home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Glitch Apple Disk Collection
/
2014.glitch.apple.collection.zip
/
indexed
/
CRACK84.DSK
/
NW.SECTMOD TUTORIAL.txt
< prev
next >
Wrap
Text File
|
2014-09-09
|
3KB
|
53 lines
MSG LEFT BY: RESET VECTOR
IN THESE DAYS OF POWERFUL CRACKING TOOLS LIKE NMI BOARDS AND ADVANCED
DEMUFFIN, IT IS FAIRLY EASY FOR A NOVICE AT THE TRADE TO CRACK A LARGE NUMBER
OF PROGRAMS. I THINK THAT MOST NOVICES, HOWEVER, THINK THAT THE SECTMOD IS
SOMETHING RESERVED FOR THOSE CRACKING GENIUSES WHO SPEAK MACHINE LANGUAGE AS
WELL AS THEY SPEAK ENGLISH. WELL, TO A CERTAIN EXTENT THIS IS TRUE, BUT
THERE IS NO REASON FOR THE CRACKER WITH LITTLE KNOWLEDGE OF MACHINE OR
ASSEMBLER TO GIVE UP WITHOUT TRYING. THERE ARE CERTAIN TRICKS YOU CAN USE
TO DO SUCCESSFUL SECTMODS EVEN IF YOU KNOW HARDLY ANY MACHINE LANGUAGE AT
ALL! NOW FOR THE ASTOUNDING TRUE CONFESSION - IF YOU HAVE BEEN READING
BOARD #2 YOU WILL HAVE SEEN QUITE A LARGE NUMBER OF SECTMODS POSTED BY ME,
AND YOU PROBABLY THINK I KNOW A LOT ABOUT PROGRAMMING. THE TRUTH IS THAT I
KNOW ALMOST NO MACHINE LANGUAGE AT ALL! DOING A SUCCESSFUL SECTMOD IS ON
A PAR WITH A RELIGIOUS EXPERIENCE (AT LEAST IF YOU HAVEN'T DONE A LOT OF THEM)
SO LET'S GET CRACKING...
THERE ARE A FEW TOOLS YOU WILL NEED IN ORDER TO EMBARK UPON THIS STUDY.
FIRST OF ALL, YOU WILL NEED SOME METHOD OF SEARCHING A DISK FOR A STRING OF
HEX. THE BEST PROGRAM FOR THIS PURPOSE IS THE TRACER FROM THE C.I.A. FILES,
BECAUSE IT ALLOWS YOU TO DO WILDCARD SEARCHES. I ALSO USE DISK EDIT BECAUSE
IT IS VERY FAST. THE SECOND TOOL YOU NEED IS AN NMI BOARD. ANY BOARD THAT
GIVES YOU THE ADDRESS OF THE PROGRAM COUNTER AND THE ADDRESSES ON THE STACK
WILL DO JUST FINE (AND I THINK THEY JUST ABOUT ALL DO THIS). REPLAY ][ IS
BY FAR MY FAVORITE BOARD, BUT WHATEVER YOU HAVE IS OK. FINALLY YOU NEED
A SECTOR EDITOR THAT WILL ALLOW YOU TO DISASSEMBLE A SECTOR; I FIND ZAP FROM
BAG OF TRICKS THE EASIEST TO USE, BUT A LOT OF THEM ARE JUST FINE.
NOW, THE FIRST TYPE OF DISK YOU WILL WANT TO SECTMOD IS THE ONE THAT IS
NORMALLY FORMATTED (CAN BE COPIED WITH COPYA) BUT WILL NOT BOOT WHEN COPIED.
THE EINSTEIN COMPILER (VERSION 5.2) IS A GOOD EXAMPLE OF THIS. THE FIRST
THING TO DO IS TO COPY THE DISK AND THEN SEARCH THE DISK FOR THE HEX STRING
BD 8C C0. THIS IS COMMONLY USED CODE TO SET UP THE DISK DRIVE AND CHECK FOR
A CERTAIN SIGNATURE (USUALLY A SEQUENCE OF BYTES) ON THE DISK. WRITE DOWN
EACH SECTOR WHERE YOU FIND THIS SEQUENCE. NOW EINSTEIN WAS NICE BECAUSE THIS
SEQUENCE IS FOUND ONLY ONCE ON THE WHOLE DISK. IF YOU THEN USE YOUR SECTOR
EDITOR TO DISASSEMBLE THE AREA WHERE YOU FOUND THIS BD 8C C0, YOU WILL FIND
THAT THAT CODE IS FOLLOWED BY A BUNCH OF CMP AND BNE OR BEQ OR BPL (THE LATTER
BEING CODES DIRECTING YOUR APPLE WHERE TO BRANCH IF IT FINDS OR DOESN'T FIND
WHAT IT IS LOOKING FOR IN THE CMP - COMPARE - STATEMENT). YOU WILL FIND
THIS ALL REPEATED SEVERAL TIMES. GENERALLY, AT THE END OF ALL THIS YOU WILL
FIND AN RTS ("60"), AND THE FIRST WAY TO TRY TO CRACK A PROGRAM LIKE THIS IS
TO JUST MOVE THE RTS TO THE VERY START OF THAT CODE AND THEN SEE IF THE
PROGRAM WILL RUN. HOWEVER, WITH EINSTEIN IF YOU LOOK THROUGH ALL THE CODE
IN THAT AREA, YOU WILL SEE THAT AT THE END IS A JMP INSTRUCTION; WHAT HAPPENS
IS THAT IF THE PROGRAM FINDS EVERYTHING IT IS LOOKING FOR, IT FALLS THROUGH
TO THIS JMP INSTRUCTION. NOW, WE KNOW IT IS NOT GOING TO FIND WHAT IT IS
LOOKING FOR, BUT WE WANT IT TO EXECUTE THE JMP TO START THE PROGRAM, SO ALL
YOU DO IS MOVE THAT JMP INSTRUCTION TO THE START OF THAT AREA OF CODE AND
VOILA! - COPYA EINSTEIN COMPILER!
SEE THE NEXT MESSAGE...
