Subject: Re: Locked and beyond

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>
Date   : Tue, 22 May 2001 15:33:16 +0200
From   : Peter Van Ek <vanekp@...>
Subject: Re: Locked and beyond

Anyone up to modifying some code to emulate this K.E. routine, it use both
the T1 & T2 timers + T1 latch I tried to use James Fidell bit of code but
don't know how to handle both timers (T1 & T2) & the latch to emulate it in
the program !

04D3 SEI                
04D4 LDX #&FF           
04D6 TXS                
04D7 INX                
04D8 LDA #&40           
04DA STA &FE6B          
04DD LDA #&7F           
04DF STA &FE6E          
04E2 LDA #&E0           
04E4 STA &FE6E          
04E7 LDA #&21           
04E9 STA &FE68          
04EC LDA #&56           
04EE STA &FE69          
04F1 LDA #&45           
04F3 STA &FE64          
04F6 LDA #&4B           
04F8 STA &FE65          
04FB LDA #&03           
04FD STA &0258          
0500 LDA &0500          
0503 EOR &FE69          
0506 DEC &FE65          
0509 EOR &0600,X        
050C STA &0100,X        
050F LDY &FE64          
0512 STY &0517          
0515 CLC                
0516 ADC #&ED           
0518 EOR &FE64          
051B LDY &FE65          
051E CPY &FE69          
0521 ADC &FE68          
0524 LDY &FE69          
0527 STY &052B          
052A EOR #&EE           
052C EOR &0517          
052F EOR &FE64          
0532 ASL &FE69          
0535 DEC &FE65          
0538 EOR &FE69          
053B LDY &FE65          
053E EOR &0500,Y        
0541 INC &0545          
0544 EOR #&78           
0546 EOR &FE66          
0549 DEC &FE67          
054C EOR &0601,X        
054F DEC &FE69          
0552 SEC                
0553 ROR &FE68          
0556 LDY &FE69          
0559 STY &FE64          
055C STA &0600,X        
055F INX                
0560 BNE &0500          
0562 LDY #&03           
0564 STY &0258          
0567 LDA #&4C           
0569 STA &0287          
056C LDA #&87           
056E STA &0288          
0571 DEY                
0572 STY &0289          
0575 LDA #&40           
0577 STA &0D00          
057A LDA &FFFA          
057D BNE &05DD          
057F LDA &FFFB          
0582 CMP #&0D           
0584 BNE &05DD          
0586 INC &0501          
0589 BEQ &058E          
058B JMP &0500          
058E LDA #&00           
0590 STA &70            
0592 STA &71            
0594 TAY                
0595 LDA &71            
0597 EOR &0600,Y        
059A STA &71            
059C LDX #&08           
059E LDA &71            
05A0 ROL A              
05A1 BCC &05AF          
05A3 LDA &71            
05A5 EOR #&08           
05A7 STA &71            
05A9 LDA &70            
05AB EOR #&10           
05AD STA &70            
05AF ROL &70            
05B1 ROL &71            
05B3 DEX                
05B4 BNE &059E          
05B6 INY                
05B7 CPY #&14           
05B9 BNE &0595          
05BB LDA &70            
05BD CMP &06FE          
05C0 BNE &05D6          
05C2 LDA &71            
05C4 CMP &06FF          
05C7 BEQ &0600          
05C9 BNE &05D6          
        
05D6 LDA #&C8          
05D8 LDX #&03           
05DA JSR &FFF4          
05DD STA &0600,Y        
05E0 INY                
05E1 JMP &05DD

0600\Code to Run

Regards Peter Van Ek

       -----Original Message-----
       From:   Rich Talbot-Watkins [SMTP:rich@...]
       Sent:   2001 May Wednesday 16 10:47 AM
       To:     BBC Micro
       Subject:        Re: [BBC-Micro] Locked and beyond

       "C Davies" <davies_@...> wrote:

       > Anyone else remember the fun of cracking the protections on the
trusty BBC
       > games?  I used to have a passion for doing this to transfer stuff
to disc.
       > Programmers used to leave little messages embedded in the files
that you
       > would unscramble on the way to cracking the games.

       Yep, it was always fun, and I've not come across anything quite the
same on
       another platform since...

       Gary Partis's protection systems always had little embedded messages
       (normally threatening you with murder or something equally
unsubtle).
       Starquake had hundreds of little tiny loops which decrypted the next
little
       bit of code in a different way each time - and the only way I found
of
       cracking it (short of writing a fast interpreter to do the job for
me) was to
       decrypt every last one of them by hand... ouch.

       > Aardvark left some message about stringing you up with chicken
wire...

       The other thing Orlando did (as he'd already played around with them
in the
       code for Zalaga) was write a straight ASCII message which contained
loads of
       undocumented opcodes, which just looked like gibberish code, and
then
       actually executed it - the exit values of the registers were then
used as
       inputs to the decrypter later on.  It completely threw me for ages
and took
       me ages to believe that it was actually genuine.

       > And the ultimate protections were by Kevin Edwards.  They
certainly made
       you
       > think...  I remember he left his mailing address in one game,
after you'd
       > got through most of the layers of protection, asking for people
who got
       that
       > far to get in touch with him.

       Kevin Edwards' protection systems always beat me unfortunately!
James Fidell
       posted some code to this list a little while back which he wrote
ages ago to
       crack it - I was impressed.....

       Exile was nice too.... contained its own implementation of the
filing system
       commands (via vector interception) which allowed it to read its
oddly
       formatted disc as if it were a normal DFS disc - but only if you'd
hacked thr
       ough the outer layers already!

       Can't think of any more at the moment... anyone else?

       Rich :)
<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>