Kracker Jax Revealed

      completed its other duties? This would leave the data in $0400 as
      described above and the protection check would be satisfied. 
      Reboot TK and allow it to load until the drive motor turns off.
      Press the reset button and load in the $8000 monitor. Examine the
      auto-boot code at $010E. This routine outputs a Block-Execute
      command (backwards at $0191 - 'B-E 2 0 18 02') that starts up drive
      code located on T/S 18/2 ($12/$02).
      
      Insert your backup copy of TK, initialize the drive and use the
      drivemon to load this sector into drive buffer $0300 using the job
      queue. Disassemble the code in the drive at $0300. This code, when
      executed, loads T/S $12/$12 (18/18) into drive buffer $0600 and
      decrypts it. Control is then passed back to the computer, where a
      memory-execute (M-E) command of $0693 is sent to the drive. This
      initializes the drive side of the loader. To view the decrypted
      code at $0600, insert your backup copy of TK and do the 
      following:

         1) Use the job queue to read T/S $12/$12 into drive memory $0600
            (T/S $12/$02 should already be present at $0300).
         
         2) Assemble the following at $0400:
         
            A 0400 JSR $0314
              0403 JMP $F969

         3) Execute our routine at $0400 by placing the value $12 into
            drive memory $08 and $09, then place the value $E0 (job queue
            execute command) into $01.
         
      After a short period of drive activity, you may disassemble the
      decrypted code at $0600. The entry point of the loader is $0693,
      where some setup is done. Then a loop is executed to load and
      transmit each sector. After the load is completed, the code
      exits by JMP'ing to $D048, which re-initializes the drive. This
      is the ideal place for us to "wedge" ourselves into the loader.
      We can execute a job queue read of our sector at $12/$06 THEN
      jump to $D048. The drive code from $06E0 - $06FF is filled with
      zeroes and is available for our use. Assemble the following code
      at $06E0:

            A 06E0  LDA #$12
              06E2  STA $08
              06E4  LDA #$06
              06E6  STA $09
              06E8  LDA #$80
              06EA  STA $01
              06EC  LDA $01
              06EE  BMI $06EC
              06F0  JMP $D048

      And the following at $06C4:

            K.J. REVEALED TRILOGY    PAGE [122]    (C)1990 K.J.P.B.
<<previous page - next page>>