107 lines
4.9 KiB
Plaintext
107 lines
4.9 KiB
Plaintext
INSTRUCTIONS FOR THE ROMSWITCH (TM) AND FOR THE KRAKROM NMI (PM)
|
|
---------------------------------------------------------------
|
|
|
|
CONGRATULATIONS! YOU HAVE PURCHASED THE FINEST IN PIRATE WARE -
|
|
THE ROMSWITCH WITH KRAKROM NMI. THIS COMBINATION WILL ALLOW YOU
|
|
TO CRACK VIRTUALLY ANY SINGLE-LOAD PROGRAM, NO MATTER HOW COMPLEX,
|
|
AND GIVE YOU A VERY GOOD START ON MULTIPLE-LOAD PROGRAMS.
|
|
|
|
FOLLOW THE INSTRUCTIONS BELOW CAREFULLY, AND YOUR NEW HARDWARE WILL
|
|
REWARD YOU WITH MANY YEARS OF SERVICE. UNFORTUNATELY, DUE TO THE
|
|
NATURE OF THIS MERCHANDISE, NO WARRANTY, EITHER EXPRESS OR IMPLIED,
|
|
IS AVAILABLE. REMEMBER OUR GUARANTEE - "YOU BOUGHT IT, YOU OWN IT!".
|
|
IN ADDITION, THE USER (THAT'S YOU) ASSUMES ALL RESPONSIBILITY FOR
|
|
THE USE OF THESE DEVICES, AND MUST AGREE TO HOLD THE MANUFACTURER
|
|
(THAT'S US) FREE FROM ALL CLAIMS, SUITS, THREATS, OR BODILY INJURY
|
|
RESULTING FROM ITS USE. THAT'S THE BOILERPLATE BULLSHIT, NOW HERE'S
|
|
HOW TO USE IT.
|
|
|
|
CAREFULLY REMOVE THE 24-PIN IC LABELLED "ROM-F8" FROM THE MOTHER
|
|
BOARD OF YOUR APPLE. PLUG THE CONNECTOR OF YOUR NEW ROMSWITCH INTO
|
|
THE EMPTY SOCKET, BEING CAREFUL TO OBSERVE THE ORIENTATION INDICATED
|
|
BY THE ARROW ON THE CONNECTOR. (THE ARROW POINTS TO THE FRONT).
|
|
WHEN YOU DO THIS, THE RIBBON CABLE WILL EXTEND TO THE LEFT OF THE
|
|
SOCKET, AND THE REST OF THE DEVICE WILL REST ATOP YOUR POWER SUPPLY.
|
|
NOTICE THAT THE ROM YOU REMOVED HAS A CRESCENT-SHAPED NOTCH ON THE
|
|
END THAT USED TO FACE THE FRONT OF THE APPLE. KEEPING THIS NOTCH
|
|
TO THE FRONT, CAREFULLY PLUG THE ROM INTO THE RIGHT HAND SOCKET OF
|
|
THE ROMSWITCH (IF YOU GET IT WRONG, NOTHING SERIOUS WILL HAPPEN, BUT
|
|
YOU WILL BE THE OBJECT OF SCORN AND RIDICULE AMONG YOUR FRIENDS).
|
|
|
|
|
|
NEXT, CONNECT THE CARD-EDGE CONNECTOR INTO ANY VACANT SLOT AT THE
|
|
REAR OF YOUR MOTHER BOARD. AGAIN, MAKE SURE THE ARROW IS POINTING
|
|
TOWARD THE FRONT (DON'T SCREW UP).
|
|
|
|
PLACE THE RIGHT HAND (NMI) SWITCH TOWARD THE REAR, AND THE LEFT HAND
|
|
(ROM SELECT) SWITCH TO THE RIGHT. TURN ON THE POWER TO YOUR APPLE.
|
|
IF YOU SEE ANY SMOKE, OR HEAR ANY LOUD NOISES, FORGET WHERE YOU GOT
|
|
THIS DEVICE FROM (REMEMBER OUR GUARANTEE). ASSUMING THAT NOTHING BAD
|
|
HAPPENED, THE DIRECTIONS BELOW EXPLAIN HOW TO USE THE DEVICES.
|
|
|
|
1. ROM SELECT SWITCH (LEFT HAND SWITCH):
|
|
|
|
RIGHT = REGULAR F8 ROM
|
|
LEFT = KRAKROM (OR ANY OTHER INFERIOR BRAND 'X' 2716 PROM)
|
|
|
|
2. NMI SWITCH (RIGHT HAND SWITCH)
|
|
|
|
BACK = NMI OFF (NORMAL OPERATION)
|
|
FRONT = NMI ON (SEE BELOW)
|
|
|
|
|
|
THE KRAKROM IS SIMILAR TO MANY SUCH DEVICES DESCRIBED IN THE UNDER-
|
|
GROUND LITERATURE. WHEN IT IS IN THE F8 ADDRESS SPACE OF YOUR APPLE,
|
|
IT WILL DO THE FOLLOWING IN RESPONSE TO A 'RESET':
|
|
|
|
1. SAVE 0-7FF AT 2000-27FF
|
|
2. SAVE THE ACCUMULATOR AT 2800
|
|
3. SAVE THE X-REGISTER AT 2801
|
|
4. SAVE THE Y-REGISTER AT 2802
|
|
5. SAVE THE STACK POINTER AT 2803
|
|
6. EXIT THROUGH A NORMAL RESET INTO THE MONITOR.
|
|
|
|
TO OPERATE THE ROM, PUT THE ROM SELECT SWITCH IN THE 'KRAK' POSITION,
|
|
PUSH RESET, AND PUT THE SWITCH BACK TO THE 'F8 ROM' POSITION. THIS
|
|
IS NOT STRICTLY NECESSARY, BUT FAILURE TO DO IT WILL RESULT IN WIPING
|
|
OUT YOUR CAREFULLY SAVED FILE THE NEXT TIME THAT RESET IS PRESSED.
|
|
|
|
=>NMI FEATURE<=
|
|
|
|
WHEN THE NMI INPUT ON THE CPU IS PULLED LOW, (NMI SWITCH FORWARD),
|
|
THE PROCESSOR RESPONDS BY:
|
|
1. PUSHING THE PRESENT VALUE OF THE PROGRAM COUNTER ON THE STACK
|
|
(HIGH BYTE, THEN LOW)
|
|
2. PUSHING THE PRESENT VALUE OF THE PROCESSOR STATUS WORD ON
|
|
THE STACK, AND
|
|
3. JUMPING TO THE LOCATION CONTAINED IN FFFA & FFFB.
|
|
IF WE CHANGE THOSE TWO LOCATIONS TO POINT TO THE MODIFIED 'RESET'
|
|
ROUTINE IN THE KRAKROM, THE ADDITIONAL INFORMATION GENERATED BY THE
|
|
NMI PROCESS IS ALSO AVAILABLE.
|
|
UNFORTUNATELY, THE NMI LINE IS ONLY SUPPOSED TO BE HELD DOWN FOR A
|
|
MICROSECOND OR TWO, AND THE CIRCUITRY TO DO THAT IS NOT ON THE CARD.
|
|
THE RESULT IS THAT EXTRA GARBAGE IS SAVED AFTER THE PC AND STATUS WORD.
|
|
THE BEST WAY TO GET FAMILIAR WITH WHAT'S REAL AND WHAT'S GARBAGE IS
|
|
TO WRITE A PROGRAM IN WHICH YOU DEFINE THE STATE OF THE FLAGS AND
|
|
THE DEPTH OF SUBROUTINE CALLS, AND TRY OUT THE NMI ON IT. DON'T GIVE
|
|
UP RIGHT AWAY:
|
|
|
|
"A PROBLEM WORTHY OF ATTACK, PROVES ITS WORTH BY FIGHTING BACK!"
|
|
|
|
-OBNOXIOUS SAYING BY THAT ASSHOLE,
|
|
ANONYMOUS
|
|
|
|
AT ANY RATE, WHEN YOU DO IDENTIFY THE REAL LOCATION OF THE PC AND P,
|
|
ALL YOU HAVE TO DO IS RESET THE STACK POINTER (LDX,TXS) TO
|
|
->ONE LESS<- THAN THE STATUS WORD LOCATIONS, RELOAD THE REGISTERS
|
|
WITH THE VALUES IN 2800-2802, AND DO AN 'RTI' INSTRUCTION.
|
|
TRY IT! - IT WORKED ON JUGGLER AND A NUMBER OF OTHERS. IN ADDITION,
|
|
THE NMI SWITCH CAN BE VERY VALUABLE IN DEBUGGING PARTIAL CRACKS, TO
|
|
FIND OUT WHERE THE SYSTEM IS WHEN IT 'HANGS', OR TO DETERMINE WHERE
|
|
IN THE PROGRAM A KEYBOARD WAIT ROUTINE IS LOCATED.
|
|
|
|
GOOD LUCK AND HAPPY CRACKING FROM
|
|
|
|
|
|
=>KRAKOWICZ<=
|
|
|