| |
Knight Rider
Registered: Mar 2005
Posts: 116 |
If it were 1987 again....
I was watching Robin's video https://youtu.be/yVtKKb3wkYc regarding cracking from an original cassette. And it stirred a little interest in me again. To be honest I can't even remember how now but I cracked Wizball from original cassette using a Trilogic Expert (2nd version with botched ESM daughter board) and very likely V2.9 of the monitor software.
I did this again now on real hardware (as I wasn't having much luck with WinVICE 3.7), just for laughs and to try to stir up memories of way back then. Defeating Freeload now was much easier for me than back then.
I used the following packers:
MCC Compressor
then
Card Cruncher V4 (no idea who lent me this cartridge, but probably Tork&Torky)
(usual one was Matcham Time Cruncher V3.1 or a hacked version which ended up becoming Time Cruncher V3.1)
I ended up with 182 blocks incl. intro in Wizball
So it leads me to the next question, back in the day (for me) the best cracks had the smallest disk block size.
What packers did you use then on a real C64 in 1987, and what would you use now on real hardware (a. released upto 1987 and then anytime). What block size can you achieve ?
Exomizer V3.02 gives 144 blocks when no additional parameters are given.
TRIAD Wizball + is 166 with intro
Krejzi Packer $005E-$FFFF + Matcham Time Cruncher V3.1 gives 161 blocks
MCC Compressor + Matcham Time Cruncher V3.1 gives 165 blocks
Beast-Link/64k + Byte Boiler 256k V1.0 gives 148 blocks
Byte-Buster V4.1 + Byte Boiler 256k V1.0 gives 148 blocks |
|
... 84 posts hidden. Click here to view all posts....
|
| |
Knight Rider
Registered: Mar 2005
Posts: 116 |
After wathcing Bacchus video, I tried Fungus tool for FREELOAD to see Fungus Tape Transfers Disk
...of course it produces the same memory ($0400-$ffef) as a freezer crack, which I already knew. |
| |
tlr
Registered: Sep 2003
Posts: 1725 |
Quote: After wathcing Bacchus video, I tried Fungus tool for FREELOAD to see Fungus Tape Transfers Disk
...of course it produces the same memory ($0400-$ffef) as a freezer crack, which I already knew.
I guess that depends on what you mean by "freezer crack".
A "freeze" was typically a (bad) crack produced by pressing the freeze button right after the game started and letting the cart save a runnable result.
A "reset crack" was typically another (bad) crack produced by resetting the game into a monitor right after the game started. Then manually searching for where the relevant chunks of code/data is and a jmp address, then saving.
Both of these have the problem of a lot of initialization have already been done, clobbering memory, and that there may be a lot things that cannot be reinitialized correctly, resulting in a non-working game. |
| |
Knight Rider
Registered: Mar 2005
Posts: 116 |
I meant doing this, then entering Expert via restore and then saving all memory.
Quoting Knight Rider
* = $1000
jsr $f72c ;Read program header off tape
ldx #<TREX1
ldy #>TREX1
stx $03ee+1 ;.C:03ee A9 00 LDA #<$0800
sty $03f3+1 ;.C:03f3 A9 08 LDA #>$0800
jmp $F56C ;Read rest of program off tape
TREX1
lda #$00
sta $09a0 ;.C:09a0 20 48 45 JSR $4548
- lda $09a0 ;.C:09a0 20 48 45 JSR $4548
beq -
lda #$18 ;ie CLC
ldx #$90 ;ie BNE -2
ldy #$fd ;ie BNE -2
sta $099d ;.C:099d 4C 89 63 JMP $6389
stx $099e ;.C:099d 4C 89 63 JMP $6389
sty $099f ;.C:099d 4C 89 63 JMP $6389
jmp $0800
|
| |
tlr
Registered: Sep 2003
Posts: 1725 |
Quote: I meant doing this, then entering Expert via restore and then saving all memory.
Quoting Knight Rider
* = $1000
jsr $f72c ;Read program header off tape
ldx #<TREX1
ldy #>TREX1
stx $03ee+1 ;.C:03ee A9 00 LDA #<$0800
sty $03f3+1 ;.C:03f3 A9 08 LDA #>$0800
jmp $F56C ;Read rest of program off tape
TREX1
lda #$00
sta $09a0 ;.C:09a0 20 48 45 JSR $4548
- lda $09a0 ;.C:09a0 20 48 45 JSR $4548
beq -
lda #$18 ;ie CLC
ldx #$90 ;ie BNE -2
ldy #$fd ;ie BNE -2
sta $099d ;.C:099d 4C 89 63 JMP $6389
stx $099e ;.C:099d 4C 89 63 JMP $6389
sty $099f ;.C:099d 4C 89 63 JMP $6389
jmp $0800
without analysing the details of it, that is the strategy of a "clean" crack, i.e only loaded into memory, not started.
There could of course be crumbs you fail to capture this way but not sure if those were common together with freeload. |
| |
Mason
Registered: Dec 2001
Posts: 459 |
Quote: After wathcing Bacchus video, I tried Fungus tool for FREELOAD to see Fungus Tape Transfers Disk
...of course it produces the same memory ($0400-$ffef) as a freezer crack, which I already knew.
It's the Hitsquad release that uses Freeload. THe original Ocean release uses Ocean/Imagine loader
It might give a different picture |
| |
tlr
Registered: Sep 2003
Posts: 1725 |
Quote: It's the Hitsquad release that uses Freeload. THe original Ocean release uses Ocean/Imagine loader
It might give a different picture
Hmm, is that really true? I found a Hitsquad release and that used hitload. Several Ocean dumps seem to use freeload. |
| |
Martin Piper
Registered: Nov 2007
Posts: 645 |
The original Hitsquad tape doesn't have a loading picture or music. It just loads a single file that is a self extracting "freeze".
The original Ocean tape with loading screen and music loads several uncompressed chunks. |
| |
Martin Piper
Registered: Nov 2007
Posts: 645 |
For the hit squad tape put a breakpoint at $80d and you can see in the CPU history in Vice that the last part of the stack based tape loader will pretty much just call into $80d from the code at $154.
I say "freeze" for the hit squad tape version because it does a whole lot of typical "unfreeze" stuff, like expanding nybbles for the colour RAM at $840, restoring the end of RAM vectors at $81e, restoring SID, VIC, and other IO state $885-$8bf
It then does a couple of almost full memory copies, before jumping into code at $11, then to $2a7 restoring zero page, then clearing move of itself at $1e8, and using the usual RTI method at $1f9 to then start the game code cleanly at $6389.
So it's not quite a "freezer" that was restored from any entry point, it is actually going cleanly into the game start code at $6389.
Certainly however that self extracting archive can be made a lot smaller as it does not need to restore SID, VIC, IO. COLOURRAM before starting the game code at $6389. |
| |
Fungus
Registered: Sep 2002
Posts: 629 |
Quote: It's the Hitsquad release that uses Freeload. THe original Ocean release uses Ocean/Imagine loader
It might give a different picture
There's three versions then if there is an Imagine loader version.
I have an Ocean with Freeload, and a Hit-Squad release with Hitload. Did you dump that tape Mason? Would be interested to check the differences between it and the Freeload one.
I found some other crap in the file that looks like leftovers from something else.
Quoting Knight Rider
After wathcing Bacchus video, I tried Fungus tool for FREELOAD to see Fungus Tape Transfers Disk
...of course it produces the same memory ($0400-$ffef) as a freezer crack, which I already knew.
The Freeload transfer was coded by 6R6, it produces clean files off the tape just like setting a freeze point and then saving the loaded memory would. |
| |
Fungus
Registered: Sep 2002
Posts: 629 |
Had a look into this, got the tape with the Imagine Loader.
The code at EC00 is unfreezing code. This was common practice back then to freeze games just as they started. So will take some work to find the real entry point. Backtracking what's on the stack should point in the right direction.
Both versions are frozen, I'll take a look at the hitload one later. It's possible that it was remastered from original files.
$0400-$0460 is junk.
Load picture has a nasty reformat disk thing in it, haha.
I'd mention the funny string at the end of the high score entries but I don't want to get my access to the forums removed for mentioning a certain excrement. |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 - Next |
