💾 Archived View for mirrors.apple2.org.za › active › 4am › images › games › action › Gremlins%20(4am… captured on 2023-01-29 at 06:56:30.
-=-=-=-=-=-=-
----------------Gremlins---------------
A 4am crack 2015-03-07
---------------------------------------
Name: Gremlins
Genre: arcade
Year: 1984
Publisher: Atari, Inc.
Media: single-sided 5.25-inch floppy
OS: custom
Other versions:
- Dr. Encinitas file crack
- The Warezird file crack
- Sapphire / West Coast Pirates'
Exchange crack
- Asimov has an uncracked .nib image
~
Chapter 0
In Which Various Automated Tools Fail
In Interesting Ways
COPYA
immediate disk read error
Locksmith Fast Disk Backup
unable to read any track
EDD 4 bit copy (no sync, no count)
works
Copy ][+ nibble editor
modified addres and data epilogue
bytes ("AA DE EB" for each)
T01 unreadable (unformatted)
T10-T22 unreadable (unformatted)
Disk Fixer
["O" -> "Input/Output Control"]
set Address Epilogue to "AA DE EB"
set Data Epilogue to "AA DE EB"
all tracks readable
T00 -> looks like a DOS 3.3 RWTS
no sign of rest of DOS though
no sign of a catalog on any track
Why didn't COPYA work?
modified epilogue bytes (every track)
Why didn't Locksmith FDB work?
modified epilogue bytes (every track)
Next steps:
1. capture RWTS with AUTOTRACE
2. convert disk to standard format
with Advanced Demuffin
3. patch RWTS to read standard format
~
Chapter 1
In Which We Attempt To Use The Original
Disk As A Weapon Against Itself
[S6,D1=original disk]
[S6,D2=blank disk]
[S5,D1=my work disk]
]PR#5
CAPTURING BOOT0
...reboots slot 6...
...reboots slot 5...
SAVING BOOT0
CAPTURING BOOT1
...reboots slot 6...
...reboots slot 5...
SAVING BOOT1
SAVING RWTS
]BRUN ADVANCED DEMUFFIN 1.5
["5" to switch to slot 5]
["R" to load a new RWTS module]
--> At $B8, load "RWTS" from drive 1
["6" to switch to slot 6]
["C" to convert disk]
[press "Y" to change default values]
--v--
ADVANCED DEMUFFIN 1.5 (C) 1983, 2014
ORIGINAL BY THE STACK UPDATES BY 4AM
=======================================
INPUT ALL VALUES IN HEX
SECTORS PER TRACK? (13/16) 16
START TRACK: $00
START SECTOR: $00
END TRACK: $0F <-- change this
END SECTOR: $0F <-- change this
INCREMENT: 1
MAX # OF RETRIES: 0
COPY FROM DRIVE 1
TO DRIVE: 2
=======================================
16SC $00,$00-$0F,$0F BY$01 S6,D1->S6,D2
--^--
And here we go...
--v--
ADVANCED DEMUFFIN 1.5 (C) 1983, 2014
ORIGINAL BY THE STACK UPDATES BY 4AM
=======PRESS ANY KEY TO CONTINUE=======
TRK:.R..............
+.5:
0123456789ABCDEF0123456789ABCDEF012
SC0:.R..............
SC1:.R..............
SC2:.R..............
SC3:.R..............
SC4:.R..............
SC5:.R..............
SC6:.R..............
SC7:.R..............
SC8:.R..............
SC9:.R..............
SCA:.R..............
SCB:.R..............
SCC:.R..............
SCD:.R..............
SCE:.R..............
SCF:.R..............
=======================================
16SC $00,$00-$0F,$0F BY$01 S6,D1->S6,D2
--^--
Track 1 is unreadable, but I knew that
already. Let's hope it doesn't matter.
[S6,D1=demuffin'd copy]
]PR#6
...grinds...
My copy can't read itself yet.
For future reference (mostly mine),
here's a nice chart of the memory
locations for all the prologues and
epilogues in a DOS 3.3-shaped RWTS. If
the disk loads T00,S01 into $B700 (this
does), then $B800 will be in T00,S02;
$B900 in T00,S03; and so on.
0x | read | write
---------------+-------+-------
D5 | $B955 | $BC7A
prologue AA | $B95F | $BC7F
/ 96 | $B96A | $BC84
ADDRESS -------+-------+-------
\ DE | $B991 | $BCAE
epilogue AA | $B99B | $BCB3
EB | | $BCB8
---------------+-------+-------
D5 | $B8E7 | $B853
prologue AA | $B8F1 | $B858
/ AD | $B8FC | $B85D
DATA ----------+-------+-------
\ DE | $B935 | $B89E
epilogue AA | $B93F | $B8A3
EB | | $B8A8
---------------+-------+-------
I spent way too much time making that.
Anyway, here are the four patches that
allow my copy to read itself:
T00,S03,$91 change AA to DE
T00,S03,$9B change DE to AA
T00,S03,$35 change AA to DE
T00,S03,$3F change DE to AA
Quod erat liberandum.
---------------------------------------
A 4am crack No. 250
------------------EOF------------------