|
ZX Review #11-12
26 ноября 1997 |
|
Forum - Unprotect Microprotector'a.
Removing MICROPROTECTOR'a
I'm sure many met
with this protection. In recent years, 'MP' has acquired
extraordinary popularity among the firms that sell SOFT'om for
the Spectrum.
We have accumulated a decent
number of disks that are protected
with 'MP' (we are talking about
7.0). As further
tolerate such did not want (you can not make a backup copy, you
can not restore a disk, You can not run an emulator ...), had
to study this issue. Thus, for beginning - the essence of
protection.
MICROPROTECTOR put to
any track CD: 0-th,
160-th or the last file on the disk and allows you to protect
BASIC-files (or all by choice) from being copied.
MICROPROTECTOR works on the principle IBMovskih DIR-virus: it
changes the initial track and sector beysikprogrammy (as well
as its length) at their own. The first sector to be protected
BASIC CORF. These program options are also encoded and written
to the selected track. There is also itself 'MP'. Constants are
recorded in the coding gap between sectors on the same track.
Ie under the names of protected
programs hiding mikroprotektor.
Thus, working on
the principle of secondary loader'a,
'MP' is loaded instead of the program, a read command reads a
constant track ksorok, Download this BASIC, rasksorivaet it and
run.
Next unsuspecting program starts
as usual.
Copying a disc
standard tools of any good does not.
The same results when trying to
Recovery can not read the disk, if it exists 'MP': constants
are destroyed and irrevocably lost drive.
An emulator 'MP' is reset - no UKV Spectrum Debugger,
nor Z80TRDOS can not read track team read the track ...
But not all that bad. There is a wonderful program
to copy such discs - copyist 'McDONALD-2'.
(BTW, anyone knows it
authors??)
For a copy of the disc
just copy it in any potrekovaya copiers, and
then a separate copy track
with 'MP' with 'McDONALD'a.
There is another way -
remove the protection. This can be easily
done under the 'STS'om: download
BASIC through MERGE, trassiruete
code from the address 23884, until you see the following
sequence: 140.
PUSH IX
NOP
NOP
NOP
NOP
EI
JP # 3D2F
2
then write (memorize)
8 bytes from address 23781 (these are real data about the
program) and writes one sector to address 23867 (early BASIC)
to those sector and track addresses that are listed in
23787/23788.
Everything! It only remains for
disk-doctor in the file header
(The one with which we actually
and removes protection) instead of being there 8 (7, excluding
file type - it is always BASIC)
bytes (total length of BASIC, the length of
without variables, volume in sectors, the initial track and
sector) indicate previously recorded.
After all of this on a disk
will be absolutely normal
program, which freely copied not only in potrekovaya,
but also in per file mode.
Thus, we have removed the protection from multiple disk
drives. But when his turn came to drive on which was about 40
system programs that are protected MICROPROTECTOR'om ...
In short, we write
small program, which
she does it all.
In the process of its testing
somehow seamlessly transferred all
protected discs and went missing from the incentive to do a
small procedure, serious program (as was conceived before) to
remove 'MP'.
That the program did not
disappeared without cause, we decided to
send it to the ZX-REVIEW.
Here is its text:
140.
ORG 48000
;*****************************
; ANTIMICROPROTECTOR
;*****************************
; Written by Max from 'CYBERAX SOFTWARE'
3; on 15.08.97, Kemerovo.
;
START LD (STK), SP; saved stack.
LD HL, (23613)
LD E, (HL)
INC HL
LD D, (HL)
LD (OBR +1), DE; also retained.
MAIN LD SP, (STK); the main loop.
CUR_NAM LD HL, NAMES
; In HL - the current file name.
LD A, (HL)
INC A
JP Z, END; if the names are gone.
LD DE, 23773
LD BC, 8
LDIR; throws in the title.
LD (CUR_NAM +1), HL
LD A, "B"
LD (DE), A
;----------------------------------------; HERE CAN BE DONE
SIGNAL ; To insert a source disk
;----------------------------------------
LD C, 10
CALL # 3D13; looking for this file.
LD A, C
CP 255
JP Z, END
LD (NUM +1), A
XOR A
LD (23824), A
LD (23801), A
LD C, 14
CALL # 3D13; read the BASIC.
LD HL, 23912
LD DE, # DE00
LD BC, 768
LDIR; throw microprotector there
, Where it should work.
DI
CALL DECODE
DEFW # DE00
DEFB 21
CALL DECODE
DEFW # DE15
DEFB 24
CALL DECODE
DEFW # DE2D
DEFB 30
CALL DECODE
DEFW 57171
DEFB 38
CALL DECODE
DEFW 57405
DEFB 30
; All five ksorok passed!
CONT10 LD SP, TABLE
LD A, 4
CLEAR POP DE
POP HL
AND A
SBC HL, DE
LD B, H
LD C, L
LD H, D
LD L, E
INC DE
LD (HL), 0
LDIR
DEC A
JP NZ, CLEAR
; Well here, removed the trash ...
LD SP, (STK)
LD HL, 23814
LD (57219), HL
LD HL, 57501
LD (HL), 195; set point
INC HL; stop.
LD DE, CONT
LD (HL), E
INC HL
LD (HL), D
JP 56900; run it all.
CONT IM 1
EI
;----------------------------------------; HERE you can insert
a Changes the disc ;----------------------------------------
NUM LD A, 0
LD C, 9
CALL # 3D13; modify the title.
LD DE, (23787)
LD BC, # 0106
LD HL, 23867
CALL # 3D13; write rasksorenny
And the first sector BASIC place.
JP MAIN; the beginning.
END LD SP, (STK)
LD HL, (23613)
OBR LD DE, 0
LD (HL), E
INC HL
LD (HL), D
RST 8
DEFB 255
DECODE POP HL; most important podprog
LD E, (HL); Ramm: engaged
INC HL; passage ksorok.
LD D, (HL)
INC HL
LD C, (HL)
INC HL
PUSH HL
LD B, 0
EX DE, HL
PUSH HL
PUSH BC
DEC C
DEC C
LD DE, XORKA
LDIR
EX DE, HL
LD (HL), 195
INC HL
LD DE, POINT1
LD (HL), E
INC HL
LD (HL), D
LD A, (REG)
LD R, A
JP XORKA
POINT1 POP BC
POP HL
LD DE, XORKA
LDIR
EX DE, HL
LD (HL), 195
INC HL
LD DE, POINT2
LD (HL), E
INC HL
LD (HL), D
LD A, (REG)
LD R, A
JP XORKA
POINT2 LD A, R
RLCA
SUB 8
RRCA
LD (REG), A
RET
NAMES DEFM "GAME1"; here are
DEFM "GAME2"; names unsealed
DEFM "GAME3"; BASIC files.
DEFB 255; end mark.
REG DEFB 0; all sorts of variables ...
STK DEFW 0
TABLE DEFW 56832,56906
DEFW 57171,57208
DEFW 57406,57434
DEFW 57511,57546
XORKA DEFB 0; ksorki moved here.
2
Now the owner's manual.
1) Assembliruete this program you with the right name (what
name you want, you find out more).
2) gives CLEAR 47999.
3) Insert a secure disk.
4) RANDOMIZE USR 48000.
Starts fidgeting on the disk drive heads, blinking border,
appears a bit of garbage in screen. Stay cool
and wait until the end of this process.
After this protection is removed.
True, he 'MP' on the disk all
will remain, but it is absolutely
harmless.
Now the details. You may have noticed in Listing comments
relating to the disc is changed. Here's the thing: the program
records the removal of the patch to the same disc, and if it
suddenly messed up - for example, mikroprotektor another
version (I am, however, these are not met, but ...) or you
pointed out the name of an insecure program, or something else,
the drive may be corrupted.
So either copy the disc
McDONALD'om snimatel and run on it or organize
requests to change the disk (in this
case before launching ANTI_MP
need to copy potrekovaya
Secure the drive to another, and
This insert another disc to
demands of the program).
There is a third way in which
I used: take the risk, and all
operation of "cutting" to hold one disc (until failure
was not yet ...)
Now the most important thing: how do you know that the disk
is mikroprotektor rather than anything else.
Firstly, when you start BASIC, head drive, or going
160-th track, or at the end
disk, or remains on the 0-th (it
depends on the track, which was established 'MP').
Secondly, the drive at the same time
while spinning at a track (mikroprotektor reads the track).
There is a characteristic blinking white border color and
clicks.
The third - an attempt to start
copy of the program on another drive
resets.
And finally, the most important
sign - the length of the BASIC file is 762 bytes, ie
3-m sector. I can still recommend a look at diskdoktorom
initial track a suspicious file. If it is 0-th or 160 th, this
is yet another confirmation.
True, it may happen that
protection is hidden in the free area of the disk, but I have
such options had not yet occurred.
That's all. Maybe living creature of the readers will take
REVIEW and make ANTIMP more serious program - we are only
welcome.
Other articles:
Similar articles:
В этот день... 28 April