VIRUS (1988)
———————————–

as like me i garuntee you have only ever seen the game VIRUS on compilation
disks
the reason being is well we shall explain in this crack
what you will need
——————————
1. original game (find here)
2. an amiga or an amiga emulator (winuae)
3. an action replay cartridge or ar3 rom image for use with winuae
once u have all these set up we shall begin, First we need to find out
what protection is on this disk ,ok so fire up your copy of XCOPY and
try and make a copy of the game, hmm its not working you say? what are
all these red numbers doing there they should all be green 0
…..

ah well this tells us that this is MFM
protection ,which means you cant copy the tracks because of the way they
are placed on the disk, ok all is not lost ,lets put the disk in and run
it so reboot with the game disk inside and let it run as it loads you
will notice the screen fade into many diff colours,and at the end of this
colour change the game comes alive, hmm ok play the game for a while ,notice
anything strange? yah thats right the game doesnt seem to load anymore
from the disk, hmm ok so lets take a look at this one ,i think the game
loads into ram and thats all ,no more loading from disk ,if thats the
case then maybe we can grab the ram after the disk loading and save it
to file ,(i.e grab the data we need without cracking the MFM)
ok lets take a look at the bootsector (this cant be protected), fire up
your action replay and type this
RT 0 01 050000
then type this
D 050000
ok scroll down a little bit by pressing enter
ah wait whats this? a JMP so early on hmm lets take a note of this
`050020 JMP 07FA04

==================

basicly what the code from range 050000 – 050026
does is tell the computer that once the disk is booted to put the boot code
at address 07FA00 so take note of that address aswell,
ok lets scroll down some more ,what we are looking for is another JMP,
ah found another one do you see it at address 0501f0

ok lets take more note of this JMP that jumps
to address 01000 i think we have enough information from
the bootblock to move on to the next stage so restart the amiga with the
game disk inside and boot up the game, after a few seconds you will notice
the colour change again ok at this point hit ya action replay button, now
lets goto that address the address where the bootblock gets loaded to ,remember
it? it should be 07FA00 so type, D 07FA00,
ah do you see the bootblockcode ,the one with the JMP ,no?
ah this is because there is no JMP now
but we wasnt interested in the first jump so lets seek out the second jump
scroll down some more ..see it? its at address 07FBCA and
it still jumps to address 01000
so lets see what is so special about that adress type, D 01000
ah we have another jump i suspect this is the main jump that jumps into
the game

so lets find out if this is the main jump into the game
once the disk is finished loading, how we will do this is put a mouse
wait at the address 01000, what this means is before
this code is active you must press the left mouse button so type
A 1000
then type
btst #6,bfe001
bne 1000
jmp 63ec8
then press esc to get out of write mode so what this will do is the game
will load and when it jumps to address 01000 it will
run a new code ,the code we just wrote it will read the btst #6… part
and then the bne 1000 ,,so what the bne does it tell
the computer if the mouse button is not pressed (left mouse) stay at code
01000 until its pressed and once its pressed carry on
to the next line of code ,which is the main jump ok once this is all done
press X to leave action replay and aloow the game to continue to loadhmm
its loaded we know this because the colours have stopped ,so why hasent
the game started? could it be because of our mouse wait?
press the left mouse button see what happens 🙂 ah the game has started
now 🙂
this is good because we can put a mouse wait at the start of the game
code so before the game starts we can rip the data 🙂 so reboot wait for
the colours to appear then hit your action replay again, and do the same
goto address 01000 and add our mouse wait so type
A 1000
then type
btst #6,bfe001
bne 1000
jmp 63ec8
and aloow the game to load by exiting action replay, ok so the game is
loaded all we need to do is pres the mouse button to start the game, but
we dont want to do that
insted press the action replay button ,what we want is the data from the
game to be saved to disk
so we know the earliest code is at addres 01000 so lets
see where the rest of the data starts
type
nq 1000
it should start searchign memory for data and when its found data display
it and the address it was found at alot of data should apear press ESC
to stop it once the data starts

we will notice that the data starts to apear
around the 03C000 address, so lets use this as a starting
point but just to be safe start from 03A000 now we need
an ending point ,we do the same but well to save trouble ill tell you
its around 080000 so now we have a start address 03A000
end address 080000 jump address 063EC8 so
put in a blank disk ,and lets save the data we need to
that disk type
sm virus,03a000 080000
this will save a file called virus from address 3a000 to 80000 ok so lets
test it reboot with the data disk inside and press action replay once
you have rebooted and type this
LM virus,03a000 ,you should have this on your screens

ok lets test it by jumping into the address
we have type G 063EC8 and press enter ,ah the game starts without the
need for the original disk 🙂 ok so lets make an executable file for this
data we have saved we do this using a packer program for this tutorial
we shall use tetrapack 2.2 (find on any good amiga site)
so fire it up and you will be aske if you want to mega crunch type N for
no then you will be asked for low memory type the low address we have
which is 03A000
and then you will be asked for high memory which is yup you guessed it
080000
then you will be asked for scan width lets use 200 for now

what load type do we need? select o for plain now we need
a filename ,so put in the data disk and type the file name which is VIRUS
load at address 03a000 wait a while for it to load the
data into memory once done it will ask for any other files we dont want
to add any so press enter to start the packing it will flash all strange
colours but dont worry this is normal

once this is complete it will give you the
crunch data which we dont really need so press enter to continue now its
asking for the jump address so lets put it in 063EC0
now its asking for something called a flash register ,basicly it wants
to knwo what flashing colours you want to file to display whilst decrunching
select 00 as this is most common do we want a pro decrunch? no we dont
so type N select a filename for the file to be saved ,lets call it virus-crackedit
will ask do you want to save again? select N

and run now? select N for now the program should exit so lets
test the file ourselfs, type in the name of the file which is virus-cracked
and see what happens

ah all these colours apear on screen ,ok dont panic thast just the file
unpacking into memory
lets wait see what happens next


wooo another cracked game and also 1 filed so you can put it on a compilation
disk 🙂

0

Publication author

offline 17 hours

mus@shi9

0
Comments: 1163Publics: 2796Registration: 06-03-2017

Subscribe
Notify of
guest

0 Comments
Newest
Oldest
Inline Feedbacks
View all comments
PSW
PSW
10 years ago

Tony,
Read the bootblock from your original disk (write protect your original just in case). If it relocates the code to 7FA00, as in the tutorial, then you can follow the tutorial. The comments on compilations in the tutorial reference things such as the Defjam packs by Il Scuro. The tutorial is probably based on the CAPS/SPS disk – Virus (1988)(Firebird)[0004].

0
Tony
Tony
10 years ago

I have an original disk of this game, not a compilation.
Virus Firebird sw 1988

0
redblade
15 years ago

Any chance some one could write a tutorial on how to crack it the old skool way, like using cmon or Amiga Monitor (By Timo Rossi) or coding a mfm decoder to load it into mem then dump it to disk?

The only thing I could understand from the source is DSKReady, and CPU delays (naughty).

Thanks in advance.

0
Authorization
*
*

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Registration
*
*
*

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Password generation

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

0
Would love your thoughts, please comment.x
()
x