Espana ? The Games ?92

Hits: 1010

Password

More
Tags
Category: TutorialsAmigaCrackingNovella
Author: rob
Submitted by: Rob
Date: 2004-09-10 22:01
No tags
Espana ? The Games ?92
? Ocean 1992

You will need following:

1. Original game ? find on emunova.net
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper
5. 1 blank disk
6. ProPack ? find on amiga-stuff.com

Note! Addresses may differ on your computer.
Start by making a copy of original game disks, to see the type of protection. Everything seems to be ok on all
disks. This is probably a novella protection.
Boot copy of game. After some loading, a picture similar to this, appears:

Choose anything, but the right one. (should be easy). When you have picked the wrong picture, screen turns black.
Enter AR, press D to disassemble actual memory. Hold enter down until you reach bottom of screen and scroll
back up with curser up, until this appears:

We are ? standing ? at address 1091A witch is branching to itself.(looping). This routine starts at address 1090C.
Let?s check, what jumps to this address. Type; ? FA 1090C,10000 ? see picture above. AR returns one address; 108B2.
Disassemble this address and hold enter down, until you reach bottom of screen. Scroll back up with curser up,
until this appears:

Look at address 108AE, it compares D0 with D1 and if it?s equal, address 108B0 branches on with the game. If it?s NOT
equal, address 108B2 goes to the loop code. Let?s find this on disk and change that BEQ (branch equal) to a BRA ( branch).
We need something to search for, when we patch disk. Let?s use the opcode for CMP.L D0,D1; B2 80.
The protection is located in a file on disk 1 called ? main ?. It?s crunched with ProPack, so we need to decrunch it before
we can alter it. Copy file ? main ? + ProPack to a blank disk and boot it.
Type this in DOS to decrunch file: PROPACK U D MAIN

After a few secs, you should have a new file called ? main.rnc ?. Enter AR and load it into memory, starting at
address 30000; LM MAIN.RNC,30000. File is located between 30000 ? 4431C.

Remember the opcode for the CMP.L D0,D1 ? Good, search for it starting at address 30000; F B2 80,30000.
AR returns four addresses. We are interested in the first one. Disassemble address 309EA and hit enter a few times.

Looks familiar ? Assemble address 309EC and change the ? BEQ 309F2 ? to ? BRA 309F2 ?. Let?s remove the BSR
to the loop routine, by inserting a NOP on address 309EE & 309F0. This shouldn?t be necessary, but you?ll never know.
Save memory back to disk as a file called ? crack ?; SM CRACK 30000 4431C. Reset and type this in DOS, to crunch
file: PROPACK P D CRACK.

You should now have a new file called ? CRACK.RNC ?. Delete file ? MAIN ? on copy of disk 1 and copy ? CRACK.RNC ?
to it. Rename file to ? MAIN ?. Boot game and select whatever you want on the protection screen.

Dedicated to sweet sweet Victoria

Rob


Powered by the best online Amiga mod player: FLOD


Some more you may like:
TRSI - California Games IIAccess - Aquatic GamesWizzcat - California Games IIFairlight - Aquatic Games

Leave a Comment!

Name:
: Use this calculator
Your comment will be available for editing for 10 minutes
No comments yet