-------The Right Resume Writer II------ A 4am crack 2014-06-04 --------------------------------------- "The Right Resume Writer II" is a 1986 program by Duane Reed and distributed by Career Development Software, Inc. The on-disk documentation says I have version 1.1. Booting the original disk, it shows all the symptoms of loading DOS 3.3 and running a HELLO program of some sort. It does display "THE RIGHT RESUME WRITER II" on the text screen early in the boot, but then it continues with loading tracks 2, 1, and 0, displaying a "]" prompt, and swinging out to the middle of the disk (more or less, based solely on listening to my disk drive). COPYA fails miserably and immediately with a disk read error. EDD 4 fares little better, with read errors on several tracks (no apparent pattern). Needless to say, the copy it produces does not work; it boots just enough to display "THE RIGHT RESUME WRITER II" before grinding the disk and crashing into the monitor. My trusty Copy ][+ sector editor can't make heads or tails of anything beyond track 0 (and only that with the "DOS 3.3 PATCHED" option from the Sector Editor Patcher). But track 0 appears to have a DOS-shaped RWTS, so let's see if my AUTOTRACE program has any luck in extracting it. [S6,D1=original disk] [S5,D1=my work disk] ]PR#5 ... CAPTURING BOOT0 ...reboots slot 6... ...reboots slot 5... SAVING BOOT0 Well... shoot. My work disk first runs AUTOTRACE0, which sets up a minimal boot trace to capture the first sector of track 0 and saves it to the file "BOOT0" (on my work disk, not the original disk). If the first sector looks reasonably normal, it runs AUTOTRACE1, which sets up a more involved boot trace to capture the rest of track 0 and save it to the file "BOOT1". If *that* looks reasonably normal, it saves the RWTS to a file, unimaginatively named "RWTS", which can be loaded with Advanced Demuffin to copy each track of the original disk to a duplicate with standard address/data prologue/epilogue sequences. But in this case, it only got as far as boot0, and I need to figure out why. ]CALL -151 *800<2800.28FFM *801L . . all normal, until . 084A- 4C B3 08 JMP $08B3 *8B3L ; set up reset vector? 08B3- 8E F2 03 STX $03F2 08B6- 8D F3 03 STA $03F3 08B9- 8C F4 03 STY $03F4 ; clear screen 08BC- 20 58 FC JSR $FC58 ; display title 08BF- A2 15 LDX #$15 08C1- A0 00 LDY #$00 08C3- BD DB 08 LDA $08DB,X 08C6- 49 80 EOR #$80 08C8- 99 31 05 STA $0531,Y 08CB- C8 INY 08CC- CA DEX 08CD- 10 F4 BPL $08C3 ; oh, that's nice -- it was just using ; the reset vector as scratch space to ; save and restore the registers 08CF- AE F2 03 LDX $03F2 08D2- AD F3 03 LDA $03F3 08D5- AC F4 03 LDY $03F4 08D8- 6C FD 08 JMP ($08FD) OK, this is all harmless (in terms of copy protection). The reason my AUTOTRACE program stopped is because $084A jumped to $08B3 instead of the usual ($08FD). But knowing that we're just going to continue with the normal boot1 flow soon enough, I can continue the auto-trace manually. (Yes yes, I am aware that's not very "auto," but let's not dwell on semantics.) The boot0 code is close enough to the normal DOS 3.3 code that my AUTOTRACE program should be able to capture the boot1 code, and hopefully the RWTS as well. *BRUN AUTOTRACE1 ...reboots slot 6... ...reboots slot 5... SAVING BOOT1 SAVING RWTS Yes! I have the RWTS. Now to plug it in to Advanced Demuffin and see if I can convert this disk to a standard format. (Then I'll get to see if there are any nibble checks or other secondary protections.) [S6,D1=my work disk] ]PR#6 ]BRUN ADVANCED DEMUFFIN 1.1 --> LOAD NEW RWTS MODULE At $B8, load "RWTS" from drive 1 [S6,D1=original disk] [S6,D2=blank disk] --> FORMAT TARGET DISK ...grind grind grind... --> CONVERT DISK This disk is 16 sectors, and the default options (copy the entire disk, all tracks, all sectors) don't need to be changed. ADVANCED DEMUFFIN 1.1 - COPYRIGHT 1983 WRITTEN BY THE STACK -CORRUPT COMPUTING =======PRESS ANY KEY TO CONTINUE======= TRK:................................... +.5: 0123456789ABCDEF0123456789ABCDEF012 SC0:................................... SC1:................................... SC2:................................... SC3:................................... SC4:................................... SC5:................................... SC6:................................... SC7:................................... SC8:................................... SC9:................................... SCA:................................... SCB:................................... SCC:................................... SCD:................................... SCE:................................... SCF:................................... ======================================= 16 SC $00,$00 TO $22,$0F BY $01 TO DRV2 The disk's own RWTS gave no read errors on any track. (EDD 4 bit copy gave a whole slew of read errors.) Whatever weird prologue sequences the original disk is using, it managed to confuse EDD 4. Impressive, in a twisted kind of way. But it shows the power and the genius of Advanced Demuffin. Every disk must be able to read itself. So, let it read itself, then capture the data and write it out in a standard format. Rebooting my work disk, I can now see the catalog on the demuffin'd copy. [S6,D1=demuffin'd copy] [S5,D1=my work disk] ]PR#5 ... ]CATALOG,S6,D1 C1983 DSR^C#254 381 FREE B 064 THE RRWII B 007 TABLE 3 B 006 INTRO P1 B 036 INTRO DB A 002 HELLO Now to make the disk be able to read itself (remember, it still has the original RWTS on it)... Using Copy ][+, I can "copy DOS" from a freshly initialized DOS 3.3 disk onto the demuffin'd copy. This function of Copy ][+ just sector-copies tracks 0-2 from one disk to another, but it's easier than setting that up manually in some other copy program. Copy ][+ --> COPY --> DOS --> from slot 6, drive 2 --> to slot 6, drive 1 [S6,D1=demuffin'd copy] [S6,D2=newly formatted DOS 3.3 disk] ...read read read... ...write write write... Success! The disk boots and runs with no complaint. There doesn't appear to be any secondary protection. However, I've lost the title screen that displayed during early boot. If it's not too much trouble, I'd like to restore it. That's just how I roll. As you may recall, the title display routine was at $08B3 at the very end of the boot0 code. The entire T00,S00 is byte-for-byte identical to a freshly formatted DOS 3.3 disk (not the master disk, but a disk that you get by booting the master disk and typing "INIT HELLO") -- except for the part at $08B3 that displays the title, and the jump instruction at $084A that calls it. Using my trusty Copy ][+ sector editor, I copied T00,S00 from the original disk to my copy. Still boots and runs, and now I have the original title screen as well. Quod erat liberandum. --------------------------------------- A 4am crack No. 62 ------------------EOF------------------