home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Glitch Apple Disk Collection
/
2014.glitch.apple.collection.zip
/
indexed
/
CRACK84.DSK
/
NW.SECTMODS CONT..txt
< prev
next >
Wrap
Text File
|
2014-09-09
|
4KB
|
53 lines
MSG LEFT BY: RESET VECTOR
NOW, ANOTHER EXAMPLE OF A NORMALLY FORMATTED DISK THAT WON'T BOOT WHEN
IT IS COPIED IS LEARNING WITH LEEPER FROM ONLINE. IF YOU COPY IT AND THEN
BOOT THE COPY, YOU WILL SEE THAT IT CHECKS TRACK 0 AND THEN DIES WHEN IT
DOESN'T FIND WHAT IT IS LOOKING FOR. A SEARCH OF BD 8C C0 IS FRUITLESS
(NOWHERE ON THE DISK), SO WE HAVE TO TRY ANOTHER METHOD. BOOT THE COPY,
AND JUST AS THE DRIVE HEADS TOWARD TRACK 0 TO CHECK THE PROTECTION, HIT YOUR
NMI SWITCH, THE WRITE DOWN THE PROGRAM COUNTER AND THE ADDRESSES ON THE
STACK. IF YOU DO THIS SEVERAL TIMES, YOU WILL FIND A BUNCH OF ADDRESSES IN
THE $1200 RANGE. NOW, PROTECTION ROUTINES LIKE THIS ARE GENERALLY SUBROUTINES
(ACCESSED VIA A JSR), SO IF WE LOOK FOR JSR'S ("20") IN THE $1200 RANGE,
MAYBE WE CAN DO SOMETHING ABOUT IT. HERE IS WHERE CIA IS ESSENTIAL, BECAUSE
WE CAN DO A SEARCH FOR 20==12. YOU WILL FIND THIS CODE IN JUST 3 LOCATIONS
ON THE DISK, AND IF YOU JUST TRY REPLACING THEM ONE BY ONE WITH EA EA EA
(NOP'S), YOU WILL FIND THAT REPLACING ONE OF THEM LEADS TO A WORKING DISK.
THERE IS ONE FINAL VARIATION ON THIS THEME. SOMETIMES YOU CANNOT FIND
A BD 8C C0, AND SOMETIMES YOU CANNOT FIND A JSR IN THE MEMORY RANGE YOU ARE
LOOKING FOR. TYPICAL OF THIS IS STELLAR DEFENSE (PLEASE ALL NOTE MY
CORRECTED SECTMOD WHEN I HAVE A CHANCE TO POST IT - MY ORIGINALLY POSTED
ONE DOES NOT WORK QUITE RIGHT). THIS DISK CAN BE COPIED WITH COPYA BUT WILL
DIE WHEN IT CHECKS TRACK 0. YOU CANNOT FIND EITHER A BD 8C C0 (AT LEAST NOT
ONE THAT CHANGING WILL HELP!) OR A JSR INTO THE RANGE OF THE CHECKING CODE.
WELL, LET'S JUST FIND THE CODE ITSELF! HIT YOUR NMI SWITCH WHEN THE DRIVE
GOES TO TRACK 0 TO CHECK (THIS MAY TAKE A FEW ATTEMPTS TO GET AN ADDRESS
OTHER THAN IN DOS). EVENTUALLY YOU WILL FIND AN ADDRESS IN THE PC OR ON
THE STACK OF $3E58. IF WE THEN USE THE MONITOR (THE REPLAY ][ MONITOR IS
REALLY HELPFUL HERE) TO LIST THIS ADDRESS, WE WILL FIND A SEQUENCE OF BYTES;
WRITE DOWN 7 OR 8 BYTES, AND THEN SEARCH THE DISK FOR THIS STRING. YOU WILL
FIND THIS STRING ON TRACK 5 SECTOR 6, AND YOU WILL SEE SOME CODE WITH CMP'S
AND BRANCHES THAT ENDS IN AN RTS. THE FIRST THING TO TRY IS TO MOVE THE RTS
TO THE BEGINNING OF THIS CODE; AND LOW AND BEHOLD THE DISK BOOTS UP AND RUNS.
THE ONLY PROBLEM IS THAT WHEN YOU PLAY THE GAME ALL THE ENEMY SHIPS ARE
INVISIBLE! WELL, IF YOU LOOK AGAIN AT THIS CODE, YOU WILL SEE THAT A LOT OF
THE BRANCHES ARE TO A JMP INSTRUCTION RIGHT AFTER THE RTS. SO TRY AND MOVE
THE JMP INSTRUCTION TO THE START - WELL, IT ACTS JUST AS IF YOU HAD MOVED THE
RTS TO THE START! SO WHAT YOU HAVE TO DO IS PEEK AT THE CODE THAT IS BEING
JMPED TO, BY BOOTING THE DISK, HITTING THE NMI SWITCH AND THEN LISTING THE
CODE AT THE ADDRESS WHICH IS JMPED TO ($3A68). WRITE DOWN THE STRING AND
SEARCH THE DISK - IT WILL BE FOUND ON TRACK 5 SECTOR A. DISASSEMBLY REVEALS
ANOTHER LITTLE CHECKING ROUTINE WITH AN RTS AT THE END. MOVE THIS RST TO
THE BEGINNING AND VOILA! CRACKED STELLAR DEFENSE!
WELL, NOW THAT ALL THE ADVANCED CRACKERS ARE BORED AND THE NEOPHYTES HAVE
INDIGESTION, I WILL BRING THIS TO A CLOSE. I ONLY MEANT TO GET ACROSS SOME
GENERAL PRINCIPALS; YOU MAY NOT KNOW ANY MACHINE LANGUAGE, BUT WITH A LITTLE
HELP YOU CAN FIND THE AREA OF CODE THAT IS DOING THE CHECKING AND THEN JUST
PLAY AROUND WITH IT UNTIL SOMETHING (GOOD, I HOPE) HAPPENS. IT WON'T MAKE
YOU A KRACOWICZ OR APPLE BANDIT OR KRAC-MAN OR FREEZE OR DISK JOCKEY OR
RED REBEL, BUT IT MIGHT MAKE YOU A BETTER CRACKER.
COURTESY OF ->RESET VECTOR!