💾 Archived View for spam.works › mirrors › textfiles › apple › CRACKING › trace2.app captured on 2023-06-16 at 21:13:23.
-=-=-=-=-=-=-
THIS PHILE WAS DONATED BY MR. MADNESS
SYSOP OF THE
<<<<<<<<< S H I R E >>>>>>>>
***************************************
* *
* MR. XEROX'S BOOT TRACING *
* PART I *
* *
***************************************
NOTE: I CHOSE APPLE GALAXIN HERE BECAUS E IT IS A WIDELY DISTRIBUTED PROGRA M
, AND IT ENCOMPASSES THE BASIC ID E AS IN BOOT TRACE CRACKING.
FOR ALL THOSE INTRESTED PIRATES OU T THERE, YES THERE IS ANOTHER WAY TO CRA C K
PROGRAMS. YOU DON'T NEED ANY RAM-CAR DS,PROM BURNERS, OR FOREIGN TO REGULAR D
O S PROGRAMS, ANYBODY WHO IS NOT A CLOWN, WITH SOME MACHINE LANGUAGE PROGRAMMIN
G ABILITY CAN TRACE A BOOT. THIS METHOD OF CRACKING, TRACEING THE BOOT, IS IN
A
TRUE SENSE, CRACKING THE CODE. YOU SEE, FOR ALL DISKS, THEY MUST FIRST BOOT UP
T O START RUNNING. AFTER THE FIRST STAGE BOOT (AT LOCATION $C600), THEY JUMP
TO
SECOND STAGE BOOT PROGRAM (AT $800), AN D THEN TO A THIRD, AND SOME EVEN A
FORTH , BUT THERE COMES A POINT WHERE THE LOAD ING OF THE PROGRAM FROM DISK
STOPS, AND T HE RUNNING OF THE PROGRAM BEGINS. IF Y OU CAN TRACE THIS, AND
STOP IT AFTER IT I S FINISHED LOADING, AND SAVE ALL THE ME MORY LOCATIONS THAT
CONTAIN THE PROGRAM O NTO A NORMAL 3.3 DISK, YOU HAVE CRACKED THE PROGRAM.
THIS METHOD IS MOST USEFU L FOR CRACKING THE "SINGLE-SHOT" BOOTING PROGRAMS
SUCH AS APPLE PANIC, RASTER B L ASTER, AND GORGON. THESE DISKS DON'T CO NTAIN
ANY STANDARD DOS, BUT RATHER THEIR
OWN. THIS DOS HAS JUST ONE PURPOSE, AND THAT IS TO LOAD THE PROGRAM INTO THE
CO M PUTER, FROM THE DISK, AND START ITS EXE CUTION. NOW, THIS IS NOT AS
SIMPLE AS I T SOUNDS, AS THE SOFTWARE PROTECTORS ARE NOT DUMB, THEY TRY TO MAKE
IT TOUGH FOR
YOU TO TRACE. HOWEVER, IT IS NOT IMPOS SIBLE, SINCE THE DISK MUST BOOT UP, AND
S INCE IT MUST HAVE SOME BOOTING PROCESS, THAT IS TRACEABLE. LET ME TRY AND
SHOW YOU AN EXAMPLE OF HOW TO TRACE A BOOT OF A PROGRAM.LET
ME SHOW YOU HOW TO TRACE APPLE GALAXIAN . THE FIRST STAGE BOOT STARTS AT
$C600.
IF YOU TURN YOUR APPLE ON, AND TYPE " CALL-151 (RETURN)" AND "C600G (RETURN)",
THE DISK WILL PROCEED TO START AND BOOT THE DISK IN THE DRIVE. THIS IS BECAUSE
$ C600 CONTAINING THE PROGRAM FOR THE DIS K TO BOOT FIRST. IF, YOU EXAMINE
THIS P R OGRAM BY TYPING "CALL-151 (RETURN)", AN D "C600LLLLLLL (RETURN)", YOU
WILL SOON C OME ACROSS A JMP $801, NEAR THE END, SP ECIFICALLY, AT $C6F8. THIS
IS THE LINK T O THE NEXT STAGE OF THE BOOT WHAT WE MUS T DO IS ALLOW THE FIRST
STAGE TO LOAD IN
AT $800, BUT INSTEAD OF LETTING IT RUN (CONTINUE TO BOOT, AND GO TO $800), STOP
THE COMPUTER, AND EXAMINE WHAT IS AT $8 00. TO DO THIS LETS MOVE $C600 DOWN TO
$ 9600.TYPE "CALL-151 (RETURN)" AND "9600 <C600.C700M (RETURN)" THIS MOVES C600
DO W N FOR YOU. THEN TYPE"96F8:4C 59 FF (RET URN)", THIS WILL, INSTEAD OF
HAVING THE B OOT GOTO $800, WILL MAKE IT JUMP TO $FF 59 (THE RESET LOCATION).
THEN TYPE "9600 G ". YOUR DISK SHOULD BOOT UP FOR A SECO ND OR SO, AND THEN
YOU SHOULD HEAR BELL,
AND THE MONITOR CURSOR WILL APPEAR AT T HE BOTTOM OF THE SCREEN.THE NEXT STEP
IS
TO EXAMINE THE BOOT AT LOCATION $800. I F YOU LOOK AT THIS BY TYPING "800L
(RETU R N)" YOU WILL SEE THE SECOND STAGE BOOT OF APPLE GALAXIAN. BY TYPING
"800LLLLLLL
(RETURN)", YOU CAN SEE WHAT GOES ON NEX T IN THE BOOT STEP. WHAT HAPPENS NEXT,
I S THAT IT TAKES THE MEMORY THAT IS STORE D AT $800, AND MOVES IT DOWN TO
$200, AN D SOME OTHER STUFF, LIKE LOADING THE NEX T STAGE OF THE BOOT, AND
THEN, IF YOU LO O K AT LOCATION $841, YOU WILL SEE A JUMP TO $301. THIS IS THE
NEXT STAGE IN THE B OOT. SO, WE MUST MOVE WHAT IS IN MEMORY UP, OUT OF $800,
BECAUSE THE NEXT TIME W E BOOT THE DISK, THE LOCATIONS AT $800 WILL BE CHANGED,
SO TYPE "9800<800.900M ( RETURN)", AND THAT WILL DO THE MOVE. TH E NEXT THING
TO DO, IS TO CHANGE WHAT IS
AT $9800, THE STUFF WE JUST MOVED UP, S O THAT IT WILL RUN AT $9800, INSTEAD OF
I TS NORMAL LOCATION OF $800. TO DO THIS, TYPE " 9803:BD 0 98 (RETURN)" AND
"9841 : 4C 01 93 (RETURN)". THEN TYPE "9301:4C 59 FF", BECAUSE WE CHANGED IT
TO RUN AT $ 9800, AND ALSO CHANGED IT TO STOP AFTER DOING THIS INSTEAD OF
JUMPING TO THE NE X T BOOT STAGE, AT $300. WE TOLD IT TO JU MP TO $9300, AND
AT $9300, WE PUT A JMP $ FF59 (JUMP TO RESET). AND FINALLY, CHAN GE THE JMP AT
$96F8 FROM $FF59 TO $9801 B Y TYPING "96F8:4C 01 98". NOW AGAIN TYP E $9600G.
THIS TIME, WE ARE ONE STAGE FARTHE R, IF YOU NOW MOVE THE STUFF AT $300 UP T O
$9300, AND CHANGE IT TO WORK AT $9300 BY TYPING "9300<300.400M (RETURN)" AND "
9313:AD CC 93 (RETURN), AND "933C:AD CC 93 (RETURN)", THIS WILL BE COMPLETED.
B U T NOW, THERE IS A PROBLEM. THE JUMP OUT IS AT $9343, AND IT JUMPS NOT TO
THE NE X T STAGE IMMEDIATELY, BUT TO A CERTAIN A MOUNT OF SUBROUTINES, AND
AFTER THEM , T H ROUGH THE SAME JUMP, JUMPS TO THE NEXT STAGE. HOW DO WE GET
AROUND THAT YOU ASK
? THE ANSWER IS TO WRITE A PROGRAM THAT CHECKS TO SEE WHERE IT IT JUMPING TO,
A N D IF IT IS NOT JUMPING TO WHERE IT NORM ALLY JUMPS TO, THEN STOP, BECAUSE
WE KNO W THAT THE NEXT JUMP IS NOT TO A SUBROUT INE, BUT TO THE NEXT STAGE OF
THE BOOT. T HIS MAY SOUND COMPLICATED, BUT JUST TYP E THIS ROUTINE IN AT
$9400, "9400:A5 3E C 9 5D D0 03 6C 3E 00 4C 59 FF", AND "934 3:4C 00 94
(RETURN)". THAT WILL TAKE CAR E OF THIS STAGE. NOW CHECK TO SEE THAT Y OU
HAVE TYPED IN EVERYTHING CORRECTLY, A N D THEN TYPE "9600G", TO RESTART THE BOO
T. NOW, THE DISK SPINS FOR A LITTLE W HILE LONGER, AND THEN IT STOPS, WE HAVE
C OME TO THE LAST STEP OF THIS BOOT PROCE SS. THIS STEP LOADS THE PROGRAM IN
FROM D ISK, AND THEN JUMPS TO THE BEGINNING OF IT .BY TYPING "93CC (RETURN)",
THE COMP U TER WILL DISPLAY THE PAGE-1 OF THE NEXT STAGE BOOT. IT WILL DISPLAY
"B6", AND Y O U ADD ONE TO IT, AND GET $B7, SO TYPE " B700L". AND PRESTO, WE
HAVE THE NEXT STA G E OF THIS BOOT. THIS BOOT FROM HERE DOE S THE PROGRAM
LOADING, ALONG WITH TURNIN G ON THE GRAPHICS, AND JUMPS TO THE BEGI NNING OF
IT. IF YOU CAN SEE IT, THE BEGI N NING OF IT IS AT $600, AND THERE IS A J UMP
TO $600 AT LOCATION $B759. SO, ALL W E HAVE TO DO IS TO HAVE IT DO ALL THE LO
ADING, AND INSTEAD OF HAVING IT JUMP TO $ 600, STOP IT THERE. BUT THERE IS A
PROB LEM CONNECTED WITH THIS (ARN'T THERE ALW A YS !). THE PROBLEM IS THAT IF
WE STOP I T HERE, LOCATION $600 IS IN TEXT VIDEO M E MORY, SO WE MUST NOT HAVE
IT JUMP TO $F F59 (STOP), BUT JUMP TO A ROUTINE THAT R E LOCATES EVERYTHING
FROM $0000-$0800, AN D THEN STOP. I WILL PROVIDE YOU WITH THI S . JUST TYPE
"B500:A2 00 B5 00 9D 00 20 BD 00 01 9D 00 21 BD 00 02 9D 00 22 BD 0 0 03 9D 00
23 BD 00 04 9D 00 24 BD 00 05 9D 00 25 BD 00 06 9D 00 26 BD 00 07 9D 0 0 27 E8
D0 CE 4C 59 FF (RETURN)" THIS W ILL TAKE CARE OF MOVEING EVERYTHING FROM
$0-$800 TO $2000-$2800. BUT NOW CHANGE $B759 TO JUMP TO THIS SMALL PROGRAM BY
T Y PING "B759:4C 00 B5" BUT WE ALSO HAVE T O CHANGE SOME OTHER LOCATIONS.
LOCATION $ 93CC MUST BE CHANGED TO $D6, SO TYPE "9 3CC:D6 (RETURN), AND INSTEAD
OF JUMPING T O $FF59 AT $8409, AND STOPPING AT THAT STAGE OF THE BOOT, JUMP TO
THE BEGINNING
OF THIS BOOT AT $B700, BY TYPING "9409: 4C 00 B7 (RETURN)". THAT TAKES CARE
OF M O ST ALL PREPERATIONS FOR THE FINAL CRACK . NOW CHECK TO SEE THAT YOU
HAVE TYPED I N EVERYTHING CORRECTLY, AND IF YOU ARE R EADY, TYPE "9600G" IF
EVERYTHING WORKED CORRECTLY, IT SHOULD BOOT UP FOR ABOUT 10 SECONDS, AN D YOU
SHOULD SEE THE HI-RES PICTURE LOAD ING IN, AND THEN YOUR SPEAKER SHOULD BEE P ,
AND YOU SHOULD SEE, ON THE SCREEN A B UNCH OF LETTERS. IF THIS DIDN'T HAPPEN,
C HECK ALL THESE STEPS, AND REPEAT THE PR OCESS. IF IT HAS, THEN YOU ARE JUST
ABOU T FINISHED. IF YOU WANT TO CHECK TO SEE IF IT HAS WORKED, ASSEMBLE THIS
PROGRAM,
AND TYPE IT IN AT $B560, IF NOT, GO ON TO THE NEXT STEP.
OBJ $B560 BEGIN LDX #$00 AGAIN LDA $2000,X STA $00,X LDA $2100,X STA $100,X LDA
$2200,X STA $200,X LDA $2300,X STA $300,X LDA $2400,X STA $400,X LDA $2500,X
STA $500,X LDA $2600,X STA $600,X LDA $2700,X STA $700,X INX BNE AGAIN ;LOOP
JMP $0600 ;BEGINNING OF PGM NO W BOOT UP A NORMAL DOS DISK, AND SAVE EVE
RYTHING FROM $2000-$2800, WHICH REPRESEN T LOCATIONS $0-$8 MOVED UP BY
$2000.YOU SHOULD THEN REPEAT THE WHOLE BOOT TRACE,
AND PROCEED TO THE NEXT STEP.EXAMINE TH E MEMORY OF YOU APPLE, YOU WILL SHOULD
S A VE ALL THE INFORMATION FROM $800-$A000 ON A NORMAL DOS DISK, THEN LINK THE
FILE S THAT YOU HAVE SAVED ON THE DOS DISK TO GATHER, AND MAKE THE FILE A
B-RUNABLE FI L E, THAT LOADS EVERYTHING IN, AND MOVES THE $00-$800 IMAGE BACK
DOWN IN MEMORY,
AND THEN JUMPS TO LOCATION $600, THE BE GINNING OF THE PROGRAM.
IF YOU HAVE ANY QUESTIONS ON THIS, YOU MAY MAIL THEM TO ME. ALSO, I HAVE R E
CENTLY CRACKED MANY GOOD PROGRAMS SUCH AS STAR BLAZER, TWERPS, SNAKE BYTE, GUAR
D IAN, FOOSBALL, DUNG BEETLES, AND LOCKSM ITH 4.1. IF YOU ARE IN NEED OF ANY
OF TH E SE, LEAVE ME MAIL ON THIS BOARD. LOOK F OR SOME NEW ARTICALS SOON, ON
HOW TO CRA C K OTHER PROGRAMS, AND UNTIL THEN KEEP O N CRACKING ! IF ANY ONE
OF YOU ARE UNFAMILIAR WITH H OW TO SAVE EVERYTHING, AND YOU NEED SOME
HELP, HERE IS HOW TO DO IT: FOLLOW THE DIRECTIONS FOR TRACEING THE BOOT, AND
TYPE "2800<9600.A000M (RETUR N )" AND "3200<800.900M (RETURN)" ALSO, W E NEED A
PROGRAM TO MOVE EVERYTHING THAT
WE JUST RELOCATED BACK INTO THEIR ORIGI NAL LOCATIONS. SO WE NEED A PROGRAM
LIKE
THIS:
ORG $3400
LDX #$00
LOOP1 LDA $2000,X
STA $00,X
LDA $2100,X
STA $100,X
LDA $2200,X
STA $200,X
LDA $2300,X
STA $300,X
LDA $2400,X
STA $400,X
LDA $2500,X
STA $500,X
LDA $2600,X
STA $600,X
LDA $2700,X
STA $700,X
NOP
LDA $3200,X
STA $800,X
LDA $3300,X
STA $900,X
NOP
LDA $2800,X
STA $9600,X
LDA $2900,X
STA $9700,X
LDA $2A00,X
STA $9800,X
LDA $2B00,X
STA $9900,X
LDA $2C00,X
STA $9A00,X
LDA $2D00,X
STA $9B00,X
LDA $2E00,X
STA $9C00,X
LDA $2F00,X
STA $9D00,X
LDA $3000,X
STA $9E00,X
LDA $3100,X
STA $9F00,X
NOP
INX
BNE LOOP1
LDA $C057
LDA $C054
LDA $C052
LDA $C050 ;GRAPHICS
JMP $600 ;BGN OF PGM.
THIS TIME, I WILL ASSEMBLE IT FOR YOU, ALL YOU HAVE TO DO IS TYPE "3400:A2 0 BD
00 20 95 00 BD 00 21 9D 00 01 BD 00 22 9D 00 02 BD 00 23 9D 0 03 BD 00 24 9D 0
4 BD 0 25 9D 0 5 BD 0 26 9D 0 6 BD 0 27 9D 0 7 EA (RETURN)" AND "3432:BD 0 32
9D 0 8 BD 0 33 9D 0 9 EA (RETURN)" AND "34 3F:BD 0 28 9D 0 96 BD 0 29 9D 0 97
BD 0 2 A 9D 0 98 BD 0 2B 9D 0 99 BD 00 2C 9D 0 9A BD 0 2D 9D 0 9B BD 0 2E 9D 0
9C BD 0
2F 9D 0 9D BD 0 30 9D 0 9E BD 0 31 9D 0 9F (RETURN)" AND "347B:E8 D0 84 EA AD 5
7 C0 AD 54 C0 AD 52 C0 AD 50 C0 EA 4C 00 06 (RETURN)". THIS WILL TAKE CARE OF
TH E SMALL PROGRAM THAT WE NEED TO MOVE EVE RTHING BACK. BUT WE ALSO NEED TO
PUT A J M P $3400 IN THE BEGINNING, BECAUSE WHEN IT BRUNS, IT MUST JUMP TO THIS
SMALL PRO G RAM FIRST. NOW YOU CAN BOOT UP YOU 3.3 DISK, AND TYPE "CALL-151
(RETURN)", "9FD : 4C 00 34 (RETURN)","A964:FF (RETURN)", AND "BSAVE
GALAXIAN,A$9FD,L$8C03 (RETURN ) ", AND NOW YOU ARE FINISHED.
AGAIN,BROUGHT TO U BY
MR. MADNESS...........
OF PIRATES OF THE ROUND TABLE
"MAY PIRATING LIVE FOREVER!!!"
:::: GENERAL INTEREST TOP