16) Next, disassemble memory a few bytes before $A6F4 by typing
< D A6FO >. Use cursor/down to display the next 14 or 15
bytes. The monitor should show you something like:
LDX #$09
CLC
ADC $FF58,X
DEX
17) This group of instructions is simply a checksum check of the
IRQ dongle-check routine we just finished working with. In
other words, they are "double-checking" their protection code.
Find the instruction that compares the checksum value in the
accumulator with a set value. Notice the 'BEQ' immediately
afterwards that bypasses protection failure. Simply change 'CMP
#$5A' with 'LDA #$00'. We have just set the zero flag
permanently, and the routine is tricked.
18) Now that we have finished removing all the dongle-check
routines, we need to re-save the two files to your backup disk.
Type: < S"@0:L",08,081D,3E33 > < S"@0:H",08,9280,AB9B >
19) You now have a dongle-free backup of Leaderboard. It may be
archived using any simple data copier. Note: The parameter
LEADERB. PARM 1 represents this particular break method.
LEADERB. PARM 2 is a variation of this break and can be run on
a backup and examined with the monitor.
EXECUTIVE LEADERBOARD : ACCESS
Use the C-64 Fast Copier utility to make an exact data-copy of
the original. This backup will run like the original ONLY if the
dongle is in place. The following procedure will eliminate all
dongle-checks:
Working with your backup:
1) Turn on your computer and from the Utility Disk, load the Disk
Logger by typing < LOAD "DISK LOGGER",8 >. Then type RUN.
Insert your backup copy of Executive Leaderboard #1 in the drive
and log it. The two files on the disk that contain code that
check for the dongle are called "L" and "H". Take note of the
addresses in memory where these programs reside:
"L" $081D - $3FAF
K.J. REVEALED TRILOGY PAGE [79] (C)1990 K.J.P.B.
<<previous page -
next page>>