passport/src/analyze.a

;-------------------------------
; SkipTrack
; out:   C clear if we should skip this track
;        C set if we should not skip this track
;-------------------------------
!zone {
SkipTrack
;
; 1) $EEEF protection track (EEEFBBBAFAAE nibble sequence)
;    [must come first because track would otherwise pass the IsUnformatted test below]
;    [speed optimization: only check on track $22]
;
.checkeeef
         lda   gTrack
         cmp   #$22
         bne   .checkunformat
         jsr   IsEEEF
         bcs   .checkunformat
         lda   #s_eeef
         bcc   .skiptrack ; always taken
;
; 2) unformatted track
;
.checkunformat
         jsr   IsUnformatted
         bcs   .checkf7f6
+        lda   #s_unformat
         bcc  .skiptrack ; always taken
;
; 3) $F7F6 protection track (F7F6EFEAAB nibble sequence)
;
.checkf7f6
         jsr   IsF7F6
         bcs   .checksync
         bit   gMode
         bpl   .checksync
         bvc   .checksync
; if we're in 'crack' mode, restart the scan to find the protection code
         jmp   SetupF7F6SecondRound
;
; 4) nibble count track (mostly $FF sync bytes)
;
.checksync
         jsr   IsSyncBytes
         bcs   .checktrack6
         lda   #s_sync
         bcc   .skiptrack ; always taken

;
; 5) track simply does not exist (Electronic Arts in particular)
;
.checktrack6
         jsr   IsEATrack6
         bcs   .fail
         lda   #s_eatrk6
; note: execution falls through here
.skiptrack
         jsr   PrintByID
;
; Skipping T22 on a ProDOS disk might indicate the presence of a
; Gamco Industries protection elsewhere on the disk. Different
; Gamco disks present as different types of weirdness on T22 --
; EEEF, sync, or even unformatted. (The actual protection is just
; a bad block check, so putting the code here will catch all
; possible cases.)
;
         lda   gTrack
         cmp   #$22
         bne   +
         lda   gIsProDOS
         bne   +
         lda   #TRUE
         sta   gPossibleGamco
+        clc
         !byte $24        ; hides next SEC
.fail
         sec
         rts
}

;-------------------------------
; IsF7F6
; check for a specific nibble sequence
; ("F7 F6 EF EE AB") that is used by a
; whole-track protection scheme
;
; in  slot 6, drive 1 is on track to test
; out C clear if sequence was found
;     C set if sequence was not found
;-------------------------------
!zone {
IsF7F6
         lda   $C0E9
         lda   #$00
         jsr   WAIT
         lda   #$20
         sta   nibcount
         ldy   #$00
-        lda   $C0EC
         bpl   -
         cmp   #$F7
         beq   +
.restart iny
         bne   -
         dec   nibcount
         bne   -
         beq   .fail
+
-        lda   $C0EC
         bpl   -
         cmp   #$F6
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$EF
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$EE
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$AB
         bne   .restart
         clc
         !byte $24        ; hides SEC
.fail    sec
         lda   $C0E8
         rts
}

;-------------------------------
; SetupF7F6SecondRound
;
; Print that we found the F7F6 protection track,
; then restart the scan so we can search every sector
; for the protection code.
; Never returns.
; Exits via RestartScan.
;-------------------------------
SetupF7F6SecondRound
; Mark in the sector map that we should ignore
; this protection track the second time around.
         lda   checksector+1
         sta   .a+1
         lda   checksector+2
         sta   .a+2
         ldy   gSector
         lda   #kSectorIgnore
.a       sta   $D1D1      ; modifed at runtime
         dec   .a+1
         bne   +
         dec   .a+2
+        dey
         bpl   .a
; print that we found the protection track
         lda   #s_f7
         jsr   PrintByID
; set global to activate expensive patcher
         lda   #TRUE
         sta   gIsF7F6
         jmp   RestartScan

;-------------------------------
; IsEEEF
; check for a specific nibble sequence
; ("EE EF BB BA FA AE") that is used by a
; whole-track protection scheme
;
; in  slot 6, drive 1 is on track to test
; out C clear if sequence was found
;     C set if sequence was not found
;-------------------------------
!zone {
IsEEEF
         lda   $C0E9
         lda   #$00
         jsr   WAIT
         lda   #$20
         sta   nibcount
         ldy   #$00
-        lda   $C0EC
         bpl   -
         cmp   #$EE
         beq   +
.restart iny
         bne   -
         dec   nibcount
         bne   -
         beq   .fail
+
-        lda   $C0EC
         bpl   -
         cmp   #$EF
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$BB
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$BA
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$FA
         bne   .restart
-        lda   $C0EC
         bpl   -
         cmp   #$AE
         bne   .restart
         clc
         !byte $24        ; hides SEC
.fail    sec
         lda   $C0E8
         rts
}

;-------------------------------
; IsSyncBytes
; check if track is mostly $FF bytes
;
; in  slot 6, drive 1 is on track to test
; out C clear if track is mostly just $FF bytes
;     C set otherwise
;-------------------------------
IsSyncBytes
         lda   #$FD
         sta   gNIBTableFF
         jsr   IsUnformatted
         lda   #$3F
         sta   gNIBTableFF
         rts

;-------------------------------
; IsUnformatted
; check if track is unformatted
;
; in  slot 6, drive 1 is on track to test
; out C clear if track is unformatted
;     C set if track is formatted
;-------------------------------
IsUnformatted
         lda   $C0E9
         lda   #$00
         sta   unform
         sta   unform+1
         jsr   WAIT
         lda   #$20
         sta   nibcount
         ldy   #$00
nibloop  ldx   $C0EC
         bpl   nibloop
         lda   gNIBTable,x
         bpl   +
         inc   unform
         bne   +
         inc   unform+1
+        iny
         bne   nibloop
         dec   nibcount
         bne   nibloop
         lda   $C0E8
         lda   #$18
         cmp   unform+1
         rts

;-------------------------------
; xHeredityDog
; check for a protection check at $BB00
; which implies an unreadable T00,S0A
;
; in:  $0800..$08FF contains boot0
;      $B600..$BFFF contains boot1
; out: C clear if protection code was found
;      C set if protection code was not found
;-------------------------------
!zone {
xHeredityDog
         lda   $08FE
         clc
         adc   #$04
         pha
         ldx   #$16
         ldy   #$4A
         jsr   CompareMemory
         !byte $F0,$05,$A2,$B2,$4C,$F0,$BB,$BD,$8C,$C0,$A9,WILDCARD
         !byte $8D,$00,$02,$BD,$8C,$C0,$10,$FB,$C9,$EB,$D0,$F7,$BD,$8C
         !byte $C0,$10,$FB,$C9,$D5,$D0,$EE,$BD,$8C,$C0,$10,$FB,$C9,$AA,$D0,$E5
         !byte $A9,$4C,$A0,$00,$99,$00,$95,$88,$D0,$FA,$CE,$46,$BB,$AD,$46,$BB
         !byte $C9,$07,$D0,$EC,$A9,$18,$8D,$42,$B9,$A9,$0A,$8D,$ED,$B7,$D0,$05
         pla
         bcs   .exit
         lda   #kSectorOptional
         sta   T00S0A
.exit
         rts
}

;-------------------------------
; xSunburst
; check for a Sunburst RWTS
; which implies an unreadable T11,S0F
;
; in:  $0800..$08FF contains boot0
;      $B600..$BFFF contains boot1
; out: C clear if Sunburst RWTS was found
;      C set otherwise
;-------------------------------
!zone {
xSunburst
         lda   $08FE
         clc
         adc   #$03
         ldx   #$69
         ldy   #$2C
         jsr   CompareMemory
         !byte $48,$A5,$2A,$4A,$A8,$B9,$29,$BA
         !byte $8D,$6A,$B9,$8D,$84,$BC,$B9,$34
         !byte $BA,$8D,$FC,$B8,$8D,$5D,$B8,$C0
         !byte $11,$D0,$03,$A9,$02,$AC,$A9,$0E
         !byte $8D,$C0,$BF,$68,$69,$00,$48,$AD
         !byte $78,$04,$90,$2B
         bcs   .no
.yes
         lda   #kSectorOptional
         sta   T11S0F
.no
         rts
}

;-------------------------------
; xOptimumRes
; check if disk has Optimum Resource bootloader
; which implies an unreadable T01,S0F
;
; in:  $0800..$08FF contains boot0
;      $B600..$BFFF contains boot1
; out: C clear if OptimumRes bootloader was found
;      C set otherwise
;-------------------------------
!zone {
xOptimumRes
         lda   #$08
         ldx   #$5D
         ldy   #$0C
         jsr   CompareMemory
         !byte $68,$85,WILDCARD,$68,$85,WILDCARD,$A0,$01
         !byte $B1,WILDCARD,$85,$54
         bcs   .no
.yes
         lda   #kSectorOptional
         sta   T01S0F
.no
         rts
}

;-------------------------------
; xB4BB
; check if disk changes RWTS in late boot after a nibble check
; (very messy because it needs to handle DOS 3.2 and 3.3 variants
; in either low or high memory)
;
; in:  $0800..$08FF contains boot0
;      either $3600..$3FFF or $B600..$BFFF contains boot1
; out: C clear if RWTS was modified in this routine
;      C set otherwise
;-------------------------------
!zone {
xB4BB
         lda   gTrack
         pha
         lda   gSector
         pha
b4bbcompare
         lda   #$FF       ; modified at runtime (in Inspect1)
         ldx   #$00
         ldy   #$20
         jsr   CompareMemory
         !byte $D8,$A9,$DF,$48,$A9,$FF,$48,$A9
         !byte $08,$85,$3D,$85,$43,$A9,$BF,$85
         !byte $3F,$A9,$00,$85,$3C,$85,$42,$E6
         !byte $42,$A9,$FE,$85,$3E,$A0,$00,$AD
         bcc   +
         jmp   _b4bbexit
+        lda   gIsDOS32
         beq   .dos32
         lda   #$55       ; low byte of address that checks address prologue 1
         sta   b4bbmodify+1
         lda   #$91       ; low byte of address that checks address epilogue 1
         sta   b4bbmodify2+1
         ldx   #$00       ; track
         ldy   #$0C       ; sector
         bne   .all       ; always branches
.dos32
         lda   #$76       ; low byte of address that checks address prologue 1
         sta   b4bbmodify+1
         lda   #$B2       ; low byte of address that checks address epilogue 1
         sta   b4bbmodify2+1
         ldx   #$01       ; track
         ldy   #$00       ; sector
.all
         stx   gTrack
         sty   gSector
         lda   #$00
         sta   gAddress
         lda   #$0C
         clc
         adc   #BASEPAGE
         sta   gAddress+1
         jsr   ReadSector ; read sector so we can look for 'JMP $B4BB' marker
         bcs   _b4bbexit
         lda   #$0C
         ldx   #$84
         ldy   #$03
         jsr   compare
         !byte $4C,$BB,$B4
         bcs   _b4bbexit
         lda   gIsDOS32
         beq   .dos32b
         ldx   #$02       ; track
         ldy   #$02       ; sector
         bne   .allb      ; always branches
.dos32b
         ldx   #$02       ; track
         ldy   #$09       ; sector
.allb
         stx   gTrack
         sty   gSector
         jsr   ReadSector ; read sector to get address prologue 3 for rest of disk
         bcs   _b4bbexit
         lda   #$0C
         clc
         adc   #BASEPAGE
         sta   x0+2
x0       lda   $FFC2      ; high byte modified at runtime (above)
b4bbmodify
         sta   $FFFF      ; modified at runtime (high byte in Inspect1, low byte above)
         lda   #$DE
b4bbmodify2
         sta   $FFFF      ; modified at runtime (high byte in Inspect1, low byte above)
         lda   gIsDOS32
         bne   _b4bbexit
         lda   #kSectorCustomDOS32B4BB
         sta   T02S0C
_b4bbexit
         pla
         sta   gSector
         pla
         sta   gTrack
         rts
}

;-------------------------------
; xB660
; Check if RWTS calls an extra routine at $B660
; after matching the first two data prologue
; nibbles. This routine can hang in an infinite
; loop if it's used to read an unprotected sector,
; so we need to force-switch to the built-in RWTS
; after reading all the protected sectors.
; (T00,S00-S09 are unprotected because they are
; read by the drive firmware.)
;
; in:  $0800..$08FF contains boot0
; out: C clear if $B660 routine was found
;      C set otherwise
;-------------------------------
!zone {
xB660
         lda   #$08
         ldx   #$60
         ldy   #$1A
         jsr   CompareMemory
         !byte $BD,$8C,$C0,$10,$FB,$C9,$AD,$D0
         !byte $F4,$A9,$F8,$3D,$8C,$C0,$D0,$02
         !byte $EA,$EA,$EA,$EA,$BD,$8C,$C0,$2A
         !byte $30,$02
         bcs   .no
.yes
         lda   #kSectorSwitchToBuiltinRWTS
         sta   T00S09
.no
         rts
}

;-------------------------------
; IsEATrack6
; check if track 6 even exists
; in the case of EA, track 6 reads as track 5
;
; in  slot 6, drive 1 is on track to test
; out C clear if read track does not match expected track
;     C set otherwise
;-------------------------------
IsEATrack6
         lda   gTrack
         cmp   #6
         sec
         bne   +
         lda   $2E ;DOS read track number
         sbc   #5
         cmp   #1
+        rts