+-----------------------------------------------------------------------+ | | | -=| Apple IIgs cracks by Brian A. Troha |=- | | | | All the following cracks were done by me and fully tested. | | | | The goals for these cracks are (were): | | | | 1. Don't allow disc based protection to actually read the | | disc. This allows for greater hard disk compatibility. | | 2. Don't allow any signs of keyword based protection. | | 3. Actually work :-) | | | | This information is presented to allow for the preservation of | | Apple IIgs software through back-ups or through emulation. | | | | NOTE: These cracks were designed for copies of ORIGINAL disks, thus | | the Block, Byte, From and To will match up exactly or you have | | a different version of the program. | | | | These edits might not match up with the 2MG images used for | | emulation due to issues like disc modification to allow for | | self booting or the addition / removal of crack screens. | | | +-----------------------------------------------------------------------+ 4th & Inches (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $72 $86 20 B5 EA AD B5 EA $9A $40 20 B5 EA AD B5 EA 4th & Inches Team Construction (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) on the original 4th & Inches game disk Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $168 $80 20 55 EC AD 55 EC $190 $77 20 55 EC AD 55 EC Adventures of Sinbad (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $47A $103 A2 21 80 2C All About America (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $4E9 $17A A2 21 80 2C Aesop's Fables (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $349 $B6 A2 21 80 2C Ancient Land of Ys (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $3BF $64 22 6F 65 00 AF 6F 65 00 <-- Kill call to the check $6C 64 E0 A5 E0 64 E0 E6 E0 <-- One = pass in memory flag $71 F0 03 EA EA <-- Kill branch to "failed" Arkanoid (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $20C $5B 22 73 09 00 AD 73 09 00 <-- Kill call to the check $63 22 A3 09 00 AD A3 09 00 <-- Kill call to the check $253 $9D 22 89 0C 00 AF 89 0C 00 <-- Kill call to the check $A3 2A 2A 85 66 18 EA 64 66 <-- Store a "pass" value $3FD $AF 0C 07 03 09 04 04 04 00 <-- Implant passable results Arkanoid II: Revenge of Doh (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $32A $69 22 73 08 00 AD 73 08 00 <-- Kill call to the check $73 22 A3 08 00 AD A3 08 00 <-- Kill call to the check $A5 22 B6 08 00 AD B6 08 00 <-- Kill call to the check $A9 90 09 80 09 <-- Force branch to "pass" $3DC $92 0C 07 03 09 04 04 04 00 <-- Implant passable results Bard's Tale II (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $42E $2F 22 00 A0 00 AF 00 A0 00 $3E F0 2B 80 2B Battle Chess (Interplay) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $3D8 $FF 20 DE AA 9C 08 B9 <-- Overwrite call to CP routine with store "pass" value Blockout (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $2B8 $1FB 22 DD 5A 00 AF DD 5A 00 Bubble Ghost (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $17C $174 AD 00 00 9C 00 00 <-- Store a "pass" value $177 F0 2E 80 2E <-- Force branch to "pass" $1A2 22 00 00 00 AF 00 00 00 <-- Kill call to the check Calender Crafter (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $602 $113 20 B5 08 AD B5 08 California Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $D2 $92 20 FB 51 AD FB 51 $95 90 03 80 03 Captain Blood (Mindscape) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $AE $87 22 F6 05 06 AF F6 05 06 $C3 22 2D 06 06 AF 2D 06 06 $CF 22 F6 05 06 AF F6 05 06 $D9 22 AD 04 06 AF AD 04 06 $E4 22 F6 05 06 AF F6 05 06 $F0 22 2D 06 06 AF 2D 06 06 $FC 22 F6 05 06 AF F6 05 06 $106 22 AD 04 06 AF AD 04 06 $120 22 E3 00 00 AF E3 00 00 $142 22 4B 03 08 AF 4B 03 08 $160 22 D7 02 08 AF D7 02 08 $189 F0 03 82 5A EA EA 82 5A Chess Master 2100 (The Software Toolworks) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control For version 1.01 on disk one: Block Byte From To ------------------------------------------ $4E5 $2C 22 00 00 00 AF 00 00 00 $61 D0 08 EA EA $C5 22 00 00 00 AF 00 00 00 $118 D0 08 EA EA $185 22 00 00 00 AF 00 00 00 $1D8 D0 08 EA EA For version 1.1 on disk one: Block Byte From To ------------------------------------------ $304 $1EB 22 00 00 00 AF 00 00 00 $305 $20 D0 08 EA EA $84 22 00 00 00 AF 00 00 00 $D7 D0 08 EA EA $144 22 00 00 00 AF 00 00 00 $197 D0 08 EA EA Club Backgammon (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $13 $10E 22 01 3E 00 AF 01 3E 00 Cobra Cavern (BPI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $235 $1DE 22 82 7C 00 AF 82 7C 00 $1E2 C9 0B 00 F0 A9 0B 00 80 $3F3 $1F 22 82 7C 00 AF 82 7C 00 $23 C9 0B 00 F0 A9 0B 00 80 Cribbage / Gin king (The Software Toolworks) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14E $8D 22 BE CF 00 AF BE CF 00 $99 D0 03 EA EA $2A9 $FD 85 CC EA EA $2F5 $1DA 22 BC 8F 00 AF BC 8F 00 Crystal Quest (Cassidy & Greene) Protection: None really, just asks at every boot "Is this a legal copy" Crack: None really, but remove the pop-up question at boot Block Byte From To ------------------------------------------ $30F $146 20 7A 72 AD 7A 72 $149 B0 0A EA 18 Deja-Vu (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA Deja-Vu II (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14 $188 22 00 00 02 AF 00 00 02 $18C CD 20 60 AD 20 60 $18F F0 08 80 08 $35 $8A 22 00 00 02 AF 00 00 02 $8E CD 20 60 AD 20 60 $91 F0 08 80 08 $185 22 00 00 02 AF 00 00 02 $189 CD 20 60 AD 20 60 $18C F0 08 80 08 $36 $00 22 00 00 02 AF 00 00 02 $04 CD 20 60 AD 20 60 $07 F0 08 80 08 $DD 22 00 00 02 AF 00 00 02 $E1 CD 20 60 AD 20 60 $E4 F0 08 80 08 $39 $16B 22 00 00 02 AF 00 00 02 $16F B0 70 EA 18 $171 CD 20 60 AD 20 60 $1F4 D0 6B EA EA Defender of the Crown (Cinemaware Inc.) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $258 $14 20 E3 17 AD E3 17 Deluxe Paint (Electronic Arts) Protection: Check for bad block Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $412 $165 22 00 00 00 AF 00 00 00 $169 A8 F0 02 80 EA EA EA 80 Designer Puzzles (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $2B3 $79 20 EC 0A AD EC 0A $7C 90 05 80 03 $7E 20 D1 09 AD D1 09 $81 B0 07 EA 18 Destroyer (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Control CP flow and skip over nibble counts (there are 10!!) Block Byte From To ------------------------------------------ $3D $5D E2 30 80 38 $97 B0 0C C2 30 $267 $1D1 A2 20 80 32 $268 $05 B0 0C C2 30 $26E $B9 A2 20 80 32 $ED B0 0C C2 30 $272 $131 A2 20 80 32 $165 B0 0C C2 30 $273 $13D A2 20 80 32 $171 B0 0C C2 30 $278 $7C A2 20 80 32 $B0 B0 0C C2 30 $27D $1D3 A2 20 80 32 $27E $07 B0 0C C2 30 $284 $128 A2 20 80 32 $15C B0 0C C2 30 $28A $64 A2 20 80 32 $98 B0 0C C2 30 $295 $119 A2 20 80 32 $14D B0 0C C2 30 Downhill Challenge (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ----------------------------------------- $5C8 $9D 08 60 <-- Overwrite start of CP with RTN $5CC $AA 00 00 40 1E <-- Implant "pass" value Draw Plus v1.0 (Activision) Protection: Check for bad block on block $7 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $516 $34 D0 23 80 21 Fast Break (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $0A $1E0 22 29 50 02 AF 29 50 02 <-- Kill call to the check $1E4 AD 26 00 9C 26 00 <-- Zero = pass in memory flag $1E7 F0 04 80 04 <-- Skip over "failed" Final Assault (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $3BC $D2 22 8B 07 01 AF 8B 07 01 <-- Kill call to the check $447 $1A2 AD 97 00 9C 97 00 <-- Zero = pass in memory flag $1A5 D0 14 80 1A <-- Branch down to "pass" Gauntlet (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $17C $199 22 00 90 00 AF 00 90 00 <-- Kill call to the check $19D C9 02 00 A9 02 00 <-- Load "pass" value $1A0 D0 03 EA EA <-- Fall through to continue code $1A5 D0 FE 80 FB <-- Redirect infinite loop to continue code GBA Championship Basketball (Activision) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ----------------------------------------- $240 $13F 20 9D 30 9C 8C 5E <-- Overwrite call to CP with store "Pass" value Geometry v1.0 (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines On Disk #2 Block Byte From To ----------------------------------------- $408 $8B 22 00 00 00 AF 00 00 00 $93 22 8E 0D 00 AF 8E 0D 00 On Disk #3 Block Byte From To ----------------------------------------- $E7 $1C6 22 00 00 00 AF 00 00 00 $1CE 22 8E 0D 00 AF 8E 0D 00 Gnarly Golf (Britannica) Protection: Read specially formatted block $63F Crack: Force CP routine to jump down to "passed" code Block Byte From To ------------------------------------------ $14F $12A A0 AC 07 4C B5 1F Graphics Studio v1.0 (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Set memory locations to "pass" and skip over copy protection Block Byte From To ------------------------------------------ $31 $14 AD 98 00 9C 98 00 <-- Zero out one memory location $17 D0 03 EA EA <-- Fall through to next opcode $19 82 D3 00 A9 01 00 <-- Overwrite branch with load "A" with a "pass" value $1C A5 F0 85 F0 <-- Store "A" in memory $1E F0 03 EA EA <-- Fall through to "continue" $4C D0 42 80 35 <-- Branch down to pass & exit $98 $1A8 A2 20 80 2C <-- Skip over disc read Graphicwriter (DataPak) Version 1.0R Protection: Check for bad block on blocks $C - $17 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $168 $FB F0 03 4C 80 4F 4C Version 1.1R Protection: Check for bad block on block $634 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $45C $FC F0 03 4C 80 51 4C Version 2.0 Protection: Check for bad block on block $634 Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $471 $79 F0 03 4C 80 50 4C Grand Prix Circuit (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------F E9 B1 04 Hacker II (Activision) Protection: Check for bad block on block $7 Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $3D3 $7D F0 13 EA EA $3D8 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA $451 $7D F0 13 EA EA $456 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA Later version compatible with the GS 03 rom: Block Byte From To ------------------------------------------ $3BC $7D F0 13 EA EA $3C1 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA $454 $7D F0 13 EA EA $459 $3C 22 EA B7 00 AF EA B7 00 $43 D0 06 EA EA Hostage (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & force branch to pass Block Byte From To ------------------------------------------ $1B6 $57 22 41 21 05 AF 41 21 05 <-- Kill call to the check $1ED $16F F0 0C 80 0C <-- Force branch to "passed" Instant Music (Electronic Arts) Protection: Check for bad block Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $111 $5E 22 00 00 00 AF 00 00 00 $62 A8 F0 02 80 EA EA EA 80 Imposible Mission 2 (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine & force code to store a "pass" value in memory Version 1.0 - On Disk #2 Block Byte From To ------------------------------------------ $3A6 $105 70 03 80 0D <-- Redirect branch to force pass value $3AE $3A 22 D8 4A 00 AF D8 4A 00 <-- Kill call to the check Jack Nicklaus' 18 Holes of Major Championship Golf (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $92 $7F F0 04 80 04 <-- Branch over CP routine $1B6 $81 22 BA 03 00 AF BA 03 00 <-- Kill call to the check anyways Jigsaw! (Britannica Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $26 $130 A2 21 80 2C Kinderama (Unicorn Software) Protection: Check for bad block Crack: Never call copy protection routine & branch to pass code On disk one: Block Byte From To ------------------------------------------ $220 $21 22 5B 33 00 AF 5B 33 00 $24 B0 07 80 07 $224 $4A 22 CF 2F 00 AF CF 2F 00 $225 $6C 22 48 38 00 AF 48 38 00 $77 D0 03 80 0D On disk two: Block Byte From To ------------------------------------------ $4E2 $21 22 5B 33 00 AF 5B 33 00 $24 B0 07 80 07 $4E6 $4A 22 CF 2F 00 AF CF 2F 00 $51E $6C 22 48 38 00 AF 48 38 00 $77 D0 03 80 0D King of Chicago (Cinemaware Inc.) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $508 $1DF AD 26 00 9C 26 00 <-- Zero = pass in memory flag $1E2 F0 39 80 39 <-- Skip down to end of CP $573 $10D 0B 6B <-- Overwrite start of CP with RTL $627 $1B4 22 54 01 01 AF 54 01 01 <-- Kill call to the check King's Quest 1 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $A0 $B7 22 00 00 00 AF 00 00 00 King's Quest II (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $25F $17B 22 00 00 00 AF 00 00 00 $267 $166 22 00 00 00 AF 00 00 00 $2ED $BF 22 00 00 00 AF 00 00 00 Leisure Suit larry (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $A5 $159 22 00 00 00 AF 00 00 00 Magical Myths (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $1EE $14D A2 21 80 2C Marble Madness (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Overwrite call to copy protection routine + set carry flag Block Byte From To ------------------------------------------ $381 $F3 20 00 37 EA EA 38 Math Blaster Plus (Davidson) Protection: Check for bad block Crack: Never call copy protection routines & store "pass" value Block Byte From To ------------------------------------------ $9 $1BD 20 6F 02 AD 6F 02 $1C2 9D 34 00 9E 34 00 Math Wizard (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------ $4F8 $0B A2 21 80 2C Mavis Beacon Teaches Typing (Software Toolworks) Protection: Check for bad block on block $63A-$63F Crack: Never call copy protection routine Version 1.2 Block Byte From To ------------------------------------------ $4B9 $197 22 8E 6C 03 AF 8E 6C 03 Version 1.5 Block Byte From To ------------------------------------------ $142 $18F 22 AF Mini-putt (Accoldae) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & branch control Block Byte From To ------------------------------------------ $7 $11B 22 62 03 00 AF 62 03 00 <-- Kill call to the check $11F B0 03 EA 18 <-- Clear carry and continue Optional: $7 $1DA 22 62 03 00 AF 62 03 00 <-- Kill call to the check $11F 90 02 80 C8 EA EA EA 18 <-- Clear carry and continue $3A $1A9 A2 20 80 20 <-- Branch over CP to end $1CD 38 18 <-- Clear carry for "pass" Monte Carlo (BPI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $E4 $58 22 AF $5C C9 0B 00 F0 A9 0B 00 80 Multiscribe IIgs (Styleware) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & set memory flag to "pass" For v3.01c Block Byte From To ------------------------------------------ $538 $DC 22 9E 03 00 AF 9E 03 00 <-- Kill call to the check $E1 90 12 80 26 <-- Reroute branch $109 AD 2A 01 9C 2A 01 <-- Force a store of a "pass" value $10C D0 19 EA EA <-- Allow code to fall through and continue Music Construction Set (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines & branch control Block Byte From To ------------------------------------------ $43E $CA 20 00 BF C5 EA EA EA EA 42 49 20 C2 EA EA EA EA A4 90 18 80 Neuromancer (Interplay) Protection: Key-word / codewheel Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $109 $FE 20 FC 74 AD FC 74 Pipe Dreams (Lucusfilm) Protection: Key-word / codewheel Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $19D $1F6 20 C6 47 AD C6 47 $19E $C5 20 A8 37 AD A8 37 Qix (Taito) Protection: Excessive zero bit detection after D5 CC AA header reads zero bits and stores compared matches. Matches must be less the #$0D Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ------------------------------------------ $4D5 $77 22 73 02 00 AD 73 02 00 <-- Kill call to the check $81 22 A3 02 00 AD A3 02 00 <-- Kill call to the check $AC 22 B6 02 00 AD B6 02 00 <-- Kill call to the check $B0 90 09 80 09 <-- Force branch to "pass" $5B4 $DC 0C 07 03 09 04 04 04 00 <-- Implant passable results Read and Rhyme (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------- $38A $6F A2 21 80 2C Sea Strike (BPI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $58E $0B 22 F1 02 00 AF F1 02 00 $0F C9 0B 00 F0 A9 0B 00 80 Serve & Volley (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $DD $E1 A2 20 A0 01 80 10 A0 01 Shadowgate (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA Shanghia (Activision) Protection: Check for bad block Crack: Never call copy protection routine & set memory flag to "pass" Ver 2 "START" dated 20 Jan 87 Block Byte From To ------------------------------------------ $243 $1E4 A0 00 00 A0 01 00 <-- Load "Y" with a pass value $1E7 22 74 78 00 AF 74 78 00 <-- Kill call to CP routine $1EB 8D 09 5D 8C 09 5D <-- Store "Y" in memory Shanghia [Newer] (Activision) Protection: Check for bad block Crack: Never call copy protection routine & set memory flag to "pass" Ver 3 "START" file dated 15 Sept 87 Block Byte From To ------------------------------------------ $243 $51 A0 00 00 A0 01 00 <-- Load "Y" with a pass value $54 22 7A 78 00 AF 7A 78 00 <-- Kill call to CP routine $58 8D 0F 5D 8C 0F 5D <-- Store "Y" in memory $267 $145 C9 01 00 F0 A9 01 00 80 Showoff (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Allow copy protection routine to store a "pass" value in memory before it actually reads the disk and then force it to return Version 1.0 - On Disk #2 Block Byte From To ----------------------------------------- $17C $70 08 E2 30 A2 60 E2 30 A2 Version 1.1 - On Program disk Block Byte From To ----------------------------------------- $17D $70 08 E2 30 A2 60 E2 30 A2 Silpheed (Sierra) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine, store a pass value & branch control Block Byte From To ------------------------------------------ $1AA $126 22 00 00 00 AF 00 00 00 <-- Kill call to the check $12A AD 00 00 EE 00 00 <-- Store "pass" value $12D D0 03 80 03 <-- Branch down to continue code Skate or Die (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $9 $3D 22 00 10 00 AF 00 10 00 Space Quest v2.2 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $9E $177 22 00 00 00 AF 00 00 00 Space Quest 2 (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $34C $178 22 82 1F 00 AF 82 1F 00 $354 $166 22 3A 1A 13 AF 3A 1A 13 $3AB $93 22 75 16 0D AF 75 16 0D Stikybear GS Talking series (Optimum Resources) Protection: Check for bad block Crack: Never call copy protection routines Talking Alphabet on disk 1 Block Byte From To ------------------------------------------ $F4 $14F 20 B6 18 AD B6 18 Talking Opposites Block Byte From To ------------------------------------------ $EC $15D 20 07 3A AD 07 3A Talking Shapes Block Byte From To ------------------------------------------ $EC $183 20 7A 2E AD 7A 2E Street Sports Soccer (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $24 $00 20 3C 20 AD 3C 20 Superstar Ice Hockey (Accolade) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & branch control Block Byte From To ------------------------------------------ $9 $5F 20 A3 1A AD A3 1A $B $04 D0 13 EA EA $0C D0 0B EA EA $C $11A D5 00 D4 00 $38 $B7 D0 12 80 38 $A6 $B7 D0 12 80 36 Tales from the Arabian Nights (Unicorn Software) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Branch over nibble count Block Byte From To ------------------------------------------- $553 $1BD A2 21 80 2C Test Drive II: The Duel (Accolade) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $169 $19B 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $1F3 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $191 $1D8 22 E3 C4 03 AF E3 C4 03 <-- Kill call to the check $199 $125 F0 16 80 16 <-- Allow any master to read data disk Tetris IIgs (Spectrum Holobyte) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines & set memory flag to "pass" Block Byte From To ----------------------------------------- $2B $51 20 CE 57 AD CE 57 <-- Kill call to the check $54 AD B7 0F 9C B7 0F <-- Zero = pass in memory flag $57 D0 03 EA EA <-- Kill branch to "failed" The Last Ninja (Activision) Protection: Check for bad block on block $63F Crack: Branch past copy protection routine Block Byte From To ------------------------------------------ $CD $16B C2 30 9C EF 80 65 9C EF Thexder [Newer version / Joystick control] (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $7 $5A 22 8D 0A 00 AF 8D 0A 00 Thexder [Original release] (Sierra On-line) Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $55C $55 22 42 0F 00 AF 42 0F 00 Recover the alt version of Thexder called "Othexder" from the original release disk. Use Copy II Plus and "undelete" OTHEXDER (also protected): Protection: Check for bad block on block $634 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $7 $5A 22 62 0F 00 AF 62 0F 00 Three Stooges (Cinemaware) Protection: Check for bad block Crack: Branch past the copy protection Block Byte From To ------------------------------------------ $13 $12F D0 03 80 3B Top Draw v1.01A (Styleware) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Store a "pass" value in memory & fall through to pass code Block Byte From To ------------------------------------------ $393 $E AD C2 42 9C C2 42 <-- Set memory flag to "pass" $11 D0 13 EA EA <-- Fall through to pass code $520 $154 AD C2 42 9C C2 42 <-- Set memory flag to "pass" $157 D0 13 EA EA <-- Fall through to pass code Tower of Myraglen (BPI Software) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $58C $84 22 E1 00 00 AF E1 00 00 $88 C9 0B 00 F0 A9 0B 00 80 TrianGO (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $14 $1D9 22 A5 22 00 AF A5 22 00 <-- Kill call to the check $203 $FE 22 AF A5 00 AF AF A5 00 <-- Kill call to the check $1CE D0 06 80 06 <-- Force branch to "pass" Tunnels of Armageddon (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Allow any answer OR kill entire CP routines Block Byte From To ------------------------------------------ $2B $96 F0 05 A9 00 EA EA EA EA 00 80 03 EA EA EA This allows for the built in cheat answer "kacper" to still work or accept any answer. Completely disable the check and forfeit the cheat ADD: Block Byte From To ------------------------------------------ $39 $FC A2 04 91 A2 04 90 $10C A9 01 00 82 4E 03 $3B $1D0 B7 D4 97 D0 EA EA EA EA 88 88 10 F8 EA EA EA EA A7 D4 87 D0 EA EA EA EA $3C $C1 B0 03 A9 00 EA 18 82 48 00 02 Uninvited (Mindscape) Protection: Check for bad block on block $7 Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $D $55 22 55 E7 00 AF 55 E7 00 $59 CD BB BE AD BB BE $5C F0 08 80 08 $E $153 22 55 E7 00 AF 55 E7 00 $157 CD BB BE AD BB BE $15A F0 08 80 08 $23 $142 22 55 E7 00 AF 55 E7 00 $146 CD BB BE AD BB BE $149 F0 08 80 08 $24 $32 22 55 E7 00 AF 55 E7 00 $36 CD BB BE AD BB BE $39 F0 08 80 08 $AD 22 55 E7 00 AF 55 E7 00 $B1 CD BB BE AD BB BE $B4 F0 08 80 08 $189 22 55 E7 00 AF 55 E7 00 $18D CD BB BE AD BB BE $190 F0 08 80 08 $27 $1EA 22 55 E7 00 AF 55 E7 00 $1EE 90 70 EA 38 $1F0 CD BB BE AD BB BE $1F3 D0 6B EA EA USA Geography v1.0 (MECC) Protection: Check for bad block on block $7 Crack: Never call copy protection routine & force conditional branches Block Byte From To ------------------------------------------ $445 $E2 20 52 0B AD 52 0B $E5 90 05 80 03 $E7 20 5C 0A AD 5C 0A $EA B0 23 18 EA Vegas Craps (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $12B $1C6 22 FE 7F 00 AF FE 7F 00 <-- Kill call to the check $1CA 85 C3 64 C3 <-- Zero = pass in memory flag $1CE D0 03 EA EA <-- Kill branch to "failed" Vegas Gambler (California Dreams / Logical Designs) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routine & set memory flag to "pass" Block Byte From To ------------------------------------------ $24 $1C9 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $1CD 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $1F0 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $25 $6 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $A 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $2D 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $43 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $47 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $6A 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $80 22 A8 76 00 AF A8 76 00 <-- Kill call to the check $84 8D 84 00 9C 84 00 <-- Zero = pass in memory flag $A7 8D 84 00 9C 84 00 <-- Zero = pass in memory flag Where in the USA is Carmen Sandiego? (Broderbund) Protection: Key-word - Manual / Letter check Crack: The program uses token values for each step of the game. Change the token of CP question routine to "Good Job..." thus bypassing the protection all together Block Byte From To ------------------------------------------ $223 $17 A9 96 05 A9 A0 05 Where in the World is Carmen Sandiego? v1.0 (Broderbund) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine On Disk #2 Block Byte From To ------------------------------------------ $69 $20 22 84 04 00 AF 84 04 00 Windwalker (Origin) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines + branch control Block Byte From To ------------------------------------------ $190 $C7 22 84 28 03 AF 84 28 03 $D9 22 B1 25 03 AF B1 25 06 $103 22 12 1E 03 AF 12 1E 03 $114 22 E3 18 03 AF E3 18 03 $11A 22 8F DA 00 AF 8F DA 00 $11E 22 79 26 03 AF 79 26 03 $122 22 79 26 03 AF 79 26 03 $17F F0 02 80 23 EA EA 80 23 Winter Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $61E $65 20 60 00 AD 60 00 <-- Kill call to the check $423 $C4 D0 FC EA EA <-- Kill infinite loop World Games (Epyx) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine + branch control Block Byte From To ------------------------------------------ $7 $65 20 5D 00 AD 5D 00 <-- Kill call to the check $3E $23 D0 FC EA EA <-- Kill infinite loop World Geography (MECC) Protection: Check for bad block Crack: Never call copy protection routine + branch control For v1.0: Block Byte From To ------------------------------------------ $68 $F5 20 3B 0B AD 3B 0B $F8 90 05 80 03 $FA 20 3C 0A AD 3C 0A $FD B0 23 EA 18 For v1.1: Block Byte From To ------------------------------------------ $9 $173 20 3E 0B AD 3E 0B $176 90 05 80 03 $178 20 46 0A AD 46 0A $17B B0 23 EA 18 World Tour Golf (Electronic Arts) Protection: Key-word - Manual / Letter check Crack: Never call copy protection routines Block Byte From To ------------------------------------------ $17D $141 0B 3B 38 E9 6B 3B 38 E9 $188 $74 22 AF Xenocide (Micro Revealtions) Protection: Check for Mac "tag bytes" on block $4E1 and stores the value $1E46 at 02/62DB if it passes Crack: Never call copy protection routines and insert the pass value directly on the disk & prevent memory flag overwrite. The game program file is 128 blocks, dated 23-JUL-89 11:35, 64996 bytes long Block Byte From To ------------------------------------------ $7 $150 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $154 90 0C 80 0A $156 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $15A 90 06 80 04 $15C 22 81 1D 00 22 81 1D 00 <-- Kill call to copy protection $160 80 EE EA 18 $44 $E2 00 00 46 1E <-- Implant "pass" value $E7 A9 00 00 A9 46 1E <-- Don't ZERO out memory flag $45 $0B 22 6F 09 00 AF 6F 09 00 <-- Kill call to copy protection $0F 90 0C 80 0A $11 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $15 90 06 80 04 $17 22 81 1D 00 AF 81 1D 00 <-- Kill call to copy protection $1B 80 EE EA 18 $4B $15F F0 01 60 EA EA EA $62 $172 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $176 90 0C 80 0A $178 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $17C 90 06 80 04 $17E 22 81 1D 00 AF 81 1D 00 <-- Kill call to copy protection $182 80 EE EA 18 $6A $17C D0 27 EA EA $63D $65 8F 06 00 00 AF 06 00 00 <-- Read instead of store memory flag The game program file is 129 blocks, dated 13-APR-89 19:18, 65085 bytes long Block Byte From To ------------------------------------------ $8 $155 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $159 90 0C 80 0A $15B 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $15F 90 06 80 04 $161 22 8B 1D 00 22 8B 1D 00 <-- Kill call to copy protection $165 80 EE EA 18 $44 $FC 00 00 46 1E <-- Implant "pass" value $101 A9 00 00 A9 46 1E <-- Don't ZERO out memory flag $45 $25 22 72 09 00 AF 72 09 00 <-- Kill call to copy protection $29 90 0C 80 0A $2B 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $2F 90 06 80 04 $31 22 8B 1D 00 AF 8B 1D 00 <-- Kill call to copy protection $35 80 EE EA 18 $4B $179 F0 01 60 EA EA EA $5F $18C 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $190 90 0C 80 0A $192 22 04 00 00 AF 04 00 00 <-- Kill call to copy protection $196 90 06 80 04 $198 22 8B 1D 00 AF 8B 1D 00 <-- Kill call to copy protection $19C 80 EE EA 18 $67 $1B4 D0 27 EA EA $634 $9D 8F 06 00 00 AF 06 00 00 <-- Read instead of store memory flag Zany Golf (Electronic Arts) Protection: Nibble count on tracks $20 & $21 (IE: 32 & 33) Crack: Never call copy protection routine Block Byte From To ------------------------------------------ $5D $111 D0 04 80 04 <-- Branch over CP routine $113 22 00 36 00 AF 00 36 00 <-- Kill call to the check +-----------------------------------------------------------+ | | | The following cracks were NOT done or tested by me, but | | are provided as an alternate method for back-ups. | | | | They may leave portions of the CP intact like the actual | | disc read routines and force them to pass at the lowest | | levels or simply ignore the results after the read. | | | +-----------------------------------------------------------+ 816 Paint (Baudville) For v2.0 Block Byte From To ------------------------------------------ $273 $11D 30 03 0E 80 03 0E <-- Remove CP from Paint 320 $2D8 $DF 30 03 0E 80 03 0E <-- Remove CP from Paint 640 For v3.1 Block Byte From To ------------------------------------------ $2A2 $124 30 03 0E 80 03 0E <-- Remove CP from Paint 320 $30A $E6 30 03 0E 80 03 0E <-- Remove CP from Paint 640 California Games (Epyx) Block Byte From To ------------------------------------------ $FC $66 22 93 53 00 AF 93 53 00 $77 90 03 80 03 $88 22 93 53 00 AF 93 53 00 $9C 90 03 80 03 $B9 90 1D 80 18 or $FC $58 E2 30 80 77 $D1 B0 05 E2 30 Deluxe Paint (Electronic Arts) Block Byte From To ------------------------------------------ $291 $1B3 08 C2 30 8B 6B C2 30 8B Dungeon Master (FTL) For version 2.0 Block Byte From To ------------------------------------- $104 $110 18 38 $114 38 18 For version 2.1 Block Byte From To ------------------------------------- $E6 $110 18 38 $114 38 18 Dream Zone (Baudville Inc) Block Byte From To ------------------------------------- $1B7 $A9 22 DB C4 00 AF DB C4 00 $DF 22 DB C4 00 AF DB C4 00 $1BC $F6 22 DB C4 00 AF DB C4 00 $12C 22 DB C4 00 AF DB C4 00 Grand Prix Circuit (Accolade) Block Byte From To ------------------------------------------ $112 $138 EA 30 80 3A Great Western Shootout (Britannica) Block Byte From To ------------------------------------- $159 $128 20 00 BF EA EA EA 80 10 27 EA EA EA $166 $C9 D9 99 $CC D0 08 EA EA or Block Byte From To ------------------------------------- $596 $1B B0 1D EA 18 $2F D0 08 EA EA Keef The Thief Block Byte From To ------------------------------------- $3B8 $167 F0 03 82 80 03 82 $175 D0 0D 22 80 0D 22 King's Quest III (Sierra On-line) Block Byte From To ------------------------------------------ $2D1 $D8 22 00 00 00 AF 00 00 00 $24A $15A AD 00 00 18 6B 00 00 18 Mavis Beacon Teaches Typing (Software Toolworks) Block Byte From To ------------------------------------------ $3E $10C 22 00 00 00 AF 00 00 00 $3E $113 D0 12 80 12 Mean 18 Golf (Accolade) Block Byte From To ------------------------------------------ $29C $174 8D DB 0D AD DB 0D $506 $174 8D 9A 13 AD 9A 13 Mini-putt (Accolade) Block Byte From To ------------------------------------------ $3A $1CF C2 30 18 6B Music Studio v1.0 (Activision) Block Byte From To ------------------------------------- $44D $0D 22 ?? ?? ?? AF ?? ?? ?? $14 F0 03 80 03 $16 82 82 00 EA EA EA Paintworks Plus v1.0 (Activision) Block Byte From To ------------------------------------------ $291 $1D8 22 ?? ?? ?? AF ?? ?? ?? $1CF D0 12 EA EA $1E0 D0 01 EA EA or $2B0 $2B 20 6A 09 AD 6A 09 Sea Strike (BPI Software) Block Byte From To ------------------------------------------ $5B4 $144 C9 00 00 D0 C9 00 00 80 Serve & Volley (Accolade) Block Byte From To ------------------------------------------ $DD $E1 A2 20 A0 01 A9 00 18 60 Shanghai (Activision) Block Byte From To ------------------------------------------ $267 $145 C9 01 00 F0 A9 01 00 80 $27D $168 18 FB C2 30 A9 01 00 6B alt earlier version of Shanghai: Block Byte From To ------------------------------------------ $27D $162 18 FB C2 30 A9 01 00 6B Alt version: Block Byte From To ------------------------------------------ $27C $168 18 FB C2 30 A9 01 00 6B Skate or Die (Electronic Arts) Block Byte From To ------------------------------------------ $7 $4F 22 00 00 00 AF 00 00 00 $F0 22 00 00 00 AF 00 00 00 Slide Show (Broderbund) Block Byte From To ------------------------------------- $2B $1BA A9 60 Top Draw (Styleware) Block Byte From To ------------------------------------- $394 $1E2 D0 1D 80 1A Tower of Myraglen (BPI Software) Block Byte From To ------------------------------------------ $40F $72 22 CB 1B 00 AF CB 1B 00 Where in Time is Carmen Sandiego? (Broderbund) Block Byte From To ------------------------------------- $32B $19C 20 00 96 90 EA EA 18 80