? Ocean
1992
You will need following:
1. Original game ? find on emunova.net
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper
5. 1 blank disk
6. Pro-Pack v2.08 ? find on amiga-stuff.com
7. X-Copy or some similar program
Start by making a copy of original game disk. You will notice an error on track
0, this is probably a copylock routine.
Boot copy of game, after a while this screen appears:
Illegal copy?. hmmm, and you can?t start game?.
Let?s go get those magic numbers. Boot ORIGINAL game, enter AR when track
counter moves to 0. Find start
of copylock with; ? F 48 7A ?. Copylock starts at address 27F78.
Disassemble address 27F78 and hold enter down, until you reach around address 28874.
Address 2886C returns to
where copylock was called. Let?s insert a loop routine here, so we can grab
magic number(s) after they have been returned.
Insert a BRA 2886C at address 2886C and exit AR. Wait a few secs and re-enter AR.
Press ? R ? to see registers. I have tried this operation with a copy
of game, and all D- registers was set to 0. So we?ll
better return all registers when we make our patch. Notice that D7 is also returned
at address 100.
Perhaps you should write contents of registers + 100 down.for later use
Copylock is stored in a ProPack packed data file. File is located on tracks 0 ?
6. Read tracks into memory, starting at
location 30000; ? RT 0 E 30000 ?.
ProPack?s file id is ? RNC ?. Search for the opcode like this:
? F 52 4E 43,30000 ?. AR returns two addresses and
our file starts at the second one. We can?t find exact end of file, but this
doesn?t matter much, since ProPack don?t care.
To find end of data, type: ? NQ 32E6C ?.
A lot of crap will flash down your screen and it seems to end at address 4339D.
Insert blank disk and save memory into
a file called ? RNC ?; ? SM RNC,32E6C 4339D ?.Copy ProPack
to this disk too and reboot. Type this in DOS to
decrunch file:
Enter AR and load the new decrunched file ? RNC.RNC ? into memory; ?
LM RNC.RNC,30000 ?
Search for the usually ? PEA ? with: ? F 48 7A,30000 ?.
Copylock starts at address 3AB82, find paper with registers and
make a patch like this:
Our patch might cause the file to get larger than the original, when we crunch.
The solution for this is inserting a lot of
NOP?s, since repeated code is crunched more efficient. Insert NOP?s
from 3ABB8 – 3AC20. Save memory back to disk
as a file called RNC2; ? SM RNC2,30000 4A927 ?. Boot disk and crunch
new file:
After a few mins, you should have a new file called ? RNC2.RNC ?. Insert
COPY of game and enter AR. Read tracks into
memory; ? RT 0 E 30000 ?. Insert disk with cracked file and load it
into memory, where the original file started;
? LM RNC2.RNC,32E6C ?.
Insert COPY of game and write tracks back with: ? WT 0 E 30000 ? and
reboot.
Notice the ? ILLEGAL COPY ? has changed to ? PRESS FIRE ?
Go shoot some bad guys
Dedicated to sweeeet Victoria
Rob
Publication author
