------------Bible Discovery------------
A 4am crack                  2017-09-03
---------------------------------------

Name: Bible Discovery
Genre: educational
Year: 1986
Publisher: Santa Barbara Softworks
Platform: Apple ][+ or later (64K)
Media: double-sided 5.25-inch floppy
OS: Apple Pascal
Previous cracks: none

                   ~

Only side A is bootable. Both sides are
copyable with COPYA, but the copy hangs
on boot. After some experimentation, I
realized that the original disk was
shipped write-protected (no physical
notch on either side), so I tried write
protecting my copy. Lo! Suddenly it
works.

Digging into my well worn copy of
"Beneath Apple DOS," I find the code to
detect if a disk is write-protected on
page 6-3.

                 --v--

SENSE WRITE PROTECT

    LDA $C08D,X
    LDA $C08E,X    Sense write protect.
    BMI ERROR      If high bit set,
                   protected.

                 --^--

OK then. Turning to my trusty Disk
Fixer sector editor, I search for the
sequence "BD 8D C0" (LDA $C08D,X). Lo!
One match, on track 0, sector 1.

                 --v--

T00,S01
----------- DISASSEMBLY MODE ----------
0092:BD 8D C0       LDA   $C08D,X
0095:BD 8E C0       LDA   $C08E,X
0098:30 7C          BMI   $0116
009A:AD 00 03       LDA   $0300
009D:85 CF          STA   $CF
009F:A9 FF          LDA   #$FF
00A1:9D 8F C0       STA   $C08F,X
00A4:1D 8C C0       ORA   $C08C,X
00A7:48             PHA
00A8:68             PLA
00A9:EA             NOP

                 --^--

At offset $92, we're checking if the
disk is write protected. At offset $98,
we're branching if it is.

Perhaps I can also branch if it isn't?
i.e. Fake out the calling code to
believe that the disk is always write-
protected. I mean, the original disk
was always write-protected, so what's
the harm?

T00,S01,$9A: AD00 -> 107A

Now the disassembly looks like this:

                 --v--

----------- DISASSEMBLY MODE ----------
0092:BD 8D C0       LDA   $C08D,X
0095:BD 8E C0       LDA   $C08E,X
0098:30 7C          BMI   $0116
009A:10 7A          BPL   $0116
009C:03             @@@

                 --^--

Branch if it's write protected, branch
if it isn't.

]PR#6
...works...

Quod erat liberandum.

---------------------------------------
A 4am crack                    No. 1397
------------------EOF------------------
