Licence to kill
(c) Domark/Quixel
1989
You will need following:
1. Original game or CAPs dump n? 772
2. An amiga or WINUAE
3. Action Replay or ROM image
4.Pencil and paper
5.the hex editor DEKSID 2.0
Try to copy the game, hop an error
on track 0. Mr copylock is here.
Boot the copy of the game and wait for the game
to hang and enter AR.
type F 48 7A to find the PEA instruction.
We find it on adress 8B8C note that AR returns only one adress. disassemble adress 8B8C.
Enter a few times adn scroll back up until we find the start of this routine. ok it’s starting at adress 8AB8.
We can see the routine starting at adress 8AB8
and returning at adress 8CBE by a RTE opcode.
Ok, try to see if adress 8AB8 is called from somewhere :
It returns adress 7A5E. Scroll down a bit and what do we see on line 7Q64 ? A little compare longword instruction with the magic number compared with D0.
Reboot the copy and go in AR when track counter stops on track 20.
type now A 7A64 MOVE.L #A8D398FB,D0
7A6A BRA 7A70
We push the magic number in d0 on line 7A64
and we branch on 7A70 after.
exit AR and what now it’s freeze again in adress
8E96.
type d 8E96 yuo’ll get this one.
8E96 BEQ 8EC2
change the BEQ by a BNE
by typing A 8E96 BNE 8EC2.
now exit AR the protection hangs a few second on track 00 and then the game continue to load.
Now we’re gonna make it permanent :
First search with hexeditor on windows or with deksid 2.0 on amiga the hex strings
B0 BC A8 D3 98 FB 67 04 4E F8 00 00 50 F9 00
replace by
20 3C ————– 66 —————————
and the last :
67 2A 10 28 00 1A 08 00 00 and replace it by
66 —————————-
save everything and reboot the game.
this crack is dedicated to ROb for his help !!
Publication author
Thanks 🙂