Kracker Jax Revealed

         "H"  $9280 - $BAEC

      This information is important since we need to load a
      machine-language monitor into memory where these programs
      aren't! We can choose from one of three monitors ($2000 = 8192,
      $8000 = 32768, or $C000 = 49152). The monitor at $C000 does not
      conflict with Exec Leaderboard #1 memory, so we will use it.
      
      2) Turn on the computer again and load the $C000 monitor from your
         utility disk < LOAD "49152",8,1 > followed by < SYS 49152 > to
         execute it.
         
      3) To start with a clean-slate, let's clear out all memory below
         the monitor by typing < F 0800 BFFF EA >
         
      4) From the monitor, we must load the two Exec Leaderboard #1
         files. Insert your backup copy in the drive and load both files:
         < L "H",08 > and < L "L",08 >
         
      5) Since the "H" files resides in the RAM underneath the BASIC ROMS
         ($A000-BFFF), we have to use the bank select bits to bank out
         the ROM and bank in the RAM so we can view the "H" file code.
         Using the memory command, change memory location $0001 to 36 (76
         on the 128) < M 0001 >.
         
      6) Now, we will began searching for the certain "dongle-check" byte
         sequences. We can use the monitor "H" command to hunt through
         memory for these patterns. Type < H 0800 BFFF A9 10 24 01 >
         After a brief wait, the monitor should return addresses: 0A9C
         1114 9FA2.

      7) Disassemble each of these addresses using the "D" command. Use
         the cursor-down key to scroll through the next couple of
         addresses. At the top after each assembly, change the LDA #$10
         command to: LDA #$00 . i.e. - < D 0A9C > < A 0A9C LDA #$00 >
         do the same for the other two addresses. The rest of the
         byte changes are performed in this manner, so they won't be in
         detail!
         
      8) Type < H 0800 BFFF A9 40 4A 4A AA >. Monitor finds: 1237 9D3E.
      
      9) Disassemble both addresses, and change the LDA #$40 command to
         LDA #$00
         
      10) Type < H 0800 BFFF A9 10 24 00 >. Monitor finds: 93EF.
      
      11) Disassemble and change LDA #$10 to LDA #$00.
      
      12) Type < H 0800 BFFF AD OE C2 OA AA >. Monitor finds: 9AFE.
      
      13) Disassemble $9AFE and scroll down 6 or 7 times. Find the BCS

            K.J. REVEALED TRILOGY    PAGE [80]     (C)1990 K.J.P.B.
<<previous page - next page>>