Author: | Lord Crass (guest: search) | |
Date: | Thu, May 19th, 2011 @ 22:30 ( . ) |
Spelunker (Ariolasoft) Loader comes into $c000 on C64 Starts with B-E of t/s 18/18 which executes in $400 buffer of drive: 1. Reads track 18 looking for a $5D byte following a sync. This is found on the last data sector on the track. This sector has no header, it is a sync mark followed by data block. A standard nibbler will not copy this. This data is more protection code that is loaded into $500 buffer of drive. 2. The $500 code sends the drive to track 36 to read in sector 0. This "garbage" data is actually a decryption key used later. 3. Another non-standard sector is read in from track 36. It has no sector header and is a sync mark followed by 502 GCR bytes, then a run of nearly $1400 illegal GCR bytes. Only the first 5 bytes are read in. These bytes contain 2 pieces of information: - Next track/sector to load - 2 control bits used for handling the loaded data on the C64 4. The head is moved to the track specified by the signature bytes and sector 8 is loaded into the $300 buffer. It is encrypted. 5. The data loaded from track 36 sector 0 is used as a simple EOR decryption key to decode t/s 16/8. 6. The file header information is adjusted according to the 2 bits read from the signature on track 36. 7. The C64 retrieves the sector from the buffer, and if bit 7 of the first byte is set correctly from step 6, copies it to the memory location specified by the file header ($033c) and either jumps into it or exits to BASIC depending on bit 6 set in step 6. See attached for commented disassembly. |
Attachments: |
1305858631_Spelunker.txt |
--- 0 Users Online --- 0 Recent Unique Posters |