The Glitch Apple Disk Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Glitch Apple Disk Collection / 2014.glitch.apple.collection.zip / indexed / CRACK83.DSK / FILE #8.txt < prev next >

Wrap

Text File | 2014-09-09 | 11KB | 209 lines

*************************************** *** MR. XEROX CRACKING TIPS I *** ** BOOT TRACE CRACKING ** ** CRACKING APPLE GALAXIAN ** *** *** *************************************** NOTE: I CHOSE APPLE GALAXIN HERE BECAUSE IT IS A WIDELY DISTRIBUTED PROGRAM , AND IT ENCOMPASSES THE BASIC IDE AS IN BOOT TRACE CRACKING. FOR ALL THOSE INTRESTED PIRATES OUT THERE, YES THERE IS ANOTHER WAY TO CRAC K PROGRAMS. YOU DON'T NEED ANY RAM-CARDS,PROM BURNERS, OR FOREIGN TO REGULAR DO S PROGRAMS, ANYBODY WHO IS NOT A CLOWN, WITH SOME MACHINE LANGUAGE PROGRAMMING ABILITY CAN TRACE A BOOT. THIS METHOD OF CRACKING, TRACEING THE BOOT, IS IN A TRUE SENSE, CRACKING THE CODE. YOU SEE, FOR ALL DISKS, THEY MUST FIRST BOOT UP T O START RUNNING. AFTER THE FIRST STAGE BOOT (AT LOCATION $C600), THEY JUMP TO SECOND STAGE BOOT PROGRAM (AT $800), AND THEN TO A THIRD, AND SOME EVEN A FORTH, BUT THERE COMES A POINT WHERE THE LOADING OF THE PROGRAM FROM DISK STOPS, AND T HE RUNNING OF THE PROGRAM BEGINS. IF YOU CAN TRACE THIS, AND STOP IT AFTER IT I S FINISHED LOADING, AND SAVE ALL THE MEMORY LOCATIONS THAT CONTAIN THE PROGRAM O NTO A NORMAL 3.3 DISK, YOU HAVE CRACKED THE PROGRAM. THIS METHOD IS MOST USEFUL FOR CRACKING THE "SINGLE-SHOT" BOOTING PROGRAMS SUCH AS APPLE PANIC, RASTER BL ASTER, AND GORGON. THESE DISKS DON'T CONTAIN ANY STANDARD DOS, BUT RATHER THEIR OWN. THIS DOS HAS JUST ONE PURPOSE, AND THAT IS TO LOAD THE PROGRAM INTO THE COM PUTER, FROM THE DISK, AND START ITS EXECUTION. NOW, THIS IS NOT AS SIMPLE AS IT SOUNDS, AS THE SOFTWARE PROTECTORS ARE NOT DUMB, THEY TRY TO MAKE IT TOUGH FOR YOU TO TRACE. HOWEVER, IT IS NOT IMPOSSIBLE, SINCE THE DISK MUST BOOT UP, AND S INCE IT MUST HAVE SOME BOOTING PROCESS, THAT IS TRACEABLE. LET ME TRY AND SHOW YOU AN EXAMPLE OF HOW TO TRACE A BOOT OF A PROGRAM.LET ME SHOW YOU HOW TO TRACE APPLE GALAXIAN. THE FIRST STAGE BOOT STARTS AT $C600. IF YOU TURN YOUR APPLE ON, AND TYPE "CALL-151 (RETURN)" AND "C600G (RETURN)", THE DISK WILL PROCEED TO START AND BOOT THE DISK IN THE DRIVE. THIS IS BECAUSE $ C600 CONTAINING THE PROGRAM FOR THE DISK TO BOOT FIRST. IF, YOU EXAMINE THIS PR OGRAM BY TYPING "CALL-151 (RETURN)", AND "C600LLLLLLL (RETURN)", YOU WILL SOON C OME ACROSS A JMP $801, NEAR THE END, SPECIFICALLY, AT $C6F8. THIS IS THE LINK TO THE NEXT STAGE OF THE BOOT WHAT WE MUST DO IS ALLOW THE FIRST STAGE TO LOAD IN AT $800, BUT INSTEAD OF LETTING IT RUN (CONTINUE TO BOOT, AND GO TO $800), STOP THE COMPUTER, AND EXAMINE WHAT IS AT $800. TO DO THIS LETS MOVE $C600 DOWN TO $ 9600.TYPE "CALL-151 (RETURN)" AND "9600<C600.C700M (RETURN)" THIS MOVES C600 DOW N FOR YOU. THEN TYPE"96F8:4C 59 FF (RETURN)", THIS WILL, INSTEAD OF HAVING THE B OOT GOTO $800, WILL MAKE IT JUMP TO $FF59 (THE RESET LOCATION). THEN TYPE "9600G ". YOUR DISK SHOULD BOOT UP FOR A SECOND OR SO, AND THEN YOU SHOULD HEAR BELL, AND THE MONITOR CURSOR WILL APPEAR AT THE BOTTOM OF THE SCREEN.THE NEXT STEP IS TO EXAMINE THE BOOT AT LOCATION $800. IF YOU LOOK AT THIS BY TYPING "800L (RETUR N)" YOU WILL SEE THE SECOND STAGE BOOT OF APPLE GALAXIAN. BY TYPING "800LLLLLLL (RETURN)", YOU CAN SEE WHAT GOES ON NEXT IN THE BOOT STEP. WHAT HAPPENS NEXT, IS THAT IT TAKES THE MEMORY THAT IS STORED AT $800, AND MOVES IT DOWN TO $200, AND SOME OTHER STUFF, LIKE LOADING THE NEXT STAGE OF THE BOOT, AND THEN, IF YOU LOO K AT LOCATION $841, YOU WILL SEE A JUMP TO $301. THIS IS THE NEXT STAGE IN THE B OOT. SO, WE MUST MOVE WHAT IS IN MEMORY UP, OUT OF $800, BECAUSE THE NEXT TIME W E BOOT THE DISK, THE LOCATIONS AT $800 WILL BE CHANGED, SO TYPE "9800<800.900M ( RETURN)", AND THAT WILL DO THE MOVE. THE NEXT THING TO DO, IS TO CHANGE WHAT IS AT $9800, THE STUFF WE JUST MOVED UP, SO THAT IT WILL RUN AT $9800, INSTEAD OF I TS NORMAL LOCATION OF $800. TO DO THIS, TYPE " 9803:BD 0 98 (RETURN)" AND "9841: 4C 01 93 (RETURN)". THEN TYPE "9301:4C 59 FF", BECAUSE WE CHANGED IT TO RUN AT $ 9800, AND ALSO CHANGED IT TO STOP AFTER DOING THIS INSTEAD OF JUMPING TO THE NEX T BOOT STAGE, AT $300. WE TOLD IT TO JUMP TO $9300, AND AT $9300, WE PUT A JMP $ FF59 (JUMP TO RESET). AND FINALLY, CHANGE THE JMP AT $96F8 FROM $FF59 TO $9801 B Y TYPING "96F8:4C 01 98". NOW AGAIN TYPE $9600G. THIS TIME, WE ARE ONE STAGE FARTHER, IF YOU NOW MOVE THE STUFF AT $300 UP T O $9300, AND CHANGE IT TO WORK AT $9300 BY TYPING "9300<300.400M (RETURN)" AND " 9313:AD CC 93 (RETURN), AND "933C:AD CC 93 (RETURN)", THIS WILL BE COMPLETED. BU T NOW, THERE IS A PROBLEM. THE JUMP OUT IS AT $9343, AND IT JUMPS NOT TO THE NEX T STAGE IMMEDIATELY, BUT TO A CERTAIN AMOUNT OF SUBROUTINES, AND AFTER THEM , TH ROUGH THE SAME JUMP, JUMPS TO THE NEXT STAGE. HOW DO WE GET AROUND THAT YOU ASK ? THE ANSWER IS TO WRITE A PROGRAM THAT CHECKS TO SEE WHERE IT IT JUMPING TO, AN D IF IT IS NOT JUMPING TO WHERE IT NORMALLY JUMPS TO, THEN STOP, BECAUSE WE KNOW THAT THE NEXT JUMP IS NOT TO A SUBROUTINE, BUT TO THE NEXT STAGE OF THE BOOT. T HIS MAY SOUND COMPLICATED, BUT JUST TYPE THIS ROUTINE IN AT $9400, "9400:A5 3E C 9 5D D0 03 6C 3E 00 4C 59 FF", AND "9343:4C 00 94 (RETURN)". THAT WILL TAKE CARE OF THIS STAGE. NOW CHECK TO SEE THAT YOU HAVE TYPED IN EVERYTHING CORRECTLY, AN D THEN TYPE "9600G", TO RESTART THE BOOT. NOW, THE DISK SPINS FOR A LITTLE WHILE LONGER, AND THEN IT STOPS, WE HAVE C OME TO THE LAST STEP OF THIS BOOT PROCESS. THIS STEP LOADS THE PROGRAM IN FROM D ISK, AND THEN JUMPS TO THE BEGINNING OF IT .BY TYPING "93CC (RETURN)", THE COMPU TER WILL DISPLAY THE PAGE-1 OF THE NEXT STAGE BOOT. IT WILL DISPLAY "B6", AND YO U ADD ONE TO IT, AND GET $B7, SO TYPE "B700L". AND PRESTO, WE HAVE THE NEXT STAG E OF THIS BOOT. THIS BOOT FROM HERE DOES THE PROGRAM LOADING, ALONG WITH TURNING ON THE GRAPHICS, AND JUMPS TO THE BEGINNING OF IT. IF YOU CAN SEE IT, THE BEGIN NING OF IT IS AT $600, AND THERE IS A JUMP TO $600 AT LOCATION $B759. SO, ALL WE HAVE TO DO IS TO HAVE IT DO ALL THE LOADING, AND INSTEAD OF HAVING IT JUMP TO $ 600, STOP IT THERE. BUT THERE IS A PROBLEM CONNECTED WITH THIS (ARN'T THERE ALWA YS !). THE PROBLEM IS THAT IF WE STOP IT HERE, LOCATION $600 IS IN TEXT VIDEO ME MORY, SO WE MUST NOT HAVE IT JUMP TO $FF59 (STOP), BUT JUMP TO A ROUTINE THAT RE LOCATES EVERYTHING FROM $0000-$0800, AND THEN STOP. I WILL PROVIDE YOU WITH THIS . JUST TYPE "B500:A2 00 B5 00 9D 00 20 BD 00 01 9D 00 21 BD 00 02 9D 00 22 BD 00 03 9D 00 23 BD 00 04 9D 00 24 BD 00 05 9D 00 25 BD 00 06 9D 00 26 BD 00 07 9D 0 0 27 E8 D0 CE 4C 59 FF (RETURN)" THIS WILL TAKE CARE OF MOVEING EVERYTHING FROM $0-$800 TO $2000-$2800. BUT NOW CHANGE $B759 TO JUMP TO THIS SMALL PROGRAM BY TY PING "B759:4C 00 B5" BUT WE ALSO HAVE TO CHANGE SOME OTHER LOCATIONS. LOCATION $ 93CC MUST BE CHANGED TO $D6, SO TYPE "93CC:D6 (RETURN), AND INSTEAD OF JUMPING T O $FF59 AT $8409, AND STOPPING AT THAT STAGE OF THE BOOT, JUMP TO THE BEGINNING OF THIS BOOT AT $B700, BY TYPING "9409:4C 00 B7 (RETURN)". THAT TAKES CARE OF MO ST ALL PREPERATIONS FOR THE FINAL CRACK. NOW CHECK TO SEE THAT YOU HAVE TYPED IN EVERYTHING CORRECTLY, AND IF YOU ARE READY, TYPE "9600G" IF EVERYTHING WORKED CORRECTLY, IT SHOULD BOOT UP FOR ABOUT 10 SECONDS, AND YOU SHOULD SEE THE HI-RES PICTURE LOADING IN, AND THEN YOUR SPEAKER SHOULD BEEP , AND YOU SHOULD SEE, ON THE SCREEN A BUNCH OF LETTERS. IF THIS DIDN'T HAPPEN, C HECK ALL THESE STEPS, AND REPEAT THE PROCESS. IF IT HAS, THEN YOU ARE JUST ABOUT FINISHED. IF YOU WANT TO CHECK TO SEE IF IT HAS WORKED, ASSEMBLE THIS PROGRAM, AND TYPE IT IN AT $B560, IF NOT, GO ON TO THE NEXT STEP. OBJ $B560 BEGIN LDX #$00 AGAIN LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA $2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X INX BNE AGAIN ;LOOP JMP $0600 ;BEGINNING OF PGM NOW BOOT UP A NORMAL DOS DISK, AND SAVE EVERYTHING FROM $2000-$2800, WHICH REPRESENT LOCATIONS $0-$8 MOVED UP BY $2000.YOU SHOULD THEN REPEAT THE WHOLE BOOT TRACE, AND PROCEED TO THE NEXT STEP.EXAMINE THE MEMORY OF YOU APPLE, YOU WILL SHOULD SA VE ALL THE INFORMATION FROM $800-$A000 ON A NORMAL DOS DISK, THEN LINK THE FILES THAT YOU HAVE SAVED ON THE DOS DISK TOGATHER, AND MAKE THE FILE A B-RUNABLE FIL E, THAT LOADS EVERYTHING IN, AND MOVES THE $00-$800 IMAGE BACK DOWN IN MEMORY, AND THEN JUMPS TO LOCATION $600, THE BEGINNING OF THE PROGRAM. IF YOU HAVE ANY QUESTIONS ON THIS, YOU MAY MAIL THEM TO ME. ALSO, I HAVE RE CENTLY CRACKED MANY GOOD PROGRAMS SUCH AS STAR BLAZER, TWERPS, SNAKE BYTE, GUARD IAN, FOOSBALL, DUNG BEETLES, AND LOCKSMITH 4.1. IF YOU ARE IN NEED OF ANY OF THE SE, LEAVE ME MAIL ON THIS BOARD. LOOK FOR SOME NEW ARTICALS SOON, ON HOW TO CRAC K OTHER PROGRAMS, AND UNTIL THEN KEEP ON CRACKING ! IF ANY ONE OF YOU ARE UNFAMILIAR WITH HOW TO SAVE EVERYTHING, AND YOU NEED SOME HELP, HERE IS HOW TO DO IT: FOLLOW THE DIRECTIONS FOR TRACEING THE BOOT, AND TYPE "2800<9600.A000M (RETURN )" AND "3200<800.900M (RETURN)" ALSO, WE NEED A PROGRAM TO MOVE EVERYTHING THAT WE JUST RELOCATED BACK INTO THEIR ORIGINAL LOCATIONS. SO WE NEED A PROGRAM LIKE THIS: ORG $3400 LDX #$00 LOOP1 LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA $2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X NOP LDA $3200,X STA $800,X LDA $3300,X STA $900,X NOP LDA $2800,X STA $9600,X LDA $2900,X STA $9700,X LDA $2A00,X STA $9800,X LDA $2B00,X STA $9900,X LDA $2C00,X STA $9A00,X LDA $2D00,X STA $9B00,X LDA $2E00,X STA $9C00,X LDA $2F00,X STA $9D00,X LDA $3000,X STA $9E00,X LDA $3100,X STA $9F00,X NOP INX BNE LOOP1 LDA $C057 LDA $C054 LDA $C052 LDA $C050 ;GRAPHICS JMP $600 ;BGN OF PGM. THIS TIME, I WILL ASSEMBLE IT FOR YOU, ALL YOU HAVE TO DO IS TYPE "3400:A2 0 BD 00 20 95 00 BD 00 21 9D 00 01 BD 00 22 9D 00 02 BD 00 23 9D 0 03 BD 00 24 9D 0 4 BD 0 25 9D 0 5 BD 0 26 9D 0 6 BD 0 27 9D 0 7 EA (RETURN)" AND "3432:BD 0 32 9D 0 8 BD 0 33 9D 0 9 EA (RETURN)" AND "343F:BD 0 28 9D 0 96 BD 0 29 9D 0 97 BD 0 2 A 9D 0 98 BD 0 2B 9D 0 99 BD 00 2C 9D 0 9A BD 0 2D 9D 0 9B BD 0 2E 9D 0 9C BD 0 2F 9D 0 9D BD 0 30 9D 0 9E BD 0 31 9D 0 9F (RETURN)" AND "347B:E8 D0 84 EA AD 57 C0 AD 54 C0 AD 52 C0 AD 50 C0 EA 4C 00 06 (RETURN)". THIS WILL TAKE CARE OF THE SMALL PROGRAM THAT WE NEED TO MOVE EVERTHING BACK. BUT WE ALSO NEED TO PUT A JM P $3400 IN THE BEGINNING, BECAUSE WHEN IT BRUNS, IT MUST JUMP TO THIS SMALL PROG RAM FIRST. NOW YOU CAN BOOT UP YOU 3.3 DISK, AND TYPE "CALL-151 (RETURN)", "9FD: 4C 00 34 (RETURN)","A964:FF (RETURN)", AND "BSAVE GALAXIAN,A$9FD,L$8C03 (RETURN) ", AND NOW YOU ARE FINISHED.