Akranoid ? The revenge of Doh

Hits: 7380

Copy lock

More
Tags
Author: rob
Submitted by: Rob
Date: 2005-01-16 19:41
No tags
Akranoid – The revenge of Doh
© Taito
1987

You will need following:

1. Original game – find on emunova.net
2. An Amiga or WINUAE
3. Action Replay or ROM image
4. Pencil and paper

Start by making a copy of original game disk. This is to determine type of protection.
You’ll notice an error on track 0. This is some type of a disk based protection, where you can’t duplicate a specially
written track.
When you boot copy of game, it crashes almost instantly. So, the protection check is executed at a very early state of
game boot.
Boot original game and enter AR, when it begins to load. Let’s try to search for the typically sign for a copylock,
the “ PEA $$$$ ”, F 48 7A. AR returns address 5A70. See memory with N 5A70 and press enter a few times.

Exit AR and wait for the copylock to finish. When game continues to load, enter AR again. See address 5A70 again
with N 5A70. Ahh… Seems like memory has changed. The copylock has probably decrypted the game loader.
We’ll better try to find start of it. Hold enter down to continue showing memory and stop when you reach bottom of
screen. Use curser up and scroll back up, until this appears:

Hmm. hard to see start of the code… Disassemble address 5930 and stop when this appears

It seems like the “ reasonable “ code starts at address 59E8 (many things starts here :). See memory with N 59E8:

Code seems to end around address 5B68, take note of this.
Insert copy of game and read track 0 into memory, starting at address 70000: RT 0 2 70000.

Disassemble the boot code: D 7000C. We are interested in 70038 & 70040. 70038 decides the amount of data to load
from disk and 70000 is the offset to load from. 70030 are the destination for the loaded data.
Since the boot code moves data from offset 400, we will simply transfer the decrypted loader to offset 400. This
will overwrite the original encrypted loader, and game will load the decrypted one instead.
The decrypted loader was located from address 59E8 – 5B68, transfer it to address 70400: TRANS 59E8 5B68 70400.

Write track 0 back: WT 0 2 70000. You don’t have to correct the boot block checksum, as we haven’t altered
anything in the actual boot code (70000 70400).

Dedicated to sweet sweet Victoria

Rob

Powered by the best online Amiga mod player: FLOD


Some more you may like:
Arkanoid Revenge of Doh [FRENCH]

Comments

Leave a Comment!

Name:
: Use this calculator
Your comment will be available for editing for 10 minutes
2007-12-17 15:05
Avatar

1. Giants92 writes

Hi,

Not too deep, too shourt.
It missing some picture (like orginal copy with error under xcopy)
and more details.

If not, it's good.
reply
2016-02-19 09:10

2. Giants writes

Image disk don't exist on emunova.net and this tuto don't work with SPS image [0765] Arkanoid - Revenge of Doh (retail)(EU)]. ALL disk is encode (MFM ?). Error 8 on ALL track with Xcopy pro (and error 6 on track 0) with doscopy+ and with Nibble copy, always with xcopy pro, First track : Error7 and any other Green
reply