-------------Fact or Opinion----------- A 4am crack 2015-08-24 --------------------------------------- Name: Fact or Opinion Version: 04.27.85 Genre: educational Year: 1985 Authors: Milt Collins Publisher: Hartley Courseware Media: single-sided 5.25-inch floppy Media: single-sided 5.25-inch floppy OS: Diversi-DOS (T02,S02 has the string "C1983 DSR" backwards) Previous cracks: none Identical cracks: Who What When Where (crack no. 419) Home Row (crack no. 351) Reading for Meaning Level 2 (no. 154) many other Hartley Courseware titles ~ Chapter 0 In Which Various Automated Tools Fail In Interesting Ways COPYA immediate disk read error Locksmith Fast Disk Backup unable to read any track EDD 4 bit copy (no sync, no count) works Copy ][+ nibble editor modified address and data epilogues ("DA AA EB" instead of "DE AA EB") Disk Fixer ["O" -> "Input/Output Control"] set Address Epilogue to "DA AA EB" set Data Epilogue to "DA AA EB" all tracks readable T00 -> looks like a DOS 3.3 RWTS T11 -> DOS 3.3 disk catalog T01,S09 -> startup program is "HELLO" Why didn't COPYA work? modified epilogue bytes (every track) Why didn't Locksmith FDB work? modified epilogue bytes (every track) EDD worked. What does that tell us? no half or quarter tracks almost certainly no nibble check (just structural changes to epilogue) Next steps: 1. capture RWTS with AUTOTRACE 2. convert disk to standard format with Advanced Demuffin 3. patch RWTS to read standard format ~ Chapter 1 In Which We Attempt To Use The Original Disk As A Weapon Against Itself [S6,D1=original disk] [S6,D2=blank disk] [S5,D1=my work disk] ]PR#5 CAPTURING BOOT0 ...reboots slot 6... ...reboots slot 5... SAVING BOOT0 CAPTURING BOOT1 ...reboots slot 6... ...reboots slot 5... SAVING BOOT1 SAVING RWTS ]BRUN ADVANCED DEMUFFIN 1.5 ["5" to switch to slot 5] ["R" to load a new RWTS module] --> At $B8, load "RWTS" from drive 1 ["6" to switch to slot 6] ["C" to convert disk] --v-- ADVANCED DEMUFFIN 1.5 (C) 1983, 2014 ORIGINAL BY THE STACK UPDATES BY 4AM =======PRESS ANY KEY TO CONTINUE======= TRK:................................... +.5: 0123456789ABCDEF0123456789ABCDEF012 SC0:................................... SC1:................................... SC2:................................... SC3:................................... SC4:................................... SC5:................................... SC6:................................... SC7:................................... SC8:................................... SC9:................................... SCA:................................... SCB:................................... SCC:................................... SCD:................................... SCE:................................... SCF:................................... ======================================= 16SC $00,$00-$22,$0F BY1.0 S6,D1->S6,D2 --^-- ]PR#5 ... ]CATALOG,S6,D2 C1983 DSR^C#254 116 FREE *A 003 HELLO *A 008 CREDITS *A 046 F/O *A 040 CREATE LESSON *A 020 STU PLAN *B 002 IR *B 004 HR3 *B 007 MEDCHR *B 007 SMALL CHARS *B 004 GORBHI *B 003 GARBAG *T 043 STU.FILE *T 001 COPYRIGHT (C) 1984 *T 001 HARTLEY COURSEWARE INC. *T 001 ALL RIGHTS RESERVED T 014 FO1 T 013 FO2 T 016 FO3 T 011 FO3A T 012 FO4 T 013 FO4A T 013 FO5 T 013 FO5A T 015 FO6 T 013 FO6A T 016 FO7 T 012 FO7A T 015 FO8 T 013 FO8A T 001 ABB ]RUN HELLO ...works... [S6,D1=demuffin'd copy] ]PR#6 ...grinds... My copy can't read itself yet. This is not unusual. ~ Chapter 2 In Which We Remove All Traces Of Copy Protection Using An Automated Tool That I Wrote For Just Such An Occasion [S6,D1=demuffin'd copy] [S5,D1=my work disk] ]PR#5 ]BRUN PDP T00,S03,$91 change DA to DE T00,S03,$35 change DA to DE T00,S02,$9E change DA to DE Quod erat liberandum. --------------------------------------- A 4am crack No. 420 ------------------EOF------------------