home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Apple II Magazines (DO)
/
Bootlegger Magazine (1983)(Bootleg).zip
/
Bootlegger Magazine (1983)(Bootleg).do
/
CRACKING-PART 2.txt
< prev
next >
Wrap
Text File
|
1996-12-24
|
4KB
|
133 lines
5A93- 10 01 BPL $5A96
5A95- 20 A8 59 JSR $59A8
5A98- 00 BRK
5A99- 27 ???
5A9A- C8 INY
5A9B- D0 FA BNE $5A97
5A9D- 85 10 STA $10
5A9F- F0 01 BEQ $5AA2
5AA1- A9 A9 LDA #$A9
5AA3- 20 59 00 JSR $0059
5AA6- 27 ???
5AA7- C8 INY
5AA8- C8 INY
5AA9- D0 F9 BNE $5AA4
5AAB- 85 11 STA $11
5AAD- 49 B7 EOR #$B7
5AAF- 48 PHA
5AB0- A5 10 LDA $10
5AB2- 49 11 EOR #$11
5AB4- 48 PHA
5AB5- D0 01 BNE $5AB8
5AB7- 4C 60 08 JMP $0860
5ABA- 60 RTS
I STRONGLY URGE YOU TO SIT DOWN AND
FIGURE OUT EXACTLY WHAT THE REAL
PROGRAM IS HERE, AND IF POSSIBLE, WHAT
IT DOES. COVER UP THE EXPLANATION
BELOW, AND GO THROUGH THE CODE BYTE BY
BYTE TO ELIMINATE THE FAKE BYTES. IT'S
NOT JUST CHARACTER-BUILDING--IF YOU GO
THROUGH A FEW OF THESE, YOU'LL LEARN TO
RECOGNIZE THEM WHEN THEY POP UP.
THOSE OF YOU WHO REALLY WENT
THROUGH IT, GIVE YOURSELVES FOUR
KRACKING HONOR POINTS. FOR THE REST OF
YOU, HERE'S A LISTING OF THE FUNCTIONAL
EQUIVALENT (SOME ADDRESSES ARE CHANGED
BECAUSE THE JUNK BYTES HAVE BEEN TAKEN
OUT):
5A91- A9 00 LDA #$00
5A93- A8 TAY
5A94- 59 00 27 EOR $2700,Y
5A97- C8 INY
5A98- D0 FA BNE $5A94
5A9A- 85 10 STA $10
5A9C- A9 20 LDA #$20
5A9E- 59 00 27 EOR $2700,Y
5AA1- C8 INY
5AA2- C8 INY
5AA3- D0 F9 BNE $5A9E
5AA5- 85 11 STA $11
5AA7- 45 B7 EOR $B7
5AA9- 48 PHA
5AAA- A5 10 LDA $10
5AAC- 49 11 EOR #$11
5AAE- 48 PHA
5AAF- 60 RTS
THIS IS ALSO VALUABLE BECAUSE IT
INTRODUCES THE CONCEPT OF "JUMPING
THROUGH THE STACK". THE RTS
INSTRUCTION TRANSFERS THE TWO BYTES
ABOVE THE STACK POINTER IN PAGE ONE TO
THE PROGRAM COUNTER, INCREMENTS THE LOW
BYTE BY ONE, AND JUMPS TO THAT
LOCATION. ORDINARILY, THE BYTES ON THE
STACK WERE PLACED THERE AS A RETURN
ADDRESS BY THE JSR INSTRUCTION. IN
THIS CASE, IN VERY ROUNDABOUT FASHION,
THE ON-LINERS HAVE PUSHED TWO BYTES ON
THE STACK AND EXECUTED AN RTS, WHICH
JUMPS TO THE LOCATION ONE HIGHER THAT
THE VALUES STORED. THE STORY OF THE
SUBROUTINE GOES LIKE THIS: CREATE A
CHECKSUM BY EXCLUSIVE-ORING TOGETHER
ALL THE BYTES FROM 2700 TO 27FF, AND
STORE IT IN $10. THIS ALLOWS A CHECK TO
SEE IF ANY OF THE BYTES IN THE NIBBLE
COUNT ROUTINE WERE ALTERED. DO A
SECOND CHECKSUM ON EVERY OTHER BYTE
FROM 2700 TO 27FF, STARTING WITH A
VALUE OF #$20. STORE THIS IN $11, THEN
EXCLUSIVE-OR IT WITH #$B7 TO PRODUCE
THE LOW BYTE OF THE RETURN ADDRESS:FF.
PUSH THIS ON THE STACK, EXCLUSIVE-OR
THE FIRST CHECKSUM WITH #$11 TO PRODUCE
THE RETURN HIGH BYTE OF $26, THEN DO
THE RTS TO JUMP TO 2700. WHEN YOU LOOK
AT 2700, YOU FIND THIS:
2700- CE 03 27 DEC $2703
2703- EF ???
2704- 03 ???
2705- 27 ???
2706- AD 24 27 LDA $2724
2709- 49 8A EOR #$8A
270B- D0 01 BNE $270E
270D- 20 8D 24 JSR $248D
2710- 27 ???
2711- D0 01 BNE $2714
2713- 4C A0 25 JMP $25A0
2716- 98 TYA
2717- 59 00 27 EOR $2700,Y
271A- 99 00 27 STA $2700,Y
271D- C8 INY
271E- D0 F6 BNE $2716
(YOU SEE, NOW THAT WE'RE FAMILIAR WITH
THIS KIND OF TRICK, THERE'S NOTHING TO
DECODING THAT MESS, IS THERE?)
STAY TUNED FOR NEXT WEEK, WHEN
WE FINISH THIS SUBJECT BY ANSWERING THE
BURNING QUESTION "WHAT IS THE
WINDOW-SHADE TECHNIQUE?", AND PROCEED
TO A DISCUSSION OF MEMORY MOVING AND
FILE SAVING.