Image Map Image Map
Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Removing the need to run off floppy disk

  1. #11

    Default

    I did a little checking today. The game will run off the original disks whether they are in the A or B drive; it checks the A drive first and then the B drive. The game will not run off a copy of the original disk or off the hard drive if the original disk is not in either of the floppy drives. Interesting to note there is no message sent to the screen if the original disk is not present.

    Since there seems to be no CD 13 instruction in the EXE file, is there another instruction I can search for? What if they do a direct read of the disk and do not use the BIOS INT routine?

    Thanks...Joe

  2. #12
    Join Date
    Jan 2007
    Location
    Pacific Northwest, USA
    Posts
    27,839
    Blog Entries
    20

    Default

    Look for the byte string F2 03 (the FDC control register is at port 03F2). F4 03 and F5 03 are also candidates. You should disassemble around there and see what you get.

  3. #13
    Join Date
    Aug 2006
    Location
    Chicagoland, Illinois, USA
    Posts
    5,220
    Blog Entries
    1

    Default

    "How to crack games" is not something I would recommend trying to teach a beginner to the subject on a forum... it would take months of back and forth. If he's not seeing "CD 13" in the executable, and if the reason is accessing port 03f2, then who knows which copy-protection he has. It could be simple, and reversing a conditional jump could do the trick... or it could be something really nasty, like an encrypted executable where the decryption key is steganographically hidden in the GAP bytes, sync pulses, etc.

    Grandcheapskate, in this day and age, over a hundred people have spent 30 years removing the protection from software; if you spend 10 minutes poking around the web, you'll find an unprotected copy you can use. You're not breaking any laws to grab such a copy because you can prove you own the originals.
    Offering a bounty for:
    - The software "Overhead Express" (doesn't have to be original, can be a copy)
    - A working Sanyo MBC-775
    - Documentation and original disks for: Panasonic Sr. Partner, Zenith Z-160 series
    - Music Construction Set, IBM Music Feature edition (has red sticker on front stating IBM Music Feature)

  4. #14

    Default

    Here's a couple of patches:

    (The first MEAN18 unprotect, for the original CGA version)


    ************************************************** ************
    =======================
    | MEAN18 -- Unprotect |
    =======================


    +-----------------------------------------------------------------------------+
    | |
    | This patch is intended to be used so that you to create BACKUP copies |
    | in case you damage your original. Also if you want to run the program |
    | from your hard drive you will not need the original disk in drive "A:" |
    | |
    +-----------------------------------------------------------------------------+
    | |
    | First FORMAT a floppy. Copy ALL programs (GOLF.EXE /GOLF.DAT /ARCH.EXE |
    | /ARCH.DAT /BUSHHILL.M18 ). |
    | |
    | To unprotect MEAN18 using Norton Utility (NU.COM) or whatever other file |
    | oriented utility you may have. |
    | |
    | Starting with GOLF.EXE -- on the beginning of the last cluster of the |
    | file (Second from last sector in the file) starting at byte 161 Decimal |
    | (Should be CD) going through byte 220 Decimal (Should be 41) NOP all |
    | bytes. A NOP instruction is 90 (Hex). Write changes to disk -- Now |
    | GOLF.EXE will execute from the floppy and won't keep from checking for |
    | the master disk in drive A:.... |
    | |
    | To unprotect ARCH.EXE it is basically the same procedure. The bytes to |
    | change are in the first sector of the last cluster (Second from the end |
    | of file). Starting at byte 42 Decimal (Should be a CD) going through |
    | byte 101 Decimal (Should be a 41) NOP all bytes. |
    | |
    | Otherwise you can find the bytes by selecting the file and searching for |
    | bytes CD 13 (INT 13 ;Reads the disk) -- then search for 3C 41 (CMP 41 |
    | ;This is what they are comparing for before they will load the program). |
    | The first CD and the last 41 will be the bytes you will change to NOP's |
    | (90 Hex) in both ".EXE" files. |
    | |
    +-----------------------------------------------------------------------------+


    ************************************************** **************


    (The second MEAN18 unprotect, for the original EGA version)


    ************************************************** **************


    Unprotect for Mean 18 Golf EGA Version (IBM PC)

    BE SURE TO BACKUP YOUR MEAN 18 GOLF DISK BEFORE STARTING AND USE THE
    BACK UP FOR THE UNPROTECT. THIS WAY IF SOMETHING GOES WRONG THEN YOU
    ARE NOT OUT A GOLF GAME..........


    First you should rename the file golf.exe to golf


    C>rename golf.exe golf


    Next Load golf into debug...


    C>debug golf


    Then Follow the sample debug session:


    -e d91d : Edit the contents of address d91d


    XXXX:d91d 9A. : Should appear
    : If 9A does not appear.. press enter and
    : quit immediately. Your version is not
    : the same as mine.


    Now type "EB" then press the SPACE bar.


    XXXX:d91d 9A.eb 3B. : Should appear
    : If 3B does not appear.. press enter and
    : quit immediately.


    Now type "1E" then press the ENTER key.


    Now write the new golf game back to the disk:


    -w <Enter>


    Writing XXXXX bytes


    Then Quit Debug:


    -q <Enter>


    Now it is time to rename GOLF back to GOLF.EXE


    C>ren golf golf.exe


    Now try to run the new (Hopefully) unprotected version Of Mean 18 Golf


    C>golf
    ------------------------------------------------------------------
    ☀☀☀ Visit Take Another Step for both computer and non-computer related discussions. ☀☀☀

    If you're looking for DS/DD or DS/HD 3" or 5" floppy disks, PM me. I've got some new, used, and factory over-labeled disks for sale.

    There is a crack in everything. That's how the light gets in. -- Leonard Cohen

  5. #15

    Default

    Hi
    Marking a track as bad would cause a normal copy program to not copy that track. I recall seeing such a simple protections once. Most copy programs would not copy tracks marked as bad.
    There are many tricks that may have been used. One even had a hole in the disk at a particular position. Hiding things between sectors was one of the tricks. This could be an encryption key. To make it tougher to hack, it might refer to it several times during the play of the game.
    Another trick is that the timing of the index hole is not important to soft sectored once the track is formatted. When a disk is formatted, even for different interleaving, it is always started at the beginning from the index mark. Shifting the index timing could be used. It would be hard to copy because a typical formatted disk would have a normal offset.
    Of course, the encrypted one could be the hardest to defeat.
    Dwight

  6. #16
    Join Date
    Jan 2007
    Location
    Pacific Northwest, USA
    Posts
    27,839
    Blog Entries
    20

    Default

    There are about as many ways to copy-protect a floppy disk as there are programs that use them. My favorite was to add a duplicate "extra sector" on a track. If you issued a read for the same sector twice in quick succession, you could check to see if the data returned was different. Formatting with different information in the sector header was one of the earliest--i.e. using, say, 42 for the side ID.

  7. #17

    Default

    Quote Originally Posted by Stone View Post
    Here's a couple of patches:
    Thanks Stone for posting those patches.

    The first patch (CGA) is the one I have previously tried and did not work. I tried the second patch (EGA) and did not get same value at offset d91d as the example.

    The box indicates the version I have is the "New! Hercules MGA Version" with the 16 color EGA version for the Tandy 1000 and PC jr.

    This exercise was something I thought would only take me a couple minutes since I had an example of the changes which needed to be made. Obviously it is more involved than I thought.

    Thanks...Joe

  8. #18

    Default

    Here's another:

    Unprotect for Mean 18 Golf (IBM PC)




    BE SURE TO BACKUP YOUR MEAN 18 GOLF DISK BEFORE STARTING AND USE THE
    BACK UP FOR THE UNPROTECT. THIS WAY IF SOMETHING GOES WRONG THEN YOU
    ARE NOT OUT A GOLF GAME..........


    First you should rename the file golf.exe to golf


    C>rename golf.exe golf


    Next Load golf into debug...


    C>debug golf


    Then Follow the sample debug session:


    -e c67f : Edit the contents of address c67f


    3ADA:C67F 9A. : Should appear
    : If 9A does not appear.. press enter and
    : quit immediately.


    Now type "EB" then press the SPACE bar.


    3ADA:C680 E4. : Should appear
    : If E4 does not appear.. press enter and
    : quit immediately.


    Now type "1E" then press the ENTER key.


    Now write the new golf game back to the disk:


    -w <Enter>


    Writing XXXXX bytes


    Then Quit Debug:


    -q <Enter>


    Now it is time to rename GOLF back to GOLF.EXE


    C>ren golf golf.exe


    Now try to run the new (Hopefully) unprotected version Of Mean 18 Golf


    C>golf


    
    ☀☀☀ Visit Take Another Step for both computer and non-computer related discussions. ☀☀☀

    If you're looking for DS/DD or DS/HD 3" or 5" floppy disks, PM me. I've got some new, used, and factory over-labeled disks for sale.

    There is a crack in everything. That's how the light gets in. -- Leonard Cohen

  9. #19

    Default

    And still another...

    Here's how to unprotect MEAN 18 3-29-88 version so it runs on your hard disk:
    disk:


    1) Use DOS to copy your MEAN 18 disk to a hard disk subdirectory.
    Make it the current directory.


    2) Put your diskette away (you won't need it anymore).




    ********* Unprotect GOLF.EXE 3-29-88 *********




    3) RENAME GOLF.EXE GOLF.ZAP


    4) DEBUG GOLF.ZAP
    -R (hit enter) (Record value of CS register and add 1000h to it
    to come up with XXXX as used below. For example,
    if CS=2100, then use 3100 for XXXX).


    -U XXXX:4FE3 (You should see E8 AE 00 59 C6 06 0A 00 10. If you
    don't, it's a different version).


    -A XXXX:4FE3
    XXXX:4FE3 NOP
    XXXX:4FE4 NOP
    XXXX:4FE5 NOP
    XXXX:4FE6 (hit enter)


    -A XXXX:4FEC
    XXXX:4FEC NOP
    XXXX:4FED NOP
    XXXX:4FEE NOP
    XXXX:4FEF (hit enter)


    -A XXXX:4FF2
    XXXX:4FF2 JMP 4FFF
    XXXX:4FF4 (hit enter)


    -A XXXX:500A
    XXXX:500A NOP
    XXXX:500B NOP
    XXXX:500C NOP
    XXXX:500D JMP 505A
    XXXX:500F (hit enter)


    -W
    (Writing 15D1F bytes)


    -Q


    5) RENAME GOLF.ZAP GOLF.EXE




    ********* Unprotect ARCH.EXE 3-29-88 *********




    6) RENAME ARCH.EXE ARCH.ZAP


    7) DEBUG ARCH.ZAP
    -U BD9A (You should see E8 AE 00 59 C6 06 0A 00 10. If you
    don't, it's a different version).


    -A BD9A
    ????:BD9A NOP
    ????:BD9B NOP
    ????:BD9C NOP
    ????:BD9D (hit enter)


    -A BDA3
    ????:BDA3 NOP
    ????:BDA4 NOP
    ????:BDA5 NOP
    ????:BDA6 (hit enter)


    -A BDA9
    ????:BDA9 JMP BDB6
    ????:BDAB (hit enter)


    -A BDC1
    ????:BDC1 NOP
    ????:BDC2 NOP
    ????:BDC3 NOP
    ????:BDC4 JMP BE11
    ????:BDC6 (hit enter)


    -W
    (Writing C1DF bytes)


    -Q


    8 ) RENAME ARCH.ZAP ARCH.EXE


    9) TYPE "GOLF" (or "ARCH" for MEAN 18 Course Architect) and ENJOY!
    ☀☀☀ Visit Take Another Step for both computer and non-computer related discussions. ☀☀☀

    If you're looking for DS/DD or DS/HD 3" or 5" floppy disks, PM me. I've got some new, used, and factory over-labeled disks for sale.

    There is a crack in everything. That's how the light gets in. -- Leonard Cohen

  10. #20

    Default

    Thank you Stone! The last set of zaps did the trick. I can now run both programs off the hard drive.

    Just for my education I will have to look at the code which was NOPed to see what it did.

    Thanks to all...Joe

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •