|
|
|
IDENTIFICATION SERVEUR : 10.14.20.11 - CLIENT : 52.3.228.47 |
|
| Voir le sujet précédent :: Voir le sujet suivant |
| Auteur |
Message |
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3055
Localisation: Le Chesnay, France
|
 Posté le: Sam 08 Fév 2020, 10:18 Sujet du message: Geometry IIgs (Broderbund, 1988) |
 |
|
#1030 - A set of three disks to learn Geometry. A title written by Sensei Software and published in 1988 by Broderbund Software.
Disk structure
The program comes on a set of three 3.5" disks. The boot disk runs under ProDOS 16. It runs under the Finder and the programs are desktop-based. Disk 2 contains the first lessons. Disk 3 contains the last lessons.
Protection type
It seems to use the usual HLS kind of protection with T20/S1 and T21/S1 length check. The protection is stored in disk 3, not in disk 2. Both Geometry.1 and Geometry.2 program files check the protection. See the code later in the thread.
When you launch the program files, a message is displayed "Master disk is required... Insert original Geometry DISK3". You can cancel or OK.
How to copy
Use ZZCopy or Photonix II to copy your original disks then store them in a dry and safe place.
How to crack
Launch Block Warden
| Code: |
Insert disk 2
Prefix /DISK2
Follow GEOMETRY.1
At offset $1B493:22 -> AF
Insert disk 3
Prefix /DISK3
Follow GEOMETRY.2
At offset $1BFCE:22 -> AF
|
The disk images are available at http://www.brutaldeluxe.fr/crack/
Reboot and... enjoy,
LoGo
1/2020
Dernière édition par toinet le Sam 08 Fév 2020, 12:34; édité 1 fois |
|
| Revenir en haut de page |
|
 |
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3055
Localisation: Le Chesnay, France
|
| Posté le: Sam 08 Fév 2020, 10:19 Sujet du message: |
|
|
How to find the protection for disk 2...
| Code: |
We search for the usual A2 21 pattern that we find at $170 in segment 1 (main):
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
01/015E: 20A601 JSR $01A6
01/0161: D023 BNE $0186
01/0163: 8A TXA
01/0164: 8DD701 STA $01D7
01/0167: 98 TYA
01/0168: 8DD801 STA $01D8
01/016B: 0DD701 ORA $01D7
01/016E: F016 BEQ $0186
01/0170: A221 LDX #$21
01/0172: A001 LDY #$01
01/0174: 20A601 JSR $01A6
01/0177: D00D BNE $0186
01/0179: 8A TXA
01/017A: 8DDA01 STA $01DA
01/017D: 98 TYA
01/017E: 8DDB01 STA $01DB
01/0181: 0DDA01 ORA $01DA
01/0184: D013 BNE $0199
01/0186: 48 PHA
01/0187: A933 LDA #$33
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
> Found at: 01/0170. _
The entry point of the routine is at $154
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
01/0154: 08 PHP
01/0155: E230 SEP #$30
01/0157: A220 LDX #$20
01/0159: A001 LDY #$01
01/015B: 8B PHB
01/015C: 4B PHK
01/015D: AB PLB
01/015E: 20A601 JSR $01A6
01/0161: D023 BNE $0186
01/0163: 8A TXA
01/0164: 8DD701 STA $01D7
01/0167: 98 TYA
01/0168: 8DD801 STA $01D8
01/016B: 0DD701 ORA $01D7
01/016E: F016 BEQ $0186
01/0170: A221 LDX #$21
01/0172: A001 LDY #$01
01/0174: 20A601 JSR $01A6
01/0177: D00D BNE $0186
01/0179: 8A TXA
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:
We also must find where the string "Master disk" is located. On a compiled program, it is on the arrays segment (here segment 3)
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
03/1ED3: 436F EOR $6F,S
03/1ED5: 7079 BVS $1F50
03/1ED7: 205072 JSR $7250
03/1EDA: 6F746563 ADCL $636574
03/1EDE: 7469 STZ $69,X
03/1EE0: 6F6E2045 ADCL $45206E
03/1EE4: 7272 ADC ($72)
03/1EE6: 6F72001A ADCL $1A0072
03/1EEA: 4D6173 EOR $7361
03/1EED: 7465 STZ $65,X
03/1EEF: 7220 ADC ($20)
03/1EF1: 6469 STZ $69
03/1EF3: 736B ADC ($6B,S),Y
03/1EF5: 206973 JSR $7369
03/1EF8: 207265 JSR $6572
03/1EFB: 7175 ADC ($75),Y
03/1EFD: 697265 ADC #$6572
03/1F00: 642E STZ $2E
03/1F02: 2E2E1E ROL $1E2E
03/1F05: 496E73 EOR #$736E
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
> Found at: 03/1EEA.
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
03/1ED3: 43 6F 70 79 20 50 72 6F 74 65 63 74 69 6F 6E 20 Copy Protection
03/1EE3: 45 72 72 6F 72 00 1A 4D 61 73 74 65 72 20 64 69 Error..Master di
03/1EF3: 73 6B 20 69 73 20 72 65 71 75 69 72 65 64 2E 2E sk is required..
03/1F03: 2E 1E 49 6E 73 65 72 74 20 6F 72 69 67 69 6E 61 ..Insert origina
03/1F13: 6C 20 47 65 6F 6D 65 74 72 79 20 44 49 53 4B 33 l Geometry DISK3
03/1F23: 4C 6F 61 64 69 6E 67 2E 2E 2E 00 07 2F 44 49 53 Loading...../DIS
03/1F33: 4B 33 2F 4E 6F 74 20 45 6E 6F 75 67 68 20 4D 65 K3/Not Enough Me
03/1F43: 6D 6F 72 79 00 43 6F 75 6C 64 6E 27 74 20 6C 6F mory.Couldn't lo
03/1F53: 61 64 20 54 6F 6F 6C 73 00 4C 45 53 74 61 72 74 ad Tools.LEStart
03/1F63: 55 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Up..............
03/1F73: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03/1F83: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03/1F93: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03/1FA3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
03/1FB3: 00 00 00 06 43 61 6E 63 65 6C 02 00 78 00 64 01 ....Cancel..x.d.
03/1FC3: 89 00 BE 01 0A 00 B6 1F 03 00 00 00 00 00 B9 0E ..>...6.......9.
03/1FD3: 03 00 04 51 75 69 74 03 00 78 00 FA 00 89 00 54 ...Quit..x.z...T
03/1FE3: 01 0A 00 D5 1F 03 00 00 00 00 00 B9 0E 03 00 04 ...U.......9....
03/1FF3: 00 0A 00 26 00 32 00 46 02 0F 00 00 00 00 00 00 ...&.2.F........
03/2003: 00 01 00 00 00 00 00 05 00 32 00 44 00 41 00 46 .........2.D.A.F
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:_
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
03/1ED3: 436F707920 ASC 'Copy Protection Error'00
03/1EE9: 1A4D617374 STR 'Master disk is required...'
03/1F04: 1E496E7365 STR 'Insert original Geometry DISK3'
03/1F23: 4C6F616469 ASC 'Loading...'00
03/1F2E: 072F444953 STR '/DISK3/'
03/1F36: 4E6F742045 ASC 'Not Enough Memory'00
03/1F48: 436F756C64 ASC 'Couldn't load Tools'00
03/1F5C: 4C45537461 ASC 'LEStartUp'00
03/1F66: 0000 BRK $00
03/1F68: 0000 BRK $00
03/1F6A: 0000 BRK $00
03/1F6C: 0000 BRK $00
03/1F6E: 0000 BRK $00
03/1F70: 0000 BRK $00
03/1F72: 0000 BRK $00
03/1F74: 0000 BRK $00
03/1F76: 0000 BRK $00
03/1F78: 0000 BRK $00
03/1F7A: 0000 BRK $00
03/1F7C: 0000 BRK $00
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:
We search for 1EE9, the address of the string. And where is the string displayed? In segment E at $E51. The segment name is getItReady. Pretty funny :-)
The entry point of the routine is at $D8E
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
0E/0D8E: 0B PHD
0E/0D8F: 3B TSC
0E/0D90: 38 SEC
0E/0D91: E9F900 SBC #$00F9
0E/0D94: 5B TCD
0E/0D95: 69E400 ADC #$00E4
0E/0D98: 1B TCS
0E/0D99: 64EE STZ $EE
0E/0D9B: 64EC STZ $EC
0E/0D9D: A5FF LDA $FF
0E/0D9F: 8B PHB
0E/0DA0: 4B PHK
0E/0DA1: AB PLB
0E/0DA2: 48 PHA
0E/0DA3: 22000004 JSL $040000
0E/0DA7: FA PLX
0E/0DA8: AB PLB
0E/0DA9: 9005 BCC $0DB0
0E/0DAB: A92C01 LDA #$012C
0E/0DAE: 8003 BRA $0DB3
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:_
And the routine is called at $107C:
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
0E/1066: 8F020002 STAL $020002
0E/106A: 22AB080D JSL $0D08AB
0E/106E: F40300 PEA ^$031F2E
0E/1071: F42E1F PEA $031F2E
0E/1074: 2243070D JSL $0D0743
0E/1078: 7A PLY
0E/1079: 7A PLY
0E/107A: D4F0 PEI $F0
0E/107C: 228E0D0E JSL $0E0D8E
0E/1080: 7A PLY
0E/1081: A2021F2200 _CompactMem
0E/1088: B003 BCS $108D
0E/108A: A90000 LDA #$0000
0E/108D: 8F020002 STAL $020002
0E/1091: A20000 LDX #$0000
0E/1094: A9374A LDA #$4A37
0E/1097: DA PHX
0E/1098: 48 PHA
0E/1099: DA PHX
0E/109A: 48 PHA
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:_
|
|
|
| Revenir en haut de page |
|
|
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3055
Localisation: Le Chesnay, France
|
| Posté le: Sam 08 Fév 2020, 10:20 Sujet du message: |
|
|
And for disk 3. Still with The Flaming Bird Disassembler and Block Warden
| Code: |
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
03/1F49: 436F707920 ASC 'Copy Protection Error'00
03/1F5F: 1A4D617374 STR 'Master disk is required...'
03/1F7A: 1E496E7365 STR 'Insert original Geometry DISK3'
03/1F99: 4C6F616469 ASC 'Loading...'00
03/1FA4: 072F444953 STR '/DISK3/'
03/1FAC: 4E6F742045 ASC 'Not Enough Memory'00
03/1FBE: 436F756C64 ASC 'Couldn't load Tools'00
03/1FD2: 4C45537461 ASC 'LEStartUp'00
03/1FDC: 0000 BRK $00
03/1FDE: 0000 BRK $00
03/1FE0: 0000 BRK $00
03/1FE2: 0000 BRK $00
03/1FE4: 0000 BRK $00
03/1FE6: 0000 BRK $00
03/1FE8: 0000 BRK $00
03/1FEA: 0000 BRK $00
03/1FEC: 0000 BRK $00
03/1FEE: 0000 BRK $00
03/1FF0: 0000 BRK $00
03/1FF2: 0000 BRK $00
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:
Protection check lies in segment F (getItReady) at offset $D8E and is called at $107C
The Flaming Bird Disassembler Written by Ferox - (c) 1994 Phoenix corporation
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
0F/1066: 8F020002 STAL $020002
0F/106A: 22AB080E JSL $0E08AB
0F/106E: F40300 PEA ^$031FA4
0F/1071: F4A41F PEA $031FA4
0F/1074: 2243070E JSL $0E0743
0F/1078: 7A PLY
0F/1079: 7A PLY
0F/107A: D4F0 PEI $F0
0F/107C: 228E0D0F JSL $0F0D8E
0F/1080: 7A PLY
0F/1081: A2021F2200 _CompactMem
0F/1088: B003 BCS $108D
0F/108A: A90000 LDA #$0000
0F/108D: 8F020002 STAL $020002
0F/1091: A20000 LDX #$0000
0F/1094: A9374A LDA #$4A37
0F/1097: DA PHX
0F/1098: 48 PHA
0F/1099: DA PHX
0F/109A: 48 PHA
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
:
|
|
|
| Revenir en haut de page |
|
|
|
|
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum
|
|
FAQ 
Rechercher 
Liste des Membres 
Groupes d'utilisateurs
S'enregistrer
Profil 
Se connecter pour vérifier ses messages privés 
Connexion 
