|
|
|
IDENTIFICATION SERVEUR : 10.14.20.125 - CLIENT : 3.237.205.144 |
|
| Voir le sujet précédent :: Voir le sujet suivant |
| Auteur |
Message |
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3062
Localisation: Le Chesnay, France
|
 Posté le: Jeu 11 Juil 2019, 19:16 Sujet du message: Frontline (subLOGIC, 1982) |
 |
|
#1008 - A game by Terry Eagan. Four modes and up to two players can play in a game I still have not understood what the purpose was... An original disk by Stephane Racle, woz image provided by 4am.
Disk structure
That is a non standard 5.25" floppy disk. T0 is readable, others are not. The disk volume is 0.
Protection type
The protection lies in reading raw nibbles in memory and decode them in memory.
Boot trace
| Code: |
Get Boot1
CALL-151
9600<C600.C6FFM
96F8:4C DA FD
9600G
The result:
0800: 01 A5 27 C9 09 D0 18 A5
0808: 2B 4A 4A 4A 4A 09 C0 85
0810: 3F A9 5C 85 3E 18 AD FE
0818: 08 6D FF 08 8D FE 08 AE
0820: FF 08 30 15 BD 4D 08 85
0828: 3D CE FF 08 AD FE 08 85
0830: 27 CE FE 08 A6 2B 6C 3E
0838: 00 EE FE 08 EE FE 08 20
0840: 89 FE 20 93 FE 20 2F FB
0848: A6 2B 6C FD 08 00 0D 0B
0850: 09 07 05 03 01 0E 0C 0A
0858: 08 06 04 02 0F 00 20 64
0860: A7 B0 08 A9 00 A8 8D 5D
0868: B6 91 40 AD C5 B5 4C D2
0870: A6 AD 5D B6 F0 08 EE BD
0878: B5 D0 03 EE BE B5 A9 00
0880: 8D 5D B6 4C 46 A5 8D BC
0888: B5 20 A8 A6 20 EA A2 4C
0890: 7D A2 A0 13 B1 42 D0 14
0898: C8 C0 17 D0 F7 A0 19 B1
08A0: 42 99 A4 B5 C8 C0 1D D0
08A8: F6 4C BC A6 A2 FF 8E 5D
08B0: B6 D0 F6 00 00 00 00 00
08B8: 00 00 00 00 00 00 00 00
08C0: 00 00 00 00 00 00 00 00
08C8: 00 00 00 00 00 00 00 00
08D0: 20 58 FC A9 C2 20 ED FD
08D8: A9 01 20 DA FD A9 AD 20
08E0: ED FD A9 00 20 DA FD 60
08E8: 00 00 00 00 00 00 00 00
08F0: 00 00 00 00 00 00 00 00
08F8: 00 00 00 00 00 00 B6 09
Get Boot2:
9600<C600.C6FFM
96F8:A9 4C 8D 4A 08 A9 59 8D 4B 08 A9 FF 8D 4C 08 4C 01 08
9600G
The result:
B700: 8E 94 B7 8E A2 B7 86 09
B708: 8A 4A 4A 4A 4A AA 09 C0
B710: 8D 57 B7 A9 00 9D 78 04
B718: 8D F4 03 A9 02 85 08 A9
B720: 4C A2 01 DD 80 C0 CD 00
B728: E0 F0 05 CA 10 F5 30 25
B730: A9 B7 A0 93 20 00 BD B0
B738: 1C EE 98 B7 EE 9C B7 C6
B740: 08 D0 ED A9 01 8D 97 B7
B748: A9 00 85 00 A9 60 85 01
B750: CE 9F B7 F0 14 4C 00 C6
B758: A9 B7 A0 93 20 00 BD B0
B760: F4 20 00 0C B0 EF EE 97
B768: B7 AE 97 B7 BD 96 0D 85
B770: 0A A5 01 C9 96 90 E1 A9
B778: 58 85 36 A9 FC 85 37 A9
B780: 8A 85 38 A9 B7 85 39 4C
B788: 00 E0 20 89 FE 20 93 FE
B790: 4C B1 7A 01 60 01 00 00
B798: 0A A4 B7 00 0C 00 00 01
B7A0: 00 00 60 01 00 01 EF D8
B7A8: 00 00 00 00 00 00 00 00
B7B0: 00 00 00 00 00 00 00 00
B7B8: 00 00 00 00 00 00 00 00
B7C0: 00 00 00 00 00 00 00 00
B7C8: 00 00 00 00 00 00 00 00
B7D0: 00 00 00 00 00 00 00 00
B7D8: 00 00 00 00 00 00 00 00
B7E0: 00 00 00 00 00 00 00 00
B7E8: 00 00 00 00 00 00 00 00
B7F0: 00 00 00 00 00 00 00 00
B7F8: 00 00 00 00 00 00 00 00
IOB table at $B793 points to:
T0/SA at $0C00
Get Boot3:
9600<C600.C6FFM
96F8:A9 4C 8D 4A 08 A9 00 8D 4B 08 A9 B5 8D 4C 08 4C 01 08
B500:A9 00 8D 61 B7 4C 00 B7
9600G
0C00: A6 09 BD 89 C0 A0 20 84
0C08: 08 C8 D0 07 E6 08 D0 03
0C10: 4C DD 0C BD 8C C0 10 FB
0C18: C9 D5 D0 ED EA BD 8C C0
0C20: 10 FB C9 AA D0 F2 A0 00
0C28: BD 8C C0 10 FB C5 0A D0
0C30: E7 20 DF 0C 99 00 20 20
0C38: DF 0C 99 00 21 20 DF 0C
0C40: 99 00 22 20 DF 0C 99 00
0C48: 23 20 DF 0C 99 00 24 20
0C50: DF 0C 99 00 25 20 DF 0C
0C58: 99 00 26 20 DF 0C 99 00
0C60: 27 20 DF 0C 99 00 28 20
0C68: DF 0C 99 00 29 20 DF 0C
0C70: 99 00 2A 20 DF 0C 99 00
0C78: 2B 20 DF 0C 99 00 2C 20
0C80: DF 0C 99 00 2D 20 DF 0C
0C88: 99 00 2E 20 DF 0C 99 00
0C90: 2F 20 DF 0C 99 00 30 20
0C98: DF 0C 99 00 31 20 DF 0C
0CA0: 99 00 32 20 DF 0C 99 00
0CA8: 33 20 DF 0C 99 00 34 C8
0CB0: F0 03 4C 31 0C BD 8C C0
0CB8: 10 FB 99 00 35 C8 C0 5A
0CC0: 90 F3 BD 8C C0 10 FB C9
0CC8: AA D0 12 BD 8C C0 10 FB
0CD0: C9 D5 D0 09 BD 8C C0 10
0CD8: FB C5 0A F0 08 38 60 BD
0CE0: 8C C0 10 FB 60 BD 88 C0
0CE8: A2 00 BD 96 0D A8 8A 99
0CF0: 00 35 E8 E0 40 90 F3 A9
0CF8: 00 85 02 A9 20 85 03 A9
0D00: 00 85 04 A9 30 85 05 A0
0D08: 00 84 0B 84 0C 84 0D A9
0D10: 03 85 08 A2 00 A1 04 AA
0D18: BD 00 35 85 06 B1 02 AA
0D20: BD 00 35 0A 0A 85 07 A9
0D28: 03 25 06 05 07 91 00 18
0D30: 65 0B 85 0B 90 06 E6 0C
0D38: D0 02 E6 0D 46 06 46 06
0D40: C8 D0 0A E6 01 E6 03 A5
0D48: 03 C9 30 B0 11 C6 08 D0
0D50: CC A9 03 85 08 E6 04 D0
0D58: BA E6 05 4C 13 0D A0 03
0D60: B9 56 35 AA BD 00 35 99
0D68: 56 35 88 10 F3 6E 59 35
0D70: 2E 57 35 6E 59 35 2E 57
0D78: 35 6E 59 35 2E 56 35 6E
0D80: 59 35 2E 56 35 A0 02 B9
0D88: 0B 00 D9 56 35 D0 05 88
0D90: 10 F5 18 60 38 60 FF FE
0D98: FD FC FB FA F9 F7 F6 F5
0DA0: F4 F3 F2 EF EE ED EC EB
0DA8: EA E9 E7 E6 E5 DF DE DD
0DB0: DC DB DA D9 D7 D6 D3 CF
0DB8: CE CD CB BF BE BD BC BB
0DC0: BA B9 B7 B6 B5 B4 B3 B2
0DC8: AF AE AD AC AB A7 A6 9F
0DD0: 9E 9D 9B 9A 97 96 00 00
0DD8: 00 00 00 00 00 00 00 00
0DE0: 00 00 00 00 00 00 00 00
0DE8: 00 00 00 00 00 00 00 00
0DF0: 00 00 00 00 00 00 00 00
0DF8: 00 00 00 00 00 00 00 00
Get Boot3 w/o executing the call to $0C00 (hence the BIT):
9600<C600.C6FFM
96F8:A9 4C 8D 4A 08 A9 00 8D 4B 08 A9 B5 8D 4C 08 4C 01 08
B500:A9 2C 8D 61 B7 A9 00 8D 65 B7 A9 4C 8D 77 B7 A9 59 8D 78 B7 A9 FF 8D 79 B7 4C 00 B7
9600G
$0C00 reads nibbles and decodes them at $6000+
Get Boot3:
9600<C600.C6FFM
96F8:A9 4C 8D 4A 08 A9 00 8D 4B 08 A9 B5 8D 4C 08 4C 01 08
B500:A9 4C 8D 77 B7 A9 59 8D 78 B7 A9 FF 8D 79 B7 4C 00 B7
9600G
The call at $0C00 must be kept because it sets data used later on
Memory usage - Final
$0C00..$0DFF 02
$2000..$35FF 16
$6000..$9FFF (even less because code is relocated)
$B600..$BFFF RWTS
Memory usage - Load
$0C00..$0DFF 02 which loads...
$2000..$35FF 16 which unpacks to...
$6000..$6FFF 10
Then program reads data at:
$7000..$9FFF 30
The entry point to the game is $7AB1. It is called at $B78A.
|
How to normalize
Once you have everything in memory. Copy $6000..$9FFF on T1-T4.
Then, put or re-use the RWTS on T0 and make load modifications as I did, see T0/S1.
The disk image is available at http://www.brutaldeluxe.fr/crack/
Reboot and... enjoy,
LoGo
7/2019 |
|
| Revenir en haut de page |
|
 |
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3062
Localisation: Le Chesnay, France
|
| Posté le: Jeu 11 Juil 2019, 19:18 Sujet du message: |
|
|
Boot 1 code on T0/S0 at $800:
| Code: |
*
* Frontline
* (c) 1982, subLOGIC
* (k) 2019, LoGo
*
mx %11
org $800
lst off
*----------------------------
INIT EQU $FB2F
SETKBD EQU $FE89
SETVID EQU $FE93
*----------------------------
HEX 01
L0801 LDA $27
CMP #$09
BNE L081F
LDA $2B
LSR
LSR
LSR
LSR
ORA #$C0
STA $3F
LDA #$5C
STA $3E
CLC
LDA L08FD+1
ADC L08FF
STA L08FD+1
L081F LDX L08FF
BMI L0839
LDA L084D,X
STA $3D
DEC L08FF
LDA L08FD+1
STA $27
DEC L08FD+1
LDX $2B
JMP ($003E)
L0839 INC L08FD+1
INC L08FD+1
JSR SETKBD
JSR SETVID
JSR INIT
LDX $2B
JMP (L08FD)
L084D HEX 000D0B09070503010E0C0A080604020F
HEX 002064A7B008A900A88D5DB69140ADC5
HEX B54CD2A6AD5DB6F008EEBDB5D003EEBE
HEX B5A9008D5DB64C46A58DBCB520A8A620
HEX EAA24C7DA2A013B142D014C8C017D0F7
HEX A019B14299A4B5C8C01DD0F64CBCA6A2
HEX FF8E5DB6D0F600000000000000000000
HEX 00000000000000000000000000000000
HEX 0000002058FCA9C220EDFDA90120DAFD
HEX A9AD20EDFDA90020DAFD600000000000
HEX 00000000000000000000000000000000
L08FD DA $B600
L08FF HEX 09
|
|
|
| Revenir en haut de page |
|
|
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3062
Localisation: Le Chesnay, France
|
| Posté le: Jeu 11 Juil 2019, 19:18 Sujet du message: |
|
|
Boot 2 code (T0/S1) at $B700 (part of a standard RWTS):
| Code: |
*
* Frontline
* (c) 1982, subLOGIC
* (k) 2019, LoGo
*
mx %11
org $b700
lst off
*----------------------------
PWREDUP EQU $03F4
SETKBD EQU $FE89
SETVID EQU $FE93
*----------------------------
LB700 STX LB794
STX LB7A2
STX $09
TXA
LSR
LSR
LSR
LSR
TAX
ORA #$C0
STA LB755+2
LDA #$00
STA $0478,X
STA PWREDUP
LDA #$02
STA $08
LDA #$4C
LDX #$01
LB723 CMP $C080,X
CMP $E000
BEQ LB730
DEX
BPL LB723
BMI LB755
*--- Read T0/SA, 2 sectors at $0C00
LB730 LDA #>LB793
LDY #<LB793
JSR $BD00
BCS LB755
INC LB798
INC LB79B+1
DEC $08
BNE LB730
*--- Move to T1, RAM at $6000
LDA #$01
STA LB797
LDA #$00
STA $00
LDA #$60
STA $01
DEC LB79F
BEQ LB769
LB755 JMP $C600
LB758 LDA #>LB793 ; read
LDY #<LB793
JSR $BD00
BCS LB755
JSR $0C00 ; read nibbles
BCS LB755
INC LB797
LB769 LDX LB797
LDA $0D96,X ; the variable marker
STA $0A
LDA $01
CMP #$96
BCC LB758
LDA #$58 ; this is home
STA $36
LDA #$FC
STA $37
LDA #<LB78A ; next step
STA $38
LDA #>LB78A
STA $39
JMP $E000 ; go to BASIC
LB78A JSR SETKBD
JSR SETVID
JMP $7AB1 ; and jump to game
LB793 DB $01
LB794 DB $60
DB $01
DB $00
LB797 DB $00
LB798 DB $0A
DA LB7A4
LB79B DA $0C00
DB $00
DB $00
LB79F DB $01
DB $00
DB $00
LB7A2 DB $60
DB $01
LB7A4 DB $00
DB $01
DB $EF
DB $D8
DS $58
|
|
|
| Revenir en haut de page |
|
|
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3062
Localisation: Le Chesnay, France
|
| Posté le: Jeu 11 Juil 2019, 19:19 Sujet du message: |
|
|
Boot 3 code (T0/SA-SB) at $0C00..$0DFF. The part of the protection.
| Code: |
*
* Frontline
* (c) 1982, subLOGIC
* (k) 2019, LoGo
*
mx %11
org $c00
lst off
*----------------------------
L0C00 LDX $09 ; turn drive on
LDA $C089,X
LDY #$20 ; retries
STY $08
L0C09 INY
BNE L0C13
INC $08
BNE L0C13
JMP L0CDD
L0C13 LDA $C08C,X ; read header
BPL L0C13
L0C18 CMP #$D5
BNE L0C09
NOP
L0C1D LDA $C08C,X
BPL L0C1D
CMP #$AA
BNE L0C18
LDY #$00
L0C28 LDA $C08C,X
BPL L0C28
CMP $0A ; variable marker
BNE L0C18
L0C31 JSR L0CDF ; read nibbles
STA $2000,Y
JSR L0CDF
STA $2100,Y
JSR L0CDF
STA $2200,Y
JSR L0CDF
STA $2300,Y
JSR L0CDF
STA $2400,Y
JSR L0CDF
STA $2500,Y
JSR L0CDF
STA $2600,Y
JSR L0CDF
STA $2700,Y
JSR L0CDF
STA $2800,Y
JSR L0CDF
STA $2900,Y
JSR L0CDF
STA $2A00,Y
JSR L0CDF
STA $2B00,Y
JSR L0CDF
STA $2C00,Y
JSR L0CDF
STA $2D00,Y
JSR L0CDF
STA $2E00,Y
JSR L0CDF
STA $2F00,Y
JSR L0CDF
STA $3000,Y
JSR L0CDF
STA $3100,Y
JSR L0CDF
STA $3200,Y
JSR L0CDF
STA $3300,Y
JSR L0CDF
STA $3400,Y
INY
BEQ L0CB5
JMP L0C31
L0CB5 LDA $C08C,X ; the denibblize table
BPL L0CB5
STA $3500,Y
INY
CPY #$5A
BCC L0CB5
L0CC2 LDA $C08C,X ; epilog markers
BPL L0CC2
CMP #$AA
BNE L0CDD
L0CCB LDA $C08C,X
BPL L0CCB
CMP #$D5
BNE L0CDD
L0CD4 LDA $C08C,X
BPL L0CD4
CMP $0A
BEQ L0CE5
L0CDD SEC
RTS
L0CDF LDA $C08C,X
BPL L0CDF
RTS
*--- Now, decode the nibbles
L0CE5 LDA $C088,X
LDX #$00
L0CEA LDA L0D96,X
TAY
TXA
STA $3500,Y
INX
CPX #$40
BCC L0CEA
LDA #$00 ; $2000
STA $02
LDA #$20
STA $03
LDA #$00 ; $3000
STA $04
LDA #$30
STA $05
LDY #$00
STY $0B
STY $0C
STY $0D
LDA #$03
STA $08
L0D13 LDX #$00
LDA ($04,X)
TAX
LDA $3500,X
STA $06
L0D1D LDA ($02),Y
TAX
LDA $3500,X
ASL
ASL
STA $07
LDA #$03
AND $06
ORA $07
STA ($00),Y
CLC
ADC $0B
STA $0B
BCC L0D3C
INC $0C
BNE L0D3C
INC $0D
L0D3C LSR $06
LSR $06
INY
BNE L0D4D
INC $01
INC $03
LDA $03
CMP #$30
BCS L0D5E
L0D4D DEC $08
BNE L0D1D
LDA #$03
STA $08
INC $04
BNE L0D13
INC $05
JMP L0D13
*--- Checksum please
L0D5E LDY #$03
L0D60 LDA $3556,Y
TAX
LDA $3500,X
STA $3556,Y
DEY
BPL L0D60
ROR $3559
ROL $3557
ROR $3559
ROL $3557
ROR $3559
ROL $3556
ROR $3559
ROL $3556
LDY #$02
L0D87 LDA |$000B,Y
CMP $3556,Y
BNE L0D94
DEY
BPL L0D87
CLC ; OK
RTS
L0D94 SEC ; KO
RTS
*--- The variable marker table
L0D96 HEX FFFEFDFCFBFAF9F7F6F5F4F3F2EFEEED
HEX ECEBEAE9E7E6E5DFDEDDDCDBDAD9D7D6
HEX D3CFCECDCBBFBEBDBCBBBAB9B7B6B5B4
HEX B3B2AFAEADACABA7A69F9E9D9B9A9796
HEX 00000000000000000000000000000000
HEX 00000000000000000000000000000000
HEX 00000000000000000000
|
|
|
| Revenir en haut de page |
|
|
|
|
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum
|
|
FAQ 
Rechercher 
Liste des Membres 
Groupes d'utilisateurs
S'enregistrer
Profil 
Se connecter pour vérifier ses messages privés 
Connexion 
