Index du Forum
IDENTIFICATION SERVEUR : 10.0.97.129 - CLIENT : 54.156.58.187

 FAQFAQ   RechercherRechercher   Liste des MembresListe des Membres   Groupes d'utilisateursGroupes d'utilisateurs   S'enregistrerS'enregistrer 
 ProfilProfil   Se connecter pour vérifier ses messages privésSe connecter pour vérifier ses messages privés   ConnexionConnexion 

Math skills (Edu-ware/Softsmith, 1980-81/1983)

 
Poster un nouveau sujet   Répondre au sujet     Index du Forum -> PROTECTION MALEFIQUE
Voir le sujet précédent :: Voir le sujet suivant  
Auteur Message
toinet
Site Admin


Inscrit le: 15 Juin 2007
Messages: 2886
Localisation: Le Chesnay, France

MessagePosté le: Jeu 13 Avr 2017, 22:24    Sujet du message: Math skills (Edu-ware/Softsmith, 1980-81/1983) Répondre en citant

#919 - Effective math skills are a must in today's world. Now Math Skills is here to help - by providing primary level instruction in basic arithmetic. Your child will want to learn with Math Skills because of its interactive format, animated pictures and captivating sounds.

Disk structure
This is a protected DOS 3.3 disk. Tracks 0-2 are not readable, nor are the tracks 18-22 (in hex) but those are not formatted.

A deeper analysis with the nibble editor of Copy II plus shows that we find (again) the track info set to 0 in the address field for tracks different from... 0. Ah! That prevents all standard copiers from copying a track: where it looks for track 1, it reads track 0...

Boot trace
First step, get the T0/S0, the boot1, ahem:
Code:

9600<C600.C6FFM
96FB:20 FDDA 60
9600G
01

We find a clever routine with the move arm one included and the ability to load any standard T/S. The Accoloade boot a couple of years before Accolade!

Code:

96FB:A9 2C 8D 8A0 A9 4C 8D 8D4 A9 59 8D 8D5 A9 FF 8D 8D6 4C 801

There, we have interrupted the program a little bit further, bypassing the Softsmith logo display but no more. What is interesting is that each time a phase is finished, the arm is moved and a new T0/S0 at address $0800 is loaded and automatically executed because the read routine is the one from the Disk II controller card which jumps to $0801 once all sectors were read.

Code:

96FB:A9 2C 8D 8A0 8D 8D4 A9 20 8D 8D7 A9 E9 8D 8D8 A9 08 8D 8D9 A9 4C 8D 8DA A9 59 8D 8DB A9 FF 8D 8DC A9 18 8D 8AE 4C 801

There, we have interrupted the logo display but we have moved the next T0/S0 to $1800 instead of $0800. An analysis of the code shows that it loads data from the next "track 0" track at $3000..$3DFF and then moves to track 3 and loads the next T0/S0 at $0800.

Code:

96FB:A9 2C 8D 8A0 8D 8D4 A9 20 8D 8D7 A9 E9 8D 8D8 A9 08 8D 8D9 A9 4C 8D 8DA A9 20 8D 8DB A9 01 8D 8DC A9 18 8D 8AE 4C 801
120:A2 00 BD 1800 9D 0800 CA D0 F7 A9 BF 8D 85F A9 4C 8D 873 A9 59 8D 874 A9 FF 8D 875 A2 60 4C 801
9600G

Here, we do something similar to the previous boot trace but we jump to a new routine at $1200 before gaining control to the next T0/S0 (the one that fills in the $3000..$3DFF area) and we load the next T0/S0 at $BF00..$BFFF and that's it.

At that stage, we have:
- the second T0/S0 at $0800..$08FF
- the $3000..$3DFF area filled with data (read $3DC0..$3DFF for fun)
- a useless T0/S0 (the DOS 3.3 one) at $BF00..$BFFF
The rest of the memory is filled in from $0900..$BEFF with values 00 to FF on each page.

How to copy
...if we can say so:
Launch Advanced Demuffin 1.4 from my copy disk
Enter the monitor
B930:18 60 EA
B98B:18 60 EA
Press ctrl-Y
Copy T0
Copy T3-T17

Normalize the disk
Hum. That is the most annoying part of the crack:
1. With DiskFixer
- T0/S0/B2: 00 -> 01 ; tell that we move to track 1 (a real T1)
- Copy that sector to T1/S7. Why? Because we will use it as our new intermediate T0/S0 instead of the one that we had in memory at $0800. Read the next message for the new sector. Now, we move to T2 and load data at $3000..$3DFF and then move to T3 and load its sector 0 and execute it.
2. With Mobby Disk II
- Move the data you have at $3000..$3DFF to $4000..$4DFF (to enter the monitor, press ctrl-E, space, space ; to exit, press ctrl-Y)
- Write T2/S0, then ctrl-W the entire track
And that's it! I've put the original T0/S0 on track 1 on sectors 0 and 1.

The disk image is available at http://www.brutaldeluxe.fr/crack/ - The complete package on Asimov.

Reboot and... enjoy,

LoGo
4/2017
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé Visiter le site web de l'utilisateur
toinet
Site Admin


Inscrit le: 15 Juin 2007
Messages: 2886
Localisation: Le Chesnay, France

MessagePosté le: Jeu 13 Avr 2017, 22:46    Sujet du message: Répondre en citant

The new intermediate T0/S0, the one at T1/S7 (see the interleaving for DOS 3.3 and you'll understand why sector 1 that is requested to read by the first boot1 code is located on sector 7)

Code:

-------------- DISK EDIT ---------------
TRACK $01/SECTOR $07/VOLUME $FE/BYTE $00
----------------------------------------
$00: 01 4C 76 08 00 0D 0B 09    AL6H@MKI
$08: 07 05 03 01 0E 0C 0A 08    GECANLJH
$10: 06 04 02 0F A6 2B A4 A4    FDBO&+$$
$18: 84 A9 C8 84 A4 A9 EF 85    .)H.$)/.
$20: A5 A9 D8 85 A6 A9 00 85    %)X.&)@.
$28: A2 A5 A9 85 A3 38 E5 A4    "%).#8%$
$30: F0 1F E6 A9 49 FF A8 38    0_&)I?(8
$38: 20 55 08 B9 74 08 20 63     UH94H #
$40: 08 A5 A3 18 20 57 08 B9    H%#X WH9
$48: 75 08 20 63 08 E6 A2 D0    5H #H&"P
$50: D8 20 63 08 18 A5 A9 29    X #HX%))
$58: 03 2A 05 2B AA BD 80 C0    C*E+*=.@
$60: A6 2B 60 A2 11 CA D0 FD    &+`"QJP=
$68: E6 A5 D0 02 E6 A6 38 E9    &%PB&&8)
$70: 01 D0 F0 60 01 70 A9 60    AP0`A0)`
$78: 8D 01 08 20 14 08 20 14    .AH TH T
$80: 08 A9 02 85 41 A9 30 85    H)B.A)0.
$88: 27 A0 00 84 A0 B9 04 08    ' @. 9DH
$90: 85 3D 20 E9 08 A4 A0 C8    .= )H$ H
$98: C0 0E 90 EF EA EA EA EA    @N./****
$A0: EA EA EA EA EA EA EA 20    *******
$A8: 14 08 20 14 08 A9 08 85    TH TH)H.
$B0: 27 A9 03 85 41 A9 00 85    ')C.A)@.
$B8: 3D 6C A7 00 00 00 00 00    =,'@@@@@
$C0: 00 00 00 00 00 00 00 00    @@@@@@@@
$C8: 00 00 00 00 00 00 00 00    @@@@@@@@
$D0: 00 00 00 00 00 00 00 00    @@@@@@@@
$D8: 00 00 00 00 00 00 00 00    @@@@@@@@
$E0: 00 00 00 00 00 00 00 00    @@@@@@@@
$E8: 00 6C A7 00 00 00 00 00    @,'@@@@@
$F0: 00 00 00 00 00 00 00 00    @@@@@@@@
$F8: 00 00 00 00 00 00 00 00    @@@@@@@@
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé Visiter le site web de l'utilisateur
Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet     Index du Forum -> PROTECTION MALEFIQUE Toutes les heures sont au format GMT + 1 Heure
Page 1 sur 1

 
Sauter vers:  
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum


Powered by phpBB © 2001, 2005 phpBB Group
Traduction par : phpBB-fr.com