FULL CONTACT
? TEAM 17
1990/1991
You will need following stuff to follow this SHORT tutorial:
- original game ? caps #2246
- An Amiga 500 with ARIII cartridge or a Amiga emulator
Start by backing up the two disks, so we have something to work with.
Disk 1 has an ? error ? on cylinder 76, most likely a protection track. Disk 2 seems ok.
Game probably checks for cylinder 76 and fails if it?s a copy.
Boot up copy of game. If you use an Amiga emulator, you?ll see that the track counter gets stuck
At track 76 after some loading. This is the annoying protection kicking in.
Let?s find a way to bypass this. Enter AR and read boot sector into memory, starting at location 60000: RT 0 1 60000. Disassemble start of boot code:
It seems to start by track loading itself into memory & execute at address 70032.
Disassemble a littlefurther:
Address 60126 might give us a clue, since it makes a jump to address 400.
Disassemble 400 and hit enter some times. First instruction at 400 seems interesting,
it checks if left mouse is pressed. If it is, it branches to address 45C and a lot of code
is skipped, perhaps the intro ?
Insert your copy of disk 1 and reboot. When disk starts booting, hold down left mouse.
Looks interesting! Game skips the intro?. And the protection!
We can simply bypass it by changing the JMP 400 to JMP 45C.
Read boot sector into memory location 60000 again and change the JMP:
RT 0 1 60000. Change the JMP:
The changes we make is within the range of offset 0-400, so boot checksum needs to be fixed too, or disk won?t boot anymore: BOOTCHK 60000. Write back: WT 0 1 60000.
Boot up your new crack 🙂
If you simply can not live without the intro, you could take over the decruncher which
ends at address 686, and do a move.w #$ 4e75,$ 723ac. This will only bypass the
protection, and not the intro.Or insert a move.w #$ 4e75,$ 1c4ca ? this will skip the
call. Many ways to do it?
Darkman
Publication author
