;------------------------------- ; #SIERRA ; search and disable a self-decrypting ; protection check used on many Sierra ; disks in a way that doesn't trip the ; tamper check that checksums the code ; ; tested on ; - Apple Cider Spider ; - Aquatron ; - BC's Quest For Tires ; - Cannonball Blitz ; - Crossfire ; - Dragon's Keep ; - Learning with Leeper ; - Marauder ; - Mr. Cool ; - Oil's Well ; - Sammy Lightfoot ; - Sierra Championship Boxing ; - Winnie the Pooh ; - Donald Duck ; - Mickey's Space Adventure ; - King's Quest I, II, III ; - Leisure Suit Larry ; - Space Quest I, II ; - The Black Cauldron ; - The Dark Crystal ; - Mixed Up Mother Goose ; - The Artist ; ; module by qkumba ;------------------------------- !zone { lda gIsSierra beq + jmp .dosearch + ldy #3 jsr SearchTrack .call !byte $20,$D1,$D1 ;JSR $xxxx bcs + ldy #$01 jsr modify !byte $2C ;there are two of these on the same track + ldy #3 jsr SearchTrack .jmp1 !byte $4C,$D1,$D1 ;JMP $xxxx bcs + ldy #$01 jsr modify !byte $60 ldy #3 jsr SearchTrack .jmp2 !byte $4C,$D1,$D1 ;JMP $xxxx bcs + ldy #$01 jsr modify !byte $60 + ldy #3 jsr SearchTrack .load !byte $AD,$D1,$D1 ;LDA $xxxx bcs + sta .cmp7+1 adc #BASEPAGE sta .page11+2 inx inx inx .page11 lda $D100,x cmp #$F0 bne .cmp7 inx inx .cmp7 lda #$D1 ldy #3 jsr compare !byte $C9,$1D ;CMP #$1D !byte $B0 ;BCS *+xx bcs + sta gDisplayBytes pha lda #s_tamper jsr PrintByID pla inx inx inx ldy #$01 jsr modify !byte $00 + ldy #12 jsr SearchTrack !byte $AD,WILDCARD,WILDCARD ;LDA $xxxx !byte $85,$C1 ;STA $C1 !byte $A9,$00 ;LDA #$00 !byte $85,$C0 ;STA $C0 !byte $6C,$C0,$00 ;JMP ($00C0) bcs + pha txa adc #9 tax pla ldy #$01 jsr modify !byte $60 + ldy #14 jsr SearchTrack !byte $85,$11 ;STA $11 !byte $49,WILDCARD ;EOR #$xx !byte $48 ;PHA !byte $A5,$10 ;LDA $10 !byte $49,WILDCARD ;EOR #$xx !byte $48 ;PHA !byte $D0,$01 ;BNE *+3 !byte $4C ;dummy !byte $60 ;RTS bcs + pha tay jsr inx5 txa pha tya ldy #1 jsr modify !byte $EA ;NOP pla clc adc #5 tax pla ldy #1 jsr modify !byte $EA ;NOP + ldy #10 jsr SearchTrack !byte $A9,$20 ;LDA #$20 !byte $8D,$DC,$4D ;STA $4DDC !byte $A9,$60 ;LDA #$60 !byte $8D,$DF,$4D ;STA $4DDF bcs + inx ldy #$01 jsr modify !byte $2C ;BIT $xxxx + ldy #6 jsr SearchTrack !byte $20,$0A,$14 ;JSR $140A !byte $6C,$C6,$03 ;JMP ($03C6) bcs + inx inx inx ldy #$01 jsr modify !byte $60 ;RTS + ldy #17 jsr SearchTrack !byte $48 ;PHA !byte $8A ;TXA !byte $48 ;PHA !byte $98 ;TYA !byte $48 ;PHA !byte $20,$3D,$9B ;JSR $9B3D !byte $68 ;PLA !byte $A8 ;TAY !byte $68 ;PLA !byte $AA ;TAX !byte $68 ;PLA !byte $28 ;PLP !byte $6C,$36,$00 ;JMP ($0036) bcs + jsr inx5 ldy #$01 jsr modify !byte $2C ;BIT $xxxx + ldy #15 jsr SearchTrack !byte $EA ;NOP !byte $EA ;NOP !byte $EA ;NOP !byte $BD,$48,$4A ;LDA $4A48,X !byte $48 ;PHA !byte $BD,$47,$4A ;LDA $4A47,X !byte $48 ;PHA !byte $60 ;RTS !byte $EA ;NOP !byte $EA ;NOP !byte $EA ;NOP bcs + pha txa adc #6 tax pla ldy #$01 jsr modify !byte $EA ;NOP jsr inx4 ldy #$01 jsr modify !byte $EA ;NOP + ldy #7 jsr SearchTrack !byte $60 ;encoded NOP !byte $AA,$AA,$C8 ;encoded JSR $4220 !byte $4C,$BF,$48 ;JMP $48BF bcs + inx ldy #$01 jsr modify !byte $A6 ;encoded BIT + jmp .exit .trybox lda #$2C ;BIT $xxxx sta .patchstyle ldy #17 jsr SearchTrack !byte $20,$00,$1D ;JSR $1D00 !byte $20,$C0,$1D ;JSR $1DC0 !byte $A9,$16 ;LDA #$16 !byte $85,$56 ;STA $56 !byte $A9,$15 ;LDA #$15 !byte $85,$57 ;STA $57 !byte $20,$93,$15 ;JSR $1593 bcc + ldy #19 jsr SearchTrack !byte $20,$17,$0A ;JSR $0A17 !byte $20,$25,$0D ;JSR $0D25 !byte $20,$85,$1E ;JSR $1E85 !byte $80 ;dummy !byte $08,$CE,$CF,$CD,$CF,$CE,$C9,$C3,$CF ;"NOMONICO" + bcc + ldy #19 jsr SearchTrack !byte $20,$07,$FF ;JSR $FF07 !byte $A2,$00 ;LDX #$00 !byte $A9,$01 ;LDA #$01 !byte $85,$08 ;STA $08 !byte $86,$09 ;STA $09 !byte $60 ;RTS !byte $A9,$02 ;LDA #$02 !byte $85,$0C ;STA $0C !byte $4C,$41,$7E ;JMP $7E41 + bcc + ldy #17 jsr SearchTrack !byte $20,$27,$15 ;JSR $1527 !byte $4C,$6C,$41 ;JMP $416C !byte $84,$C2,$CC,$CF,$C1,$C4,$A0,$D7,$C1,$CC,$D4 ;"BLOAD WALT..." + bcc + ldy #26 jsr SearchTrack !byte $20,$0D,$09 ;JSR $090D !byte $AD,$F1,$08 ;LDA $08F1 !byte $D0,$6B ;BNE $08C3 !byte $A9,$01 ;LDA #$01 !byte $8D,$F1,$08 ;STA $08F1 !byte $20,$16,$16 ;JSR $1616 !byte $20,$3D,$18 ;JSR $183D !byte $80,$1B,$C2,$CC,$CF,$C1,$C4 ;"BLOAD ..." bcc + lda #$60 ;RTS sta .patchstyle ldy #14 jsr SearchTrack !byte $A9,$00 ;LDA #$00 !byte $AA ;TAX !byte $A8 ;TAY !byte $20,$B7,$FF ;JSR $FFB7 !byte $A9,$00 ;LDA #$00 !byte $85,$48 ;STA $48 !byte $BD,$89,$C0 ;LDA $C089,X jsr inx4 bcs ++ + sta gDisplayBytes pha lda #s_sierra jsr PrintByID pla ldy #$01 jsr modify .patchstyle !byte $2C ;BIT $xxxx jmp .exit ;two of these are on the same track ++ ldy #10 jsr SearchTrack !byte $F0,$08 ;BEQ *+10 !byte $A9,$00 ;LDA #$00 !byte $AA ;TAX !byte $95,$00 ;STA $00,X !byte WILDCARD ;INX or DEX !byte $D0,$FB ;BNE *-5 bcs + sta gDisplayBytes pha lda #s_tamper jsr PrintByID txa adc #5 tax pla ldy #$01 jsr modify !byte $B5 ;load instead of store ldy #24 jsr SearchTrack !byte $AD,WILDCARD,WILDCARD ;LDA $xxxx !byte $CD,WILDCARD,WILDCARD ;CMP $xxxx !byte $D0,$40 ;BNE *+$42 !byte $AD,WILDCARD,WILDCARD ;LDA $xxxx !byte $CD,WILDCARD,WILDCARD ;CMP $xxxx !byte $D0,$38 ;BNE *+$3A !byte $AD,WILDCARD,WILDCARD ;LDA $xxxx !byte $CD,WILDCARD,WILDCARD ;CMP $xxxx !byte $D0,$30 ;BNE *+$32 bcs + sta gDisplayBytes pha lda #s_tamper jsr PrintByID pla ldy #$01 jsr modify !byte $60 ;just return + ldy #15 jsr SearchTrack !byte $A9,$00 ;LDA #$00 !byte $85,$57 ;STA $57 !byte $A9,$FF ;LDA #$FF !byte $85,$58 ;STA $58 !byte $A9,$02 ;LDA #$02 !byte $85,$59 ;STA $59 !byte $20,$99,$4C ;JSR $4C99 bcs + pha txa adc #12 tax pla ldy #$01 jsr modify !byte $2C ;don't load sector #$10 + ldy #13 jsr SearchTrack !byte $A9,$00 ;LDA #$00 !byte $85,$59 ;STA $59 !byte $20,WILDCARD,WILDCARD ;JSR $xxxx !byte $68 ;PLA !byte $D0,$20 ;BNE *+$22 !byte $20,$00,$FF ;JSR $FF00 bcs + pha txa adc #10 tax pla ldy #$01 jsr modify !byte $2C ;don't call protection check .jmpexit jmp .exit .dosearch lda gIsBoot0 bne .jmpexit ldy #15 jsr SearchTrack !byte $CE,WILDCARD,WILDCARD ;DEC $xxxx !byte $EF,WILDCARD,WILDCARD ;mod->INC $xxxx !byte $AD,WILDCARD,WILDCARD ;LDA $xxxx !byte $49,WILDCARD ;EOR #$xx !byte $D0,01 ;BNE *+3 !byte $20 ;dummy !byte $8D ;STA $xxxx bcc + jmp .trybox + sta .cmp1+1 sta .cmp2+1 sta .cmp3+1 sta .cmp4+1 sta .cmp5+1 sta .cmp6+1 pha adc #BASEPAGE sta .page1+2 sta .page2+2 sta .page3+2 sta .page4+2 sta .page5+2 sta .page6+2 sta .page7+2 sta .page8+2 sta .page9+2 sta .page10+2 stx .adj+1 txa adc #17 tax .page1 lda $D100,x cmp #$18 bne + inx + pla ldy #6 jsr compare !byte $D0,$01 ;BNE *+3 !byte $4C ;dummy !byte $A0,WILDCARD ;LDY #$xx !byte $98 ;TYA .bcsexit1 bcs .bcsexit2 .page2 lda $D104,x sta .key+1 txa adc #6 tax .cmp1 lda #$D1 pha ldy #3 jsr compare !byte $90,$01,$20 bcs + inx inx inx + pla ldy #8 jsr compare !byte $59,WILDCARD,WILDCARD ;EOR $xxxx,Y !byte $99,WILDCARD,WILDCARD ;STA $xxxx,Y !byte $C8 ;INY !byte $D0 ;BNE *+xx .bcsexit2 bcs .bcsexit3 .page3 lda $D101,x sta .call+1 sta .jmp1+1 sta .jmp2+1 .page4 lda $D102,x sta .call+2 sta .jmp1+2 sta .jmp2+2 txa adc #9 tax .cmp2 lda #$D1 pha ldy #5 jsr compare !byte $88 ;DEY !byte $30,$01 ;BMI *+3 !byte $4C ;dummy !byte $60 ;RTS pla bcc + ldy #5 jsr compare !byte $98 ;TYA !byte $10,$01 ;BPL *+3 !byte $4C ;dummy !byte $60 ;RTS .bcsexit3 bcs .bcsexit4 + txa adc #5 pha tax .key ldy #$D1 - tya .page5 eor $D100, x .page6 sta $D100, x iny inx bne - pla tax .page7 lda $D100, x beq + cmp #$C8 sec bne .bcsexit4 + inx .cmp3 lda #$D1 ldy #11 jsr compare !byte $8C,$F4,$B7 ;STY $B7F4 !byte WILDCARD,$EC,$B7 ;STx $B7EC !byte $A9,$B7 ;LDA #$B7 !byte $A0,$E8 ;LDY #$E8 !byte $20 ;JSR $xxxx .bcsexit4 bcs .bcsexit5 txa adc #11 tax .cmp4 lda #$D1 pha ldy #2 jsr compare !byte $B5,$B7 pla bcc + pha ldy #2 jsr compare !byte $D9,$03 pla bcc + ldy #2 jsr compare !byte $00,$BD .bcsexit5 bcs .bcsexit6 + inx inx .cmp5 lda #$D1 pha ldy #3 jsr compare !byte $AE,$E9,$B7 ;LDX #$B7E9 bcs + inx inx inx + pla ldy #9 jsr compare !byte $BD,$89,$C0 ;LDA $C089,X !byte $A9,WILDCARD ;LDA #$xx !byte $8D,WILDCARD,WILDCARD ;STA $xxxx !byte $20 ;JSR $xxxx .bcsexit6 bcs .exit .page8 lda $D109,x pha .adj adc #$D1 tax pla adc #4 sta .tryalt+1 .cmp6 lda #$D1 pha ldy #3 jsr compare !byte $A9,$1C ;LDA #$1C !byte $8D ;STA $xxxx pla bcc .yes pha .tryalt ldx #$D1 ldy #3 jsr compare !byte $A9,$1C ;LDA #$1C !byte $8D ;STA $xxxx pla bcs .exit .yes sta gDisplayBytes bit gMode ; don't print anything in verify mode bpl + lda #s_sierra jsr PrintByID + .page9 lda $D103,x sta .load+1 .page10 lda $D104,x sta .load+2 bit gMode bpl .exit bvc .exit lda #TRUE sta gIsSierra jmp RestartScan .exit }