Apple II Magazines (DO)

home *** CD-ROM | disk | FTP | other *** search

/ Apple II Magazines (DO) / Bootlegger Magazine (1983)(Bootleg).zip / Bootlegger Magazine (1983)(Bootleg).do / CRACKING-PART 7.txt < prev next >

Wrap

Text File | 1996-12-24 | 10KB | 371 lines

A #=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=# APPLE CRACKING SECTION =#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#= WEEK. OUR FIRST TOPIC WILL BE BOOT TRACING. AND WE WILL USE IT ON APPLE GALAXIAN. I KNOW THAT THERE ARE LOTS OF BROKEN COPIES OF THIS GAME FLOATING AROUND, BUT I CHOSE IT BECAUSE IT IS A WIDELY DISTRIBUTED PROGRAM AND GOES WITH ALL THE TIPS I HAVE FOR YOU ABOUT BOOT TRACING. NOW FOR ALL YOU PIRATES OUT THERE, YES THERE IS ANOTHER WAY TO CRACK PROGRAMS. YOU DON'T NEED ANY RAM-CARDS,PROM BURNERS, OR FOREIGN-TO-REGULAR DOS PROGRAMS, ANYBODY WHO IS NOT A CLOWN, WITH SOME MACHINE LANGUAGE PROGRAMMING ABILITY CAN TRACE A BOOT. THIS METHOD OF CRACKING, TRACING THE BOOT, IS IN A TRUE SENSE, CRACKING THE CODE. YOU SEE, FOR ALL DISKS, THEY MUST FIRST BOOT UP TO START RUNNING. AFTER THE FIRST STAGE BOOT (AT LOCATION $C600), THEY JUMP TO SECOND STAGE BOOT PROGRAM (AT $800), AND THEN TO A THIRD, AND SOME EVEN A FORTH, BUT THERE COMES A POINT WHERE THE LOADING OF THE PROGRAM FROM DISK STOPS, AND THE RUNNING OF THE PROGRAM BEGINS. IF YOU CAN TRACE THIS, AND STOP IT AFTER IT IS FINISHED LOADING, AND SAVE ALL THE MEMORY LOCATIONS THAT CONTAIN THE PROGRAM ONTO A NORMAL 3.3 DISK, YOU HAVE CRACKED THE PROGRAM. THIS METHOD IS MOST USEFUL FOR CRACKING THE "SINGLE-SHOT" BOOTING PROGRAMS SUCH AS APPLE PANIC, RASTER BLASTER, AND GORGON. THESE DISKS DON'T CONTAIN ANY STANDARD DOS, BUT RATHER THEIR OWN. THIS DOS HAS JUST ONE PURPOSE, AND THAT IS TO LOAD THE PROGRAM INTO THE COMPUTER, FROM THE DISK, AND START ITS EXECUTION. NOW, THIS IS NOT AS SIMPLE AS IT SOUNDS, AS THE SOFTWARE PROTECTORS ARE NOT DUMB, THEY TRY TO MAKE IT TOUGH FOR YOU TO TRACE. HOWEVER, IT IS NOT IMPOSSIBLE, SINCE THE DISK MUST BOOT UP, AND SINCE IT MUST HAVE SOME BOOTING PROCESS, THAT IS TRACEABLE. LET ME TRY AND SHOW YOU AN EXAMPLE OF HOW TO TRACE A BOOT OF A PROGRAM.LET ME SHOW YOU HOW TO TRACE APPLE GALAXIAN. THE FIRST STAGE BOOT STARTS AT $C600. IF YOU TURN YOUR APPLE ON, AND TYPE "CALL-151 (RETURN)" AND "C600G (RETURN)", THE DISK WILL PROCEED TO START AND BOOT THE DISK IN THE DRIVE. THIS IS BECAUSE $C600 CONTAINING THE PROGRAM FOR THE DISK TO BOOT FIRST. IF, YOU EXAMINE THIS PROGRAM BY TYPING "CALL-151 (RETURN)", AND "C600LLLLLLL (RETURN)", YOU WILL SOON COME ACROSS A JMP $801, NEAR THE END, SPECIFICALLY, AT $C6F8. THIS IS THE LINK TO THE NEXT STAGE OF THE BOOT WHAT WE MUST DO IS ALLOW THE FIRST STAGE TO LOAD IN AT $800, BUT INSTEAD OF LETTING IT RUN (CONTINUE TO BOOT, AND GO TO $800), STOP THE COMPUTER, AND EXAMINE WHAT IS AT $800. TO DO THIS LETS MOVE $C600 DOWN TO $9600.TYPE "CALL-151 (RETURN)" AND "9600<C600.C700M (RETURN)" THIS MOVES C600 DOWN FOR YOU. THEN TYPE"96F8:4C 59 FF (RETURN)", THIS WILL, INSTEAD OF HAVING THE BOOT GOTO $800, WILL MAKE IT JUMP TO $FF59 (THE RESET LOCATION). THEN TYPE "9600G". YOUR DISK SHOULD BOOT UP FOR A SECOND OR SO, AND THEN YOU SHOULD HEAR BELL, AND THE MONITOR CURSOR WILL APPEAR AT THE BOTTOM OF THE SCREEN.THE NEXT STEP IS TO EXAMINE THE BOOT AT LOCATION $800. IF YOU LOOK AT THIS BY TYPING "800L (RETURN)" YOU WILL SEE THE SECOND STAGE BOOT OF APPLE GALAXIAN. BY TYPING "800LLLLLLL (RETURN)", YOU CAN SEE WHAT GOES ON NEXT IN THE BOOT STEP. WHAT HAPPENS NEXT, IS THAT IT TAKES THE MEMORY THAT IS STORED AT $800, AND MOVES IT DOWN TO $200, AND SOME OTHER STUFF, LIKE LOADING THE NEXT STAGE OF THE BOOT, AND THEN, IF YOU LOOK AT LOCATION $841, YOU WILL SEE A JUMP TO $301. THIS IS THE NEXT STAGE IN THE BOOT. SO, WE MUST MOVE WHAT IS IN MEMORY UP, OUT OF $800, BECAUSE THE NEXT TIME WE BOOT THE DISK, THE LOCATIONS AT $800 WILL BE CHANGED, SO TYPE "9800<800.900M (RETURN)", AND THAT WILL DO THE MOVE. THE NEXT THING TO DO, IS TO CHANGE WHAT IS AT $9800, THE STUFF WE JUST MOVED UP, SO THAT IT WILL RUN AT $9800, INSTEAD OF ITS NORMAL LOCATION OF $800. TO DO THIS, TYPE " 9803:BD 0 98 (RETURN)" AND "9841:4C 01 93 (RETURN)". THEN TYPE "9301:4C 59 FF", BECAUSE WE CHANGED IT TO RUN AT $9800, AND ALSO CHANGED IT TO STOP AFTER DOING THIS INSTEAD OF JUMPING TO THE NEXT BOOT STAGE, AT $300. WE TOLD IT TO JUMP TO $9300, AND AT $9300, WE PUT A JMP $FF59 (JUMP TO RESET). AND FINALLY, CHANGE THE JMP AT $96F8 FROM $FF59 TO $9801 BY TYPING "96F8:4C 01 98". NOW AGAIN TYPE $9600G. THIS TIME, WE ARE ONE STAGE FARTHER, IF YOU NOW MOVE THE STUFF AT $300 UP TO $9300, AND CHANGE IT TO WORK AT $9300 BY TYPING "9300<300.400M (RETURN)" AND "9313:AD CC 93 (RETURN), AND "933C:AD CC 93 (RETURN)", THIS WILL BE COMPLETED. BUT NOW, THERE IS A PROBLEM. THE JUMP OUT IS AT $9343, AND IT JUMPS NOT TO THE NEXT STAGE IMMEDIATELY, BUT TO A CERTAIN AMOUNT OF SUBROUTINES, AND AFTER THEM , THROUGH THE SAME JUMP, JUMPS TO THE NEXT STAGE. HOW DO WE GET AROUND THAT YOU ASK ? THE ANSWER IS TO WRITE A PROGRAM THAT CHECKS TO SEE WHERE IT IT JUMPING TO, AND IF IT IS NOT JUMPING TO WHERE IT NORMALLY JUMPS TO, THEN STOP, BECAUSE WE KNOW THAT THE NEXT JUMP IS NOT TO A SUBROUTINE, BUT TO THE NEXT STAGE OF THE BOOT. THIS MAY SOUND COMPLICATED, BUT JUST TYPE THIS ROUTINE IN AT $9400, "9400:A5 3E C9 5D D0 03 6C 3E 00 4C 59 FF", AND "9343:4C 00 94 (RETURN)". THAT WILL TAKE CARE OF THIS STAGE. NOW CHECK TO SEE THAT YOU HAVE TYPED IN EVERYTHING CORRECTLY, AND THEN TYPE "9600G", TO RESTART THE BOOT. NOW, THE DISK SPINS FOR A LITTLE WHILE LONGER, AND THEN IT STOPS, WE HAVE COME TO THE LAST STEP OF THIS BOOT PROCESS. THIS STEP LOADS THE PROGRAM IN FROM DISK, AND THEN JUMPS TO THE BEGINNING OF IT .BY TYPING "93CC (RETURN)", THE COMPUTER WILL DISPLAY THE PAGE-1 OF THE NEXT STAGE BOOT. IT WILL DISPLAY "B6", AND YOU ADD ONE TO IT, AND GET $B7, SO TYPE "B700L". AND PRESTO, WE HAVE THE NEXT STAGE OF THIS BOOT. THIS BOOT FROM HERE DOES THE PROGRAM LOADING, ALONG WITH TURNING ON THE GRAPHICS, AND JUMPS TO THE BEGINNING OF IT. IF YOU CAN SEE IT, THE BEGINNING OF IT IS AT $600, AND THERE IS A JUMP TO $600 AT LOCATION $B759. SO, ALL WE HAVE TO DO IS TO HAVE IT DO ALL THE LOADING, AND INSTEAD OF HAVING IT JUMP TO $600, STOP IT THERE. BUT THERE IS A PROBLEM CONNECTED WITH THIS (ARN'T THERE ALWAYS !). THE PROBLEM IS THAT IF WE STOP IT HERE, LOCATION $600 IS IN TEXT VIDEO MEMORY, SO WE MUST NOT HAVE IT JUMP TO $FF59 (STOP), BUT JUMP TO A ROUTINE THAT RELOCATES EVERYTHING FROM $0000-$0800, AND THEN STOP. I WILL PROVIDE YOU WITH THIS. JUST TYPE "B500:A2 00 B5 00 9D 00 20 BD 00 01 9D 00 21 BD 00 02 9D 00 22 BD 00 03 9D 00 23 BD 00 04 9D 00 24 BD 00 05 9D 00 25 BD 00 06 9D 00 26 BD 00 07 9D 00 27 E8 D0 CE 4C 59 FF (RETURN)" THIS WILL TAKE CARE OF MOVEING EVERYTHING FROM $0-$800 TO $2000-$2800. BUT NOW CHANGE $B759 TO JUMP TO THIS SMALL PROGRAM BY TYPING "B759:4C 00 B5" BUT WE ALSO HAVE TO CHANGE SOME OTHER LOCATIONS. LOCATION $93CC MUST BE CHANGED TO $D6, SO TYPE "93CC:D6 (RETURN), AND INSTEAD OF JUMPING TO $FF59 AT $8409, AND STOPPING AT THAT STAGE OF THE BOOT, JUMP TO THE BEGINNING OF THIS BOOT AT $B700, BY TYPING "9409:4C 00 B7 (RETURN)". THAT TAKES CARE OF MOST ALL PREPERATIONS FOR THE FINAL CRACK. NOW CHECK TO SEE THAT YOU HAVE TYPED IN EVERYTHING CORRECTLY, AND IF YOU ARE READY, TYPE "9600G" IF EVERYTHING WORKED CORRECTLY, IT SHOULD BOOT UP FOR ABOUT 10 SECONDS, AND YOU SHOULD SEE THE HI-RES PICTURE LOADING IN, AND THEN YOUR SPEAKER SHOULD BEEP, AND YOU SHOULD SEE, ON THE SCREEN A BUNCH OF LETTERS. IF THIS DIDN'T HAPPEN, CHECK ALL THESE STEPS, AND REPEAT THE PROCESS. IF IT HAS, THEN YOU ARE JUST ABOUT FINISHED. IF YOU WANT TO CHECK TO SEE IF IT HAS WORKED, ASSEMBLE THIS PROGRAM, AND TYPE IT IN AT $B560, IF NOT, GO ON TO THE NEXT STEP. OBJ $B560 BEGIN LDX #$00 AGAIN LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA $2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X INX BNE AGAIN ;LOOP JMP $0600 ;BEGINNING OF PGM NOW BOOT UP A NORMAL DOS DISK, AND SAVE EVERYTHING FROM $2000-$2800, WHICH REPRESENT LOCATIONS $0-$8 MOVED UP BY $2000.YOU SHOULD THEN REPEAT THE WHOLE BOOT TRACE, AND PROCEED TO THE NEXT STEP.EXAMINE THE MEMORY OF YOU APPLE, YOU WILL SHOULD SAVE ALL THE INFORMATION FROM $800-$A000 ON A NORMAL DOS DISK, THEN LINK THE FILES THAT YOU HAVE SAVED ON THE DOS DISK TOGATHER, AND MAKE THE FILE A B-RUNABLE FILE, THAT LOADS EVERYTHING IN, AND MOVES THE $00-$800 IMAGE BACK DOWN IN MEMORY, AND THEN JUMPS TO LOCATION $600, THE BEGINNING OF THE PROGRAM. IF YOU HAVE ANY QUESTIONS ON THIS, YOU MAY MAIL THEM TO ME. ALSO, I HAVE RECENTLY CRACKED MANY GOOD PROGRAMS SUCH AS STAR BLAZER, TWERPS, SNAKE BYTE, FOOSBALL, DUNG BEETLES, AND LOCKSMITH 4.1. IF YOU ARE IN NEED OF ANY OF THESE, LEAVE ME MAIL ON THIS BOARD. LOOK FOR SOME NEW ARTICALS SOON, ON HOW TO CRACK OTHER PROGRAMS, AND UNTIL THEN KEEP ON CRACKING ! IF ANY ONE OF YOU ARE UNFAMILIAR WITH HOW TO SAVE EVERYTHING, AND YOU NEED SOME HELP, HERE IS HOW TO DO IT: FOLLOW THE DIRECTIONS FOR TRACEING THE BOOT, AND TYPE "2800<9600.A000M (RETURN)" AND "3200<800.900M (RETURN)" ALSO, WE NEED A PROGRAM TO MOVE EVERYTHING THAT WE JUST RELOCATED BACK INTO THEIR ORIGINAL LOCATIONS. SO WE NEED A PROGRAM LIKE THIS: ORG $3400 LDX #$00 LOOP1 LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA $2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X NOP LDA $3200,X STA $800,X LDA $3300,X STA $900,X NOP LDA $2800,X STA $9600,X LDA $2900,X STA $9700,X LDA $2A00,X STA $9800,X LDA $2B00,X STA $9900,X LDA $2C00,X STA $9A00,X LDA $2D00,X STA $9B00,X LDA $2E00,X STA $9C00,X LDA $2F00,X STA $9D00,X LDA $3000,X STA $9E00,X LDA $3100,X STA $9F00,X NOP INX BNE LOOP1 LDA $C057 LDA $C054 LDA $C052 LDA $C050 ;GRAPHICS JMP $600 ;BGN OF PGM. NOW YOU CAN BOOT UP YOU 3.3 DISK, AND TYPE "CALL-151 (RETURN)", "9FD:4C 00 34 (RETURN)","A964:FF (RETURN)", AND "BSAVE GALAXIAN,A$9FD,L$8C03 (RETURN)", AND NOW YOU ARE FINISHED. ME. SOFTWARE PROTECTION BREAKING DIV ISION