'Spelunker (Ariolasoft)'
Author:Lord Crass (guest: search)
Date: Thu, May 19th, 2011 @ 22:30 ( . )

Spelunker (Ariolasoft)

Loader comes into $c000 on C64

Starts with B-E of t/s 18/18 which executes in $400 buffer of drive:

1. Reads track 18 looking for a $5D byte following a sync. This is found on the last data sector on the track. This sector has no header, it is a sync mark followed by data block. A standard nibbler will not copy this. This data is more protection code that is loaded into $500 buffer of drive.

2. The $500 code sends the drive to track 36 to read in sector 0. This "garbage" data is actually a decryption key used later.

3. Another non-standard sector is read in from track 36. It has no sector header and is a sync mark followed by 502 GCR bytes, then a run of nearly $1400 illegal GCR bytes. Only the first 5 bytes are read in. These bytes contain 2 pieces of information:
- Next track/sector to load
- 2 control bits used for handling the loaded data on the C64

4. The head is moved to the track specified by the signature bytes and sector 8 is loaded into the $300 buffer. It is encrypted.

5. The data loaded from track 36 sector 0 is used as a simple EOR decryption key to decode t/s 16/8.

6. The file header information is adjusted according to the 2 bits read from the signature on track 36.

7. The C64 retrieves the sector from the buffer, and if bit 7 of the first byte is set correctly from step 6, copies it to the memory location specified by the file header ($033c) and either jumps into it or exits to BASIC depending on bit 6 set in step 6.

See attached for commented disassembly.

Attachments:
1305858631_Spelunker.txt


REPLY: [With No Quote] --- [With Quoted Text]

Replies:
--* Spelunker (Ariolasoft)
5/20/2011 @ 19:28--Lord Crass
5/22/2011 @ 14:15--Nate

--- 0 Users Online --- 0 Recent Unique Posters

Q28=1653057150 - Threads: / 1653057150