mort@ihuxn.UUCP (Dubman) (03/12/84)
Sending MAIL directly is has been giving me problems, so I am posting this
letter on the net. It may be of interest to other Apple owners.
I use the Net only on weekends, and I didn't bring the specs on protecting a
disk... I'll bring them next week and post the info on how to put a decent
protection on an Apple DOS 3.3 disk that will give a lot of copiers a bit of
trouble.
In response to your other question: You have an unbroken disk which you would
like to put in a normal 3.3 format; the program only accesses the disk once.
Here is basically how to do it: Here is what you need:
64K Apple II Plus or Apple IIe (Apple II Plus must have the 16K card)
One disk drive.
Somebody who has an old Integer-BASIC Apple II from before about 1980
that has an old "Monitor Rom" - the old version of the Apple's ROM.
You know an Apple II has a monitor ROM if it says "APPLE ][" on the
top with no green "PLUS" below it AND if you go into BASIC and try
pressing ESC I - if it moves the cursor up, it is not the right kind
of ROM.
Any old tape recorder, a blank tape, and the proper cables to connect
the recorder to the back of the Apple II as specified in the manuals.
Well, the old Apple IIs with the Monitor Rom are pretty scarce (I've got
a friend with a 1978 Apple who lent me the ROMs) But, if you can find one,
here is what to do:
0. Boot up your protected disk and Press reset. If it goes into BASIC, then
CALL- 151 and skip to step 7. Otherwise...
1. Go to the Apple II with the Monitor Rom (Let's call it the Old Apple)
and boot a normal 3.3 disk. Then do the following command:
BSAVE MONITOR ROM,A$F800,L$800 (from $F800 to $FFFF)
onto one of your disks. That is IT for the Old Apple.
2. Boot up the SYSTEM MASTER 3.3 on your New Apple. Make sure it loads
INTEGER BASIC into the machine as it should on a 64K machine.
3. With the SYSTEM MASTER in the drive, do the following commands:
FP
BLOAD FPBASIC,A$6000
LOAD HELLO
BLOAD MONITOR ROM,A$8800 (insert your disk)
BSAVE INTBASIC,A$6000,L$3000 (on your disk)
RUN (should load in the file
INTBASIC into the upper 16K)
CALL -151
$C083 (turns on RAM card)
$C083 (gotta do it twice)
Now try RESET and - presto - you are still in the Monitor! (I hope)
4. Hook up the tape recorder, plug in all the cables: Cassette IN,OUT
5. Boot your commercial disk that you want to break and pray that it does
not use the upper 16K or demolish it.
6. Wait until it loads everything in and just then press RESET and go into the
Monitor - if it hangs, the author has pulled a fast one with the 16K. If
it reboots, just keep hitting RESET until it goes into basic, then
CALL -151 to go into the monitor.
7. Hope that the program starts at $800 and you haven't eliminated part of it
by typing something in (messes up the keyboard buffer, $200-$2FF) or the
text screen ($400-$7FF or so) and do the following command:
800.BFFFW (it should work like it does in the Apple II reference manual)
Which assumes you have pressed RECORD-PLAY on the tape recorder and have
all the cables hooked up.
Now the cassette can give you a LOT of trouble - I junked mine when I got a
disk drive in '81. You've gotta have a good tape recorder, a great tape, and
a lot of luck for it to work, but if it gives you a beep and sits there for
ten minutes or whatever, then gives another beep and a *, then...
8. Boot up a normal 3.3 disk and CALL -151, press play on recorder, and
800.BFFFR
If it says ERR, then try changing the volume, checking the cables; if that
doesn't work, give it some time, sleep on it, forget it ever happened, and
buy a FLASHCARD or WILDCARD for $100, or, try boot-tracing the disk, which
is pretty nasty.
9. Assuming it works, BSAVE PROGRAM,A$800,L$7FFF
BSAVE PROGRAM2,A$8000,L$1600
10. Somewhere in that mess, which is probably mostly empty, is your program,
which you can search out and BSAVE in one file.
Good luck...
800.BFFFR
--
Jonathan Dubman - care of:
Mort Dubman AT&T Bell Laboratories
ihnp4!ihuxn!mort Naperville, IL.dudek@utcsrgv.UUCP (Gregory Dudek) (03/13/84)
It looks to me like your disk "backup" method will only work
on the simper protection schemes.
For those of you who missed the lead-in article, it outlined
saving a memory image of a "locked" program by using the built-in
tape read/write code. The method for getting control of the Apple
was to re-route the RESET vector via the language card so that
you could use the monitor to capture the program.
At least, this was my understanding.
The problem seems to be that:
a) most well protected software uses a multi-stage boot (I
would still call this "single disk access" loading), and
the first stage often disables the language card.
b) Some protected software keeps code "behind" the keyboard
buffer so that typing things destroys it.
(i.e. when you trys to type in the tape save command.)
One method the "crackers" use to deal with software that
does these "neat" things is called "boot trace cracking". This
involves copying the bootstrap ROM code (at c600) and making it
branch back to the monitor after the first phase of boot, instead
of to the loaded code (at 0x0800). This procedure is then
repeated for each phase of the boot.
To make this difficult for them, intermediate sections of the
code can be loaded at the monitors keyboard in buffer, or into
the screen buffer so then then control returns to the monitor, it
automatically erases the offending code.
Gregory Dudek
{cornell,decvax,ihnp4,linus,utzoo,uw-beaver}!utcsrgv!dudek
--
Gregory Dudek
{cornell,decvax,ihnp4,linus,utzoo,uw-beaver}!utcsrgv!dudek