Ocean
1993
You will need following:
1. Original game
2. An Amgia 1200 with HD or WINUAE
3. Action Replay A1200 ? by Black Hawk- get on romshare.com
5. Pencil and paper
6. Pro-Pack v2.08 ? find on amiga-stuff.com
7. Track2File ? find on aminet
8. Disk X v2.0 ? find on aminet
9. Disk Filler ? find on aminet
10. Cygmus ED ? find on romshare.com
11. X-Copy or some similar program
In this tutorial I won?t explain how the used programs are executed,
file names, etc. I assume you have this knowledge
already, and you are familiar using an AR. I also assume that programs are executed
on a Amiga 1200 with HD or WINUAE.
In this crack we use ARIV, witch really doesn?t like 68060 CPU?s,
so now you?re warned.
Ok, lets start. First make a copy of original game disks. You will notice a
error on track 0 on disk 1, this is most likely
Boot COPY of disk 1. After some loading and decrunching the game turns to track
0 and then hangs on track 23.
This screen will appear:
This is most likely the copylock routine kicking in, or a gas leak in your house
causing you to see colours.
Hopefully it?s the copylock. Ok, execute AR, insert ORIGINAL disk 1 and
reset.
When game boot, ARIV activates itself. To avoid this in the future type: ?ALLEXC?
and exit AR.
When screen with the Ocean logo appears, enter AR with your RIGHT MOUSE BUTTON.
Find copylock with ?F 48 7A?. It should return five addresses, take
note of address 101040, this is the beginning
of the copylock. Find the end of copylock by disassembling address 101040 and
hold down enter, until you see
something like this:
Ok, we are interested in address 101978, this is end of the copylock. Address
101982 ? 10198A is responsible
for the flashy colours, when copylock fails. Address 101980 continues to address
10198C, if the copylock
passes. We could crack the game by inserting a BRA on address 10197E witch will
branch to address 10198C.
But take a look at address 10198C, it moves D0 (magic number) into address 10E,
this is probably for some
later use. So we must retrieve magic number. We do this by making a loop routine
after magic number have been
returned in D0. Insert a ? BRA 101978? at address 101978 and Jump
into the copylock routine.
The copylock doesn?t actually start at address 101040, but at address
101034. See pic:
The five addresses before the first PEA., save registers and clear D0 ?
D3. So, jump into 101034 with ?G 101034?
What?s that, can I hear you mumble ?now he?s really lost it,
that crazy bastard?. This may be ?alternative?, but do it?
it works.
The game goes to track 0, of course, and then hangs at track 23. Enter AR and
type: ?R?; hit enter. You?ll see something
like this:
If it haven?t returned anything I D0, then just make another jump, sometimes
it requires two try?s.
Ok, now we have magic number, you probably should write this down in case your
memory isn?t as good as mine?.
Now turn your AMIGA OFF or QUIT WINUAE. This will remove ARIV from memory. Don?t
just reset, this is
A RESET PROOF program witch might cause un-desired things for our next operations.
Start your copy of ?Track2File?. Press the ?PREFS? button.
Set prefs, so they equal to this picture:
When done, hit use. Insert COPY of disk one and hit ?DISK READ?.
After a while its finished, you?ll see this:
Hit the ?SEARCH? button, after a while a file requester appears.
Choose a destination for the files and a file name.
Lets say you choose ?1? for the first file, it will automatically
be named ?1.001? and next file ?1.002?, etc.
Lean back and enjoy the show. The program will rip & decrunch every file
on disk, one, by one.
When it?s finished, you should have nine files. We are interested in the
first one (1.001), because this is where the copylock
is located. Copy this file to a blank floppy disk and execute ARIV. Enter ARIV
and load the file into memory, starting
at location 30000.
It?s located between 30000 36372, take note of this. Disassemble address
30000, and hit enter a few times until
you see this:
Looks familiar ? Take note of address 30040. This is where we will insert our
patch, when we reach to that part.
Lets find end of coylock. Continue to disassemble until you reach this:
Ok, remember the contains of address 30978 ? Good, we will make a patch inserting
magic number in D0 and branch
to this address, like this:
Nice, but we need to insert lots of ?NOP??s to avoid exceeding
original file size. Repeated code is crunched better.
Our changes will cause the file to get larger than the original and this may
cause problems, because this is a NDOS game.
Insert NOP?s from address 3004A till 300B0.
When done, save memory back to file. See picture above. Turn your computer OFF
or EXIT WINUAE, to get
ARIV out of memory.
Crunch your new file, using ProPack:
‘PROPACK p d DF0:rnc
You should have a new file called ?RNC.RNC? on disk. Copy it to
anther location, ex HD or another disk.Execute your copy of Cygmus ED and open
your newly crunched file. Hold down right mouse and choose ?OPEN??
A file requester appears
Choose the newly packed file and press ?OK?, a screen like this
should appear
We need to find some ?unique? text. We shall use this to find out
where the original file is located on disk. Notice the
txt ?D33CT?, in the picture above. Write this down. Insert COPY
of disk 1, exit Cygmus ED and start DiskX.
When done, hold down right mouse button and choose ?DF0:? from the
?UNIT? menu.
In the ?BLOCK FIELD? choose ?0? and hit enter. Choose
?Find? and enter ?D33CT
Use capital letters since the search function is case sensitive. Press ?GO?.
A new box appears, press ?FROM HERE?.
After a few secs, you should see something like this:
See the ?RNC? and ?D33CT?, this is it!. Look in the
?block field?, it says ?22?. So, the file is starting
at block 22.
Write this down and exit DiskX. Start DiskFiller, a screen like this should
appear:
Ok, notice the ?First Sector? field says ?2?, change
this to ?22?, remember you used DiskX to find start Block.
Block and Sector means the same thing (for some people). Press the ?get?
gadget and choose your cracked file
When done your screen should look like this:
With your COPY of disk 1 in DF0:, Press ?Do It?, and this should
appear:
Note! Check that DiskFiller says ?Last used sector: 48?, if last
sector isn?t 48, then exit program and retry.
Press yes to question and diskfiller will overwrite the old file with the new
cracked one.
When it?s done, reset computer and boot game.
The game is starting and it doesn?t return to track 0 anymore. That was
a lot of work, but we have used a lot of different
tools, witch might be useful for other cracks.
Dedicated to sweet sweet Victoria.
Rob
?
?
?
Publication author
