💾 Archived View for mirrors.apple2.org.za › archive › www.textfiles.com › apple › CRACKING › inforom… captured on 2023-01-29 at 11:42:42.
-=-=-=-=-=-=-
INSTRUCTIONS FOR THE ROMSWITCH (TM) AND FOR THE KRAKROM NMI (PM) --------------------------------------------------------------- CONGRATULATIONS! YOU HAVE PURCHASED THE FINEST IN PIRATE WARE - THE ROMSWITCH WITH KRAKROM NMI. THIS COMBINATION WILL ALLOW YOU TO CRACK VIRTUALLY ANY SINGLE-LOAD PROGRAM, NO MATTER HOW COMPLEX, AND GIVE YOU A VERY GOOD START ON MULTIPLE-LOAD PROGRAMS. FOLLOW THE INSTRUCTIONS BELOW CAREFULLY, AND YOUR NEW HARDWARE WILL REWARD YOU WITH MANY YEARS OF SERVICE. UNFORTUNATELY, DUE TO THE NATURE OF THIS MERCHANDISE, NO WARRANTY, EITHER EXPRESS OR IMPLIED, IS AVAILABLE. REMEMBER OUR GUARANTEE - "YOU BOUGHT IT, YOU OWN IT!". IN ADDITION, THE USER (THAT'S YOU) ASSUMES ALL RESPONSIBILITY FOR THE USE OF THESE DEVICES, AND MUST AGREE TO HOLD THE MANUFACTURER (THAT'S US) FREE FROM ALL CLAIMS, SUITS, THREATS, OR BODILY INJURY RESULTING FROM ITS USE. THAT'S THE BOILERPLATE BULLSHIT, NOW HERE'S HOW TO USE IT. CAREFULLY REMOVE THE 24-PIN IC LABELLED "ROM-F8" FROM THE MOTHER BOARD OF YOUR APPLE. PLUG THE CONNECTOR OF YOUR NEW ROMSWITCH INTO THE EMPTY SOCKET, BEING CAREFUL TO OBSERVE THE ORIENTATION INDICATED BY THE ARROW ON THE CONNECTOR. (THE ARROW POINTS TO THE FRONT). WHEN YOU DO THIS, THE RIBBON CABLE WILL EXTEND TO THE LEFT OF THE SOCKET, AND THE REST OF THE DEVICE WILL REST ATOP YOUR POWER SUPPLY. NOTICE THAT THE ROM YOU REMOVED HAS A CRESCENT-SHAPED NOTCH ON THE END THAT USED TO FACE THE FRONT OF THE APPLE. KEEPING THIS NOTCH TO THE FRONT, CAREFULLY PLUG THE ROM INTO THE RIGHT HAND SOCKET OF THE ROMSWITCH (IF YOU GET IT WRONG, NOTHING SERIOUS WILL HAPPEN, BUT YOU WILL BE THE OBJECT OF SCORN AND RIDICULE AMONG YOUR FRIENDS). NEXT, CONNECT THE CARD-EDGE CONNECTOR INTO ANY VACANT SLOT AT THE REAR OF YOUR MOTHER BOARD. AGAIN, MAKE SURE THE ARROW IS POINTING TOWARD THE FRONT (DON'T SCREW UP). PLACE THE RIGHT HAND (NMI) SWITCH TOWARD THE REAR, AND THE LEFT HAND (ROM SELECT) SWITCH TO THE RIGHT. TURN ON THE POWER TO YOUR APPLE. IF YOU SEE ANY SMOKE, OR HEAR ANY LOUD NOISES, FORGET WHERE YOU GOT THIS DEVICE FROM (REMEMBER OUR GUARANTEE). ASSUMING THAT NOTHING BAD HAPPENED, THE DIRECTIONS BELOW EXPLAIN HOW TO USE THE DEVICES. 1. ROM SELECT SWITCH (LEFT HAND SWITCH): RIGHT = REGULAR F8 ROM LEFT = KRAKROM (OR ANY OTHER INFERIOR BRAND 'X' 2716 PROM) 2. NMI SWITCH (RIGHT HAND SWITCH) BACK = NMI OFF (NORMAL OPERATION) FRONT = NMI ON (SEE BELOW) THE KRAKROM IS SIMILAR TO MANY SUCH DEVICES DESCRIBED IN THE UNDER- GROUND LITERATURE. WHEN IT IS IN THE F8 ADDRESS SPACE OF YOUR APPLE, IT WILL DO THE FOLLOWING IN RESPONSE TO A 'RESET': 1. SAVE 0-7FF AT 2000-27FF 2. SAVE THE ACCUMULATOR AT 2800 3. SAVE THE X-REGISTER AT 2801 4. SAVE THE Y-REGISTER AT 2802 5. SAVE THE STACK POINTER AT 2803 6. EXIT THROUGH A NORMAL RESET INTO THE MONITOR. TO OPERATE THE ROM, PUT THE ROM SELECT SWITCH IN THE 'KRAK' POSITION, PUSH RESET, AND PUT THE SWITCH BACK TO THE 'F8 ROM' POSITION. THIS IS NOT STRICTLY NECESSARY, BUT FAILURE TO DO IT WILL RESULT IN WIPING OUT YOUR CAREFULLY SAVED FILE THE NEXT TIME THAT RESET IS PRESSED. =>NMI FEATURE<= WHEN THE NMI INPUT ON THE CPU IS PULLED LOW, (NMI SWITCH FORWARD), THE PROCESSOR RESPONDS BY: 1. PUSHING THE PRESENT VALUE OF THE PROGRAM COUNTER ON THE STACK (HIGH BYTE, THEN LOW) 2. PUSHING THE PRESENT VALUE OF THE PROCESSOR STATUS WORD ON THE STACK, AND 3. JUMPING TO THE LOCATION CONTAINED IN FFFA & FFFB. IF WE CHANGE THOSE TWO LOCATIONS TO POINT TO THE MODIFIED 'RESET' ROUTINE IN THE KRAKROM, THE ADDITIONAL INFORMATION GENERATED BY THE NMI PROCESS IS ALSO AVAILABLE. UNFORTUNATELY, THE NMI LINE IS ONLY SUPPOSED TO BE HELD DOWN FOR A MICROSECOND OR TWO, AND THE CIRCUITRY TO DO THAT IS NOT ON THE CARD. THE RESULT IS THAT EXTRA GARBAGE IS SAVED AFTER THE PC AND STATUS WORD. THE BEST WAY TO GET FAMILIAR WITH WHAT'S REAL AND WHAT'S GARBAGE IS TO WRITE A PROGRAM IN WHICH YOU DEFINE THE STATE OF THE FLAGS AND THE DEPTH OF SUBROUTINE CALLS, AND TRY OUT THE NMI ON IT. DON'T GIVE UP RIGHT AWAY: "A PROBLEM WORTHY OF ATTACK, PROVES ITS WORTH BY FIGHTING BACK!" -OBNOXIOUS SAYING BY THAT ASSHOLE, ANONYMOUS AT ANY RATE, WHEN YOU DO IDENTIFY THE REAL LOCATION OF THE PC AND P, ALL YOU HAVE TO DO IS RESET THE STACK POINTER (LDX,TXS) TO ->ONE LESS<- THAN THE STATUS WORD LOCATIONS, RELOAD THE REGISTERS WITH THE VALUES IN 2800-2802, AND DO AN 'RTI' INSTRUCTION. TRY IT! - IT WORKED ON JUGGLER AND A NUMBER OF OTHERS. IN ADDITION, THE NMI SWITCH CAN BE VERY VALUABLE IN DEBUGGING PARTIAL CRACKS, TO FIND OUT WHERE THE SYSTEM IS WHEN IT 'HANGS', OR TO DETERMINE WHERE IN THE PROGRAM A KEYBOARD WAIT ROUTINE IS LOCATED. GOOD LUCK AND HAPPY CRACKING FROM =>KRAKOWICZ<=