| Author: | Kevin (guest: search) |
|---|---|---|
| Date: | Mon, Jun 07th, 2010 @ 13:37 ( . ) |
For quick reference, here's the program: 100 rem 1541 backup 110 poke 56,33 120 clr 130 fori=1to144 140 readd 150 poke49151+i,d 160 nexti 170 dimt(35) 180 fori=1to35 190 t(i)=1 200 nexti 210 readsrw,erw 220 print"1541 backup" 230 print"insert master disk in drive" 240 gosub1110 250 open15,8,15 260 rw=8448 270 fori=1to126 280 poke8447+i,0 290 nexti 300 ram=8704 310 poke252,34 320 c=0 330 rem seek 340 fort=srwtoerw 350 ns=20+2*(t>17)+(t>24)+(t>30) 360 ift(t)=0 goto 410 370 job=176 380 gosub1190 390 ife=1goto470 400 t(t)=0 410 rw=rw+(ns+1) 420 ram=ram+(256*(ns+1)) 430 poke252,(ram/256) 440 r=r+(ns+1) 450 goto 620 460 rem read 470 fors=0tons 480 gosub 1300 490 print"reading track "t$" -sector "s$ 500 job=128 510 gosub1190 520 ife=1goto550 530 r=r+1 540 ife<>4ande<>5goto580 550 sys49165 560 c=1 570 pokerw,1 580 rw=rw+1 590 ram=ram+256 600 poke252,(ram/256) 610 nexts 620 nextt 630 close15 640 ifc=0goto1010 650 print"1541 backup" 660 print"insert clone disk in drive" 670 gosub1110 680 open15,8,15 690 rw=8448 700 ram=8704 710 poke252,34 720 rem seek 730 fort=srwtoerw 740 ns=20+2*(t>17)+(t>24)+(t>30) 750 job=176 760 gosub1190 770 ife=1goto820 780 ram=ram+(256*(ns+1)) 790 w=w+(ns+1) 800 goto 990 810 rem write 820 ift(t)=1goto870 830 rw=rw+(ns+1) 840 ram=ram+(256*(ns+1)) 850 poke252,(ram/256) 860 goto 990 870 fors=0tons 880 ifpeek(rw)=0goto950 890 gosub 1300 900 print"writing track "t$" -sector "s$ 910 sys 49228 920 job=144 930 gosub 1190 940 ife<>1thenw=w+1 950 rw=rw+1 960 ram=ram+256 970 poke252,(ram/256) 980 nexts 990 nextt 1000 close15 1010 iferw<>35goto210 1020 print"read errors: "r" " 1030 print"write errors: "w" " 1040 print" " 1050 print"done!" 1060 print" 1070 poke56,160 1080 clr 1090 end 1100 rem delay 1110 print"press return to continue" 1120 ifc=0andsrw<>1goto1160 1130 getc$:ifc$<>""then1130 1140 getc$:ifc$=""then1140 1150 ifc$<>chr$(13)goto1140 1160 print"ok." 1170 return 1180 rem job queue 1190 try=0 1200 print#15,"m-w"chr$(8)chr$(0)chr$(2)chr$(t)chr$(s) 1210 print#15,"m-w"chr$(1)chr$(0)chr$(1)chr$(job) 1220 try=try+1 1230 print#15,"m-r"chr$(1)chr$(0) 1240 get#15,e$ 1250 e=asc(e$+chr$(0)) 1260 iftry=500goto1280 1270 ife>127goto1220 1280 return 1290 rem str$(t,s) 1300 t$=right$("0"+right$(str$(t),len(str$(t))=1),2) 1310 s$=right$("0"+right$(str$(s),len(str$(s))=1),2) 1320 return 1330 rem $c000 1340 data77,45,82,0,4,255,128,77 1350 data45,87,0,4,32,169,0,133 1360 data251,141,3,192,32,34,192,169 1370 data128,133,251,141,3,192,32,34 1380 data 192,96,162,15,32,201,255,162 1390 data 0,189,0,192,32,210,255,232 1400 data 224,7,208,245,32,204,255,162 1410 data 15,32,198,255,160,0,32,207 1420 data 255,145,251,200,192,129,208,246 1430 data 32,204,255,96,169,0,141,10 1440 data 192,240,11,173,10,192,24,105 1450 data 32,141,10,192,240,47,162,15 1460 data 32,201,255,162,0,189,7,192 1470 data 32,210,255,232,224,6,208,245 1480 data 173,10,192,133,251,160,0,177 1490 data 251,32,210,255,200,192,32,208 1500 data 246,169,13,32,210,255,32,204 1510 data 255,169,0,240,198,96,234,234 1520 rem track 1530 data 1,6,7,12,13,17,18,24,25,30,31,35 40 FORT=SRWTOERW 350 NS=20+2* |
| Author: | Kevin (guest: search) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 12:57 ( . ) |
Anyone? I saw the disassembly for "early EA loaders", but I believe that the earliest ones had a simpler loader. I don't have access to my discs right now and doubt if I even have an uncracked version of Hard Hat Mack and One on One. I'd really like to see the loader for those disassembled (ahem...Keith?). I am positive that the crack was to simply alter the JMP to a BRK and then simply save the BASIC program (10 SYS 2063) that was in memory after the load. That's clearly not possible with the Skyfox loader shown in the disassembly because of all the checks. Thanks. |
 | Author: | Pete Rittwage (registered user: 558 posts ) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 13:09 ( . ) |
I'm sure that if you "catch" it right after everything has been done, you can get the unprotected program. Once the program is running and all the checks are done, it is pretty easy to copy. Such is the failure of a lot of protected software- the protection is added after the fact, and so it's not integrated into the program to check it again later (usually). |
| Author: | Pete Rittwage (registered user: 558 posts ) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 13:12 ( . ) |
And for early, early, I assume you mean: Archon Axis Assassin D-Bug Hard Hat Mack M.U.L.E. Music Construction Set One on One Pinball Construction Set Worms? |
| Author: | Kevin (guest: search) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 13:58 ( . ) |
Definitely Hard Hat Mack and One on One. Definitely NOT Archon because it didn't work with the method of breaking out of the loader just before it executes. There was a third, but I can't think of it at the moment. After Archon we assumed all others would be "uncrackable" and stopped trying. |
| Author: | Pete Rittwage (registered user: 558 posts ) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 14:03 ( . ) |
The earliest games booted up with a message about "FAST DISK ROUTINES COURTESY OF COMMODORE BUSINESS MACHINES" or similar. The later titles didn't. It may just be a difference in how the programmer integrated the protection from title to title. |
| Author: | Kevin (guest: search) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 14:16 ( . ) |
I don't recall seeing that message. It was just the standard EA logo that scrolled colors. At the end, it did a check that rattled the drive, then the program started. |
| Author: | Pete Rittwage (registered user: 558 posts ) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 14:30 ( . ) |
That's strange, because I don't recall any EA protection that ever rattled the drive. Even the earliest titles had fat track protection checked right before the game launched, after the slowly changing EA logo turned into the solid-color changing logo. They never used a old-fashioned drive error check. They were ahead of their time. |
| Author: | Kevin (guest: search) |
|---|---|---|
| Date: | Wed, Aug 11th, 2010 @ 14:54 ( . ) |
Maybe it didn't rattle the drive, but more like a chattering sound. I could be wrong about that, too -- it's been a while (like 25 years? ). I hadn't remembered the colors going solid and changing until you mentioned it just now. |
| Author: | VMAXX (registered user: 6 posts ) |
|---|---|---|
| Date: | Fri, Feb 25th, 2011 @ 04:41 ( . ) |
Early EA games just checked if the DOS returned an error if the protection tried to read a particular sector, which had a deliberate CRC error. |
 | Author: | Zaphod (guest: search) |
|---|---|---|
| Date: | Fri, May 15th, 2015 @ 17:30 ( . ) |
There were a number of backup utilities that got the older EA stuff. The commonly used one was ARTS BACKUP by Mike J. Henry. It worked reliably, but tended to knock out the fastloader. essentially it put the main program into a file, and had a simple loader that ran inside basic that set up the breadcrumbs, loaded the main program, and started it. That fast disk logic is one that i only ever saw on Mail Order Monsters. That was one of the LATER fat track protections. Every few games they increased the complexity of the protection, which eventually broke those arts backup programs. sometimes it was possible to use a fat track writer to write out the fat track. Fast Hack'em had one. those were never truly reliable, but you could just keep trying it till it worked. |