V2071A@TEMPLEVM.BITNET ("George A. Piotrowski Jr.") (09/08/89)
Since the fervor over the Deprotech of Xenocide and the different versions
of the program, I thought I would pass this on to the net. I picked it
up off Compu$erve last night. Remember, this is only for Archival
purposes. Not to be used for illegal purposes.
--------------------------------------------------------------------------
Deprotecting Xenocide from Micro Revelations
By Brian A. Troha
REQUIREMENTS:
512K Apple//GS
3.5" disk copier
3.5" disk editor
Xenocide is a good GS game with nice sound and above average
playability. However the game has one MAJOR drawback and that is its
copy protection (CP):
I was told that I couldn't remove the CP due to it's 50 checks and
it is so tricky that you think you have the krack, but later in the
game it fails. This was as good a reason as any to krack the program!
The protection is as follows: When the CP routine is called it will
do the following: First, it scans for the smartport ID bytes and when
found calculates the smartport dispatch address. It then stores this
address in an extended STATUS and extended READ call routine. Then
the program uses FWEntry (FirmWare Entry) tool call (tool call #2403)
to make the calls. All data is read in starting at 01/2000.
When the status call is made, it checks the DIB (Device Information
Block) by comaparing 01/2016 to 01 and 01/2017 to C0 to make sure you
are using an Apple 3.5" disk and not a Unidisk (the CP is not
compatible with the 3.5" Unidisk, yet another reason for deprotecting
the program). The extended READ routine would read $C bytes into
01/2000 and then compare 01/200A to 08, this would only pass on the
original. The CP routine is trying to read the Mac "tag bytes" for
Block $4E1. Using Copy ][+ v8+ in the 3.5" sector editor, load in
block $4E1 off an original and you'll see the the eleventh byte is 08.
If all the calls would pass 02/62DB would come out to 1E46 and this
is checked later in the game. Also there are check to see if you
placed a RTL at the begining of the disk read routines and the "Insert
Master...." routines.
The following edits will completly remove the CP and allow you to
upload the game to your hard drive WITHOUT having to have the 3.5"
disk in the drive at all times like the original requires you to.
Although I don't have a way to check, but the deprotected copy should
work with the 3.5" Unidisk as the program uses normal ProDOS calls
(other than the CP) during the game.
Using cheats (provided at the end of this article) I was able to
play the whole game to the end three times and I found no problems
what so ever, so this one is done.
NOTE: There are atleast TWO versions of Xenocide released by the
MR, the way to tell them apart are:
Version "A": 128 blocks, Dated 23-JUL-89 11:35 64996 bytes long.
Version "B": 129 blocks, Dated 13-APR-89 19:18 65085 bytes long.
Use the CATALOG command (or Copy ][+ catalog with file length) and
check under the created column.
Micro Revelations says this is a KEY DISK copy protection, to which
I say, KEY DISK means you only need to have the original in the drive
after the initial load and it's checked once. At that time you may
remove it an store it away until the next time you want to run the
program. This copy protection is NOT like that, so it's a very
annoying copy protection and NOT a key disk system.
Anyways:
1. Make a copy of the Xenocide game disk
2. Make the following edits to a COPY (by version):
Any block editor ProSEL ([F]ollow
/XENOCIDE/XENO.SYS16)
BLOCK BYTE FROM TO REL BLK REL BYTES
---------------------------------------------------------
$7 $150 22 6F 09 00 AF 6F 09 00 1 $150
$154 90 0C 80 0A $154
$156 22 6F 09 00 AF 6F 09 00 $156
$15A 90 06 80 04 $15A
$15C 22 81 1D 00 AF 81 1D 00 $15C
$160 80 EE EA 18 $160
$44 $E2 00 00 46 1E 61 $78E2
$E7 A9 00 00 A9 46 1E $78E7
$45 $B 22 6F 09 00 AF 6F 09 00 62 $7A0B
$F 90 0C 80 0A $7A0F
$11 22 04 00 00 AF 04 00 00 $7A11
$15 90 06 80 04 $7A15
$17 22 81 1D 00 AF 81 1D 00 $7A17
$1B 80 EE EA 18 $7A1B
$4B 15F F0 01 60 EA EA EA 68 $875F
$62 $172 22 04 00 00 AF 04 00 00 91 $B572
$176 90 0C 80 0A $B576
$178 22 04 00 00 AF 04 00 00 $B578
$17C 90 06 80 04 $B57C
$17E 22 81 1D 00 AF 81 1D 00 $B57D
$182 80 EE EA 18 $B582
$6A $17C D0 27 EA EA 99 $C57C
$63D $65 8F 06 00 00 AF 06 00 00 125 $F865
For version B:
BLOCK BYTE FROM TO REL BLK REL BYTES
---------------------------------------------------------
$8 $155 22 72 09 00 AF 72 09 00 1 $155
$159 90 0C 80 0A $159
$15B 22 72 09 00 AF 72 09 00 $15B
$15F 90 06 80 04 $15F
$161 22 8B 1D 00 AF 8B 1D 00 $161
$165 80 EE EA 18 $165
$44 $FC 00 00 46 1E 61 $78FC
$101 A9 00 00 A9 46 1E $7901
$45 $25 22 72 09 00 AF 72 09 00 62 $7A25
$29 90 0C 80 0A $7A29
$2B 22 04 00 00 AF 04 00 00 $7A2B
$2F 90 06 80 04 $7A2F
$31 22 8B 1D 00 AF 8B 1D 00 $7A31
$35 80 EE EA 18 $7A35
$4B $179 F0 01 60 EA EA EA 68 $8779
$5F $18C 22 04 00 00 AF 04 00 00 91 $B58C
$190 90 0C 80 0A $B590
$192 22 04 00 00 AF 04 00 00 $B502
$196 90 06 80 04 $B596
$198 22 8B 1D 00 AF 8B 1D 00 $B598
$19C 80 EE EA 18 $B59C
$67 $1B4 D0 27 EA EA 99 $C5B4
$634 $9D 8F 06 00 00 AF 06 00 00 125 $F89D
3. Write the blocks back to the copy
4. Upload the game to your hard disk
5. Enjoy the absence of the copy protection!
That removes all the calls to the copy protection and sets the only
flag (62DB; 0006 on the disk) to the correct value of 1E46. The two
sections of code that scrable 62DB (the A9 00 00 8F 06 00 00) has been
change to either store the correct value or to load the value instead
of storing it. The edits also force the check of the flag to pass no
matter what values is in the flag. Once again after the these edits
are made you may upload the program to your hard drive and keep your
original (and deprotected copies) in a safe place and never have to
insert them in the 3.5" drive to play the game. So much for NOT BEING
ABLE to krack Xenocide. Thanks to John M. Intondi for helping me with
the block/byte locations for version B of Xenocide.
Here are some cheats for Xenocide (they require a block editor with a
follow file function like Block Warden from ProSEL)
****---> Apply ONLY to a backup copy <---****
Use Block Warden and [F]ollow /XENOCIDE/XENO.SYS16
Unlimited REL byte From To Notes
--------------------------------------------------
For version A:
Men $4DA CE 17 00 AD 17 00 1
Fuel $176A CE 8F 15 AD 8F 15 1
Shields $17A6 8D 95 15 AD 95 15 2
Missiles $5298 8D AC 51 AD AC 51 2
Fireballs $5266 8D AA 51 AD AA 51 2
Nuclear Mis. $52EF CE AE 51 AD AE 51 2
Lasers $108C CE 84 0E AD 84 0E 3
$1148 CE 84 0E AD 84 0E
Grenades $1097 CE 82 0E AD 82 0E 3
$1111 CE 82 0E AD 82 0E
For version B:
Men $4DF CE 1C 00 AD 1C 00 1
Fuel $1774 CE 99 15 AD 99 15 1
Shields $17B0 8D 9F 15 AD 9F 15 2
Missiles $52A2 8D B6 51 AD B6 51 2
Fireballs $5270 8D B4 51 AD B4 51 2
Nuclear Mis. $52F9 CE B8 51 AD B8 51 2
Lasers $1096 CE 8E 0E AD 8E 0E 3
$1152 CE 8E 0E AD 8E 0E
Grenades $10A1 CE 8C 0E AD 8C 0E 3
$1160 CE 8C 0E AD 8C 0E
Note 1: Applies for the entire game
Note 2: Applies ONLY for the Hovercraft level
Note 3: Applies ONLY for the Cave & Bio-lab levels
If you find this info/patch usefull I do ask that you send two dollars
to defray the cost of the game so I may do this (buy and deprotect the
program and tell YOU how to remove the copy protection) again, thank
you. Comments to:
CIS #71540,1535
Brian A. Troha
P.O. Box 196
Stoughton, WI 53589-0196
This information it not to be used for illegal copying/distrobution of
Xenocide
Subscribe to COMPUTIST!
------------------------------------------------------------------------
Bye for now,
________________________________________________________________________
George A. Piotrowski Bitnet: V2071A@TEMPLEVM
Coordinator, Educational Computing Cntr Genie: G.PIOTROWSKI
Temple University CompuServe: 74046,1304
Philadelphia, PA 19122 (215) 787-6228
The opinions expressed are my own and do not have anything to do with
Temple University. (well, not much)
________________________________________________________________________
Acknowledge-To: <V2071A@TEMPLEVM>gwyn@smoke.BRL.MIL (Doug Gwyn) (09/09/89)
In article <8909081240.aa00500@SMOKE.BRL.MIL> V2071A@TEMPLEVM.BITNET ("George A. Piotrowski Jr.") writes: >Deprotecting Xenocide from Micro Revelations >By Brian A. Troha I had already made similar changes to my (legal!) copy, and have been running off hard disk ever since. Be sure you look closely, because different versions vary as you could see in the difference between "version A" and "version B" in the posted patch. An additional thing to know is that the executable must be named XENO.SYS16; if you rename it, eventually the program will try to look for a file by that name and will get into a "insert right disk" loop that won't be broken even by inserting the original disk, if you're running off a hard disk.