Back To The Future II

Hits: 1087

crack the flux capacitor

More
Tags
Author: rob
Submitted by: musashi9
Date: 2004-08-03 16:13
No tags
Back To The Future II

Image Works

You will need following:

1. Original game ? find on romshare.com
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper

Start by making a copy of original game disk. You will notice an error on track 0. This is most likely to be
a copylock.

Boot copy of game. The game seems to be loading just fine and this screen appears.

If you press fire here, the game continues to load and suddenly the trackcounter goes to track 0. A few secs after, your
computer crashes. This doesn?t happen with original game, so this must be a copylock routine kicking in.
Reboot game, when you see the picture above, enter AR. Copylocks often starts with a ?PEA?, the opcode for this
is 48 7A. Search for the opcode by typing ?F 48 7A?; hit enter. It will return four addresses, see pic:

We are interested in address 18164. Disassemble it with: ? D 18164?, and hit enter a few times. You will see
typically signs of a copylock routine. Lets find end of copylock, Hold down enter until you see something like this:

The copylock stops at address 18A3C. Address 18A40 moves address 32D42 into A7 but the interesting part is
coming now. Address 18A46 compare some numbers with D0, and if its not equal it will send the game into some
strange code, causing the game to crash This is done by the ?BNE? on address 18A4C?. These numbers it compares
to D0 must be magic number. The best way to crack this, would be to move magic number into D0 and branch to end of
copylock. A little later we will make such a patch. To test our theory, lets remove that ?BNE? at address 18A4C. Assemble
address 18A4C with: ? A 18A4C?; hit enter, type ?NOP?; hit enter, type ?NOP? again and hit enter.
Press Esc, and exit AR with X.

Start game and see what happens.

It works! Notice that the track counter still returns to track 0. When we make our patch, we will deal with this.
Since this is a NDOS game, we must read the raw tracks into memory and search for the copylock. To save time I?ll
tell you witch tracks copylock is located on, track 58+59. Read them into memory starting at location 30000.
Type: ?RT 74 4 30000?; hit enter. Search for the copylock with ?F 48 7A?; hit enter.

Take note of the first address (34564), because this is where we will insert our patch. To find end of copylock disassemble
address 34564 with ?D 34564? and hold down enter until you see this:

Copylock ends at address 34E40. and we have magic number in address 34E46. Now we have all information?s to make
a patch. Assemble address 34564 and type this in:
34564 MOVE.L #6D10B13A,D0; MOVE MAGIC NUMBER INTO D0
3456A BRA 34E40; BRANCH TO END OF COPYLOCK

When done write tracks back with ?WT 74 4 30000?; hit enter. Reset computer and start game.

Notice that the trackcounter stays off track 0. This is because we have inserted magicnumber in D0 and then bypassed
the whole copylock routine, by branching to the end of it.
Hope you enjoyed this basic copylock crack.

Dedicated to sweet sweet Victoria?..

Rob

Powered by the best online Amiga mod player: FLOD


Some more you may like:
Classic - Back to the Future 3Possessed - Back to the Future IIRebels - Back to the Future 2Back 2 The Roots

Comments

Leave a Comment!

Name:
: Use this calculator
Your comment will be available for editing for 10 minutes
2004-08-03 16:28

1. musashi9 writes

was there another version of this game ,i think i have a version that has password protection too?
reply
2004-08-03 20:44

2. Rob writes

I have checked my version
and i can't find any password/novella
protections in it.
reply
2004-08-03 22:20

3. musashi9 writes

ah yes ive just checked my archive there are 2 versions of this game ,im not sure what the diff is between them ,heres a snap of the password protection version
http://www.flashtro.com/bttf.jpg
reply