'PirateSlayer'
Author:LordCrass (guest: search)
Date: Thu, Jun 28th, 2012 @ 20:38 ( . )

It tries to load up to 23, but the drive starts throwing back "illegal track or sector" after sector 20, so the buffer contents that are read for each of those is a repeat of sector 20.

You can't use the U1 drive command to read extra tracks or sectors. You'd need to use the job queue directly, or write a custom routine.


REPLY: [With No Quote] --- [With Quoted Text]

'PirateSlayer'
Author:Displacer (registered user: 14 posts )
Date: Thu, Jun 28th, 2012 @ 21:49 ( . )

Yep. I tried loading the extra sectors from a drive monitor using job codes and there was nothing there, it just returned $02 back (header block not found)

Wonder if it was a bug, or possibly leftover code from some other loader?

Anyway thanks for verifying that, and the heads up about the U1 command, I didn't know it would return errors if you tried to go past standard tracks/sectors


REPLY: [With No Quote] --- [With Quoted Text]

'PirateSlayer'
Author:Displacer (registered user: 14 posts )
Date: Sun, Jul 01st, 2012 @ 11:31 ( . )

Finally found the drive code and how it's loaded. After all the decryption of the main code, the drive code is there and in its decrypted state but you still can't see it.
How it works is there are 2 blocks of $100 bytes that just look like random garbage. The code takes a byte from the first block, then it does some elaborate calculations on that byte involving all three registers, A, X, Y. When it's finished it comes up with an offset into the second block which is one byte of the drive code. It transmits that byte to the drive into the buffer at $300 and then starts again with the next byte.

I think for completeness I may alter the drive code to read in track 2 in it's entirety into the extra drive ram I have to try and capture exactly whats there. I'll save that for another day though

At any rate I think I now have the code and data for the protection in it's entirety and completely decrypted state, unless I run into any other little terrors like the drive code


REPLY: [With No Quote] --- [With Quoted Text]

'PirateSlayer'
Author:Displacer (registered user: 14 posts )
Date: Sun, Jul 01st, 2012 @ 12:51 ( . )

OK, I think I captured the track, and it makes one thing I had assumed does not appear to be correct. I had thought the beginning of the string of bytes for protection started with 2 $D7 bytes. This doesn't seem to be the case. While it is looking for the $D7 bytes, there are actually 5 of them. After looking at the code it is not just looking for 2 of them, it's looping through the $D7 bytes until they end and then looking for the other bytes. I'm pretty sure this is the reference "header" it uses to signal that the actual protection bytes follow immediately after.


REPLY: [With No Quote] --- [With Quoted Text]

'PirateSlayer'
Author:Fungus (registered user: 20 posts )
Date: Sat, Aug 18th, 2012 @ 06:59 ( . )

Which game are you looking at?

If it's pirate slayer/busters the tool I coded here can determine version and decrypt the main loader for you.

[link]

saves a lot of time.

If it's not, I'd be a bit interested to look at it myself.


REPLY: [With No Quote] --- [With Quoted Text]


--- 0 Users Online --- 0 Recent Unique Posters

Q142=1660742896 - Threads: / 1660742896