|
ZX News #02
30 ноября 1996 |
|
how to hack program - How to hack software and games on SPECCY: Explanatory note by Richard P Swann.
(C) Richard P Swann.
(C) 1996 Translation of SOI.
How to hack program SPECCY?
Explanatory note.
This description was written by Richard P
Swann'om. It was a complete,
In my opinion, the description that can be
learn how to find POKES.
Capacity of 80 sheets on 58 stitches.
(About 120 Kb) I, SOI, as the author
literary translation, I beg forgiveness for
possible logical errors.
WHAT YOU WILL NEED.
If you want to use this book
successfully, you will need the following:
* Key. Understanding SPECCY general.
If you are the most novice user,
you will find this book very difficult.
But if you are not alien to such concepts as:
memory cell, the team, then everything will horosho.Esli as you
do not understand DOS 3 + section of corporate governance, all
in OK - I do not much understand
about anything in this section referred to ...
* Disassembler or program monitor.
It is theoretically possible to hack to do and
Without these programs, but the young hackers
without them so hard as an experienced detective, and seeing
the program the hacker. My personal choice Hi'soft DEVPAC but if
You have the program and STK
007 Disassembler (who were in the annex to the "Your Sinclair
(magazine) 75, 77) you lose a lot because main
I will focus specifically on DEVPAC.
* Some games are for breaking. Many games
hacking is illegal, and I hope
that you will not do this either by
any circumstances. Hack games
ADVENTURE STRATEGY type and quite difficult, there is not a
POKE to Lose ... But We discuss the games and the type ARCADE
ARCADE-ADVENTURE. (And later I will show
how to break ADVENTURE). The main focus we will concentrate on
increasing the quantity of life and energy.
* Patience and work ... Well, the idea clear?
* Multiface or Magic button. In principle,
These devices are not mandatory
and important, but they are very useful for
burglary. In his book, several times I
to them are addressed.
PART ONE - Main Idea.
Before you start hacking, you must master
sense of what we are zaymemsya.Mnogim
seem absurd, but not knowing the place
destination where do we go?
Basically, we will modify the program what - that design
changes that should help us play. This eternal life, eternal
energy, invisibility, eternal bullets, etc.
What would be sure of success, we
need to know what's going on in the game. For
We must understand the language in which
was written by the game. Almost all games are written in
assembly language, and we'll have it study. In fact, it is not
very difficult.
It is logical to assume that somewhere in
program is stored the number of lives, as
constant. (Usually from 3 to 9, but there are
such games, where life is much longer).
And there is a design that reduces this
number (which is not constant because
certainly it has been copied to another place and memory in
this place with him conduct active operations). Our goal this
structure removed.
You probably suspect as it should
vyglyadet.Esli lives of 3, then:
100 LET LIVES = 3
... And a little further on the program ...
500 LET LIVES = LIVES-1
As we see, to establish an eternal life
enough to remove the 500 line program
and run it.
A similar thought in the assembly, but then
the way of others.
Unlike BASIC, assembler can
be located anywhere in RAM.
In Chapter 24 (Memory) described the distribution of memory
SPECCY.Naibolee successfully on my opinion, represents the
memory in the form 65,535 boxes, each of which retained a
number from 0 to 255. Thus, the assembler takes a piece of
paper, wrote on it the number of lives, and at the right time
takes this paper and reduces the the number written on it.
You should know that the assembler and the number of
lives, and several other numbers are written on
pieces of paper. And when trying to run is not
assembler that is other data you get hang or reset. Determine
which is pretty trudno.Prosto remember -
Many programs store the assembler and its
data separately.
By all means to keep
3 lives in assembly language, we have this triple
should be written in some sort of memory cell
(Paper).
The changes mainly occur in
registrah.Registry very similar to a variable in BASIC.
Most of all we will refer to
main register (accumulator), he
odnobaytovyy.No, but has access to
actively change the entire memory can
add and subtract, etc.
In order to put 3 in the memory, we
need to pre-load 3 in the register, and then write this
register to memory.
Here is an example of this reasoning:
LD A, 3: LD (# 8000), A
Actually saying what is written, it is
assembler. A special program takes such records in bayty.I we
get the machine code. For simplicity, we call native code -
assembler. This program shows us how
You can use the same team in different ways.
At the beginning of LD indicates that it is necessary
Download 3 in the register A. (battery). A
then we should write register A
a memory location # 8000.
The overall effect - we put 3 in cell
Memory # 8000.
Congratulations! You know one of the many
ways to facilitate the strumming. Finding such
construction LD A, 3, replace with something like this: LD A,
100. Then run and play with 100 lives.
Before we go any further let's
a little bit more sort out the system coding.
Assembler and code, as you probably already
you know things are totally different. Eg LD A, 3 in the code
is: # 3E, # 03. # 3E - a team, and # 03 is already
that we are sending to the register. Man
more understandable assembly, and computer -
code.
Operand is used whenever
when there is ambiguity on what -
something.
If you look in Appendix A of your
SPECCY, you'll see: 3E ld a, n, where
n is the number of the range of 0 - # FF.
Whenever the current location
Processor meets code # 3E, he believes,
that the number following this Code shall
loaded into register A.
In the second statement of our example,
Code - 32, ie: "LD (NN),".
Ambiguity is the address where
we're going to keep register value.
In this case, the operand
accepts (accept) the two bytes
hence the "NN", which again
comes after the opcode. You must
pay attention to it - the address in
memory, and he is described as two
bytes.
In short, the program will last
page is written as ...
$ 3E March 1932 00 80
... which consists of five bytes.
Not all structures require operands.
For example in the design of DEC (decrease
per unit) operand is required. For
reduce the battery should be easy
write: DEC A. Code - # 3D.
Right, time for your first, simple
hacking! From what we discussed
you should get the impression that
If in Game 3 of life, somewhere in the game
have the following structure:
...
$ 3E March 1932
... Unfortunately, we do not know where
memory records the number of lives.
Theoretically, we can find that out of two
bytes following the code # 32 (ld (NN), a).
Let's apply our knowledge
in practice. Reimburse the game "World of Svivo.
She was released on December 6, 1990. I
could take the newer game, but they almost
all reserved and Mir Svivo "easy to
Hacking ...
To stop the program, press BREAK,
when loaded zagruzchik.Posle this,
STOP want to insert before the last
RANDOMIZE USR.I continues to boot up
reported that the implementation
program is interrupted.
Further, when the game is already in memory, we must
STK.No download, you have to be particularly
careful, because in the process of uploading STK
(Approximately 6 Kb) can overwrite important
place to place all programmy.Udobney
STK in the graphics, music and other unimportant
mestah.T.k. there is no quick way to determine where things are
located, then let cleave a little luck. Now look closely at the
loadable blocks and determine where best to download STK.
Bytes: S 4000,1 B00 Bytes: M FB90, 043D
Bytes: P 60E0, 82B0
The first block is a saver. Second music
(Oh, like you had hoped). The third is
igra.Teper itself, we see that we can
arrange STK above (# 60E0 + # 82B0) = # E390.
For convenience, we arrange at STK
# EA60, which in decimal is 60000.
Now at last begin to hacking, I
I mean that in a game you play
5 lives. Press Q to look for sequence simvolov.Na request
addresses from which to begin the search must be answered
# 60E0, because this is the beginning of the game. AND
the following:
$ 3E May 1932
What those bytes mean, you should already have been
understand.
The result of the operation - two addresses: # 905C,
# EEDC.
Address # EEDC does not suit us, because he
lies outside the game - somewhere in STK.
And for us at the address only # 905C.Nazhmite E to edit and #
905C.Vy will see the following bytes:
3E 1A 61 May 1932
This entry is used to record the number 5 in
memory cell # 611A. After # 3E write any number of lives. We
can be written as # FF lives.
Next Exit to BASIC and run the game
from address 24800. And ahead - play with 255
lives easier.
Now you can paste into your boot loader before RANDOMIZE USR,
POKE 36957, n, where "N" - the number of lives.
Any game which has no protection can be
crack in this manner.
Such games are made with 82 - 85 years.
But we did 255 lives. And, in order
that would make an infinite number of lives,
we need to know that:
1.B program somewhere in the number of lives can be written in
the register.
2.B this case (or else)
number of lives decreases.
Our task is to do so, what item 2
not performed.
Let's go back to "the world Svivo. We find
all the places where the program accesses
this address. Search # 1A, 61. Obtain
following addresses:
779B 8160 81A9 905F EEDC
Addresses EEDC and 905F once discarded.
EEDC is out of the game, and we 905F
watched.
Like the last time we press E and enter the
address $ 779A.Vy will see the following:
779A - 3A 1A 61 C3 61 99
If you look in Appendix A, then
find that # 3A is a ld a, (nn) - Loading
the number of memory cells in the register nn A.
After this is C3. On the table shows
it's JP nn. JP nn is the language BASIC
GOTO. After the execution of this operator
program will be sent to the address nn. In
this case, (# C3 # 61 # 99) completely
design can be written as JP # 9961.
Perhaps it was there reduced the number of lives, but unlikely.
End of part one. To be continued.
-+--+--+--+--+--+--+-
Subtotal $ 73 = 400.000 rubles.
It probably will soon become an anachronism :-|
Now, Explain to me - what else
remained at enthusiast Spectrum,
besides its own enthusiasm? About
that there is no 0.5-1.0 million - do not wish this money you
can earn. And for nostalgia - the emulator.
Sorry, Speccy will long live. :)
Would get it as something a friend
from the cabinet and draw it out as a few
watch,:)) but if he has something IsDos
More and messagu someone would write:)
AVT> Guys, IBM-good, but because SPECCY
BETTER!
Sir Clive Sinclair.
Birthday - July 30 (sort of) -
still waiting. And then who are these
costs incurred? It should be a lemon, 2 to
All this is to buy a copy and
sent to England. Unrealistic. Quite real. Hy so forged several.
More than almost anyone money to take no
become.
I've already written how this can be done in
previous message. And if nobody will take, then do not.
AVT> Comrades, announce a general collection. AND
Ukraine, Russia and Belarus ... We told him
such a patched gift! Guys, this is
idea!
And now to voprosy about the krytom with
point zyrkanya every perverted
Computer and so the steepest COMP IS - +-RADIO 86RK - this
RULEZzzz 4EVA nemy can connect to all that
ygodno and how ygodno! A ny-ka shall understand ... About RC-86
has finally arrived a few years do not say anything, potomy
that IT has finally arrived nikomy not nyzhno. Quality programs
at this sux-86 - just shitty. Even the graphics
No! About connecting Hardy ... can not argue, and it is
possible, but no programmatic support it will not survive long,
and not I remember especially that for nemy something nibyd
connect, drive, and he was considered
perverted ... And it's not pystye words, I saw it in! Teer's
look at Sinclair ... Invented in 1982 (!) Gody in
1986 he (more at bygrom) states have rasshirennyyu klaviatypy
drive, 128k memory (Instead of 48) 3 channel myzykalny
generator ... (Which, though on the set as FM synthesis, but
allows you to digitize and 4 bits to reproduce). The only thing
about What can regret that our compatriots as the disk system
SPECCY chosen for TR-DOS, though finally arrived at the
time syschestvovali more prodvinytye
system DOS. Tyt can recognize minys ...
Already in our country SPECCY much has changed, to become
connected nemy Winchester, scanners, mouse, polnotsennyyu
klaviatypy, 256 or more (up to 1MB) of memory, and all this
with a good programmatic support! The same was adjusted and the
inverse communication, ie program were maintained apparatyroy,
for example: the operating system iS-DOS (which, incidentally,
has faylovyyu stryktypy podobnyyu MS-DOS) developed billeting
option HDD controller, iS-DOS klaviatyra. There is also, and CP
/ M Operating System, which really do not find such
popylyarnosti as iS-DOS (perhaps by tomy that kotoryk
programmers wrote ety sistemy did not care about yniversalnosti
and CP / M Speccy different models were incompatible). There
are also yniversalny hard, under any system. Plug and
Hayes Modem'y and with the Speccy can now be
get to Fido, and the Internet through
FTP if you really want, and modems are not
2400, and a 9600 and 14400! y it
most krytoy CPU and ASM like this .!!!!
(CPU-KR580 VM80A) Mdaaa ... IMHO, this is impossible because
Your KR580VM80A is analogue of the Intel 8080 and prtsessor Z-80
(The one that Speccy) - a new, ylychshennoy
model of the Intel 8080! By tomy same VM80A works at 2.5 MHz,
and Z-80A at 3.5 MHz, and SPECCY latest models were developed
by Z-80B (7 MHz) and Z-80H, don `t know how to pasporty but
zapyskayut and 12-14 MHz! A shadow service monitors
coders for RK and IBM is not even dream! And if y RK-86 this
krytoy ACM pyleznoe and hardware, then
So why are it nety no great surprises, but only in a primitive
igryhi text mode ?!?!?! RK nebylo even at
Enlight'96 (and the rest of Enlight'ah
too), and IBM, and if there was, pogramki
presented a pair of coders, and their
demos for IBM did not represent _NICHEGO_
stunning, the IMB kycha these demos. At the same Speccy
gathered encoders throughout Russia, not even from the whole of
the former Union! Their demos were just Otpad! I'm certainly
not arguing for IBM and 256 (Or 16M colors), SOUNDBLASTER and
etc. and who does not hide the fact that IBM is much more
powerful than the Speccy, but iBMovskie demos did not show any
of his new opportunities. At the same ZX, when viewing these
demos not believe that it is possible on Speccy,
that in turn pervyyu says the skill spektrymovskih encoders,
self assembly Z-80 and Speccy in whole.
Other articles:
Similar articles:
В этот день... 21 November