Submitted by: Rob
Date: 2005-01-17 18:34
? The Assembly Line / U.S Gold
1. Original game ? find on emunova.net
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper
Start by making a copy of original game disk. This is to determine type of protection.
Every track seems ok, so
we are probably not dealing with a disk-based protection.
Boot copy of game. After some loading, a screen like this appears:
Hmmm. Press ? OK ? until the txt ? ACCESS DENIED ? appears. Enter AR and press D + enter, to disassemble actual
Address 6146 branches to itself, game is looping. Let?s see some of the previous code. Continue disassembling until
bottom of screen has been reached. Scroll back up and stop when you see this:
Address 6100 compares address 628A with D6. If equal, address 6106 branches to 611C, that returns. Address 610C
subtracts 1 from address 6289, which keeps track of the access attempts. When it reaches 0, address 6112 branches to
611E and the ? ACCESS DENIED ? screen appear.
We?ll crack the game, by replacing the BEQ at address 6106 with a RTS. In this way, the protection will return, no matter
what security code that are entered.
To be able to find the code to alter in the game file, we need something to search for. Let?s choose the opcodes from
address 6100. See opcodes with M 6100.
Protection is located in a file called ? vaxine ?. Load it into memory, starting at address 30000: LM VAXINE,30000.
Find the opcodes: F BC 39 00 00 62 8A,30000. AR returns address 32C16. Disassemble this address and hit enter a
few times. It hopefully looks familiar :)
We wanted to change the BEQ at address 32C1C to a RTS.
Assemble address 32C1C and insert a RTS. Save memory back as a file called ? vaxine ?: SM VAXINE,30000 6FA40.
You can now choose what ever you like at the protection screen.