Image Works
You will need following:
1. Original game ? find on romshare.com
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper
Start by making a copy of original game disk. You will notice an error on track
0. This is most likely to be
a copylock.
Boot copy of game. The game seems to be loading just fine and this screen appears.
If you press fire here, the game continues to load and suddenly the trackcounter
goes to track 0. A few secs after, your
computer crashes. This doesn?t happen with original game, so this must
be a copylock routine kicking in.
Reboot game, when you see the picture above, enter AR. Copylocks often starts
with a ?PEA?, the opcode for this
is 48 7A. Search for the opcode by typing ?F 48 7A?; hit enter.
It will return four addresses, see pic:
We are interested in address 18164. Disassemble it with: ? D 18164?,
and hit enter a few times. You will see
typically signs of a copylock routine. Lets find end of copylock, Hold down
enter until you see something like this:
The copylock stops at address 18A3C. Address 18A40 moves address 32D42 into
A7 but the interesting part is
coming now. Address 18A46 compare some numbers with D0, and if its not equal
it will send the game into some
strange code, causing the game to crash This is done by the ?BNE?
on address 18A4C?. These numbers it compares
to D0 must be magic number. The best way to crack this, would be to move magic
number into D0 and branch to end of
copylock. A little later we will make such a patch. To test our theory, lets
remove that ?BNE? at address 18A4C. Assemble
address 18A4C with: ? A 18A4C?; hit enter, type ?NOP?;
hit enter, type ?NOP? again and hit enter.
Press Esc, and exit AR with X.
Start game and see what happens.
It works! Notice that the track counter still returns to track 0. When we make
our patch, we will deal with this.
Since this is a NDOS game, we must read the raw tracks into memory and search
for the copylock. To save time I?ll
tell you witch tracks copylock is located on, track 58+59. Read them into memory
starting at location 30000.
Type: ?RT 74 4 30000?; hit enter. Search for the copylock with ?F
48 7A?; hit enter.
Take note of the first address (34564), because this is where we will insert
our patch. To find end of copylock disassemble
address 34564 with ?D 34564? and hold down enter until you see this:
Copylock ends at address 34E40. and we have magic number in address 34E46. Now
we have all information?s to make
a patch. Assemble address 34564 and type this in:
34564 MOVE.L #6D10B13A,D0; MOVE MAGIC NUMBER INTO D0
3456A BRA 34E40; BRANCH TO END OF COPYLOCK
When done write tracks back with ?WT 74 4 30000?; hit enter. Reset
computer and start game.
Notice that the trackcounter stays off track 0. This is because we have inserted
magicnumber in D0 and then bypassed
the whole copylock routine, by branching to the end of it.
Hope you enjoyed this basic copylock crack.
Dedicated to sweet sweet Victoria?..
Rob
Publication author
ah yes ive just checked my archive there are 2 versions of this game ,im not sure what the diff is between them ,heres a snap of the password protection version
https://www.flashtro.com/bttf.jpg
I have checked my version
and i can’t find any password/novella
protections in it.
was there another version of this game ,i think i have a version that has password protection too?