-----------------
Amnesia *CRACKED*
-----------------
Amnesia is an Apple II text adventure written by science fiction author
Thomas M. Disch.  Its copy protection is in the form of a disk check that
upon failure prevents the player from picking up any objects in the game,
including the bedsheet you are required to wear before leaving the hotel
room in which you awaken.  At this point, the player's character becomes
tired, and if you choose to make him sleep, he is subjected to nightmares.

This has bothered me for a long time. ;-)

I have never seen a working copy of this game.  The Computist magazine
softkey (issues 48 and 51) doesn't work and neither does the crack
released by the Digital Gang.

The game is written in an interpreted language and is difficult to
follow.  I spent some time tracing through the code and discovered a way
to "reprotect" the game in the debugger by forcing track 6 disk reads
to fail and allowing track 5 and 5.5 reads to succeed.  Then I compared
the memory dump of a successful disk check with that of an unsuccessful
one.  It turns out that there are two magic variables that must be set
for the game to work properly.  There also appears to be a code checksum
that must be preserved by any modification to the disk check routine.

Here's some of the relevant code in RAM:

   ; original code (called within a loop)
   ; ...
   384e: 20 ff 37   jsr $37ff   ;read sector address field.
   3851: b0 03      bcs $3856   ;branch on failure
   3853: 20 04 37   jsr $3704   ;read expected sector data. carry set on fail.
   3856: a9 00      lda #$00
   3858: 6d e2 39   adc $39e2   ;inc magic counter 1 if carry is set
   385b: 8d e2 39   sta $39e2   ;update counter
   385e: ad e0 c0   lda $c0e0   ;reposition read/write head
   3861: ad e2 c0   lda $c0e2
   3864: ad e4 c0   lda $c0e4
   3867: ad e6 c0   lda $c0e6
   386a: 60         rts

Here's a way to patch it:

   ; patched code. sets two important disk check result counters.
   ; ...
   3851: ad 00 18   lda $1800   ;dummy operation preserves checksum
   3854: a9 02      lda #$02
   3856: 8d 4d 38   sta $384d   ;set counter 2 to expected value
   3859: a9 14      lda #$14
   385b: 8d e2 39   sta $39e2   ;set counter 1 to expected value
   ; ...

And here's how to crack your own copy of Amnesia.  I used the DSK images
from the TOSEC collection and tested under Applewin, Virtual ][, and on
a real Apple II+ with 64k.

     Side: 1
    Track: $09
   Sector: $03
     Byte: $A5
      Old: b0 03 20 04 37 a9 00 6d e2 39
      New: ad 00 18 a9 02 8d 4d 38 a9 14

   Original disk image MD5: 1631bd90a6fc197ce62bdd9e30d6dd40
    Patched disk image MD5: b3711fc81078b3846107536a4b3fe829

Greets to Apple II fans everywhere.  Have phun!
