informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/apple/CRACKING/trace2.app

245 lines
11 KiB
Erlang
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

THIS PHILE WAS DONATED BY MR. MADNESS
SYSOP OF THE
<<<<<<<<< S H I R E >>>>>>>>
***************************************
* *
* MR. XEROX'S BOOT TRACING *
* PART I *
* *
***************************************
NOTE: I CHOSE APPLE GALAXIN HERE BECAUS E IT IS A WIDELY DISTRIBUTED PROGRA M
, AND IT ENCOMPASSES THE BASIC ID E AS IN BOOT TRACE CRACKING.
FOR ALL THOSE INTRESTED PIRATES OU T THERE, YES THERE IS ANOTHER WAY TO CRA C K
PROGRAMS. YOU DON'T NEED ANY RAM-CAR DS,PROM BURNERS, OR FOREIGN TO REGULAR D
O S PROGRAMS, ANYBODY WHO IS NOT A CLOWN, WITH SOME MACHINE LANGUAGE PROGRAMMIN
G ABILITY CAN TRACE A BOOT. THIS METHOD OF CRACKING, TRACEING THE BOOT, IS IN
A
TRUE SENSE, CRACKING THE CODE. YOU SEE, FOR ALL DISKS, THEY MUST FIRST BOOT UP
T O START RUNNING. AFTER THE FIRST STAGE BOOT (AT LOCATION $C600), THEY JUMP
TO
SECOND STAGE BOOT PROGRAM (AT $800), AN D THEN TO A THIRD, AND SOME EVEN A
FORTH , BUT THERE COMES A POINT WHERE THE LOAD ING OF THE PROGRAM FROM DISK
STOPS, AND T HE RUNNING OF THE PROGRAM BEGINS. IF Y OU CAN TRACE THIS, AND
STOP IT AFTER IT I S FINISHED LOADING, AND SAVE ALL THE ME MORY LOCATIONS THAT
CONTAIN THE PROGRAM O NTO A NORMAL 3.3 DISK, YOU HAVE CRACKED THE PROGRAM.
THIS METHOD IS MOST USEFU L FOR CRACKING THE "SINGLE-SHOT" BOOTING PROGRAMS
SUCH AS APPLE PANIC, RASTER B L ASTER, AND GORGON. THESE DISKS DON'T CO NTAIN
ANY STANDARD DOS, BUT RATHER THEIR
OWN. THIS DOS HAS JUST ONE PURPOSE, AND THAT IS TO LOAD THE PROGRAM INTO THE
CO M PUTER, FROM THE DISK, AND START ITS EXE CUTION. NOW, THIS IS NOT AS
SIMPLE AS I T SOUNDS, AS THE SOFTWARE PROTECTORS ARE NOT DUMB, THEY TRY TO MAKE
IT TOUGH FOR
YOU TO TRACE. HOWEVER, IT IS NOT IMPOS SIBLE, SINCE THE DISK MUST BOOT UP, AND
S INCE IT MUST HAVE SOME BOOTING PROCESS, THAT IS TRACEABLE. LET ME TRY AND
SHOW YOU AN EXAMPLE OF HOW TO TRACE A BOOT OF A PROGRAM.LET
ME SHOW YOU HOW TO TRACE APPLE GALAXIAN . THE FIRST STAGE BOOT STARTS AT
$C600.
IF YOU TURN YOUR APPLE ON, AND TYPE " CALL-151 (RETURN)" AND "C600G (RETURN)",
THE DISK WILL PROCEED TO START AND BOOT THE DISK IN THE DRIVE. THIS IS BECAUSE
$ C600 CONTAINING THE PROGRAM FOR THE DIS K TO BOOT FIRST. IF, YOU EXAMINE
THIS P R OGRAM BY TYPING "CALL-151 (RETURN)", AN D "C600LLLLLLL (RETURN)", YOU
WILL SOON C OME ACROSS A JMP $801, NEAR THE END, SP ECIFICALLY, AT $C6F8. THIS
IS THE LINK T O THE NEXT STAGE OF THE BOOT WHAT WE MUS T DO IS ALLOW THE FIRST
STAGE TO LOAD IN
AT $800, BUT INSTEAD OF LETTING IT RUN (CONTINUE TO BOOT, AND GO TO $800), STOP
THE COMPUTER, AND EXAMINE WHAT IS AT $8 00. TO DO THIS LETS MOVE $C600 DOWN TO
$ 9600.TYPE "CALL-151 (RETURN)" AND "9600 <C600.C700M (RETURN)" THIS MOVES C600
DO W N FOR YOU. THEN TYPE"96F8:4C 59 FF (RET URN)", THIS WILL, INSTEAD OF
HAVING THE B OOT GOTO $800, WILL MAKE IT JUMP TO $FF 59 (THE RESET LOCATION).
THEN TYPE "9600 G ". YOUR DISK SHOULD BOOT UP FOR A SECO ND OR SO, AND THEN
YOU SHOULD HEAR BELL,
AND THE MONITOR CURSOR WILL APPEAR AT T HE BOTTOM OF THE SCREEN.THE NEXT STEP
IS
TO EXAMINE THE BOOT AT LOCATION $800. I F YOU LOOK AT THIS BY TYPING "800L
(RETU R N)" YOU WILL SEE THE SECOND STAGE BOOT OF APPLE GALAXIAN. BY TYPING
"800LLLLLLL
(RETURN)", YOU CAN SEE WHAT GOES ON NEX T IN THE BOOT STEP. WHAT HAPPENS NEXT,
I S THAT IT TAKES THE MEMORY THAT IS STORE D AT $800, AND MOVES IT DOWN TO
$200, AN D SOME OTHER STUFF, LIKE LOADING THE NEX T STAGE OF THE BOOT, AND
THEN, IF YOU LO O K AT LOCATION $841, YOU WILL SEE A JUMP TO $301. THIS IS THE
NEXT STAGE IN THE B OOT. SO, WE MUST MOVE WHAT IS IN MEMORY UP, OUT OF $800,
BECAUSE THE NEXT TIME W E BOOT THE DISK, THE LOCATIONS AT $800 WILL BE CHANGED,
SO TYPE "9800<800.900M ( RETURN)", AND THAT WILL DO THE MOVE. TH E NEXT THING
TO DO, IS TO CHANGE WHAT IS
AT $9800, THE STUFF WE JUST MOVED UP, S O THAT IT WILL RUN AT $9800, INSTEAD OF
I TS NORMAL LOCATION OF $800. TO DO THIS, TYPE " 9803:BD 0 98 (RETURN)" AND
"9841 : 4C 01 93 (RETURN)". THEN TYPE "9301:4C 59 FF", BECAUSE WE CHANGED IT
TO RUN AT $ 9800, AND ALSO CHANGED IT TO STOP AFTER DOING THIS INSTEAD OF
JUMPING TO THE NE X T BOOT STAGE, AT $300. WE TOLD IT TO JU MP TO $9300, AND
AT $9300, WE PUT A JMP $ FF59 (JUMP TO RESET). AND FINALLY, CHAN GE THE JMP AT
$96F8 FROM $FF59 TO $9801 B Y TYPING "96F8:4C 01 98". NOW AGAIN TYP E $9600G.
THIS TIME, WE ARE ONE STAGE FARTHE R, IF YOU NOW MOVE THE STUFF AT $300 UP T O
$9300, AND CHANGE IT TO WORK AT $9300 BY TYPING "9300<300.400M (RETURN)" AND "
9313:AD CC 93 (RETURN), AND "933C:AD CC 93 (RETURN)", THIS WILL BE COMPLETED.
B U T NOW, THERE IS A PROBLEM. THE JUMP OUT IS AT $9343, AND IT JUMPS NOT TO
THE NE X T STAGE IMMEDIATELY, BUT TO A CERTAIN A MOUNT OF SUBROUTINES, AND
AFTER THEM , T H ROUGH THE SAME JUMP, JUMPS TO THE NEXT STAGE. HOW DO WE GET
AROUND THAT YOU ASK
? THE ANSWER IS TO WRITE A PROGRAM THAT CHECKS TO SEE WHERE IT IT JUMPING TO,
A N D IF IT IS NOT JUMPING TO WHERE IT NORM ALLY JUMPS TO, THEN STOP, BECAUSE
WE KNO W THAT THE NEXT JUMP IS NOT TO A SUBROUT INE, BUT TO THE NEXT STAGE OF
THE BOOT. T HIS MAY SOUND COMPLICATED, BUT JUST TYP E THIS ROUTINE IN AT
$9400, "9400:A5 3E C 9 5D D0 03 6C 3E 00 4C 59 FF", AND "934 3:4C 00 94
(RETURN)". THAT WILL TAKE CAR E OF THIS STAGE. NOW CHECK TO SEE THAT Y OU
HAVE TYPED IN EVERYTHING CORRECTLY, A N D THEN TYPE "9600G", TO RESTART THE BOO
T. NOW, THE DISK SPINS FOR A LITTLE W HILE LONGER, AND THEN IT STOPS, WE HAVE
C OME TO THE LAST STEP OF THIS BOOT PROCE SS. THIS STEP LOADS THE PROGRAM IN
FROM D ISK, AND THEN JUMPS TO THE BEGINNING OF IT .BY TYPING "93CC (RETURN)",
THE COMP U TER WILL DISPLAY THE PAGE-1 OF THE NEXT STAGE BOOT. IT WILL DISPLAY
"B6", AND Y O U ADD ONE TO IT, AND GET $B7, SO TYPE " B700L". AND PRESTO, WE
HAVE THE NEXT STA G E OF THIS BOOT. THIS BOOT FROM HERE DOE S THE PROGRAM
LOADING, ALONG WITH TURNIN G ON THE GRAPHICS, AND JUMPS TO THE BEGI NNING OF
IT. IF YOU CAN SEE IT, THE BEGI N NING OF IT IS AT $600, AND THERE IS A J UMP
TO $600 AT LOCATION $B759. SO, ALL W E HAVE TO DO IS TO HAVE IT DO ALL THE LO
ADING, AND INSTEAD OF HAVING IT JUMP TO $ 600, STOP IT THERE. BUT THERE IS A
PROB LEM CONNECTED WITH THIS (ARN'T THERE ALW A YS !). THE PROBLEM IS THAT IF
WE STOP I T HERE, LOCATION $600 IS IN TEXT VIDEO M E MORY, SO WE MUST NOT HAVE
IT JUMP TO $F F59 (STOP), BUT JUMP TO A ROUTINE THAT R E LOCATES EVERYTHING
FROM $0000-$0800, AN D THEN STOP. I WILL PROVIDE YOU WITH THI S . JUST TYPE
"B500:A2 00 B5 00 9D 00 20 BD 00 01 9D 00 21 BD 00 02 9D 00 22 BD 0 0 03 9D 00
23 BD 00 04 9D 00 24 BD 00 05 9D 00 25 BD 00 06 9D 00 26 BD 00 07 9D 0 0 27 E8
D0 CE 4C 59 FF (RETURN)" THIS W ILL TAKE CARE OF MOVEING EVERYTHING FROM
$0-$800 TO $2000-$2800. BUT NOW CHANGE $B759 TO JUMP TO THIS SMALL PROGRAM BY
T Y PING "B759:4C 00 B5" BUT WE ALSO HAVE T O CHANGE SOME OTHER LOCATIONS.
LOCATION $ 93CC MUST BE CHANGED TO $D6, SO TYPE "9 3CC:D6 (RETURN), AND INSTEAD
OF JUMPING T O $FF59 AT $8409, AND STOPPING AT THAT STAGE OF THE BOOT, JUMP TO
THE BEGINNING
OF THIS BOOT AT $B700, BY TYPING "9409: 4C 00 B7 (RETURN)". THAT TAKES CARE
OF M O ST ALL PREPERATIONS FOR THE FINAL CRACK . NOW CHECK TO SEE THAT YOU
HAVE TYPED I N EVERYTHING CORRECTLY, AND IF YOU ARE R EADY, TYPE "9600G" IF
EVERYTHING WORKED CORRECTLY, IT SHOULD BOOT UP FOR ABOUT 10 SECONDS, AN D YOU
SHOULD SEE THE HI-RES PICTURE LOAD ING IN, AND THEN YOUR SPEAKER SHOULD BEE P ,
AND YOU SHOULD SEE, ON THE SCREEN A B UNCH OF LETTERS. IF THIS DIDN'T HAPPEN,
C HECK ALL THESE STEPS, AND REPEAT THE PR OCESS. IF IT HAS, THEN YOU ARE JUST
ABOU T FINISHED. IF YOU WANT TO CHECK TO SEE IF IT HAS WORKED, ASSEMBLE THIS
PROGRAM,
AND TYPE IT IN AT $B560, IF NOT, GO ON TO THE NEXT STEP.
OBJ $B560 BEGIN LDX #$00 AGAIN LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA
$2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X
STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X INX BNE AGAIN ;LOOP
JMP $0600 ;BEGINNING OF PGM NO W BOOT UP A NORMAL DOS DISK, AND SAVE EVE
RYTHING FROM $2000-$2800, WHICH REPRESEN T LOCATIONS $0-$8 MOVED UP BY
$2000.YOU SHOULD THEN REPEAT THE WHOLE BOOT TRACE,
AND PROCEED TO THE NEXT STEP.EXAMINE TH E MEMORY OF YOU APPLE, YOU WILL SHOULD
S A VE ALL THE INFORMATION FROM $800-$A000 ON A NORMAL DOS DISK, THEN LINK THE
FILE S THAT YOU HAVE SAVED ON THE DOS DISK TO GATHER, AND MAKE THE FILE A
B-RUNABLE FI L E, THAT LOADS EVERYTHING IN, AND MOVES THE $00-$800 IMAGE BACK
DOWN IN MEMORY,
AND THEN JUMPS TO LOCATION $600, THE BE GINNING OF THE PROGRAM.
IF YOU HAVE ANY QUESTIONS ON THIS, YOU MAY MAIL THEM TO ME. ALSO, I HAVE R E
CENTLY CRACKED MANY GOOD PROGRAMS SUCH AS STAR BLAZER, TWERPS, SNAKE BYTE, GUAR
D IAN, FOOSBALL, DUNG BEETLES, AND LOCKSM ITH 4.1. IF YOU ARE IN NEED OF ANY
OF TH E SE, LEAVE ME MAIL ON THIS BOARD. LOOK F OR SOME NEW ARTICALS SOON, ON
HOW TO CRA C K OTHER PROGRAMS, AND UNTIL THEN KEEP O N CRACKING ! IF ANY ONE
OF YOU ARE UNFAMILIAR WITH H OW TO SAVE EVERYTHING, AND YOU NEED SOME
HELP, HERE IS HOW TO DO IT: FOLLOW THE DIRECTIONS FOR TRACEING THE BOOT, AND
TYPE "2800<9600.A000M (RETUR N )" AND "3200<800.900M (RETURN)" ALSO, W E NEED A
PROGRAM TO MOVE EVERYTHING THAT
WE JUST RELOCATED BACK INTO THEIR ORIGI NAL LOCATIONS. SO WE NEED A PROGRAM
LIKE
THIS:
ORG $3400
LDX #$00
LOOP1 LDA $2000,X
STA $00,X
LDA $2100,X
STA $100,X
LDA $2200,X
STA $200,X
LDA $2300,X
STA $300,X
LDA $2400,X
STA $400,X
LDA $2500,X
STA $500,X
LDA $2600,X
STA $600,X
LDA $2700,X
STA $700,X
NOP
LDA $3200,X
STA $800,X
LDA $3300,X
STA $900,X
NOP
LDA $2800,X
STA $9600,X
LDA $2900,X
STA $9700,X
LDA $2A00,X
STA $9800,X
LDA $2B00,X
STA $9900,X
LDA $2C00,X
STA $9A00,X
LDA $2D00,X
STA $9B00,X
LDA $2E00,X
STA $9C00,X
LDA $2F00,X
STA $9D00,X
LDA $3000,X
STA $9E00,X
LDA $3100,X
STA $9F00,X
NOP
INX
BNE LOOP1
LDA $C057
LDA $C054
LDA $C052
LDA $C050 ;GRAPHICS
JMP $600 ;BGN OF PGM.
THIS TIME, I WILL ASSEMBLE IT FOR YOU, ALL YOU HAVE TO DO IS TYPE "3400:A2 0 BD
00 20 95 00 BD 00 21 9D 00 01 BD 00 22 9D 00 02 BD 00 23 9D 0 03 BD 00 24 9D 0
4 BD 0 25 9D 0 5 BD 0 26 9D 0 6 BD 0 27 9D 0 7 EA (RETURN)" AND "3432:BD 0 32
9D 0 8 BD 0 33 9D 0 9 EA (RETURN)" AND "34 3F:BD 0 28 9D 0 96 BD 0 29 9D 0 97
BD 0 2 A 9D 0 98 BD 0 2B 9D 0 99 BD 00 2C 9D 0 9A BD 0 2D 9D 0 9B BD 0 2E 9D 0
9C BD 0
2F 9D 0 9D BD 0 30 9D 0 9E BD 0 31 9D 0 9F (RETURN)" AND "347B:E8 D0 84 EA AD 5
7 C0 AD 54 C0 AD 52 C0 AD 50 C0 EA 4C 00 06 (RETURN)". THIS WILL TAKE CARE OF
TH E SMALL PROGRAM THAT WE NEED TO MOVE EVE RTHING BACK. BUT WE ALSO NEED TO
PUT A J M P $3400 IN THE BEGINNING, BECAUSE WHEN IT BRUNS, IT MUST JUMP TO THIS
SMALL PRO G RAM FIRST. NOW YOU CAN BOOT UP YOU 3.3 DISK, AND TYPE "CALL-151
(RETURN)", "9FD : 4C 00 34 (RETURN)","A964:FF (RETURN)", AND "BSAVE
GALAXIAN,A$9FD,L$8C03 (RETURN ) ", AND NOW YOU ARE FINISHED.
AGAIN,BROUGHT TO U BY
MR. MADNESS...........
OF PIRATES OF THE ROUND TABLE
"MAY PIRATING LIVE FOREVER!!!"
:::: GENERAL INTEREST TOP

Reference in New Issue View Git Blame Copy Permalink