Apple II Magazines (DO)

home *** CD-ROM | disk | FTP | other *** search

/ Apple II Magazines (DO) / Bootlegger Magazine (1983)(Bootleg).zip / Bootlegger Magazine (1983)(Bootleg).do / NIBBLE COPYING.txt < prev next >

Wrap

Text File | 1996-12-24 | 14KB | 456 lines

7 *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* ][ PRESS SPACEBAR TO QUIT ][ *************************************** * * * NIBBLE COPYING * * * * * * * *************************************** WELCOME BACK - IT'S BEEN A LONG WEEK SINCE THE LAST INSTALLMENT, SO LET'S GET RIGHT TO THE BUSINESS OF KRACKING WAY OUT. AFTER THE EXCELLENT AND CHALLENGING PROTECTION THAT SIRIUS PUT ON THE BANDITS/CYCLOD GROUP, IT WAS DISCOURAGING TO SEE THE PUTRID LITTLE DOS COMMAND CHANGE ON ESCAPE FROM RUNGISTAN. WAY OUT IS ABOUT HALFWAY BETWEEN THE TWO, WITH ENOUGH CHALLENGE TO MAKE IT INTERESTING, AND ENOUGH DISK ACCESS TO MAKE IT DIFFERENT. IN THE FIRST HALF OF THIS EPISODE, WE WILL DESCRIBE THE REMOVAL OF THE NIBBLE COUNTS FROM THE DISK TO MAKE IT COPY WITH NA II, AND IN PART B WE'LL COVER THE CONVERSION OF THE PROGRAM TO A TOTALLY COPYA VERSION. TRACK 0, SECTOR 0 LOADS, OF COURSE, INTO 800-8FF, AND BRINGS IN A FAIRLY STRAIGHTFORWARD LOADER FROM THE REST OF TRACK 0 INTO $9600 UP. THEY PUT IT THERE RATHER THE 400-7FF SCREEN MEMORY IN ORDER TO DO THE RIPPLE VISUAL EFFECT BANNER (THAT'S ALL IN LO-RES COLOR, BY THE WAY). THE LOADER IS VISIBLE WHEN YOU RESET DURING THE LOOOONG BOOT (THEY STILL READ IN ALL THE TRACKS FROM 0 TO 1C TO "CHECK YOUR APPLE"), AND CHECKING THE END OF THE BOOT SECTOR AT 890 SHOWS THAT THE STARTING LOCATION IN THE LOADER IS 979B. A SHORT ROUTINE READS THROUGH ALL THE TRACKS, LOADING THEM AT STARTING ADDRESSES TAKEN FROM A LOOKUP TABLE JUST LIKE BANDITS AND CYCLOD. FOLLOWING THAT, AT 9811 AND 9814 ARE JSR'S TO DIFFERENT NIBBLE COUNT ROUTINES FOR TRACKS 21 AND 22. IN THIS FIRST PART, WE WILL MAKE THE DISK COPY WITH NA II BY CHANGING THE SIX BYTES FOR THE TWO JSR'S TO NOP'S. BUT BEFORE WE DO THAT, LET'S TAKE A MINUTE TO LOOK AT THE COPY PROTECTION SCHEMES ON THESE TWO TRACKS. TRACK 21 HAS A GOOD, OLD-FASHIONED NIBBLE COUNT WHERE THEY DETERMINE THE NUMBER OF BYTES BETWEEN THE TWO OCCURRANCES OF 'AA' ON THE TRACK. THIS IS THE KIND OF COUNT THAT NA II EATS FOR BREAKFAST, SO IT'S NOT HARD TO GET AROUND. TRACK 22, ON THE OTHER HAND, SHOWS THAT SIRIUS HAS BEEN READING THE DOCS ON THE MAJOR NIBBLE COPIERS - WE SURE HOPE THEY BOUGHT THEM ALL, RIGHT? IN ORDER TO DO A NIBBLE COUNT, A COPIER HAS TO KNOW WHERE TO START COUNTING AND SOMETIMES WHERE TO ADD OR DELETE THE SPARE NIBBLES. TO DO THIS, NA II ALLOWS YOU TO ENTER AN 8-BYTE ADDRESS MARKER, WHILE LS 4.1 ALLOWS 9 BYTES TO INCLUDE A NORMAL 3-BYTE HEADER, VOL #, TRACK#, AND SECTOR # AT TWO BYTES EACH. THIS TRACK HAS SEVERAL SECTIONS WITH NORMAL "GAPS" JUST LIKE NA AND LS LOVE TO FIND, ALL BEGINNING WITH THE BYTE SEQUENCE AA, D5, D5, FF, D6, FF, FD, FD, DD. THE PROGRAM, HOWEVER, LOOKS FOR THE NEXT THREE BYTES AS WELL, AND THESE MUST BE EA, B5, F7. ALL BUT ONE OF THESE 9-BIT SEQUENCES HAVE OTHER BYTES FOR THE NEXT THREE, AND THESE WILL BE INCORRECTLY CHOSEN FOR THE ADDRESS MARKER BY ANY OF THE POPULAR COPIERS. THE ENTIRE TRACK IS READ 16 TIMES, AND THE CHECKSUM FOR THE 64K BYTES READ IN MUST AGREE WITH THE ONE IN THE PROGRAM, OR THE DISK REBOOTS. DEVIOUS ENOUGH, BUT QUITE VISIBLE IN A LOADER THAT WASN'T WELL HIDDEN. TO CHANGE THOSE NIBBLE COUNT JSR'S TO NOP'S, WE HAVE TO ALTER THE ACTUAL NIBBLES ON THE TRACK. ANY ALTERATION WILL CHANGE THE CHECKSUM FOR THE TRACK, SO WE FIRST HAVE TO NEGATE THE CHECKSUM COMPARISON ROUTINE. THE SAME PROCESS IS USED FOR THE ACTUAL REMOVAL OF THE NIBBLE COUNT, SO WE'LL DO THE EASY ONE FIRST. IT'S BEEN A WHILE SINCE WE LOOKED AT THE TECHNIQUE USED BY SIRIUS TO ENCODE INFORMATION ON THE DISK, SO LET'S REVIEW FOR A MINUTE. REMEMBER THAT MOST PROTECTED SIRIUS SOFTWARE DOES NOT USE REGULAR SECTORS, BUT AN UNSEGMENTED STREAM EQUIVALENT TO C00 BYTES OF DATA ON EACH TRACK. AFTER THE ADDRESS MARKER OF AD DA DD (THE SIRIUS TRADEMARK), EVERY BYTE IS ENCODED IN A 4+4 FORMAT WHERE HALF THE INFORMATION IS STORED IN EACH NIBBLE (A BRIEF ASIDE - THE USE OF THE TERM 'NIBBLE' IS CONFUSING AND A LITTLE BIT ERRONEOUS WHEN USED IN DESCRIBING DISK ACCESS. IT FORMALLY REFERS TO EITHER THE LEFT-HAND OR RIGHT-HAND FOUR BITS OF A BYTE, AND HAS BEEN CONTINUED IN USAGE FOR THE UNITS OF INFORMATION STORAGE ON A DISK, EVEN THOUGH MANY SCHEMES, LIKE DOS 3.3, USE A VERY DIFFERENT METHOD OF ENCODING THE 8 BITS OF A BYTE ONTO A DISK 'NIBBLE'. IN ALMOST ALL CASES, ON THE APPLE, INFORMATION IS RECOVERED FROM THE DISK IN A SERIES OF EIGHT-BIT BYTES WHICH THEN MUST BE FURTHER PROCESSED TO DECODE THE REAL BINARY INFORMATION CONTAINED IN THEM). THE FULL SEQUENCE OF INSTRUCTIONS WHICH PERFORM THE DECODING WAS LISTED IN KKK #1; BUT BRIEFLY, THE FIRST NIBBLE (BYTE) IS READ IN, THE CARRY BIT IS SET, AND THE RESULT IS ROTATED LEFT ONCE. THIS SHIFTED NIBBLE IS "ANDED" WITH THE NEXT NIBBLE, AND THE RESULT STORED IN MEMORY AS A FULL BYTE. IN ORDER TO CHANGE A BYTE ON THE TRACK, IT'S NECESSARY TO RECONSTRUCT THE NIBBLES AS THEY WILL APPEAR ON THE TRACK AND FIND THEM WITH A NIBBLE EDITOR. FOR EXAMPLE, TO FIND THE BYTES WHICH CORRESPOND TO THE CHECKSUM ROUTINE, WE NEED TO LOOK AT THE INSTRUCTIONS AT $9887. THEY ARE 'EOR $F5, BNE 988D', OR BRANCH TO A RE-READ ROUTINE IF THE EXCLUSIVE-OR BETWEEN THE ACCUMULATOR AND THE CHECKSUM IN LOCATION F5 IS NOT ZERO. WE CAN GET AROUND THIS RE-READ IF WE CHANGE THE BYTES FOR 'BNE 988D' FROM 'D0 02' TO TWO NOP'S: 'EA EA'. THE DATA NIBBLES ALLOWED ON THE DISK UNDER THIS SYSTEM MUST HAVE THE MOST SIGNIFICANT BIT SET, AND AT LEAST EVERY SECOND BIT SET TO ONE: THE ONLY VALID NIBBLES ARE A (1010), B (1011), E (1110), AND F(1111). SPARING THE VERY GORY DETAILS, A BYTE HAS ITS FIRST HALF IN ONE TRACK NIBBLE, AND ITS SECOND HALF IN THE NEXT: -------SECOND BYTE / / EA FA / / ------------FIRST BYTE THE TABLE BELOW IS USED TO "BUILD UP" THE SIRIUS-FORMAT TRACK NIBBLES: FIRST SECOND BYTE HALF HALF ---- ----- ------ 0 A A 1 A B 2 B A 3 B B 4 A E 5 A F 6 B E 7 B F 8 E A 9 E B A F A B F B C E E D E F E F E F F F TO BUILD UP 'D0', FOR EXAMPLE, USE E- F- FOR THE 'D' AND -A -A FOR THE ZERO, THEN COMBINE THEM TO GIVE EA FA FOR 'D0'. THE '02' BYTE IS THEN A- A- PLUS -B -A TO MAKE AB AA. THE COMPLETE NIBBLE STRING FOR 'D0 02' IS EA FA AB AA. TO DO THE NIBBLE EDITING THAT FOLLOWS, THE BEST UTILITY IS PROBABLY THE TRACK/BIT EDITOR OF NIBBLES AWAY II. LOAD NA II, ENTER D5 AA 96 FOR THE ADDRESS MARKER, SELECT THE TRACK EDITOR AND READ IN TRACK ZERO. TYPE 'Z' TO ALLOW THE PROGRAM TO ANALYZE THE TRACK, THEN MOVE THE CURSOR TO THE PAGE CONTAINING THE POINTER (USUALLY 6700). TYPE 'S' FOR STRING SEARCH AND ENTER EA FA AB AA (AS A GENERAL RULE, SEARCHING FOR A TWO-BYTE SEQUENCE IN A PROGRAM IS RISKY, WHILE A FOUR-BYTE SEQUENCE IS PRETTY SAFE. IN THIS CASE, YOU REALLY SHOULD ADD THE PRECEDING TWO BYTES 45 F5, WHICH TRANSLATE TO BA EF FA FF). WHEN THIS STRING IS LOCATED, REPLACE IT WITH THE EQUIVALENT OF TWO EA'S: FF EA FF EA, AND WRITE IT TO A BLANK DISK WITH THE 'W' KEY. WITH THE CHECKSUM SAFELY REMOVED, YOU CAN FOLLOW THE SAME GENERAL PROCEDURE TO REMOVE THE NIBBLE COUNT JSR'S AT 9811 AND 9814, ALLOWING YOU TO MAKE A WORKING COPY OF WAY OUT WITH NA II. TRACK ZERO WOULD USE D5 AA 96 AS AN ADDRESS MARKER, AND TRACKS 1-1C USE AD DA DD. THIS PART OF THE KORNER IS DEVOTED TO MAKING WAY OUT (AND HOPEFULLY SIMILAR GAMES IN THE FUTURE) COPYA. WAY OUT IS STRUCTURED IN THE FOLLOWING WAY: IT HAS A MAIN PROGRAM SPLIT BETWEEN 800-1FFF AND 6000-9BFF; AND TWO HI-RES PICTURES (START GAME AND SAVED GAME) WHICH LOAD AT DIFFERENT TIMES INTO 4000-5FFF. TRACK 1B CONTAINS BEST SCORES AND INITIALS, AND TRACK 1C CONTAINS INFORMATION FOR THE SAVED GAME. BOTH OF THESE TRACKS ARE LOADED INTO A000-ABFF AND THE CRUCIAL INFORMATION RELOCATED TO SOME SLOTS AT 1A00-1C34. THE DATA FOR THE 26 MAZES ARE STORED TWO TO A TRACK IN TRACKS 1-D; THESE ARE ALSO LOADED INTO THE A000 SPACE FOR TRANSFER TO 1A00 AND UP. FORTUNATELY, THERE IS ROOM IN MEMORY FOR THE RWTS ROUTINES (900 HEX), AND THE INDIVIDUAL READ AND WRITE SUBROUTINES WILL FIT EASILY INTO THE SPACE OF THE ORIGINAL ONES. THE EASIEST WAY TO GET THE MAIN PROGRAM LOADED IN IS AS A SINGLE FILE, USING THE ROUTINE BUILT INTO THE DOS BOOT. DOING IT THIS WAY SAVES SOME PROGRAMMING TIME, AND SPEEDS THE LOAD, SINCE NO SEPARATE LOAD IS NEEDED FOR THE APPROPRIATE PICTURE AND SAVED GAME. THIS MAIN PROGRAM IS A TOTAL OF A4 (164) SECTORS, RUNNING FROM 800 TO ABFF. A GOOD WAY TO SET THIS UP IS TO BOOT A DOS 3.3 DISK BEFORE YOU BOOT THE GAME, AND HIT RESET AFTER THE GAME IS COMPLETELY LOADED (THIS ASSUMES THAT YOU HAVE A NON-AUTOSTART ROM IN THE F8 SOCKET). RWTS WILL STILL BE INTACT AT B700-BFFF, AND YOU CAN WRITE THE ENTIRE PROGRAM ONTO AN INITIALIZED DISK WITH THE INSPECTOR (THE INSPECTOR IN ROM AT D800, PREFERABLY WITH WATSON AT D000, IS AN ABSOLUTE MUST FOR EFFICIENT KRACKING OF TODAY'S SOFTWARE). REMEMBER TO CHANGE LOCATIONS 3D9-3DB TO '4C 00 BD' TO ALLOW THE INSPECTOR TO FIND RWTS, THEN WRITE THE PROGRAM ONTO THE DISK USING CONTROL-W, CONTROL-I-REPEAT, ONTO TRACK E, SECTOR 0 TO TRACK 18, SECTOR 3. THE 13 DATA TRACKS THAT COMPRISE THE MAZES SHOULD NEXT BE TRANSFERRED TO TRACKS 1-D OF THE NEW DISK. LOCATIONS 988F-98AB OF THE ORIGINAL LOADER CONTAIN THE TABLE OF STARTING ADDRESSES FOR EACH TRACK. USE THE NIBBLE ALTERATION SCHEME DISCUSSED IN PART A TO ALTER THE LOCATIONS SO THAT EACH TRACK LOADS INTO AN EVEN 1000 ADDRESS -- T1 TO 1000, T2 TO 2000, ETC., UP TO T8 AT 8000. ALSO CHANGE LOCATION 980E TO 1C SO THE LOAD WILL END AFTER THE GAME TRACKS ARE IN. WHEN YOU BOOT THE GAME DISK WITH THESE ALTERED LOCATIONS, THE GAME TRACKS WILL LOAD OBEDIENTLY WHERE THEY'RE TOLD. SAVE THESE ONTO THE SAME TRACKS ON THE DOS 3.3 DISK WITH THE INSPECTOR, THEN GO BACK AND DO TRACKS 9-D BY ALTERING THEIR LOAD LOCATIONS AND SAVING THEM. THE SAVED GAME PICTURE CAN BE SAVED OUT SIMILARLY BY RESETTING AFTER RESTARTING THE SAVED GAME. SAVE THE PICTURE ANYWHERE SAFE; TRACKS 1F AND 20 ARE OK. YOUR DOS DISK NOW CONTAINS ALL THE DATA FOR THE GAME, AND ALL YOU NEED ARE A FEW QUICK READ AND WRITE SUBROUTINES. TO USE THE DOS BOOT ROUTINE TO LOAD THE BIG PART, READ IN T0, S1 FROM A STANDARD DOS 3.3 DISK. MAKE THE FOLLOWING CHANGES, AND WRITE IT BACK OUT TO YOUR DISK: LOCATION MEANING NEW VALUE -------- ------- --------- 15 FIRST TRACK 18 1A FIRST SECTOR 03 E0 # OF SECTORS A4 E7 FIRST STORAGE PAGE+1 AC WHEN THE DISK IS BOOTED, STAGE 1 THINKS IT'S LOADING IN DOS STAGE 2, BUT IT'S REALLY YOUR PROGRAM. TO DO THE REST OF THE DISK ACCESS, THE FOLLOWING ROUTINES FROM THE ORIGINAL MUST BE DUPLICATED FOR THE RWTS FORMAT: OLD NEW TRACK # T/S CONTENT FUNCTION ------- --- ------- -------- 1B 18/4- SCORES READ & WRITE 18/F 1C 17/8- SAVED " " " 18/3 DATA 15-17 19/0- SAVED HI- " " " 20/F RES PIC 1 TO D 1/0- GAME READ ONLY D/0 DATA TO USE RWTS, THE FOLLOWING NUMBERS MUST BE LOADED INTO IT (COMPUTER SCIENCE MAJORS CALL THIS "PARAMETER PASSING"). LOCATION CONTENTS -------- -------- B715 STARTING(HIGHEST) TRACK# B71A STARTING SECTOR B726 0=SEEK, 1=READ, 2=WRITE B70E # OF SECTORS/PAGES B7E7 FIRST MEM. PAGE LOAD+1 SO THAT READING DATA FROM T17,S8 THROUGH T18,S3 INTO A000 TO ABFF REQUIRES: B715:18 B71A:03 B726:01 B7E0:0C B7E7:AC, FOLLOWED BY JSR B700. YOU CAN SCATTER THE NECESSARY "STUFF AND JUMP" ROUTINES BETWEEN 9600 AND 9800. THE NICELY-ORGANIZED JUMP TABLE AT 9600-961E WILL TELL YOU WHERE EACH ONE SHOULD BE, AND ALLOWS THE REST OF THE PROGRAM TO USE THEM WITHOUT KNOWING THEY'VE BEEN CHANGED. ONE FURTHER CHANGE THAT'S REQUIRED IS THE ROUTINE TO CALCULATE THE GAME TRACK TO BE READ IN. AN INPUT ROUTINE DEEP IN THE BOWELS OF THE MAIN PROGRAM ACCEPTS THE KEYPRESS, QUALIFIES IT, AND SUBTRACTS $C1 TO GIVE 0-19 FOR THE LETTERS A-Z. THE CODE AT 962C WHICH DOES THE CALCULATION THEIR WAY IS: LDA $9623 AND #$FE CLC ADC #$02 JSR 981A TRACK ACCESS IN THE SIRIUS SYSTEM IS LISTED IN HALF-TRACKS, SO ALL TRACK NUMBERS ARE DOUBLED IN THE CODE. THEY TAKE THE MAZE NUMBER 0-19 AND MASK OFF THE LOW BIT, SINCE BOTH EVEN AND ODD MAZE NUMBERS WILL BE ON THE SAME TRACK. THEY ADD 2 SINCE THE FIRST MAZE TRACK IS #1, AND JUMP TO THE TRACK READER. IN OUR SYSTEM, THIS BECOMES: LDA $9623 LSR CLC ADC #$1 JSR 9800 WE SHIFT THE NUMBER RIGHT ONCE TO DIVIDE IT BY TWO AND INCLUDE THE EVEN/ODD GAME, THEN ADD 1 TO GET THE WHOLE TRACK NUMBER FOR RWTS. ABOUT ALL THAT'S LEFT IS TO PUT A LITTLE BIT OF FLASH ON THE TITLE PAGE, AND YOU HAVE A NICELY PACKAGED COPYA VERSION OF WAY OUT. A FOOTNOTE--IN AN INCREDIBLE EXERCISE OF STUPIDITY, SIRIUS LEFT IN A FAIR PART OF THE ASSEMBLER SOURCE FILE FOR THE PROTECTION SCHEME EMPLOYED. IF YOU READ THROUGH THE MEMORY AT C00-1FFF, YOU WILL FIND LARGE CHUNKS OF AN ASCII FILE WITH SUCH GEMS AS "JSR NBLCNT", ETC. YOU CAN ALSO SEE IT BY LOADING AND RESETTING THE PROGRAM, THEN TYPING THE MONITOR COMMANDS 400<C00.FFFM OR 400<1000.13FFM, AND SO ON. THESE WILL PUT THE FILE ON THE SCREEN FOR YOUR PERUSAL. THIS REMINDS ME OF LOCKING YOUR VALUABLES IN A SAFE AND THEN WRITING THE COMBINATION ON THE DOOR! THE PROTECTION SCHEME, BY THE WAY, WAS WRITTEN BY ZERO PAGE ENTERPRIZES, WHICH HAS NO CONNECTION WHATEVER WITH THE WELL-KNOWN KRACKIST OF THE SAME NAME.