informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/apple/CRACKING/infohardware.txt

429 lines
14 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

***************************************
* *
* *
* KRAKOWICZ'S KRACKING KORNER *
* *
* *
* BASIC HARDWARE KRACKING TOOLS *
* *
* *
* *
***************************************
IN ANSWER TO AN INCREASING NUMBER
OF REQUESTS, HERE ARE A COUPLE OF
RELATIVELY (?) SIMPLE HARDWARE DEVICES
DESIGNED TO INCREASE YOUR KRACKING AND
SNOOPING ABILITY. THE SELECTION RULES
ARE SIMPLE: IF YOU DON'T KNOW HOW TO
MAKE IT, DON'T TRY. IF YOU DON'T KNOW
HOW TO USE IT, DON'T BOTHER. SOME OF
THE PIECES WILL BE HARD TO FIND, SO IF
YOUR SOLE SUPPLIER OF HARDWARE IS RADIO
SHACK, YOU MAY HAVE SEVERE DIFFICULTIES
BUILDING AT LEAST THE FIRST DEVICE.
THESE ARE NOT (AS FAR AS I KNOW)
COMMERCIAL PRODUCTS, AND NEITHER I NOR
THE MANAGEMENT OF THIS INFORMATION
SERVICE HAS ANY ABILITY OR DESIRE TO
SUPPLY YOU WITH COMPLETED DEVICES,
PARTS, ADDITIONAL INFORMATION,
DEBUGGING AIDS, OR ADVICE IN THEIR
UTILIZATION IN KRACKING, OTHER THAN
THAT PRESENTED HERE. (THESE DEVICES ARE
DESCRIBED "AS IS", AND THE MANUFACTURER
MAKES NO WARRANTY, EXPRESS OR IMPLIED,
REGARDING, BUT NOT RESTRICTED TO,
MERCHANTABILITY, FITNESS OF USE, BLAH,
BLAH, BULLSHIT, HAVE YOU ANY PULL?).
THERE ARE TWO DEVICES. THE FIRST
IS KNOWN AS THE "ROMSWITCH", AND ALLOWS
YOU TO SELECT BETWEEN TWO PROMS IN THE
F8 POSITION, ONE BEING A STANDARD APPLE
9316 PROM SUCH AS AN AUTOSTART ROM, AND
THE OTHER A 2716 MODIFIED TO PERFORM
PERVERTED ACTS FOR CLANDESTINE
PURPOSES. YOU ARE CERTAINLY AWARE OF
THOSE "PROTECTION" SCHEMES WHICH
REQUIRE YOU TO HAVE AN UNMODIFIED
AUTOSTART ROM IN THE F8 SOCKET IN ORDER
TO BOOT (SHAME ON YOU FOR TRYING TO USE
LOWER CASE!), AND THERE ARE MANY TIMES
WHEN IT WOULD BE NICE TO SWITCH EASILY
BETWEEN A NORMAL AUTOSTART ROM AND A
KRAKROM WITH VOLATILE MEMORY SAVE AND
NMI CAPABILITES (CRACK-SHOT, REPLAY,
WILD CARD, AND FRIENDS ARE BENEATH
CONTEMPT FOR THE SERIOUS KRACKIST).
(THOSE OF YOU WHO HAVE FIGURED OUT
HOW TO DO THIS BY PROGRAMMING A 2732
PROM TO CONTAIN BOTH THE NORMAL AND
MODIFIED CODE, AND THEN TOGGLE BETWEEN
THEM WITH A SWITCH ON THE A11 LINE AT
PIN 18 NEED READ NO FURTHER. YOU ARE
BEYOND US AND WE SALUTE YOU.)
AS WE DESCRIBED IN "THE BASICS OF
KRACKING 1", THE TWO PROMS DIFFER IN
THEIR UTILIZATION OF CHIP SELECT AND
CHIP ENABLE PINS. FORTUNATELY, THE
PINS USED TO CONNECT THE ROM TO THE BUS
(CHIP SELECT LINES) ARE OF OPPOSITE
SEX: THE 9316 IS ENABLED BY PULLING PIN
18 UP TO 5 VOLTS, WHILE THE 2716 IS
ENABLED BY PULLING PIN 18 DOWN TO
GROUND. WHAT THIS MEANS TO US IS THAT
WE CAN SELECT BETWEEN THE TWO CHIPS BY
WIRING ALMOST ALL THE PINS IN PARALLEL
AND USING A SINGLE-POLE, SINGLE THROW
SWITCH TO CONNECT BOTH PINS TO EITHER
5 VOLTS OR GROUND. (MOST OF THE TIME)
YOU CAN EVEN DO IT WHILE A PROGRAM IS
RUNNING WITHOUT ANYONE KNOWING YOU DID
IT.
TO DO IT RIGHT, YOU WILL NEED A
24-PIN PLUG THAT FITS INTO THE F8 ROM
SOCKET AND CONNECTS TO A 6-INCH PIECE
OF 24-CONDUCTOR FLAT RIBBON CABLE. THIS
IS KNOWN IN HARDWARE CIRCLES AS A
CRIMP-ON 24-PIN DIP PLUG (3M #3460 OR
EQUIVALENT). IF YOU CAN'T FIND ONE, YOU
CAN SOLDER THE INDIVIDUAL WIRES TO THE
SOCKET HOLES OF A 24-PIN SOCKET OR THE
PINS OF A 24-PIN COMPONENT CARRIER,
BUT YOU WILL NEED MUCH MORE SOLDERING
SKILL TO AVOID SHORTS.
CRIMP THE DIP PLUG ONTO THE 24-PIN
CABLE, THEN AT THE OTHER END, CRIMP ON
A TOTAL OF 4 40-PIN "BIPIN" HEADERS
(EACH ONE HAS TWO ROWS OF 20 PINS ON
0.100 INCH CENTERS; ANSLEY, 3M, AMP
MAKE 'EM), ALLOWING A SPACE OF EXACTLY
0.2 INCHES BETWEEN EACH PAIR. THE
SPACING BETWEEN OUTSIDE ROWS ON
ADJACENT HEADERS WILL THEN BE 0.6",
JUST RIGHT FOR THE PINS ON 24-PIN DIP
SOCKETS (IF ANYONE EVER FINDS A SOURCE
OF 24-PIN CRIMP-ON IC SOCKETS, PLEASE
POST A MESSAGE LISTING THE SOURCE. WE
WILL BE ETERNALLY GRATEFUL TO YOU).
(IN THE DIAGRAMS BELOW, PLEASE TRY
TO PRETEND THAT THE THINGS THAT ARE
SHAPED LIKE: /\/\/\ LOOK LIKE RESISTOR
SYMBOLS. IT'LL MAKE ME FEEL A LOT
BETTER).
___ ____________________
^ !....................!_________
! !....................!4 ^
! !____________________!____ !
! ! ! 0.2" !
!2716->!___________!_______ ____ 0.6"
! !....................! !
! !....................!3______!_
! !____________________!
! ! !
! !___________!_______
! !....................!
! !....................!2
! !____________________!
!9316->! !
! !___________!_______
! !....................! 40-PIN
! !....................!1 HEADERS
! !____________________!
6" ! !
! ! !
! ! !
! ! !
! ! ! 24-CONDUCTOR
! ! ! RIBBON CABLE
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! _!___________!_
! ! ............ !
! ! ! 24-PIN DIP
! ! ! PLUG
! ! !
! ! ............ ! (TOP VIEW)
_V_ !_______________!
/
PIN 1
PREPARE TWO 24-PIN WIRE-WRAP
SOCKETS AS SHOWN BELOW:
(THESE ARE BOTTOM VIEWS)
---------------------------------------
! 13 14 15 16 17 18 19 20 21 22 23 24!
! ./ ./ ./ ./ ./ ./ ./ ./ ./ ./ ./ ./ !
! X !
! 1000 OHMS /\ !
! \ / ! /
! _/\/\/\/\___/ ! (NOTCH)->!
! ! ! \
! ! ! 9316 PROM !
! ! . . . . .! . . . . . . !
!/ / / / / / !/ / / / / / !
!12 11 10 9 8 7 !6 5 4 3 2 1 !
------------------!--------------------
!
! 100 OHMS
! /
_!____/ --/\/\/\---->
!
! TO
! SPST 5 VOLTS
! SWITCH (PIN24)
!
-----------------!---------------------
! 13 14 15 16 17!18 19 20 21 22 23 24!
! ./ ./ ./ ./ ./ !/ ./ ./ / ./ ./ ./ !
! -X X / !
! 1000 OHMS / / / !
! \ / /_______/ /
! _/\/\/\/\_/ !
! / \
! / 2716 PROM !
! / . . . . . . . . . . . !
!/ / / / / / / / / / / / !
!12 11 10 9 8 7 6 5 4 3 2 1 !
---------------------------------------
X=CUT OFF THE PIN
INSERT THE SOCKET PINS INTO THE
=>OUTSIDE<= ROWS OF HOLES IN THE
HEADERS:
4 3
----- -----
! . . ! ! . . ! ENLARGED VIEW
! . . ! ! . . ! OF LEFT SIDE
! . . ! ! . . ! OF CABLE
! . . ! ! . . ! ASSEMBLY SHOWN
! . . ! ! . . ! ABOVE
! . . ! ! . . !
! . . ! ! . . !
..! . . !....! . . !..
. ! . . !----! . . !-.-----
. ! . . ! ! . . ! .
. ! . . ! ! . . ! . /THE SOCKET
. ! . . ! ! . . ! ./ WILL COVER
. ! . . ! ! . . ! . THE SPACE
. ! . . ! ! . . ! . INSIDE THE
. ! . . ! ! . . ! . DOTTED LINE
. ! . . ! ! . . ! .
. ! . . ! ! . . ! .
. ! . . ! ! . . ! .
. ! . . ! ! . . ! .
. ! . . ! ! . . ! .
..! !....! !..------
----- ----- \
/ \ PIN 1
/ \
IC SOCKET PINS FIT IN THESE TWO LINES
OF HOLES (ONE 24-PIN SOCKET COVERS
THE LOWER PART OF BOTH HEADERS)
(BECAUSE OF THE OFFSET USED TO CONNECT
THE CRIMP PINS TO THE CABLE, THE
INSIDE ROWS CONTAIN THE SAME PINS, BUT
WITH THE SIDES SWITCHED. DON'T THINK
ABOUT IT TOO LONG--IT INVITES MADNESS)
INSERT THE SOCKET FOR THE 2716
PROM IN THE LEFTMOST PAIR OF HEADERS
(IT DOESN'T REALLY MATTER WHICH ONE YOU
USE AS LONG AS YOU PLUG EACH PROM
INTO THE RIGHT SOCKET), AND THE 9316
SOCKET INTO THE RIGHTMOST PAIR. YOU CAN
OBTAIN THE +5 VOLTS AT PIN 24 OF EITHER
SOCKET, OR FROM PIN 25 OF ANY
PERIPHERAL SLOT CONNECTOR. REMOVE THE
PROM FROM THE F8 SOCKET ON THE MOTHER
BOARD AND PLUG IT INTO THE 9316 SOCKET
IN THE HEADERS (NOTCH AND PIN 1 TOWARD
THE KEYBOARD, PLEASE). PLUG YOUR 2716
INTO THE OTHER SOCKET, THEN INSERT THE
DIP PLUG AT THE OTHER END OF THE CABLE
INTO THE F8 SOCKET ON THE MOTHER BOARD.
IF YOU LIKE TO LEAVE YOUR APPLE OPEN,
YOU CAN PUT THE SWITCH WHEREVER IT'S
HANDY, OR ATTACH IT TO A COUPLE OF
WIRES AND SNAKE IT OUT THROUGH ONE OF
THE SLOTS IN THE BACK BEFORE YOU PUT
THE TOP BACK ON YOUR APPLE.
IF YOU CUT THE WIRE WRAP PINS ON
THE 24-PIN SOCKETS DOWN TO ABOUT 1/4",
THE ENTIRE CABLE ASSEMBLY CAN SAFELY
SIT ON TOP OF THE POWER SUPPLY, EVEN
WITH A "ZIF" SOCKET IN THE 2716 SOCKET
FOR RAPID PROM CHANGING.
---------------------------------------
THE SECOND CIRCUIT IS A
"DEBOUNCED" NMI SWITCH. MOST OF US KNOW
BY NOW THAT CONNECTING PIN 29 TO PIN 26
ON ANY OF THE PERIPHERAL SOCKETS WILL
CAUSE AN NMI INTERRUPT. WHAT WE FOUND
OUT A LITTLE LATER WAS THAT USING A
MECHANICAL SWITCH TO CONNECT THE TWO
LINES GAVE A LOT OF EXTRA "GARBAGE" ON
THE STACK AND CAUSED A LARGE
DISCREPANCY BETWEEN THE VALUE IN THE
STACK POINTER STASH LOCATION ($2903 OR
$4903 FOR KRAKROMS) AND THE ACTUAL
LOCATIONS OF THE PROGRAM COUNTER AND
STATUS WORD ON THE STACK. THE REASON
FOR THIS IS "CONTACT BOUNCE". IF YOU
TAKE A MICRO VIEW OF SWITCH CONTACTS
SLAMMING AGAINST EACH OTHER AS A SPRING
PULLS THEM TOGETHER, THEY ACTUALLY HIT,
FLY APART, AND COME BACK TOGETHER AS
MANY AS TEN OR TWENTY TIMES BEFORE
THEY REMAIN IN CONTACT. THE ENTIRE
PROCESS TAKES ONLY A FEW MILLISECONDS,
BUT EACH TIME THE CONTACTS TOUCH, THE
APPLE'S 6502 OBEDIENTLY DOES ANOTHER
NMI INTERRUPT, EVEN IF IT HASN'T
FINISHED THE LAST ONE (IT'S SORT OF A
CPU ARCHITECT'S MORAL DILEMMA: DO YOU
ALLOW AN NMI TO BE TRULY NON-MASKABLE
BY ALLOWING IT TO EVEN INTERRUPT
ITSELF, OR SHOULD YOU HAVE A FLAG
THAT'S RAISED TO PREVENT AN NMI FROM
DISTURBING AN NMI IN PROGRESS?). AT ANY
RATE, IT'S AN UNWELCOME COMPLICATION TO
THE ALREADY DIFFICULT TASK OF PROGRAM
SNOOPING, SO WE HAVE TO DEAL WITH IT.
THE SOLUTION IS TO USE A
"DEBOUNCED" SWITCH, AND THE ACTUAL
CIRCUIT CONSISTS OF ONLY ONE CHIP AND A
PAIR OF RESISTORS. THE METHOD OF
CONSTRUCTION IS OPEN, SINCE THERE ARE
NO CRITICAL IMPEDANCES OR FREQUENCIES
INVOLVED. IT'S EVEN POSSIBLE, IF YOU
HAVE RUN OUT OF SLOTS, TO WIRE UP
THE IC DIRECTLY TO THE SWITCH, AND
CONNECT TO A PERIPHERAL CARD WITH A
3-WIRE CABLE. SOLDER THE APPROPRIATE
WIRES ONTO ANY CARD WHICH HAS "FINGERS"
ON PINS 25, 26, AND 29 (A PLAGUE OF
THERMAL INTERMITTENTS ON THOSE HARDWARE
PRODUCERS WHO SAVE ELEVEN CENTS PER
BOARD BY ELIMINATING THE GOLD CARD-EDGE
FINGERS THAT THEY DECIDE ARE
SUPERFLUOUS!). IF YOU HAVE
SLOTS TO SPARE, EITHER OBTAIN THE
CARD-EDGE TO MAKE CONNECTIONS TO THE
SOCKET (IT'S SURPRISING HOW MUCH
SURPLUS ELECTRONICS EXISTS WITH
CARD-EDGE CONNECTORS OF 50 OR MORE
CONTACTS ON 0.100" CENTERS), OR BUY ONE
OF THE HOBBY OR "KLUDGE" BOARDS
DESIGNED FOR THIS KIND OF FOOLISHNESS.
(AS USUAL, A.P.P.L.E. IN WASHINGTON
STATE HAS THE BEST DEAL I'VE SEEN AT
$14.00 FOR A BLANK BOARD--TERRIFIC
OUTFIT, GOOD CHEAP SOFTWARE AND
HARDWARE, GOOD MAGAZINE. YOU SHOULD
JOIN).
ONE OTHER SMALL DISADVANTAGE OF
THIS CIRCUIT IS THAT YOU NEED AN
SPDT SWITCH WHERE AN SPST IS ALL THAT'S
REQUIRED ELECTRICALLY, BUT IT'S A SMALL
PRICE TO PAY. NOW LET'S SEE IF WE CAN
MAKE THIS LOOK LIKE A SCHEMATIC...
+---+---O +5 VOLTS -
! ! SLOT PIN 25
\ \ (ALSO CONNECTED
R1 / / R2 TO PIN 14, IC1)
3K \ \ 3K
/ /
\ \ IC1 74LS00
! ! ____
* ! ! ! \
O--+--/!\---+1 \ 3
* / ! ! O-+
____/ ! +-+2 / !
! * ! ! !____/ !
! O--+ ! !________ /
--- / ! ! \/__(NO
- SPDT ! ! _________/\ CONN.)
. SWITCH ! ! ! ____ \
\ ! ! ! ! \ !
\ ! ! +-+4 \ 6!
GROUND- ! ! ! O-+-----O
SLOT PIN 26 +---+----+5 /
(ALSO TO !____/ TO SLOT
PIN 7, IC1) PIN 29
(NMI)
* CONNECTION POINT FOR WIRES TO SWITCH
(IF THE CHIP IS ATTACHED TO THE
SWITCH, THE WIRES GO TO PINS 25, 26
AND 29 OF THE PERIPHERAL SLOT
CONNECTOR).
NUMBERS AROUND THE ERSATZ NAND GATES
ARE IC PIN NUMBERS-NOT PERIPHERAL
SLOT CONNECTOR PINS
A PUSHBUTTON SWITCH GIVES YOU A
LITTLE FASTER RESPONSE WHEN YOU'RE
TRYING TO STOP A PROGRAM AT JUST THE
RIGHT POINT, BUT A TOGGLE SWITCH WILL
ALSO GET THE JOB DONE. THE RESISTOR
VALUES ARE NOT CRITICAL--ANYTHING FROM
1K TO 3K IS FINE.
TO USE THESE DEVICES TOGETHER,
REMEMBER THAT THE SWITCH GIVES YOU
ABSOLUTE SELECTION OF THE 2716 OR 9316
AS LONG AS THE MOTHER BOARD HAS BEEN
SELECTED AS THE SOURCE OF F8 CODE.
THE MOTHER BOARD IS SELECTED AS THE ROM
READ SPACE WHEN THE ADDRESSES $C081 OR
$C082 WERE MOST RECENTLY ACCESSED.
IF THE SWITCH IS PLACED IN THE "2716"
POSITION WHEN THE MOTHER BOARD IS
SELECTED, THE ADDRESS SPACE FROM $F800
TO $FFFF WILL BE MAPPED TO THE 2716
PROM, AND ALL MONITOR CALLS, RESETS,
AND NMI OPERATIONS WILL GO WHERE YOU
WANT THEM TO, NOT WHERE SOME PUBLISHER
HAS DECIDED WOULD BE NICE.
Reference in New Issue View Git Blame Copy Permalink