; *******************************************************************
; N.O.M.A.D. FAIRLIGHT SHORTENED RNC SECTOR LOADER FROM MORTAL KOMBAT
; RIPPED AND RESOURCED BY SCENEX
; SEE http://eab.abime.net/showthread.php?t=60856
;
; D0 = Drive to read (on entry)
; D0 = Error code (on exit)
; D1 = Sector start
; D2 = Sectors to read
; D3 = Drive motor on or off after read
; D4 = Serial key
; A0 = Load address
; A1 = Track buffer decode address
;
; *******************************************************************
START MOVEM.L D1-D7/A0-A6,-(SP)
LINK.W A2,#-$30
LEA ($DFF000).L,A6
LEA ($BFD100).L,A5
LEA (*-$FFFF0062,PC),A4
MOVE.L A0,(-$2C,A2)
MOVE.L A1,(-$30,A2)
MOVE.W D0,(-$20,A2)
MOVE.W D1,(-$1E,A2)
MOVE.W D2,(-$1C,A2)
ADD.W D1,D2
CMP.W #$6E0,D2
BGT.B lbC000072
MOVEQ #0,D0
TST.W D2
BEQ.B lbC000066
MOVE.L D4,(-$1A,A2)
CLR.W (-$22,A2)
BSR.W lbC000122
TST.L D0
BNE.B lbC000066
BSR.W lbC000168
TST.L (-$1A,A2)
BEQ.B lbC000062
BSR.B lbC00007A
MOVEQ #$1B,D0
MOVEA.L (-$2C,A2),A0
CMP.L (8,A0),D4
BNE.B lbC000066
lbC000062 BSR.B lbC00008A
MOVEQ #0,D0
lbC000066 BSR.W lbC000150
UNLK A2
MOVEM.L (SP)+,D1-D7/A0-A6
RTS
lbC000072 MOVE.W (6,A6),($180,A6)
BRA.B lbC000072
lbC00007A MOVEM.L D0-D7/A0-A6,-(SP)
MOVEQ #0,D0
MOVEQ #1,D2
BSR.B lbC000096
MOVEM.L (SP)+,D0-D7/A0-A6
RTS
lbC00008A MOVEQ #0,D0
MOVEQ #0,D2
MOVE.W (-$1E,A2),D0
MOVE.W (-$1C,A2),D2
lbC000096 MOVEA.L (-$2C,A2),A0
lbC00009A MOVEM.L D0/D2,-(SP)
BSR.B lbC0000CA
BSR.B lbC0000AE
MOVEM.L (SP)+,D0/D2
ADDQ.L #1,D0
SUBQ.L #1,D2
BNE.B lbC00009A
RTS
lbC0000AE MOVE.W #$7F,D0
lbC0000B2 MOVE.L (A3)+,(A0)+
DBRA D0,lbC0000B2
RTS
lbC0000BA MOVE.L D0,-(SP)
MOVE.B (6,A6),D0
lbC0000C0 CMP.B (6,A6),D0
BEQ.B lbC0000C0
MOVE.L (SP)+,D0
RTS
lbC0000CA MOVE.L A0,-(SP)
MOVEA.L (-$30,A2),A0
MOVEA.L A0,A3
EXT.L D0
DIVU.W #11,D0
MOVE.L D0,D1
SWAP D1
MOVE.W D1,(-$24,A2)
TST.W (-$22,A2)
BEQ.B lbC0000EC
CMP.W (-$28,A2),D0
BEQ.B lbC000110
lbC0000EC MOVE.W D0,(-$28,A2)
BSET #2,(A5)
BTST #0,D0
BEQ.B lbC0000FE
BCLR #2,(A5)
lbC0000FE ASR.W #1,D0
BSR.B lbC00017E
lbC000102 BSR.W lbC0001DE
MOVEQ #11,D6
BSR.W lbC00025E
TST.L D0
BNE.B lbC000102
lbC000110 MOVE.W (-$24,A2),D0
EXT.L D0
MULU.W #$200,D0
LEA (A3,D0.W),A3
MOVEA.L (SP)+,A0
RTS
lbC000122 MOVE.B #$FF,(A5)
MOVE.B #$87,(A5)
MOVE.B #$7F,(A5)
MOVE.W (-$20,A2),D1
ADDQ.L #3,D1
BCLR D1,(A5)
MOVEQ #0,D0
MOVE.W #$9999,D1
lbC00013C BSR.W lbC0000BA
BTST #5,($F01,A5)
BEQ.B lbC00014E
DBRA D1,lbC00013C
MOVEQ #$1D,D0
lbC00014E RTS
lbC000150 MOVE.B #$FF,(A5)
MOVE.B #$87,(A5)
MOVE.B #$FF,(A5)
RTS
lbC00015E BTST #5,($F01,A5)
BNE.B lbC00015E
RTS
lbC000168 BSET #1,(A5)
lbC00016C BTST #4,($F01,A5)
BEQ.B lbC000178
BSR.B lbC0001A0
BRA.B lbC00016C
lbC000178 CLR.L (-$28,A2)
RTS
lbC00017E MOVE.W (-$26,A2),D1
MOVE.W D0,(-$26,A2)
BCLR #1,(A5)
SUB.W D1,D0
BEQ.B lbC00019E
BPL.B lbC000196
BSET #1,(A5)
NEG.W D0
lbC000196 SUBQ.W #1,D0
lbC000198 BSR.B lbC0001A0
DBRA D0,lbC000198
lbC00019E RTS
lbC0001A0 BSR.B lbC00015E
BCLR #0,(A5)
NOP
BSET #0,(A5)
BSR.B lbC0001B2
BSR.B lbC00015E
RTS
lbC0001B2 BRA.B lbC0001C2
MOVE.W #$46,D7
BSR.W lbC0000BA
DBRA D7,START+$01B8
RTS
lbC0001C2 MOVE.B #8,($D00,A5)
MOVE.B #$68,($300,A5)
MOVE.B #8,($400,A5)
lbC0001D4 BTST #0,($D00,A5)
BNE.B lbC0001D4
RTS
lbC0001DE MOVE.L A0,-(SP)
lbC0001E0 MOVEA.L (SP),A0
MOVE.W #$4000,($24,A6)
MOVE.W #$8210,($96,A6)
MOVE.W #$7F00,($9E,A6)
MOVE.W #$9500,($9E,A6)
MOVE.W #$4489,($7E,A6)
MOVE.W #$1002,($9C,A6)
MOVE.L A0,($20,A6)
ADDQ.L #2,A0
CLR.L (10,A0)
MOVE.L #$55555555,D7
MOVE.W #$998B,D0
MOVE.W D0,($24,A6)
MOVE.W D0,($24,A6)
lbC000222 TST.L (10,A0)
BEQ.B lbC000222
BSR.W lbC0002AE
LSR.W #8,D2
TST.W D2
BNE.B lbC0001E0
MOVE.W #$9999,D2
lbC000236 BSR.W lbC0000BA
BTST #1,($1F,A6)
BNE.B lbC000248
DBRA D2,lbC000236
BRA.B lbC0001E0
lbC000248 MOVE.W #$4000,($24,A6)
MOVE.W #$1002,($9C,A6)
MOVE.W #$10,($96,A6)
MOVEA.L (SP)+,A0
RTS
lbC00025E MOVEM.L D1-D7/A0-A6,-(SP)
MOVE.L #$55555555,D7
lbC000268 CMPI.W #$4489,(A0)+
BNE.B lbC000268
lbC00026E CMPI.W #$4489,(A0)
BNE.B lbC000278
ADDQ.L #2,A0
BRA.B lbC00026E
lbC000278 LEA ($30,A0),A0
BSR.B lbC0002AE
MOVE.L D2,D5
MOVEQ #$7F,D1
lbC000282 MOVE.L (A0),D2
MOVE.L ($200,A0),D3
BSR.B lbC0002B2
MOVE.L D2,(A3)+
ADDQ.L #4,A0
DBRA D1,lbC000282
SF (-$22,A2)
LEA ($200,A0),A0
TST.L D5
BNE.B lbC0002A6
SUBQ.B #1,D6
BNE.B lbC000268
ST (-$22,A2)
lbC0002A6 MOVE.L D5,D0
MOVEM.L (SP)+,D1-D7/A0-A6
RTS
lbC0002AE MOVE.L (A0)+,D2
MOVE.L (A0)+,D3
lbC0002B2 AND.L D7,D2
AND.L D7,D3
EOR.L D2,D5
EOR.L D3,D5
LSL.L #1,D2
OR.L D3,D2
RTS
Publication author
I’m probably a noob and a bit new to this but recently got into retro computing and cracking for older platforms.. this site has helped me a lot in sources learning assembly.
Reading various crack sources for different protections im noticing the assembly output seems to follow patterns for particular instructions and routines.still learning and soaking up what i can. thanks and greetz to the old skoolers who paved the way for new blood to get started =)
After tracking the buffer of load address (a0) and track buffer decode address (a1) has the same content. Is that normal?
Yes it may happen, if the starting sector is a multiple of 11 sectors.
The track buffer decode address contains the whole track for the first $1600 bytes and after that the raw MFM data.
i guess you didn’t fancy commenting or putting in useful label names? 🙁
Yeah honestly I didn’t spent much time to analyze the loader itself..