International Soccer Challenge
? Micro Style
1989
You will need following:
1. Original game ? or disk image
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper
5. One blank disk – find it in your local Amiga store
6. ARIV ? find on romshare.net
7. Kickstart 2.0
8. RNWARP
Start by making a copy of original game disk. You?ll notice an error on track 0. So we are probably dealing with a disk based protection. Let me surprise you all: It?s a copylock?
Game loads an encrypted file into memory. The copylock runs, if it passes, the file gets decrypted, if not?
Let?s start by finding a way, to retrieve the copylock key. Start ARIV and enter with right mouse.
Copylock is located in the file ? Football ?. Load it into memory, starting at address 50000: LM FOOTBALL,50000
Enable the RNC decrypter, so we can decrypt the file: ROBD.
Disassemble address 50000 and hold enter down, until this appears:
I have marked some of the key calculation routine in the picture above. By matching these two lines, with output from RNWARP, we can get the key. Take note of the lines marked with red. Exit AR, insert original game disk and type this in DOS, to execute RNWARP: RNWARP.EXE VIEW. This will show possible copylock key?s.
Can you remember the code marked with green ? This is the same as in our copylock. The correct copylock key is stated to the left, I marked it with red.
Enter AR again, insert copy of game and load file ? Football ? into memory, starting at address 50000: LM FOOTBALL,50000. It is located between address 50000 – 67960.
And enable the RNC decrypter: ROBD.
Disassemble address 50000 and stop when this appears:
Address 503FE is the one we are interested in. This code will appear in most copylocks and it?s here we?ll wire copylock key. After inserting the copylock key, we branch to second part of copylock, that decrypts the file. This will also skip the disk accessing part. So no drive grinding sound anymore?.
Continue disassembling a few lines further. You?ll notice a BRA at address 5044(, this BRA also appears in most copylocks, and it branches to ? second ? part of copylock, as mentioned earlier. We can either branch directly to 507EE, or to 50448, it makes no difference.
We wish to alter the code at 503FE, so copylock key is moved into D0 and we branch past the disk part. Assemble address 503FE and insert the code you see in the picture above.
We are still in the ROBD decryption mode. This means, that the code you type in, is ? normal ? code and will not get Decrypted, but ENCRYPTED. You are actually inserting the copylock key into the encrypted code, with out doing any calcs at all. ARIV does everything for you.
When done, simply save the file back to disk: SM EXECUTE,50000 67960.
When the file is executed, the key is inserted in D0 and copylock branches past the disk accessing part and directly to ? part two ? of copylock, and the file gets decrypted.
? Enjoy ? your new crack.
Remember: Love only comes in small doses?
Dedicated to an angel on earth; Victoria.
Rob
Publication author
