $A1 $EB THE LAST BYTE, "EB" IS NOT EXECUTED, BUT IS NEEDED FOR A VALID CHECKSUM TO BE COMPUTED BY THE ROUTINE. LEAVING OUT THIS BYTE WILL CAUSE THE PROGRAM TO BOMB OUT AFTER IT DOES A CHECKSUM ON ITSELF (THE PROTECTIONISTS HAVE ANTICIPATED THE TAMPERING WITH THEIR CODE...) (C): THE BURGLAR AND APPLE BANDIT/MPG