The Glitch Apple Disk Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Glitch Apple Disk Collection / 2014.glitch.apple.collection.zip / indexed / CRACK83.DSK / FILE #9.txt < prev next >

Wrap

Text File | 2014-09-09 | 4KB | 68 lines

*************************************** *** MR. XEROX'S CRACKING TIPS II *** ** CRACKING SPACE RAIDERS ** ** BOOT-TRACE CRACKING ** *** *** *************************************** SPACE RAIDERS, BY PAUL LUTUS OF USA,IS A PRETTY CRUMMY GAME IN MY OPINION, BUT IT IS VERY EASY TO CRACK. ITS BOOT CONTAINS ONLY ONE STAGE, AND THE PROTEC TION AGAINST CRACKING IT IS MINIMAL. IT SHOULD GIVE YOU ANOTHER BASIC EXAMPLE OF HOW TO "BOOT TRACE" CRACK PROGRAMS. IF YOU REMEMBER FROM THE LAST CRACKING TIPS ARTICLE, THE FIRST STAGE BOOT S AT $C600. AT $C6F8, THE BOOT PROCEEDS TO $801, THE NEXT STAGE OF THE BOOT. SO , WHAT WE MUST DO IS HAVE IT LOAD THE SECOND STAGE BOOT IN, STOP, AND THEN EXAM INE IT FOR THE JUMP TO THE NEXT STAGE, OR THE START OF THE PROGRAM. LETS START BY MOVING THE BOOT FROM $C600 DOWN IN MEMORY TO $9600. TO DO THIS TYPE "9600<C 600.C700M (RETURN)", THIS WILL DO THE MOVE, AND NOW WE MUST HAVE IT STOP THERE INSTEAD OF GOING ONTO $801, SO TYPE "96F8:4C 59 FF (RETURN)". NOW WE ARE READY TO TO INITIATE THE FIRST STAGE OF THE BOOT, AND WE DO SO BY TYPING "9600G (RETU RN)". THE DRIVE WOULD GO FOR A SPLIT SECOND, AND THEN THE MONITOR CURSOR SHOULD APPEAR IN THE LOWER LEFT CORNER OF THE SCREEN, IF THIS HAS NOT HAPPENED, REPEA T THESE STEPS. NOW WE CAN EXAMINE THE NEXT STAGE OF THE BOOT. TYPE "801LLL" TO SEE THE NEXT STAGE OF THE BOOT. IF YOU EXAMINE IT, AND TR ACE IT IN YOU BRAIN (REMEMBER YOU HAVE ONE, NOT LIKE SOME BOZO S), SOON YOU WIL L SEE A JMP $4000, AND THAT IS THE THE END OF THIS BOOT. AFTER IT LOADS EVERYTH ING IN, IT THEN JUMPS TO THE STUFF IT HAS JUST LOADED IN, WHICH IS AT $4000. $4 000 JUST HAPPENS TO BE THE BEGINNING OF THE PROGRAM. SO NOW THAT WE HAVE THIS S TAGE IN, WE MUST MOVE IT UP IN MEMORY, AND CHANGE ITS JMP FROM $4000 TO $FF59, TO STOP IT THERE, AND ALLOW US TO SAVE EVERYTHING ONTO A NORMAL 3.3 DISK. YOU C AN DO THAT BY TYPING "9800<800.900M (RETURN)", AND "9885:4C 59 FF (RETURN)" AND "96F8:4C 01 98 (RETURN)" THEN, REBOOT THE DISK BY TYPING "9600G" NOW, WHEN THE MONITOR CURSOR APPEARS AT THE BOTTOM OF THE SCREEN AGAIN, WE KNOW THAT THE BOOT IS FINISHED. YOU CAN CHECK TO SEE IF THE PROGRAM RUNS BY NO W TYPING "4000G". BUT WAIT, WHAT HAPPENED ?. THE SCREEN FILLED UP WITH A BUNCH OF INVERSE '@'S. THIS IS THEIR PROTECTION FROM LETTING YOU STOP IT, AND THEN TY PING $4000G. YOU SEE, WHEN AT LOCATION $9885, WHERE WE HAD THE JUMP TO $FF59, T HE RESET LOCATION, THE BOOT PROCEEDED TO JUMP TO THAT LOCATION IN ROM. BUT AT THAT PROGRAM IN ROM, THE VALUE OF CERTAIN ZERO PAGE LOCATIONS WERE CHANGED. ONE OF THE LOCATIONS THAT IT CHANGED WAS LOCATION $21. IF YOU LOOK AT TO SECOND ST AGE BOOT AGAIN, AND LOOK AT THE TWO COMMANDS JUST BEFORE THE JUMP TO $FF59, YOU WILL SEE SOMETHING LIKE: LDA #$26 STA $21 JMP $FF59 CAN YOU SEE THAT IF YOU REPEAT THE WHOL E BOOT THAT I JUST EXPLAINED, AND INSTEAD OF TESTING IT IMMEDIATELY BY TYPING " 4000G (RETURN)", TYPE "21:26 (RETURN)", AND THEN "4000G", IT WILL RUN. IF YOU H AVE NOT TESTED IT, THEN YOU HAVE MY GUARANTEE THAT IT WILL. YOU SEE, SOME WHERE IN THE PROGRAM THAT STARTS AT $4000, IT CHECKS TO SEE IF THERE IS A #$26 IN LO CATION $21, IF THERE IS NOT, THEN IT WILL CRAP OUT, IF THERE IS THEN IT WILL R UN. NOW WE ARE JUST ABOUT FINISHED, WE JUST NEED A SMALL PROGRAM THAT WILL GO BEFORE THE PROGRAM AT $4000, THAT WILL PUT AT #$26 INTO LOCATION $21. SO TYPE " 3FF0:A9 26 85 21 4C 00 40 (RETURN)". THIS SMALL PROGRAM LOOKS LIKE: LDA #$26 STA $21 JMP $4000 THEN BOOT UP A NORMAL DISK, AND DO A BS AVE LIKE THIS - "BSAVE SPACE RAIDERS,A$3FF0,L$4100", AND YOU WILL BE FINISHED.