+-----------------------------------------------------------------------+ | | -=| Apple IIgs cracks by Brian A. Troha |=- | | All the following cracks were done by me and fully tested. | | The goals for these cracks are (were): | | 1. Don't allow disc based protection to actually read the | disc. This allows for greater hard disk compatibility. | 2. Don't allow any signs of keyword based protection. | 3. Actually work :-) | | This information is presented to allow for the preservation of | Apple IIgs software through back-ups or through emulation. | | NOTE: These cracks were designed for copies of ORIGINAL disks, thus | the Block, Byte, From and To will match up exactly or you have | a different version of the program. | | These edits might not match up with the 2MG images used for | emulation due to issues like disc modification to allow for | self booting or the addition / removal of crack screens. | +-----------------------------------------------------------------------+ 4th & Inches (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $72 $86 20 B5 EA AD B5 EA $9A $40 20 B5 EA AD B5 EA 4th & Inches Team Construction (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) on the original 4th & Inches game disk Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $168 $80 20 55 EC AD 55 EC $190 $77 20 55 EC AD 55 EC Adventures of Sinbad (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $47A $103 A2 21 80 2C All About America (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $4E9 $17A A2 21 80 2C Aesop's Fables (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $349 $B6 A2 21 80 2C Ancient Land of Ys (Kyodai / Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $3BF $64 22 6F 65 00 AF 6F 65 00 <-- Kill call to the check $6C 64 E0 A5 E0 64 E0 E6 E0 <-- One = pass in memory flag $71 F0 03 EA EA <-- Kill branch to "failed" Arkanoid (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $20C $5B 22 73 09 00 AF 73 09 00 <-- Kill call to the check $63 22 A3 09 00 AF A3 09 00 <-- Kill call to the check $253 $9D 22 89 0C 00 AF 89 0C 00 <-- Kill call to the check $A3 2A 2A 85 66 18 EA 64 66 <-- Store a "pass" value $3FD $AF 0C 07 03 09 04 04 04 00 <-- Implant passable results Arkanoid II: Revenge of Doh (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $32A $69 22 73 08 00 AF 73 08 00 <-- Kill call to the check $73 22 A3 08 00 AF A3 08 00 <-- Kill call to the check $A5 22 B6 08 00 AF B6 08 00 <-- Kill call to the check $A9 90 09 80 09 <-- Force branch to "pass" $37D $88 90 02 00 55 80 02 00 55 <-- Allow game to continue $3DC $92 0C 07 03 09 04 04 04 00 <-- Implant passable results Bard's Tale (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $1AF $1FA 20 00 A0 90 A9 0F 18 80 <-- Overwirte call & maintain checksum Bard's Tale II (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $42E $2F 22 00 A0 00 AF 00 A0 00 $3E F0 2B 80 2B Battle Chess (Interplay) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $3D8 $FF 20 DE AA 9C 08 B9 <-- Overwrite call to CP routine with store "pass" value Blockout (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $2B8 $1FB 22 DD 5A 00 AF DD 5A 00 Bubble Ghost (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $17C $174 AD 00 00 9C 00 00 <-- Store a "pass" value $177 F0 2E 80 2E <-- Force branch to "pass" $1A2 22 00 00 00 AF 00 00 00 <-- Kill call to the check Calendar Crafter (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $602 $113 20 B5 08 AD B5 08 California Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $D2 $92 20 FB 51 AD FB 51 $95 90 03 80 03 Captain Blood (Mindscape) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $AE $87 22 F6 05 06 AF F6 05 06 $C3 22 2D 06 06 AF 2D 06 06 $CF 22 F6 05 06 AF F6 05 06 $D9 22 AD 04 06 AF AD 04 06 $E4 22 F6 05 06 AF F6 05 06 $F0 22 2D 06 06 AF 2D 06 06 $FC 22 F6 05 06 AF F6 05 06 $106 22 AD 04 06 AF AD 04 06 $120 22 E3 00 00 AF E3 00 00 $142 22 4B 03 08 AF 4B 03 08 $160 22 D7 02 08 AF D7 02 08 $189 F0 03 82 5A EA EA 82 5A Chess Master 2100 (The Software Toolworks) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control For version 1.01 on disk one: Block Byte From To ------------------------------------------ $4E5 $2C 22 00 00 00 AF 00 00 00 $61 D0 08 EA EA $C5 22 00 00 00 AF 00 00 00 $118 D0 08 EA EA $185 22 00 00 00 AF 00 00 00 $1D8 D0 08 EA EA For version 1.1 on disk one: Block Byte From To ------------------------------------------ $304 $1EB 22 00 00 00 AF 00 00 00 $305 $20 D0 08 EA EA $84 22 00 00 00 AF 00 00 00 $D7 D0 08 EA EA $144 22 00 00 00 AF 00 00 00 $197 D0 08 EA EA Club Backgammon (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $13 $10E 22 01 3E 00 AF 01 3E 00 Cobra Cavern (PBI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $235 $1DE 22 82 7C 00 AF 82 7C 00 $1E2 C9 0B 00 F0 A9 0B 00 80 $3F3 $1F 22 82 7C 00 AF 82 7C 00 $23 C9 0B 00 F0 A9 0B 00 80 Cribbage King / Gin king v1.01 (The Software Toolworks) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14E $8D 22 BE CF 00 AF BE CF 00 $99 D0 03 EA EA $2A9 $FD 85 CC EA EA $2F5 $1DA 22 BC 8F 00 AF BC 8F 00 $1E6 D0 03 EA EA $3CD $11E 85 CC EA EA Crystal Quest (Cassidy & Greene) Protection: None really, just asks at every boot "Is this a legal copy" Crack: None really, but remove the pop-up question at boot Block Byte From To ------------------------------------------ $30F $146 20 7A 72 AD 7A 72 $149 B0 0A EA 18 Deja-Vu (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA Deja-Vu II (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14 $188 22 00 00 02 AF 00 00 02 $18C CD 20 60 AD 20 60 $18F F0 08 80 08 $35 $8A 22 00 00 02 AF 00 00 02 $8E CD 20 60 AD 20 60 $91 F0 08 80 08 $185 22 00 00 02 AF 00 00 02 $189 CD 20 60 AD 20 60 $18C F0 08 80 08 $36 $00 22 00 00 02 AF 00 00 02 $04 CD 20 60 AD 20 60 $07 F0 08 80 08 $DD 22 00 00 02 AF 00 00 02 $E1 CD 20 60 AD 20 60 $E4 F0 08 80 08 $39 $16B 22 00 00 02 AF 00 00 02 $16F B0 70 EA 18 $171 CD 20 60 AD 20 60 $1F4 D0 6B EA EA Defender of the Crown (Cinemaware Inc.) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $258 $14 20 E3 17 AD E3 17 Deluxe Paint (Electronic Arts) Protection: Check for bad block Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $412 $165 22 00 00 00 AF 00 00 00 $169 A8 F0 02 80 EA EA EA 80 Designer Puzzles (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $2B3 $79 20 EC 0A AD EC 0A $7C 90 05 80 03 $7E 20 D1 09 AD D1 09 $81 B0 07 EA 18 Destroyer (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Control CP flow and skip over nibble counts (there are 10!!) Block Byte From To ------------------------------------------ $3D $5D E2 30 80 38 $97 B0 0C C2 30 $267 $1D1 A2 20 80 32 $268 $05 B0 0C C2 30 $26E $B9 A2 20 80 32 $ED B0 0C C2 30 $272 $131 A2 20 80 32 $165 B0 0C C2 30 $273 $13D A2 20 80 32 $171 B0 0C C2 30 $278 $7C A2 20 80 32 $B0 B0 0C C2 30 $27D $1D3 A2 20 80 32 $27E $07 B0 0C C2 30 $284 $128 A2 20 80 32 $15C B0 0C C2 30 $28A $64 A2 20 80 32 $98 B0 0C C2 30 $295 $119 A2 20 80 32 $14D B0 0C C2 30 Downhill Challenge (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ----------------------------------------- $5C8 $9D 08 60 <-- Overwrite start of CP with RTN $5CC $AA 00 00 40 1E <-- Implant "pass" value Draw Plus v1.0 (Activision) Protection: Check for bad block on block $7 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $516 $34 D0 23 80 21 Fast Break (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $0A $1E0 22 29 50 02 AF 29 50 02 <-- Kill call to the check $1E4 AD 26 00 9C 26 00 <-- Zero = pass in memory flag $1E7 F0 04 80 04 <-- Skip over "failed" Final Assault (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $3BC $D2 22 8B 07 01 AF 8B 07 01 <-- Kill call to the check $447 $1A2 AD 97 00 9C 97 00 <-- Zero = pass in memory flag $1A5 D0 14 80 1A <-- Branch down to "pass" Gauntlet (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $17C $199 22 00 90 00 AF 00 90 00 <-- Kill call to the check $19D C9 02 00 A9 02 00 <-- Load "pass" value $1A0 D0 03 EA EA <-- Fall through to continue code $1A5 D0 FE 80 FB <-- Redirect infinite loop to continue code GBA Championship Basketball (Activision) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ----------------------------------------- $240 $13F 20 9D 30 9C 8C 5E <-- Overwrite call to CP with store "Pass" value Geometry v1.0 (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines On Disk #2 Block Byte From To ----------------------------------------- $408 $8B 22 00 00 00 AF 00 00 00 $93 22 8E 0D 00 AF 8E 0D 00 On Disk #3 Block Byte From To ----------------------------------------- $E7 $1C6 22 00 00 00 AF 00 00 00 $1CE 22 8E 0D 00 AF 8E 0D 00 Gnarly Golf (Britannica) Protection: Read block $63F which has alternate data field header of AD AA D5 and preform a checksum on data read in Crack: Force CP routine to jump down to "passed" code Block Byte From To ------------------------------------------ $14F $12A A0 AC 07 4C B5 1F Graphics Studio v1.0 (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Set memory locations to "pass" and skip over copy protection Block Byte From To ------------------------------------------ $31 $14 AD 98 00 9C 98 00 <-- Zero out one memory location $17 D0 03 EA EA <-- Fall through to next opcode $19 82 D3 00 A9 01 00 <-- Overwrite branch with load "A" with a "pass" value $1C A5 F0 85 F0 <-- Store "A" in memory $1E F0 03 EA EA <-- Fall through to "continue" $4C D0 42 80 35 <-- Branch down to pass & exit $98 $1A8 A2 20 80 2C <-- Skip over disc read Graphicwriter (DataPak) Version 1.0R Protection: Check for bad block on blocks $C - $17 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $168 $FB F0 03 4C 80 4F 4C Version 1.1R Protection: Check for bad block on block $634 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $45C $FC F0 03 4C 80 51 4C Version 2.0 Protection: Check for bad block on block $634 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $471 $79 F0 03 4C 80 50 4C Grand Prix Circuit (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $104 $23 22 E9 B1 04 AF E9 B1 04 Great Western Shootout (Britannica) Protection: Read block $63F which has alternate data field header of AD AA D5 and preform a checksum on the data read in Crack: Skip block read & store self generated data instead of compare Block Byte From To ------------------------------------- $593 $1CE 4C D8 0C 4C 1D 0C <-- Jump to the "self generating" code $596 $2C D9 00 14 99 00 14 <-- Change CMP to STA $2F D0 08 EA EA <-- Eliminate the "fail" branch Hacker II (Activision) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $3D3 $7D F0 13 EA EA $3D8 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA $451 $7D F0 13 EA EA $456 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA Later version compatible with the GS 03 rom: Block Byte From To ------------------------------------------ $3BC $7D F0 13 EA EA $3C1 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA $454 $7D F0 13 EA EA $459 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA Hostage (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & force branch to pass Block Byte From To ------------------------------------------ $198 $5A 70 00 00 00 76 00 00 00 <-- Implant "pass" value on disk $1B6 $57 22 41 21 05 AF 41 21 05 <-- Kill call to the check $1ED $16F F0 0C 80 0C <-- Force branch to "passed" Instant Music (Electronic Arts) Protection: Check for bad block Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $111 $5E 22 00 00 00 AF 00 00 00 $62 A8 F0 02 80 EA EA EA 80 Imposible Mission 2 (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine & force code to store a "pass" value in memory Version 1.0 - On Disk #2 Block Byte From To ------------------------------------------ $3A6 $105 70 03 80 0D <-- Redirect branch to force pass value $3AE $3A 22 D8 4A 00 AF D8 4A 00 <-- Kill call to the check Jack Nicklaus' 18 Holes of Major Championship Golf (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $92 $7F F0 04 80 04 <-- Branch over CP routine $81 22 BA 03 00 AF BA 03 00 <-- Kill call to the check anyways Jigsaw! (Britannica Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $26 $130 A2 21 80 2C Keef The Thief (Electronic Arts) Protection: Key-word - Manual / Letter check Crack: Set memory flag & skip over protection Block Byte From To ------------------------------------- $3B8 $167 F0 03 EA EA <-- Fall through to set flag $169 82 9A 00 EE A9 01 00 8D <-- Load value and change INC to STA $175 D0 0D 22 28 80 0D 22 28 <-- Force branch to "pass" Kinderama (Unicorn Software) Protection: Check for bad block Crack: Never call copy protection routine & branch to pass code On disk one: Block Byte From To ------------------------------------------ $220 $21 22 5B 33 00 AF 5B 33 00 $24 B0 07 80 07 $224 $4A 22 CF 2F 00 AF CF 2F 00 $225 $6C 22 48 38 00 AF 48 38 00 $77 D0 03 80 0D On disk two: Block Byte From To ------------------------------------------ $4E2 $21 22 5B 33 00 AF 5B 33 00 $24 B0 07 80 07 $4E6 $4A 22 CF 2F 00 AF CF 2F 00 $51E $6C 22 48 38 00 AF 48 38 00 $77 D0 03 80 0D King of Chicago (Cinemaware Inc.) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $508 $1DF AD 26 00 9C 26 00 <-- Zero = pass in memory flag $1E2 F0 39 80 39 <-- Skip down to end of CP $573 $10D 0B 6B <-- Overwrite start of CP with RTL $627 $1B4 22 54 01 01 AF 54 01 01 <-- Kill call to the check King's Quest 1 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $A0 $B7 22 00 00 00 AF 00 00 00 King's Quest II (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $25F $17B 22 00 00 00 AF 00 00 00 $267 $166 22 00 00 00 AF 00 00 00 $2ED $BF 22 00 00 00 AF 00 00 00 Laserforce (Britannica) Protection: Read block $63F which has alternate data field header of AD D5 AA and preform a checksum on the data read in Crack: Never call copy protection routine Block Byte From To ------------------------------------- $38B $161 22 00 00 00 AF 00 00 00 Leisure Suit Larry (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $A5 $159 22 00 00 00 AF 00 00 00 Magical Myths (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $1EE $14D A2 21 80 2C Mancala (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $12 $13C 22 EC 0B 00 AF EC 0B 00 <-- Kill call to the check $24 $A6 22 EC 0B 00 AF EC 0B 00 <-- Kill call to the check $A6 $31 0B 3B 38 E9 6B 3B 38 E9 <-- Make check return Marble Madness (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Overwrite call to copy protection routine + set carry flag Block Byte From To ------------------------------------------ $381 $F3 20 00 37 EA EA 38 Math Blaster Plus (Davidson) Protection: Check for bad block Crack: Never call copy protection routines & store "pass" value Block Byte From To ------------------------------------------ $9 $1BD 20 6F 02 AD 6F 02 $1C2 9D 34 00 9E 34 00 Math Wizard (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $4F8 $0B A2 21 80 2C Mavis Beacon Teaches Typing (Software Toolworks) Protection: Check for bad block on block $63A-$63F Crack: Never call copy protection routine Version 1.2 Block Byte From To ------------------------------------------ $4B9 $197 22 8E 6C 03 AF 8E 6C 03 Version 1.5 Block Byte From To ------------------------------------------ $142 $18F 22 00 00 00 AF 00 00 00 Mini-putt (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & branch control Block Byte From To ------------------------------------------ $7 $11B 22 62 03 00 AF 62 03 00 <-- Kill call to the check $11F B0 03 EA 18 <-- Clear carry and continue Optional: $7 $1DA 22 62 03 00 AF 62 03 00 <-- Kill call to the check $11F 90 02 80 C8 EA EA EA 18 <-- Clear carry and continue $3A $1A9 A2 20 80 20 <-- Branch over CP to end $1CD 38 18 <-- Clear carry for "pass" Monte Carlo (PBI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $E4 $58 22 AF $5C C9 0B 00 F0 A9 0B 00 80 Multiscribe IIgs (Styleware) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" For v3.01c Block Byte From To ------------------------------------------ $538 $DC 22 9E 03 00 AF 9E 03 00 <-- Kill call to the check $E1 90 12 80 26 <-- Reroute branch $109 AD 2A 01 9C 2A 01 <-- Force a store of a "pass" value $10C D0 19 EA EA <-- Allow code to fall through and continue Music Construction Set (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & branch control Block Byte From To ------------------------------------------ $43E $CA 20 00 BF C5 EA EA EA EA 42 49 20 C2 EA EA EA EA A4 90 18 80 $43E $1B7 BD 21 1D 22 $440 $1A 4C BD 21 EA EA EA Neuromancer (Interplay) Protection: Key-word / codewheel Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $109 $FE 20 FC 74 AD FC 74 Paperboy (Mindscape) Protection: Check for bad block on block $7 Crack: Overwrite copy protection call with returned value Block Byte From To ------------------------------------------ $D0 $132 22 00 90 00 A9 02 00 EA Pipe Dreams (Lucusfilm) Protection: Key-word / codewheel Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $19D $1F6 20 C6 47 AD C6 47 $19E $C5 20 8A 37 AD 8A 37 Qix (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $4D5 $77 22 73 02 00 AF 73 02 00 <-- Kill call to the check $81 22 A3 02 00 AF A3 02 00 <-- Kill call to the check $AC 22 B6 02 00 AF B6 02 00 <-- Kill call to the check $B0 90 09 80 09 <-- Force branch to "pass" $5B4 $DC 0C 07 03 09 04 04 04 00 <-- Implant passable results Read and Rhyme (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------- $38A $6F A2 21 80 2C Sea Strike (PBI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $58E $0B 22 F1 02 00 AF F1 02 00 $0F C9 0B 00 F0 A9 0B 00 80 Serve & Volley (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $DD $E1 A2 20 A0 01 80 10 A0 01 Shadowgate (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA Shanghai (Activision) Protection: Check for bad block Crack: Never call copy protection routine & set memory flag to "pass" Ver 2 "START" dated 20 Jan 87 Block Byte From To ------------------------------------------ $243 $1E4 A0 00 00 A0 01 00 <-- Load "Y" with a pass value $1E7 22 74 78 00 AF 74 78 00 <-- Kill call to CP routine $1EB 8D 09 5D 8C 09 5D <-- Store "Y" in memory Shanghai [Newer] (Activision) Protection: Check for bad block Crack: Never call copy protection routine & set memory flag to "pass" Ver 3 "START" file dated 15 Sept 87 Block Byte From To ------------------------------------------ $243 $51 A0 00 00 A0 01 00 <-- Load "Y" with a pass value $54 22 7A 78 00 AF 7A 78 00 <-- Kill call to CP routine $58 8D 0F 5D 8C 0F 5D <-- Store "Y" in memory $267 $145 C9 01 00 F0 A9 01 00 80 Showoff (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Allow copy protection routine to store a "pass" value in memory before it actually reads the disk and then force it to return Version 1.0 - On Disk #2 Block Byte From To ----------------------------------------- $17C $70 08 E2 30 A2 60 E2 30 A2 Version 1.1 - On Program disk Block Byte From To ----------------------------------------- $17D $70 08 E2 30 A2 60 E2 30 A2 Silpheed (Sierra) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine, store a pass value & branch control Block Byte From To ------------------------------------------ $1AA $126 22 00 00 00 AF 00 00 00 <-- Kill call to the check $12A AD 00 00 EE 00 00 <-- Store "pass" value $12D D0 03 80 03 <-- Branch down to continue code Skate or Die (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $9 $3D 22 00 10 00 AF 00 10 00 Space Quest v2.2 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $9E $177 22 00 00 00 AF 00 00 00 Space Quest 2 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $34C $178 22 82 1F 00 AF 82 1F 00 $354 $166 22 3A 1A 13 AF 3A 1A 13 $3AB $93 22 75 16 0D AF 75 16 0D Stickybear GS Talking series (Optimum Resources) Protection: Check for bad block Crack: Never call copy protection routines Talking Alphabet on disk 1 Block Byte From To ------------------------------------------ $F4 $14F 20 B6 18 AD B6 18 Talking Opposites Block Byte From To ------------------------------------------ $EC $15D 20 07 3A AD 07 3A Talking Shapes Block Byte From To ------------------------------------------ $EC $183 20 7A 2E AD 7A 2E Street Sports Soccer (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $24 $00 20 3C 20 AD 3C 20 Superstar Ice Hockey (Mindscape) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & branch control Block Byte From To ------------------------------------------ $9 $5F 20 A3 1A AD A3 1A $B $04 D0 13 EA EA $0C D0 0B EA EA $C $11A D5 00 D4 00 $38 $B7 D0 12 80 38 $A6 $B9 D0 12 80 36 Tales from the Arabian Nights (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------- $553 $1BD A2 21 80 2C Task Force (Britannica) Protection: Read block $63F which has alternate data field header of AA CC D5 and preform a checksum on data read in Crack: Never call copy protection routine & manually supply the required data (self generated) from block $63F With a COPY of Task Force in Slot 5, Drive 1: PREFIX,S5 <-- Work with the disk in Slot 5, Drive 1 BLOAD STARTUP.SYSTEM,A$2000,TSYS <-- Load in the game file CALL-151 <-- Enter the monitor to make fixes 2034:4C 43 0A <-- Jump to the new create DATA routine 20C9:5C 88 41 02 <-- Redirect to actual start of the game 2243:A2 FE 01 A0 00 <-- Start of routine to create DATA 2248:00 8A 18 C8 98 2A A8 08 2250:9F 00 98 02 28 CA CA 10 <-- STA $029800,X (put data where it needs to be) 2258:F2 4B AB 18 4C 37 08 <-- PHK, PLB and JMP to continue the loading EA<225F.2290Z <-- Overwite unneeded code with NOPs 2291:18 <-- CLC and $2292 is already a RTL BSAVE STARTUP.SYSTEM,A$2000,TSYS <-- save the modified start up program Test Drive II: The Duel (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $169 $19B 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $1F3 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $191 $1D8 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $199 $125 F0 16 80 16 <-- Allow any master to read data disk Tetris IIgs (Spectrum Holobyte) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ----------------------------------------- $2B $51 20 CE 57 AD CE 57 <-- Kill call to the check $54 AD B7 0F 9C B7 0F <-- Zero = pass in memory flag $57 D0 03 EA EA <-- Kill branch to "failed" The Last Ninja (Activision) Protection: Check for bad block on block $63F Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $CD $16B C2 30 9C EF 80 65 9C EF The Immortal (Electronic Arts) Protection: Key-word - Manual / Letter check Crack: Increment memory flag (non Zero = "pass") & fall through to return On Disk #1 Block Byte From To ------------------------------------------ $72 $19B AD 99 CE EE 99 CE <-- INCrement memory flag $19E F0 01 60 EA EA 60 <-- Kill branch to "do protection question" The Third Courier (Accolade) Protection: Key-word - Manual / Letter check Crack: Set memory flag to "pass" & fall through to return On Disk #1 Block Byte From To ------------------------------------------ $199 $10E AD 84 01 9C 84 01 <-- Zero = pass in memory flag $111 D0 03 EA EA <-- Kill branch to "do protection question" Thexder [Newer version 2.7 / Joystick control] (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $7 $5A 22 8D 0A 00 AF 8D 0A 00 Thexder [Original release] (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $55C $55 22 42 0F 00 AF 42 0F 00 Recover the alt version of Thexder called "Othexder" from the original release disk. Use Copy II Plus v8.0 or higher and "undelete" OTHEXDER (also protected): Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $7 $5A 22 62 0F 00 AF 62 0F 00 Three Stooges (Cinemaware) Protection: Check for bad block Crack: Branch past the copy protection Block Byte From To ------------------------------------------ $13 $12F D0 03 22 A8 80 3B 22 A8 Top Draw (Styleware) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Store a "pass" value in memory & fall through to pass code For v1.00A: Block Byte From To ------------------------------------------ $350 $E5 AD BB 0B 9C BB 0B <-- Set memory flag to "pass" $E8 F0 04 80 04 <-- Skip over copy protection $EA 22 16 44 02 AF 16 44 02 <-- Kill call to protection anyways $2D3 $00 01 00 00 00 00 00 00 00 <-- Set flag to "pass" on disk For v1.01A: Block Byte From To ------------------------------------------ $393 $E AD C2 42 9C C2 42 <-- Set memory flag to "pass" $11 D0 13 EA EA <-- Fall through to pass code $520 $154 AD C2 42 9C C2 42 <-- Set memory flag to "pass" $157 D0 13 EA EA <-- Fall through to pass code Tower of Myraglen (PBI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $40F $72 22 CB 1B 00 AF CB 1B 00 $58C $84 22 E1 00 00 AF E1 00 00 $88 C9 0B 00 F0 A9 0B 00 80 TrianGO (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14 $1D9 22 A5 22 00 AF A5 22 00 <-- Kill call to the check $203 $FE 22 AF A5 00 AF AF A5 00 <-- Kill call to the check $106 D0 06 80 06 <-- Force branch to "pass" Block Byte From To ------------------------------------------ $198 $1D9 22 A5 22 00 AF A5 22 00 <-- Kill call to the check $26D $FE 22 AF A5 00 AF AF A5 00 <-- Kill call to the check $106 D0 08 80 08 <-- Force branch to "pass" Tunnels of Armageddon (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Allow any answer OR kill entire CP routines Block Byte From To ------------------------------------------ $2B $96 F0 05 A9 00 EA EA EA EA 00 80 03 EA EA EA This allows for the built in cheat answer "kacper" to still work or accept any answer. Completely disable the check and forfeit the cheat ADD: Block Byte From To ------------------------------------------ $39 $FC A2 04 91 A2 04 90 $10C A9 01 00 82 4E 03 $3B $1D0 B7 D4 97 D0 EA EA EA EA 88 88 10 F8 EA EA EA EA A7 D4 87 D0 EA EA EA EA $3C $C1 B0 03 A9 00 EA 18 82 48 00 02 Uninvited (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA USA Geography v1.0 (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine & force conditional branches Block Byte From To ------------------------------------------ $445 $E2 20 52 0B AD 52 0B $E5 90 05 80 03 $E7 20 5C 0A AD 5C 0A $EA B0 23 18 EA Vegas Craps (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $12B $1C6 22 FE 7F 00 AF FE 7F 00 <-- Kill call to the check $1CA 85 C3 64 C3 <-- Zero = pass in memory flag $1CE D0 03 EA EA <-- Kill branch to "failed" Vegas Gambler (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $24 $1C9 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $1CD 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $1F0 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $25 $6 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $A 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $2D 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $43 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $47 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $6A 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $80 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $84 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $A7 8D 84 00 9C 84 00 <-- Zero = pass in memory flag War In Middle Earth (Melbourne House) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $315 $BE F0 03 82 A1 EA EA 82 A1 <-- Kill branch to the check Where in the USA is Carmen Sandiego? (Broderbund) Protection: Key-word - Manual / Letter check Crack: The program uses token values for each step of the game. Change the token of CP question routine to "Good Job..." thus bypassing the protection altogether Block Byte From To ------------------------------------------ $223 $17 A9 96 05 A9 A0 05 Where in the World is Carmen Sandiego? v1.0 (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine On Disk #2 Block Byte From To ------------------------------------------ $69 $20 22 84 04 00 AF 84 04 00 Windwalker (Origin) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines + branch control Block Byte From To ------------------------------------------ $190 $C7 22 84 28 03 AF 84 28 03 $D9 22 B1 25 03 AF B1 25 06 $103 22 12 1E 03 AF 12 1E 03 $114 22 E3 18 03 AF E3 18 03 $11A 22 8F DA 00 AF 8F DA 00 $11E 22 79 26 03 AF 79 26 03 $122 22 79 26 03 AF 79 26 03 $17F F0 02 80 23 EA EA 80 23 Winter Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $61E $65 20 60 00 AD 60 00 <-- Kill call to the check $423 $C4 D0 FC EA EA <-- Kill infinite loop World Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $7 $65 20 5D 00 AD 5D 00 <-- Kill call to the check $3E $23 D0 FC EA EA <-- Kill infinite loop World Geography (MECC) Protection: Check for bad block Crack: Never call copy protection routine + branch control For v1.0: Block Byte From To ------------------------------------------ $68 $F5 20 3B 0B AD 3B 0B $F8 90 05 80 03 $FA 20 3C 0A AD 3C 0A $FD B0 23 EA 18 For v1.1: Block Byte From To ------------------------------------------ $9 $173 20 3E 0B AD 3E 0B $176 90 05 80 03 $178 20 46 0A AD 46 0A $17B B0 23 EA 18 For v1.2: Block Byte From To ------------------------------------------ $73 $D0 20 4C 0B AD 4C 0B $D3 90 05 80 03 $D5 20 54 0A AD 54 0A $D8 B0 23 EA 18 World Tour Golf (Electronic Arts) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $17D $141 0B 3B 38 E9 6B 3B 38 E9 $188 $74 22 00 00 00 AF 00 00 00 Xenocide (Micro Revealtions) Protection: Check for Mac "tag bytes" on block $4E1 and stores the value $1E46 at 02/62DB if it passes Crack: Never call copy protection routines and insert the pass value directly on the disk & prevent memory flag overwrite. The game program file is 128 blocks, dated 23-JUL-89 11:35, 64996 bytes long Block Byte From To ------------------------------------------ $7 $150 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $154 90 0C 80 0A $156 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $15A 90 06 80 04 $15C 22 81 1D 00 22 81 1D 00 <-- Kill call to copy protection $160 80 EE EA 18 $44 $E2 00 00 46 1E <-- Implant "pass" value $E7 A9 00 00 A9 46 1E <-- Don't ZERO out memory flag $45 $0B 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $0F 90 0C 80 0A $11 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $15 90 06 80 04 $17 22 81 1D 00 AF 81 1D 00 <-- Kill call to copy protection $1B 80 EE EA 18 $4B $15F F0 01 60 EA EA EA $62 $172 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $176 90 0C 80 0A $178 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $17C 90 06 80 04 $17E 22 81 1D 00 AF 81 1D 00 <-- Kill call to copy protection $182 80 EE EA 18 $6A $17C D0 27 EA EA $63D $65 8F 06 00 00 AF 06 00 00 <-- Read instead of store memory flag The game program file is 129 blocks, dated 13-APR-89 19:18, 65085 bytes long Block Byte From To ------------------------------------------ $8 $155 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $159 90 0C 80 0A $15B 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $15F 90 06 80 04 $161 22 8B 1D 00 22 8B 1D 00 <-- Kill call to copy protection $165 80 EE EA 18 $44 $FC 00 00 46 1E <-- Implant "pass" value $101 A9 00 00 A9 46 1E <-- Don't ZERO out memory flag $45 $25 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $29 90 0C 80 0A $2B 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $2F 90 06 80 04 $31 22 8B 1D 00 AF 8B 1D 00 <-- Kill call to copy protection $35 80 EE EA 18 $4B $179 F0 01 60 EA EA EA $5F $18C 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $190 90 0C 80 0A $192 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $196 90 06 80 04 $198 22 8B 1D 00 AF 8B 1D 00 <-- Kill call to copy protection $19C 80 EE EA 18 $67 $1B4 D0 27 EA EA $634 $9D 8F 06 00 00 AF 06 00 00 <-- Read instead of store memory flag Zany Golf (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $5D $111 D0 04 80 04 <-- Branch over CP routine $113 22 00 36 00 AF 00 36 00 <-- Kill call to the check +-----------------------------------------------------------+ | | | The following cracks were done by LoGo a competent and | | and skilled cracker. Many of his cracks mirror my own | | work. These cracks all work and are presented here as | | an alternative to my cracks as listed above. | | | +-----------------------------------------------------------+ 4th & Inches (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Place a RTS at the start of the copy protection routine Block Byte From To ------------------------------------------ $C5 $97 C2 30 20 85 60 30 20 85 4th & Inches Team Construction (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) on the original 4th & Inches game disk Crack: Place a RTS at the start of the copy protection routine Block Byte From To ------------------------------------------ $1BC $37 C2 30 20 85 60 30 20 85 California Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count & implant pass values for both tracks Block Byte From To ------------------------------------------ $FC $43 08 18 FB 80 65 FB <-- Skip down to pass code $E4 00 08 20 20 08 20 <-- Implant passable value for track $20 $EA 00 B0 1D 1E B0 1D <-- Implant passable value for track $21 Deja-Vu (Mindscape) Protection: Check for bad block on block $7 Crack: Overwrite start of CP routine to load a pass value and return Block Byte From To ------------------------------------------ $76 $8E FB C2 30 0B A9 0F 00 6B Deja-Vu II (Mindscape) Protection: Check for bad block on block $7 Crack: Overwrite start of CP routine to load a pass value and return Block Byte From To ------------------------------------------ $95 $B2 FB C2 30 0B A9 01 02 6B Destroyer (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Overwrite start of CP with code to return passable values Block Byte From To ------------------------------------------------------------------ $3F $118 4B AB E2 30 A0 04 B1 E0 E2 30 9B E0 20 F0 02 A0 $120 8D C9 11 AA C8 B1 1E A2 00 8A 18 6B $29B $D1 4B AB E2 30 A0 04 B1 E0 E2 30 9B E0 20 F0 02 A0 $D9 8D C9 11 AA C8 B1 1E A2 00 8A 18 6B Great Western Shootout (Britannica) Protection: Read block $63F which has alternate data field header of AD AA D5 and preform a checksum on the data read in Crack: Skip all CP routines and jump straight to the "passed" code Block Byte From To ------------------------------------- $593 $1CE 4C D8 0C 4C 44 0E Read and Rhyme (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $352 $199 22 14 86 00 AF 14 86 00 Shadowgate (Mindscape) Protection: Check for bad block on block $7 Crack: Overwrite start of CP routine to load a pass value and return Block Byte From To ------------------------------------------ $76 $8E FB C2 30 0B A9 21 00 6B Task Force (Britannica) Protection: Read block $63F which has alternate data field header of AA CC D5 and preform a checksum on data read in Crack: Overwrite part of copy protection routine to manually supply the required data (self generated) from block $63F Block Byte From To ------------------------------------------------------------------ $569 $43 20 E5 0C 48 08 E2 20 AF A2 FE 01 A0 00 00 8A 18 35 C0 E1 29 BF 8F 35 C0 C8 98 2A A8 08 9F 00 98 E1 C2 20 28 68 8B 4B AB 02 28 CA CA 10 F2 18 6B Uninvited (Mindscape) Protection: Check for bad block on block $7 Crack: Overwrite start of CP routine to load a pass value and return Block Byte From To ------------------------------------------ $76 $8E FB C2 30 0B A9 20 00 6B +-----------------------------------------------------------+ | | | The following cracks were NOT done or tested by me, but | | are provided as an alternate method for back-ups. | | | | They may leave portions of the CP intact like the actual | | disc read routines and force them to pass at the lowest | | levels or simply ignore the results after the read. | | | +-----------------------------------------------------------+ 816 Paint (Baudville) For v2.0 Block Byte From To ------------------------------------------ $273 $11D 30 03 0E 80 03 0E <-- Remove CP from Paint 320 $2D8 $DF 30 03 0E 80 03 0E <-- Remove CP from Paint 640 For v3.1 Block Byte From To ------------------------------------------ $2A2 $124 30 03 0E 80 03 0E <-- Remove CP from Paint 320 $30A $E6 30 03 0E 80 03 0E <-- Remove CP from Paint 640 California Games (Epyx) Block Byte From To ------------------------------------------ $FC $66 22 93 53 00 AF 93 53 00 $77 90 03 80 03 $88 22 93 53 00 AF 93 53 00 $9C 90 03 80 03 $B9 90 1D 80 18 or $FC $58 E2 30 80 77 $D1 B0 05 E2 30 Deluxe Paint (Electronic Arts) Block Byte From To ------------------------------------------ $291 $1B3 08 C2 30 8B 6B C2 30 8B Dungeon Master (FTL) For version 2.0 Block Byte From To ------------------------------------- $104 $110 18 38 $114 38 18 For version 2.1 Block Byte From To ------------------------------------- $E6 $110 18 38 $114 38 18 Dream Zone (Baudville Inc) Block Byte From To ------------------------------------- $1B7 $A9 22 DB C4 00 AF DB C4 00 $DF 22 DB C4 00 AF DB C4 00 $1BC $F6 22 DB C4 00 AF DB C4 00 $12C 22 DB C4 00 AF DB C4 00 Grand Prix Circuit (Accolade) Block Byte From To ------------------------------------------ $112 $138 EA 30 80 3A Great Western Shootout (Britannica) Block Byte From To ------------------------------------- $159 $128 20 00 BF 80 18 90 03 80 $166 $C9 D9 00 14 99 00 14 $CC D0 08 EA EA King's Quest III (Sierra On-line) Block Byte From To ------------------------------------------ $2D1 $D8 22 00 00 00 AF 00 00 00 $24A $15A AD 00 00 18 6B 00 00 18 Mavis Beacon Teaches Typing (Software Toolworks) Block Byte From To ------------------------------------------ $3E $10C 22 00 00 00 AF 00 00 00 $3E $113 D0 12 80 12 Mean 18 Golf (Accolade) Block Byte From To ------------------------------------------ $29C $174 8D DB 0D AD DB 0D $506 $174 8D 9A 13 AD 9A 13 Mini-putt (Accolade) Block Byte From To ------------------------------------------ $3A $1CF C2 30 18 6B Music Studio v1.0 (Activision) Block Byte From To ------------------------------------- $44D $0D 22 ?? ?? ?? AF ?? ?? ?? $14 F0 03 80 03 $16 82 82 00 EA EA EA Paintworks Plus v1.0 (Activision) Block Byte From To ------------------------------------------ $291 $1D8 22 ?? ?? ?? AF ?? ?? ?? $1CF D0 12 EA EA $1E0 D0 01 EA EA or $2B0 $2B 20 6A 09 AD 6A 09 Sea Strike (PBI Software) Block Byte From To ------------------------------------------ $5B4 $144 C9 00 00 D0 C9 00 00 80 Serve & Volley (Accolade) Block Byte From To ------------------------------------------ $DD $E1 A2 20 A0 01 A9 00 18 60 Shanghai (Activision) Block Byte From To ------------------------------------------ $267 $145 C9 01 00 F0 A9 01 00 80 $27D $168 18 FB C2 30 A9 01 00 6B alt earlier version of Shanghai: Block Byte From To ------------------------------------------ $27D $162 18 FB C2 30 A9 01 00 6B Alt version: Block Byte From To ------------------------------------------ $27C $168 18 FB C2 30 A9 01 00 6B Skate or Die (Electronic Arts) Block Byte From To ------------------------------------------ $7 $4F 22 00 00 00 AF 00 00 00 $F0 22 00 00 00 AF 00 00 00 Slide Show (Broderbund) Block Byte From To ------------------------------------- $2B $1BA A9 60 Top Draw (Styleware) Block Byte From To ------------------------------------- $394 $1E2 D0 1D 80 1A Where in Time is Carmen Sandiego? (Broderbund) Block Byte From To ------------------------------------- $32B $19C 20 00 96 90 EA EA 18 80