D-Bug & Automation Forum
D-Bug & Automation Forum >> Coding >> Introduction to ST Hacking By Hank/Automation PT 1
http://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?num=1172673889
Message started by Shw on 28.02.07 at 14:44:48

Title: Introduction to ST Hacking By Hank/Automation PT 4
Post by Shw on 28.02.07 at 14:48:54
;Rob Northern Protection(internal)

;This one is probably the hardest of the three.


;ROB      MOVEQ      #0,D0
;      MOVEQ      #0,D1
;      PEA      L12345(PC)
;      MOVE.L      #$50004,-(SP)
;      TRAP      #13
;      ADDQ.W      #8,SP
;L12345      MOVE.L      (SP)+,$10.W
;      ILLEGAL      
;      DC.W      $2345
;      AND.W      #$F8,SR
;      CLR.L      $24.W
;      MOVE.L      #43245365363,-(SP)
;      MOVE.L      #88745222435,-(SP)
;      MOVE.L      #47788679999,-(SP)
;      MOVE.L      #43245365363,-(SP)
;      MOVE.L      #4324536536,-(SP)
;
;There would be about 2.5kb of data between the above and below
;parts of code, i have done this to simplyfy the example.


;      DC.W      $FEFE
;      AND.W      $FFFFFF8913.W,D5
;      RTE

;These following examples are what maybe carried at the bottom of
;a RNC protection

;1       CMP.L #$42425673,D0
;       BNE      $34566

;The above line (BNE) would be replaced by a $4E71 (NOP)
;If it should read (BEQ) this would be changed to a (BRA)
;$6000


;2       MOVE.L      D0,ADDR
;These become more complicated as the address D0 is placed
;in can be checked at any time.
;To get round this you must do a string search* on the address
;that D0 is placed in to find the serial number of the disk.
;Once you have done that you must force the serial no. into
;D0 yourself then modify the protection.
;To find a Rob Northern do a string search* on $4AFC(ILLEGAL)

*see section on monst2 for string search

;i.e.
;ROB      MOVEQ      #0,D0
;      MOVEQ      #0,D1
;      MOVE.L      #$42425675,D0
;      MOVE.L      D0,$24.W
;      BRA      $888      ;jump over protection
;L12345      MOVE.L      (SP)+,$10.W
;      ILLEGAL      
;      DC.W      $2345
;      AND.W      #$F8,SR
;      CLR.L      $24.W
;      MOVE.L      #43245365363,-(SP)
;      MOVE.L      #88745222435,-(SP)
;      MOVE.L      #47788679999,-(SP)
;      MOVE.L      #43245365363,-(SP)
;      MOVE.L      #4324536536,-(SP)
;
;There would be about 2.5kb of data between the above and below
;parts of code, i have done this to simplyfy the example.


;      DC.W      $FEFE
;      AND.W      $FFFFFF8913.W,D5
;      RTE


;The modified version should look something like the above.
;When you have poked the serial number into D0
;you must then jump over the protection to where the code
;checks or pokes D0 into an address

;the opcode for this is;
;12345678 is for my example only

;      move.l      #$12345678,d0
;      move.l      d0,$24.w
;      bra      coderestart


;      $203c12345678      ;move.l      #serialno,d0
;      $21c00024      ;move.l      d0,$24.w
;      $60000888      ;bra      coderestart

;there are examples of all these protections for you to crack.
;they are all executable files that will crash - it's up to
;you to get them to work. the screen will turn red if they fail
;and green if you manage to crack them.

;filenames
;GREMLIN.PRG      ;Gremlin Graphics Protection
;PROT.PRG      ;Protoscan II Protection
;RNC.PRG      ;Rob Northern Protection


;Rob Northern Protection (external)

;This one is a real pig for beginers.
;To look at it looks like the internal version exept the
;whole file is encripted.

;Leave this one alone for the time being.

D-Bug & Automation Forum » Powered by YaBB 2.6.0!
YaBB Forum Software © 2000-2024. All Rights Reserved.