2) Load the file COPYRIGHT 1984 <> L "COPY*",08 <>. We will explain
the code a section at a time, so try to follow as we go through
it. Using the DISASSEMBLE command, disassemble memory beginning
at $C000 (D C000).
A) Disassemble $C000 : $C000-$C091 sets up a loader routine that
loads HAYDEN SOFTWARE and JUMPS to $C311.
B) Disassemble $C311 : $C311-C336 opens an error channel to the
drive and sets the Y register to 0.
C) Disassemble $C337 : JSR $C376.
D) Disassemble $C376 : $C376-$C389 sends Block Read command to
Drive to check Track 2, Sector 15. The address $C2F7,Y is
accessed. Since Y has been set to 0, the true address IS
$C2F7. Interpret memory at $C2F7 to see the B-R (I C2F7).
This subroutine returns when an RTS is encountered.
E) Disassemble $C33A : JSR $C38A.
F) Disassemble $C3BA : $C38A-$C3A0 inputs two bytes from the
error channel and compares it to a $30 (0 or no error in
decimal). If NO error is found, a branch to $C373 is taken.
This in turn jumps to a reset vector and the program crashes.
If errors are found, the program flows until the RTS is
encountered.
G) Disassemble $C33A : Loads the Y register with 0D (13 in
decimal).
H) Disassemble $C33F : JSR $C376 : Same as step D, except this
time the address $C2F7,0D ($C2F7+0D) is sent to the drive.
This address is the same as $C304 and is the B-R command for
Track 3, Sector 16 (I C304).
I) Disassemble $C342 : JSR $C3BA : Same as step F. Checks for
error and RTS if found.
J) Disassemble $C345 : Close all channels and files; continue
setup and jump to start of program.
3) This protection scheme is fairly simple and can be defeated in
many ways. Four will be given. Choose one, and make your changes
with the MEMORY command. When the change has been made, all that
is left is to save the file back to the disk. The disk log tells
us the file resides in memory from $C000 to $C3A2. Remember to
add one byte to the end address when you save it
<> S "@0:COPYRIGHT 1984",08,C000,C3A3 <>.
K.J. REVEALED TRILOGY PAGE [9] (C)1990 K.J.P.B.
<<previous page -
next page>>