💾 Archived View for mirrors.apple2.org.za › archive › www.textfiles.com › apple › CRACKING › krackwo… captured on 2024-08-19 at 03:04:02.

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-





     THIS PART OF THE KORNER IS DEVOTED TO MAKING WAY OUT (AND HOPEFULLY SIMILAR GAMES IN THE FUTURE) COPYA. WAY OUT IS STRUCTURED IN THE FOLLOWING WAY: IT HAS A MAIN PROGRAM SPLIT BETWEEN 800-1FFF AND 6000-9BFF; AND TWO HI-RES PICTURES (START GAME AND SAVED GAME) WHICH LOAD AT DIFFERENT TIMES INTO 4000-5FFF. TRACK 1B CONTAINS BEST SCORES AND INITIALS, AND TRACK 1C CONTAINS INFORMATION FOR THE SAVED GAME.  BOTH OF THESE TRACKS ARE LOADED INTO A000-ABFF AND THE CRUCIAL INFORMATION RELOCATED TO SOME SLOTS AT 1A00-1C34. THE DATA FOR THE 26 MAZES ARE STORED TWO TO A TRACK IN TRACKS 1-D; THESE ARE ALSO LOADED INTO THE A000 SPACE FOR TRANSFER TO 1A00 AND UP.  FORTUNATELY, THERE IS ROOM IN MEMORY FOR THE RWTS ROUTINES (900 HEX), AND THE INDIVIDUAL READ AND WRITE SUBROUTINES WILL FIT EASILY INTO THE SPACE OF THE ORIGINAL ONES.

     THE EASIEST WAY TO GET THE MAIN PROGRAM LOADED IN IS AS A SINGLE FILE, USING THE ROUTINE BUILT INTO THE DOS BOOT.  DOING IT THIS WAY SAVES SOME PROGRAMMING TIME, AND SPEEDS THE LOAD, SINCE NO SEPARATE LOAD IS NEEDED FOR THE APPROPRIATE PICTURE AND SAVED GAME. THIS MAIN PROGRAM IS A TOTAL OF A4 (164) SECTORS, RUNNING FROM 800 TO ABFF. A GOOD WAY TO SET THIS UP IS TO BOOT A DOS 3.3 DISK BEFORE YOU BOOT THE GAME, AND HIT RESET AFTER THE GAME IS COMPLETELY LOADED (THIS ASSUMES THAT YOU HAVE A NON-AUTOSTART ROM IN THE F8 SOCKET). RWTS WILL STILL BE INTACT AT B700-BFFF, AND YOU CAN WRITE THE ENTIRE PROGRAM ONTO AN INITIALIZED DISK WITH THE INSPECTOR (THE INSPECTOR IN ROM AT D800, PREFERABLY WITH WATSON AT D000, IS AN ABSOLUTE MUST FOR EFFICIENT KRACKING OF TODAY'S SOFTWARE). REMEMBER TO CHANGE LOCATIONS 3D9-3DB TO '4C 00 BD' TO ALLOW THE INSPECTOR TO FIND RWTS, THEN WRITE THE PROGRAM ONTO THE DISK USING CONTROL-W, CONTROL-I-REPEAT, ONTO TRACK E, SECTOR 0 TO TRACK 18, SECTOR 3.
     THE 13 DATA TRACKS THAT COMPRISE THE MAZES SHOULD NEXT BE TRANSFERRED TO TRACKS 1-D OF THE NEW DISK.  LOCATIONS 988F-98AB OF THE ORIGINAL LOADER CONTAIN THE TABLE OF STARTING ADDRESSES FOR EACH TRACK. USE THE NIBBLE ALTERATION SCHEME DISCUSSED IN PART A TO ALTER THE LOCATIONS SO THAT EACH TRACK LOADS INTO AN EVEN 1000 ADDRESS -- T1 TO 1000, T2 TO 2000, ETC., UP TO T8 AT 8000. ALSO CHANGE LOCATION 980E TO 1C SO THE LOAD WILL END AFTER THE GAME TRACKS ARE IN. WHEN YOU BOOT THE GAME DISK WITH THESE ALTERED LOCATIONS, THE GAME TRACKS WILL LOAD OBEDIENTLY WHERE THEY'RE TOLD. SAVE THESE ONTO THE SAME TRACKS ON THE DOS 3.3 DISK WITH THE INSPECTOR, THEN GO BACK AND DO TRACKS 9-D BY ALTERING THEIR LOAD LOCATIONS AND SAVING THEM. THE SAVED GAME PICTURE CAN BE SAVED OUT SIMILARLY BY RESETTING AFTER RESTARTING THE SAVED GAME. SAVE THE PICTURE ANYWHERE SAFE; TRACKS 1F AND 20 ARE OK. YOUR DOS DISK NOW CONTAINS ALL THE DATA FOR THE GAME, AND ALL YOU NEED ARE A FEW QUICK READ AND WRITE SUBROUTINES.

     TO USE THE DOS BOOT ROUTINE TO LOAD THE BIG PART, READ IN T0, S1 FROM A STANDARD DOS 3.3 DISK. MAKE THE FOLLOWING CHANGES, AND WRITE IT BACK OUT TO YOUR DISK:

  LOCATION    MEANING        NEW VALUE
  --------    -------        ---------

     15     FIRST TRACK          18
     1A     FIRST SECTOR         03
     E0     # OF SECTORS         A4
     E7     FIRST STORAGE PAGE+1 AC

WHEN THE DISK IS BOOTED, STAGE 1 THINKS IT'S LOADING IN DOS STAGE 2, BUT IT'S REALLY YOUR PROGRAM.

     TO DO THE REST OF THE DISK ACCESS, THE FOLLOWING ROUTINES FROM THE ORIGINAL MUST BE DUPLICATED FOR THE RWTS FORMAT:

     OLD    NEW
   TRACK #  T/S   CONTENT  FUNCTION
   -------  ---   -------  --------

     1B     18/4- SCORES   READ & WRITE
            18/F
     1C     17/8- SAVED      "  "   "
            18/3   DATA
   15-17    19/0- SAVED HI-  "  "   "
            20/F   RES PIC
   1 TO D   1/0-  GAME     READ ONLY
            D/0    DATA


     TO USE RWTS, THE FOLLOWING NUMBERS MUST BE LOADED INTO IT (COMPUTER SCIENCE MAJORS CALL THIS "PARAMETER PASSING").

  LOCATION     CONTENTS
  --------     --------

     B715      STARTING(HIGHEST) TRACK#
     B71A      STARTING SECTOR
     B726      0=SEEK, 1=READ, 2=WRITE
     B70E      # OF SECTORS/PAGES
     B7E7      FIRST MEM. PAGE LOAD+1


SO THAT READING DATA FROM T17,S8 THROUGH T18,S3 INTO A000 TO ABFF REQUIRES:

       B715:18
       B71A:03
       B726:01
       B7E0:0C
       B7E7:AC, FOLLOWED BY JSR B700.

YOU CAN SCATTER THE NECESSARY "STUFF AND JUMP" ROUTINES BETWEEN 9600 AND 9800. THE NICELY-ORGANIZED JUMP TABLE AT 9600-961E WILL TELL YOU WHERE EACH ONE SHOULD BE, AND ALLOWS THE REST OF THE PROGRAM TO USE THEM WITHOUT KNOWING THEY'VE BEEN CHANGED.

     ONE FURTHER CHANGE THAT'S REQUIRED IS THE ROUTINE TO CALCULATE THE GAME TRACK TO BE READ IN. AN INPUT ROUTINE DEEP IN THE BOWELS OF THE MAIN PROGRAM ACCEPTS THE KEYPRESS, QUALIFIES IT, AND SUBTRACTS $C1 TO GIVE 0-19 FOR THE LETTERS A-Z. THE CODE AT 962C WHICH DOES THE CALCULATION THEIR WAY IS:

               LDA $9623
               AND #$FE
               CLC
               ADC #$02
               JSR 981A

TRACK ACCESS IN THE SIRIUS SYSTEM IS LISTED IN HALF-TRACKS, SO ALL TRACK NUMBERS ARE DOUBLED IN THE CODE.  THEY TAKE THE MAZE NUMBER 0-19 AND MASK OFF THE LOW BIT, SINCE BOTH EVEN AND ODD MAZE NUMBERS WILL BE ON THE SAME TRACK. THEY ADD 2 SINCE THE FIRST MAZE TRACK IS #1, AND JUMP TO THE TRACK READER. IN OUR SYSTEM, THIS BECOMES:

               LDA $9623
               LSR
               CLC
               ADC #$1
               JSR 9800

WE SHIFT THE NUMBER RIGHT ONCE TO DIVIDE IT BY TWO AND INCLUDE THE EVEN/ODD GAME, THEN ADD 1 TO GET THE WHOLE TRACK NUMBER FOR RWTS.

     ABOUT ALL THAT'S LEFT IS TO PUT A LITTLE BIT OF FLASH ON THE TITLE PAGE, AND YOU HAVE A NICELY PACKAGED COPYA VERSION OF WAY OUT.

     A FOOTNOTE--IN AN INCREDIBLE EXERCISE OF STUPIDITY, SIRIUS LEFT IN A FAIR PART OF THE ASSEMBLER SOURCE FILE FOR THE PROTECTION SCHEME EMPLOYED.  IF YOU READ THROUGH THE MEMORY AT C00-1FFF, YOU WILL FIND LARGE CHUNKS OF AN ASCII FILE WITH SUCH GEMS AS "JSR NBLCNT", ETC. YOU CAN ALSO SEE IT BY LOADING AND RESETTING THE PROGRAM, THEN TYPING THE MONITOR COMMANDS 400<C00.FFFM OR 400<1000.13FFM, AND SO ON. THESE WILL PUT THE FILE ON THE SCREEN FOR YOUR PERUSAL. THIS REMINDS ME OF LOCKING YOUR VALUABLES IN A SAFE AND THEN WRITING THE COMBINATION ON THE DOOR!  THE PROTECTION SCHEME, BY THE WAY, WAS WRITTEN BY ZERO PAGE ENTERPRIZES, WHICH HAS NO CONNECTION WHATEVER WITH THE WELL-KNOWN KRACKIST OF THE SAME NAME.



     COMING UP NEXT - THE ARCADE MACHINE, WITH IMPLEMENTATION OF THE NMI TECHNIQUE, AND NOTES ON IDSI'S JUGGLER. 


             =>KRAKOWICZ<=