Foone🏳️⚧️
Foone🏳️⚧️trying to figure out this possible third layer of protection before I continue.
today's scores- emulators crashed:
1. DOSBOX: 2 times
2. MartyPC 1 time
3. 86Box: 0 times
Foone🏳️⚧️okay, tracked it down: it's just coming from the same sector 113 as loaded in step one. Anyway, if this isn't loaded properly, we'll trigger a "Diskette/Version out of phase" error. I fix this by just never checking if it's loaded: I NOP'd that part out
Foone🏳️⚧️I think there's another layer of protection that I bypassed on accident
Foone🏳️⚧️trying to figure out this possible third layer of protection before I continue.
today's scores- emulators crashed:
1. DOSBOX: 2 times
2. MartyPC 1 time
3. 86Box: 0 times
Foone🏳️⚧️Here's what track 39 looks like.
Foone🏳️⚧️I think there's another layer of protection that I bypassed on accident
Foone🏳️⚧️the next phase of copy protection checks another sector: track 39, sector #25.
Another sector that doesn't exist, but it does, and it's 128 bytes long, and... they're doing evil things to DOS to make this readable. They switch the DOS format in memory, reset the disk IO system, and try to successfully read a 128byte sector. Somehow, apparently, this works?
Foone🏳️⚧️Here's what track 39 looks like.
Foone🏳️⚧️so step one to bypassing the copy protection is hack that function to return "yes the sector exists".
EXCEPT THAT WON'T WORK. For two reasons. The first I'll get to later. The second is that the actual value of that sector matters, it gets read into memory and the bytes at 0x7-0x8 are checked later.
so I make sure those 2 bytes in memory are set. Easy!
Foone🏳️⚧️the next phase of copy protection checks another sector: track 39, sector #25.
Another sector that doesn't exist, but it does, and it's 128 bytes long, and... they're doing evil things to DOS to make this readable. They switch the DOS format in memory, reset the disk IO system, and try to successfully read a 128byte sector. Somehow, apparently, this works?
Foone🏳️⚧️okay, so, the copy protection:
1. It checks for a sector that should not exist: Track 38, sector 113.
It's on a single-sided double density floppy (160kb), so there's supposed to be 8 sectors per track. But as we saw in this post
//digipres.club/@foone/115011910054706753
this disk DOES have a sector 113.
Foone🏳️⚧️so step one to bypassing the copy protection is hack that function to return "yes the sector exists".
EXCEPT THAT WON'T WORK. For two reasons. The first I'll get to later. The second is that the actual value of that sector matters, it gets read into memory and the bytes at 0x7-0x8 are checked later.
so I make sure those 2 bytes in memory are set. Easy!
Foone🏳️⚧️I patched out the checksumming and I think I've got it.
Foone🏳️⚧️okay, so, the copy protection:
1. It checks for a sector that should not exist: Track 38, sector 113.
It's on a single-sided double density floppy (160kb), so there's supposed to be 8 sectors per track. But as we saw in this post//digipres.club/@foone/115011910054706753
this disk DOES have a sector 113.
Foone🏳️⚧️they checksum memory MORE THAN ONCE!?
Foone🏳️⚧️I patched out the checksumming and I think I've got it.
Foone🏳️⚧️insert pop-team-epic "you are motherfucker" here
Foone🏳️⚧️they checksum memory MORE THAN ONCE!?
Foone🏳️⚧️I patched the EXE to have the right value, but then they checksum it, and now the value is wrong!
Foone🏳️⚧️insert pop-team-epic "you are motherfucker" here