;------------------------------- ; #UNIVERSALE7 ; replace remnants of E7 bitstream ; with a compatible BYTEstream that ; fools most E7 protection checks ; (invented by qkumba, see PoC||GTFO 0x11 ; and 4am crack no. 655 Rocky's Boots 4.0) ;------------------------------- !zone { universale7 bit gMode ; nothing to do here in verify-only mode bpl .jmpexit lda #$0F sta .sector+1 .sector lda #$FF ; modified at runtime ldx #$A0 ldy #$60 jsr compare !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 !byte $AC,$00,$AC,$00,$AC,$00,$AC,$00 bcc + jmp .nextsector .jmpexit jmp .exit + lda .sector+1 ldx #$00 ldy #$80 jsr compare !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 !byte $00,$00,$00,$00,$00,$00,$00,$00 bcc + jmp .nextsector + lda .sector+1 sta gDisplayBytes lda #s_e7 jsr PrintByID lda .sector+1 ldx #$A3 ldy #$0C jsr modify !byte $64,$B4,$44,$80,$2C,$DC,$18,$B4,$44,$80,$44,$B4 .nextsector dec .sector+1 bmi .exit jmp .sector .exit }