==Phrack Inc.== Volume One, Issue One, Phile 3 of 8 ////////////////////////////////////////////////////////////////////////////// / / / Boot Tracing Made Easy / / Written by / / ________________ / / \Cheap/ \Shades/ / / \___/ \____/ / / 2600 CLUB! / / / ////////////////////////////////////////////////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \ \ \ Be sure to call \ \ \ \ Kleptic Palice......(314)527-5551 \ \ 5 Meg BBS/AE/CF \ \ Metal Shop..........(314)432-0756 \ \ Elite BBS (Home of 2600 CLUB! \ \ and Phrack Inc. ) \ \ \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ About 3 or four years ago, a real good friend of mine was teaching a ML Programming course for the Apple 2 series. I, being a good friend and quite bored, asked him about cracking Apple games. He told me that he had spent the last summer cracking programs. He showed me a method that he came up with entirely on his own, boot tracing. Little did he know that this was already quite popular but he developed his own method for doing it which from reading other files about it, is the simplest I've ever seen. (To give you an idea, I had SN0GGLE (I've never played the game but a friend had it on disk.) completely loaded into memory ready to be dumped in about 12 minutes.) Ok, first of all, ALL programs can be boot traced. The only thing is that some may not be easily converted into files. The only programs that you should try if you aren't real good at ML, are ones that load completely into memory. Also to do this you will need a cassette recorder. (don't worry the program we will save won't take too long to save, and if all goes well it will only be saved loaded once.) I hate learning the theory behind anything so I'm not gonna give any theory behind this. If you want the theory, read some other phile that does this the hard way. First make sure your cassette recoder works by BLOADing some program and typing: CALL -151 AA60.AA73 You'll see something that looks like this: AA60-30 02 xx xx xx xx xx xx AA68-xx xx xx xx xx xx xx xx AA70-xx xx 00 08 or whatever...The 30 02 is the length ($0230 bytes). The 00 08 is the starting address ($0800). Oh well, now you need to try and save the program. Type: 800.A2FW (A2F=$800+$230-1) 1000<800.A2FM 800:00 N 801<800.A2FM 800.A2FR 1000<800.A2FV Once you are sure that the cassette works, (by the way do be stupid and try that on a //c!) we can get to the good stuff... First move the ROM boot-up code into RAM...(all steps will be from the monitor * prompt.) 8600