2

MESSAGE #2: MACCRACK1
(SPACEBAR QUITS MESSAGE)
 
                      The Byte's Mac-Cracking #1

(1-16, LAST=2,E,P,Q,T) READ MSG.#

MESSAGE #3: MACCRACK2
(SPACEBAR QUITS MESSAGE)

                      The Byte's Mac-Cracking #2

(1-16, LAST=3,E,P,Q,T) READ MSG.#

MESSAGE #4: MACCRACK3
(SPACEBAR QUITS MESSAGE)
                 The Byte's Mac-Crack #3 -- Cracking Filevision
 
                                    8/3
1/84
 
                            FORMATTED F
OR 80 COLUMNS
 

 
 
CRACKING FILEVISION ----
 
TOOLS THAT I USED:
 -MIDIBUG (DEBUGGER/ASSEMBLER, ON MACST
UFF 3)
 -KNOWLEDGE OF 68000 ASSEMBLY
 -DIALOG EDITOR
 -BLOCK EDITOR 2.1
 -SETFILE
 -THE PROGRAMMER'S SWITCH INSTALLED
 
 
     THE FOLLOWING IS A COMPLETE DESCRI
PTION OF HOW I UNCOVERED FILEVISION'S
PROTECTION SCHEME AND SUBSEQUENTLY CIRC
UMVENTED IT.  FIRST I WILL DESCRIBE THE
LOGICAL STEPS I USED TO CRACK IT, AND T
HEN I WILL LIST THE FEW STEPS TO ACTUALL
Y
CRACK AN ORIGINAL.
 
     THE FIRST STEP IN CRACKING FILEVIS
ION IS TO COPY THE ORIGINAL WITH
DISKUTIL.  THIS IS THE COPY THAT WE WIL
L BE FOOLING WITH.  IF YOU TRY TO RUN TH
E
FILEVISION PROGRAM ON THE DISK, HALFWAY
 THROUGH THE BOOT IT WILL SPIT OUT THE
DISK AND PUT UP A DIALOG BOX SAYING SOM
ETHING LIKE "PLEASE INSERT YOUR
FILEVISION MASTER".  OUR OBJECT IS TO D
ISABLE THE CODE WHICH CHECKS FOR
SOMETHING ONLY ON THE ORIGINAL (OF WHIC
H I KNOW NOT).
 
     ONE PIECE OF INFO THAT WE CAN FIND
 OUT EASILY IS THE ID # OF THAT DIALOG
BOX.  THIS IS DONE BY RUNNING DIALOG/AL
ERT EDITOR AND SUPPLING "FILEVISION" WHE
N
IT ASKS FOR A NAME.  THEN KEEP ON HITTI
NG COMMAND-L UNTIL THE DIALOG BOX WHICH
ASKS FOR THE MASTER APPEARS.  NOW "GET 
INFO ON DIALOG" (IN ONE OF THE MENUS) AN
D
IT SHOULD TELL YOU THE ID #.  IT SHOULD
 BE 273 ($111).  IN ORDER TO DISPLAY THE
DIALOG BOX, FILEVISION HAS TO PASS THAT
 # ALONG TO ONE OF THE TOOLBOX ROUTINES
IN ROM.  SO BY SEARCHING FOR $111 WE CA
N FIND THE APPROXIMATE AREA OF THE
PROTECTION CODE.
 
     IN ORDER TO SEARCH MEMORY WHILE RU
NNING FILEVISION, YOU MUST USE MIDIBUG.
TO USE MIDIBUG, YOU MUST FIRST PUT IN O
NTO THE FILEVISION DISK.  (IF THERE'S NO
T
ENOUGH ROOM, YOU CAN DELETE THE HELP FI
LE OR A DEMO FILE).  IN ORDER FOR MIDIBU
G
TO INSTALL ITSELF (ON BOOTUP) IT MUST E
ITHER BE CALLED "MACSBUG" OR THE DEFAULT
DEBUGGER FILENAME MUST BE CHANGED TO "M
IDIBUG" (WITH BOOTCONFIG).  WHEN THIS
DISK IS BOOTED, MIDIBUG WILL INSTALL IT
SELF (THE WELCOME TO MACINTOSH WILL SAY
"MACSBUGS INSTALLED.")  NOW WHEN YOU PR
ESS THE INTERRUPT BUTTON (ON THE
PROGRAMMERS SWITCH), YOU WILL IMMEDIATE
LY BE PLACED IN THE DEBUGGER (SORT OF
LIKE THE OLD MONITOR ROM OF A ][).
     NOW WE START UP FILEVISION BY DOUB
LE-CLICKING ON ITS ICON.  IT WILL SOON
GIVE YOU THE "INSERT MASTER" DIALOG BOX
.  NOW PRESS THE INTERRUPT SWITCH AND
SHOULD BE IN THE DEBUGGER.  TO SEARCH F
OR $111, ENTER SOMETHING LIKE "F 00000
20000 0111 FFFF".  THAT SHOULD SEARCH A
LL RAM (0-1FFFF) FOR $111 (THE FFFF IS A
MASK).  HIT RETURN EACH TIME IT GIVES Y
OU AN ADDRESS, DOING THIS BRINGS UP THE
NEXT LOCATION OF THE SEARCH BYTES.  THE
RE SHOULD ONLY BE ABOUT 5 LOCATIONS WITH
$111 WHICH WE CARE ABOUT.  USING THE "I
L" COMMAND, WE CAN DISASSEMBLE EACH AREA
OF MEMORY TO SEE IF IT CONTAINS VALID C
ODE.  IF YOU KNOW 68000, YOU SHOULD
QUICKLY REALIZE THAT THE ONLY MEANINGFU
L ADDRESS WITH $111 IS SOMEWHERE AROUND
$06E00-$07000.  (THE DISASSEMBLED LINE 
WITH THE $111 IN IT HAS THE 6502
EQUIVALENT OF LDA #$111).
     MOST PROTECTION SCHEMES ARE BASED 
ON CHECKING FOR THE ORIGINAL AND THEN
BRANCHING SOMEWHERE IF THE ORIGINAL COU
LDN'T BE FOUND.  THIS MEANS THAT THERE
HAS TO BE A KEY CONDITIONAL BRANCH SOME
WHERE.  IF THIS CONDITIONAL BRANCH CAN B
E
DISABLED SO AS NOT TO BE CONDITIONAL (A
LWAYS BRANCH THE "GOOD" WAY), THEN THE
PROGRAM IS CRACKED.  TO LOOK FOR THIS K
EY BRANCH (THERE COULD BE SEVERAL
POSSIBLITIES) I SEARCHED IN THE AREA OF
 $06F00 FOR CONDITIONAL BRANCHES.  ONCE 
I
THINK I HAVE FOUND THE RIGHT CONDITIONA
L BRANCH, I DISABLE IT BY PUTTING IN
NOP'S (#$4E71), AND THEN CONTINUING WIT
H THE APPLICATION BY TYPING "G".  I THEN
RE-INSERT THE COPY OF FILEVISION, AND I
F IT SPITS IT OUT AGAIN, I KNOW I DIDN'T
DO IT RIGHT.  AT THAT POINT I EITHER RE
BOOT AND TRY AGAIN OR HIT INTERRUPT AND
TRY AGAIN (DEPENDING ON HOW MUCH I TRAS
HED MEMORY).  AFTER QUITE A FEW TRIALS &
ERRORS, I FOUND A NOTABLE BRANCH AT $06
F68.  AFTER NOPING IT, CONTINUING WITH
"G", AND RE-INSERTING THE FILEVISION DI
SK, IT THEN GOT PAST THE DIALOG BOX.  UP
CAME THE TITLE PAGE (BOY DID THAT FEEL 
GOOD!), BUT THEN IT CRASHED WITH SYSTEM
ERROR 15 (SEGMENT LOADER ERROR).  I FIG
URED THAT MIDIBUG MUST BE TAKING UP SOME
MEMORY WHICH FILEVISION WANTED.  THE ON
LY PROBLEM: HOW COULD I CHANGE MEMORY
WITHOUT MIDIBUG INSTALLED?  I COULDN'T.
  SO I CHOSE THE ONLY WAY AROUND: I FOUN
D
THE CORRESPONDING BYTES ON THE DISK (WI
TH BLOCKEDITOR 2.1'S SEARCH FEATURE) AND
WROTE BACK THE BLOCK WITH THE NOPS IN I
T.
     NOW AFTER BOOTING THE DISK AND REN
AMING MIDIBUG (SO IT WOULDN'T INSTALL ON
THE BOOT) AND THEN REBOOTING, FILEVISIO
N RAN WITH NO PROBLEM.
     THE LAST THING I ALWAYS DO TO ANY 
CRACKED PROGRAM IS TO COPY IT (BY FILES)
ONTO A BLANK DISK AND CHECK IT OUT THER
E.  BUT WHEN I TRIED TO COPY THE CRACKED
FILEVISION FILE, THE FINDER KEPT TELLIN
G ME THAT THE "DISKCOPY DIDN'T WORK".
SHIT!  THEN I REMEMBERED THAT THE BUNDL
E BIT HAD SOMETHING TO DO WITH RESOURCES
BEING COPIED WITH A FILE AND SO I RESET
 THE BUNDLE BIT (WITH SETFILE) AND THE
FILE COPIED FINE.  BUT DID THAT CHANGE 
ANYTHING?  I CERTAINLY HOPE NOT, BUT SO
FAR IT HAS WORKED PERFECTLY.
 
     IN CASE YOU DIDN'T REALLY CARE HOW
 I CRACKED IT, BUT JUST WANT TO KNOW
EXACTLY WHAT TO DO TO YOUR ORIGINAL, HE
RE ARE THE NECESSARY STEPS:
 
1. COPY WITH DISKUTIL
2. SEARCH FOR BYTES 67 00 FE C6  (SHOUL
D BE ON BLOCK 227, BYTE 118)
3. CHANGE TO        4E 71 4E 71  (WRITE
 BACK THE BLOCK)
4. (OPTIONAL) RESET THE BUNDLE BIT IF T
HE FILE WON'T COPY WITH THE FINDER
5. THAT'S IT!
 
ONE QUESTION REMAINS:  WHAT DID FILEVIS
ION CHECK FOR IN THE FIRST PLACE?
 
         THE BYTE

(1-16, LAST=4,E,P,Q,T) READ MSG.#

MESSAGE #5: MACCRACK4
(SPACEBAR QUITS MESSAGE)
         The Byte's Mac-Crack #4 -- Cracking Mouse Stampede & Pensate
 
                                    9/2
/84
 
                           FORMATTED FO
R 80 COLUMNS
 

 
 
PART 1 --- MOUSE STAMPEDE
 
     CRACKING MOUSE STAMPEDE IS SIMILAR
 TO CRACKING FILEVISION, AS DESCRIBED IN
MY MAC-CRACK #3.  I WILL ASSUME THAT YO
U HAVE READ MAC-CRACK #3, AND ARE
FAMILIAR WITH THE USAGE OF MIDIBUG IN C
RACKING.
 
     BLOCKSMITH CAN COPY ALL OF MOUSE S
TAMPEDE'S BLOCKS EXCEPT $146, ON WHICH
IT GETS AN ERROR.  WHEN MOUSE STAMPEDE 
CAN'T FIND THAT 'ZAPP)KD' BLOCK ON THE
COPY, IT IMMEDIATLY BEEPS, EJECTS, AND 
RESTARTS (RESETS).  THAT WAS MOUSE
STAMPEDE'S BIG MISTAKE (FROM THEIR POIN
T OF VIEW).  FOR US, IT'S GREAT.  BOTH
EJECTING AND BEEPING ARE COMPLETED BY T
OOLBOX OR OS (OPERATING SYSTEM) TRAPS.
A TOOLBOX/OS 'TRAP' IS A ONE-WORD (TWO-
BYTE) INSTRUCTION THAT CAUSES A
CORRESPONDING ROUTINE IN ROM TO EXECUTE
.  TRAPS (ALSO CALLED A-TRAPS) ALWAYS
START WITH THE HEX DIGIT $A.  THE TRAP 
FOR EJECT IS $A017; THE TRAP FOR BEEP IS
$A9C8.  WITH MIDIBUG INSTALLED ON THE D
ISK, I BOOTED MOUSE STAMPEDE AND HIT
INTERRUPT JUST BEFORE IT REBOOTED.  I T
HEN SEARCHED FOR THE BEEPTRAP IN MEMORY
AND THEN DISASSEMBLED THAT AREA.  THE B
EEPTRAP WAS PART OF A SMALL SUBROUTINE
WHICH MUST HAVE BEEN CALLED BY THE ROUT
INE WHICH DOES THE BEEPING AND EJECTING.
SO I REBOOTED AND ONCE MIDIBUG LOADED, 
I HIT INTERRUPT AND TOLD MIDIBUG TO GO
TILL (GT) THE ADDRESS OF THE BEEP SUBRO
UTINE.  ONCE THE MAC GOT TO THE
SUBROUTINE, IT OBEDIENTLY JUMPED BACK I
NTO MIDIBUG.  THEN I TRACED FROM THAT
POINT BY HITTING "T" (ONE INSTRUCTION A
T A TIME).  AFTER "T" HAS BEEN HIT ONCE,
ALL YOU HAVE TO DO IS HIT RETURN TO CON
TINUE TO THE NEXT INSTRUCTION.  AFTER A
FEW RETURNS (THE KEY, NOT THE INSTRUCTI
ON), THE BEEP ROUTINE EXITED WITH AN
INDIRECT JUMP TO (A0) THAT LANDED THE P
C (PROGRAM COUNTER) SOMEWHERE NEAR
$9952.  WHEN I DISASSEMBLED THE MEMORY 
NEAR THAT ADDRESS, I FOUND A VERY
SUSPICIOUS CONDITIONAL BRANCH WHICH EIT
HER BRANCHED TO A WHOLE BUNCH OF JSR'S
(THE GOOD BRANCH) OR FELL THROUGH TO A 
JSR TO THE BEEP SUBROUTINE AND THEN A
BRA (BRANCH ALWAYS) TO SOMEWHERE.  OBVI
OUSLY WE SHOULDN'T ALLOW THE PROGRAM TO
FALL THROUGH, SO I DISABLED THE JSR AND
 BRA BY PUTTING NOP'S ($4E71) IN PLACE
OF THEM.  THEN I TESTED MY WORK BY HITT
ING "G" (CONTINUE FROM WHERE
INTERRUPTED), AND POOF! UP CAME THE MOU
SE STAMPEDE TITLE PAGE, AND I PLAYED A
SHORT BUT ENJOYABLE GAME.
     I THEN KNEW HOW TO CRACK MOUSE STA
MPEDE IN MEMORY, BUT OF COURSE TO MAKE
IT PERMANENT REQUIRED CHANGING IT ON TH
E DISK.... SO I THEN HIT RESET TO
REBOOT, AND HIT INTERRUPT AT THE SAME P
LACE AS BEFORE (BEFORE IT BEEPS/EJECTS).
THIS TIME I WROTE DOWN THE EXACT BYTES 
AT THE LOCATION WHICH I NOP'ED BEFORE.
THEN I BOOTED UP MY TRUSTY BLOCK EDITOR
 2.1 AND TOLD IT TO SEARCH THE DISK FOR
THE BYTES THAT I WROTE DOWN.  ONCE IT F
OUND THE BYTES, I CHANGED THEM TO
$4E71'S AND WROTE THE BLOCK BACK.  ALL 
DONE.  (NOT TOO HARD, HUH?)
 
OK, HERE'S THE QUICK & DIRTY VERSION YO
U'VE BEEN WAITING FOR:
 
1. COPY MOUSE STAMPEDE WITH BLOCKSMITH.
2. SEARCH FOR 3F3C 0006 4EBA 03EC 6000 
0096 ON THE DISK (SHOULD BE ON BLOCK 321
SOMEWHERE).
3. CHANGE TO  4E71 4E71 4E71 4E71 4E71 
4E71 AND WRITE BACK THE BLOCK.
4. KILL THOSE MICE!
 
 
PART 2 --- PENSATE
 
     A BLOCKSMITH COPY OF PENSATE WILL 
BOOT UP AND DISPLAY THE TITLE PAGE
(WHICH HAS PRESTON PENGUIN FLASHING IN 
THE CORNER) AND PLAY A CUTE SONG.  BUT
AS SOON AS THE SONG ENDS (OR YOU HIT TH
E MOUSE), IT DRAWS THE GAME BOARD, AND
THEN QUITS TO THE FINDER.
     WHAT I HAD TO DO WAS SORT OUT WHEN
 AND WHERE IT HAD FOUND OUT THAT THIS
WAS NOT THE ORIGINAL DISK.  SINCE IT MU
ST DRAW THE GAME BOARD IF RUNNING ON THE
ORIGINAL, I DECIDED TO TRACE THE PROGRA
M AFTER IT DREW THE GAME BOARD.  SO I
INSTALLED MIDIBUG ON THE DISK, AND HIT 
INTERRUPT JUST AFTER I HIT THE MOUSE
BUTTON WHICH BRINGS UP THE GAME BOARD.
     TO MAKE A LONG STORY SHORT, AFTER 
QUITE A WHILE OF SEARCHING THROUGH CODE
AND FOLLOWING UP FALSE LEADS IN ROM AND
 OTHER NASTY THINGS, I FINALLY CHANGED
SOMETHING TO GET PENSATE TO WORK.  BUT 
I HAD FORGOTTEN TO WRITE DOWN EXACTLY
WHAT I DID!  SO AFTER RE-TRACING AND RE
-THINKING MY STEPS, I FINALLY DISCOVERED
WHAT I HAD DISCOVERED BEFORE.  PENSATE 
WAS READING THE DISK FOR SOMETHING, AND
THEN SETTING A LOCATION IN MEMORY ACCOR
DINGLY.  I THEN CHANGED THE ROUTINE
WHICH WAS "DOING IT ACCORDINGLY" SO THA
T IT "DID IT OBLIVIOUSLY" (I.E. SO IT
DID THE SAME WHETHER OR NOT IS WAS AN O
RIGINAL).  THIS INVOLVED TAKING OUT AN
IMMEDIATE (#$0001) MOVE TO AN INDIRECT 
(A5) OFFSET BY A CONSTANT ($DD00).
(THAT LAST SENTENCE IS FOR YOU 68000 JO
CKS.  ACTUALLY IT WAS JUST TO IMPRESS
THOSE OF YOU WHO DON'T KNOW 68000, BECA
USE IT DOESN'T REALLY MAKE SENSE.)
 
PENSATE QUICK & DIRTY:
 
1. SEARCH FOR 1B7C 0001 DD00 ON THE DIS
K (SHOULD BE ON BLOCK #75)
2. CHANGE TO  4E71 4E71 4E71 AND WRITE 
IT BACK
3. HAVE FUN WITH PENSATE
 
(1-16, LAST=5,E,P,Q,T) READ MSG.#

MESSAGE #6: CRACK VIDEX CHECKERS
(SPACEBAR QUITS MESSAGE)

MSG LEFT BY: RESET VECTOR
DATE POSTED: THU OCT 11  8:47:56 PM

HERE IS HOW TO CRACK THE NEW VIDEX RELE
ASE, MACCHECKERS AND REVERSI.  THIS IS
MY FIRST MACCRACK, AND I DISCOVERED SOM
E USEFUL THINGS IN THE PROCESS, SO HERE
IS THE WHOLE THING.
FIRST OF ALL, THE PROGRAMS THAT HAVE BE
EN HARDEST TO CRACK APPEAR TO BE THOSE
THAT QUIT TO THE FINDER AS OPPOSED TO T
HOSE THAT PUT UP A DIALOG BOX OR USE
THE BEEP OR EJECT TRAP OR SUCH.  IT IS 
DIFFICULT TO DISCOVER WHEN THE PROGRAM
IS DOING THE ACTUAL DISK CHECK.  THE ST
ANDARD WAY TO CRACK SOMETHING HAS BEEN
TO PUT MIDIBUG ON A BLOCKSMITH COPY OF 
THE DISK YOU ARE TRYING TO CRACK AND
THEN BOOT IT UP, INTERRUPT, AND TRACE T
HE PROGRAM; HOWEVER, IF YOU DON'T KNOW
WHEN THE DISK IS BEING CHECKED THEN IT 
IS HARD TO KNOW WHEN TO INTERRUPT, AND
YOU CAN END UP TRACING FOR EVER AND EVE
R.  WELL, IF YOU HAVE 2 DRIVES, THERE
IS AN EASIER WAY.  JUST BOOT A DISK IN 
DRIVE 1 WITH MIDIBUG, THEN PUT THE
BLOCKSMITH COPY OF THE DISK YOU ARE CRA
CKING IN DRIVE 2, THEN CLICK ON THE
PROGRAM ICON IN DRIVE 2 TO START IT RUN
NING.  IF YOU DO THIS WITH MACCHECKERS
THEN YOU WILL SEE THAT AFTER YOU CHOSE 
THE GAME YOU WANT FROM THE INITIAL
TITLE SCREEN, THE PROGRAM WILL ACCESS B
OTH DRIVES, PUT THE GRAPHICS SCREEN
UP WHILE IT IS ACCESSING DRIVE ONE, AND
 THEN TURN ON DRIVE 2 TO DO THE ACTUAL
DISK CHECK.  IF YOU LISTEN TO YOUR DRIV
ES IT WILL BE EASY FOR YOU TO TELL
WHEN THE PROGRAM IS TURNING ON DRIVE 2 
TO GO AND CHECK THE DISK BEFORE IT
DECIDES WHETHER IT WILL RUN THE PROGRAM
 OR NOT.  AS SOON AS IT TURNS ON DRIVE
2, THEN JUST HIT THE INTERRUPT SWITCH.
A SECOND IMPORTANT THING HERE IS THAT E
VEN THOUGH YOU HAVE HIT THE INTERRUPT
DURING, OR MAYBE JUST BEFORE, THE DISK 
CHECK, YOU WILL FIND THAT YOU ARE
EXECUTING A ROM ROUTINE.  IF YOU HIT "T
" AND TRACE, YOU WILL EVENTUALLY GET
TO A POINT IN MEMORY DOWN AROUND $8000,
 BUT IF YOU CONTINUE TO TRACE YOU WILL
BE TAKEN THROUGH A LONG SERIES (ABOUT 1
5 OR SO) OF EITHER JSR'S OR JMP'S OR
RTS'S.  UNLESS YOU ARE A 68000 GENIUS (
WHICH I AM CERTAINLY NOT!), THEN YOU
WILL NEVER BE ABLE TO FIGURE OUT WHERE 
THE ACTUAL DISK CHECKING CODE IN THIS
WHOLE MESS IS, OR WHAT TO DO WITH IT WH
EN YOU GET IT.  HOWEVER, THERE IS AN
EASIER WAY.  THE TRICK IS TO FIRST TRAC
E THE ORIGINAL DISK, WRITING DOWN
THE SEQUENCE OF HOPS AROUND IN MEMORY. 
 FOR EXAMPLE, 86FA GOES TO 8104 VIA
AN RTS, 8112 GOES TO 5E26 VIA A JSR, ET
C.  NOW DO THE EXACT SAME THING WITH
YOUR BLOCKSMITH COPY.  LO AND BEHOLD, Y
OU WILL DISCOVER AT $8106 A BEQ
STATEMENT THAT IS TAKEN BY THE ORIGINAL
 BUT NOT BY THE COPY.  THE COPY FALLS
THROUGH THIS STATEMENT AND THEN GOES ON
 TO OTHER THINGS.  SO ALL WE HAVE TO
DO IS MAKE THIS CONDITIONAL BRANCH INTO
 AN UNCONDITIONAL BRANCH, WHICH IS
DONE BY CHANGING THE 67 AT $8106 INTO A
 60.  IF YOU DO THIS IN MEMORY, THE
BLOCKSMITH COPY WILL THEN SUDDENLY COME
 UP AND RUN!  NOW JUST USE BLOCK EDIT
TO SEARCH THE DISK FOR THE BYTE SEQUENC
E STARTING AT $8106, WHICH TURNS OUT
TO BE 67 08 48 7A 01 52 4E BA.  YOU WIL
L FIND THIS SEQUENCE TWICE ON THE DISK,
ONCE FOR EACH PROGRAM (CHECKERS AND REV
ERSI).  THE FINAL CRACK, THEN IS:
COPY DISK WITH BLOCKSMITH
EDIT BLOCK 393, BYTE 155 FROM 67 TO 60
EDIT BLOCK 450, BYTE 137 FROM 67 TO 60
IF YOU WANT, MAKE THE FILES VISIBLE AND
 UNPROTECTED USING MACTOOLS.
COURTESY OF ->RESET VECTOR!

(1-16, LAST=6,E,P,Q,T) READ MSG.#

MESSAGE #7: CRACKING MACSLOTS
(SPACEBAR QUITS MESSAGE)
About Slots/Keno
or
HOW TO CRACK IN LESS THAN 10 MINUTES


GREETINGS! THE GAME SLOTS/KENO IS INCLU
DED ON THIS DISK. IT IS ALREADY CRACKED,
AND COMPLETELY COPIABLE. I WILL NOW GO 
ABOUT TELLING YOU HOW IT WAS PROTECTED,
AND HOW TO CRACK IT. SORRY, BUT I'M NOT
 GOING TO TELL YOU HOW I PUT MY NAME IN
THERE. THAT IS LEFT AS AN EXERCISE. (I'
M GIVING YOU ALL THE PROGRAMS AND
INFORMATION THAT YOU NEED ON THIS DISK.
 TRY TO CHANGE IT, BUT GIVE CREDIT WHERE
IT IS DUE AND LEAVE MY NAME IN! THANK Y
OU.)

STEP 1: THE PROTECTION SCHEME. WELL, IT
 LOOKS LIKE THEY COPPED OUT ON THIS ONE.
THEY DID TWO THINGS. FIRST, THEY ELIMIN
ATED THE FINDER AND CALLED THEIR GAME
'FINDER'. THAT MAKES IT AUTO-RUN. YES, 
YOU CAN DO THAT WITH ANY APPLICATION, YO
U
JUST CAN'T DELETE THE FINDER FROM THE C
URRENT STARTUP DISK. SECONDLY, THEY
TURNED COPY PROTECT ON USING APPLE'S EX
AMINE FILE PROGRAM. THAT SETS A BIT THAT
THE FINDER LOOKS AT BEFORE IT WILL MOVE
, RENAME, OR COPY A FILE. IF IT IS SET,
THE FINDER SAYS "NO WAY." AND SO, PROTE
CTION. (YAWN....)

STEP 2: BACKGROUND DATA. ANY FILE ON TH
E MAC, WHETHER DOCUMENT OR APPLICATION
HAS TWO PARTS CALLED FORKS. THE FIRST F
ORK IS CALLED THE DATA FORK. IN A
MACWRITE DOCUMENT, THE DATA FORK HOLDS 
THE TEXT. THE SECOND FORK IS CALLED THE
RESOURCE FORK. IT CONTAINS THINGS LIKE 
CODE SEGMENTS, ICONS, ALERT BOXES, ETC.
BASICALLY, THE RESOURCE FORK IN AN APPL
ICATION IS EVERYTHING THAT MAKES UP THE
APPLICATION. THE APPLICATIONS'S PIECES 
ARE BROKEN DOWN INTO TINY BITS LIKE THAT
SO THAT THINGS LIKE STRINGS CAN BE REPL
ACED IN A FORIEGN LANGUAGE EASILY.

YOU SHOULD ALL BE FAMILIAR WITH RESOURC
E MOVER (SOMETIMES CALLED RMOVER) ON THE
MAC MASTER DISK. IT CAN EXAMINE, MOVE, 
COPY, AND DELETE RESOURCES FROM A FILE'S
RESOURCE FORK. (STARTING TO GET THE IDE
A?) ANOTHER APPLICATION CALLED ADEDIT (O
R
ALERT/DIALOG EDITOR) CREATES A SCRATCH 
FILE WHEN IT EXECUTES. IF YOU START
ADEDIT THEN QUIT RIGHT AWAY, THAT SIDE 
EFFECT FILE IS SITTING THERE EMPTY.
(HMMM....) IT HAS A REAL NICE EMPTY RES
OURCE FORK.

STEP 3: THE CRACK. ALL YOU NEED TO DO I
S BOOT WITH SOME NORMAL DISK. THEN EJECT
IT AND PUT SLOTS IN THE DRIVE. (IF YOU 
HAVE TWO DRIVES, JUST PUT SLOTS IN THE
SECOND DRIVE.) COPY RESOURCE MOVER AND 
THE EMPTY FILE FROM ADEDIT TO THE SLOTS
DISK. NOW YOU ARE READY.







ALL YOU HAVE TO DO IS COPY ALL OF THE R
ESOURCES TO THE SCRATCH FILE. THE FILE
NAME THAT ALL OF THE SLOTS RESOURCES AR
E IN IS CALLED FINDER, RIGHT? RIGHT. OPE
N
IT AND COPY SOME OF THE RESOURCES TO TH
E SCRAP. CLOSE IT, AND OPEN THE SCRATCH
FILE. THEN, SIMPLY PASTE THE RESOURCES 
BACK IN. REPEAT THIS UNTIL ALL RESOURCES
HAVE BEEN COPIED. SIMPLE.

IT WON'T WORK. THERE IS A SECOND COMPLI
CATION THAT ARISES IF YOU ATTEMPT THIS
STRATEGY. THERE JUST ISN'T ENOUGH ROOM 
IN THE MAC TO DO THIS. HERE'S IS ACTUALL
Y
WHAT YOU NEED TO DO. IN ONE CHUNK, COPY
 ALL OF THE RESOURCES EXCEPT THE CODE
SEGMENTS AS ABOVE. NEXT, OPEN ALL OF TH
E CODE SEGMENTS AND NOTE THEIR SIZES.
SOME ARE FAIRLY BIG, BUT THERE ARE A CO
UPLE THAT ARE TINY. COPY THE TINY ONES.

CLOSE THE RESOURCES AND EXIT RESOURCE M
OVER. THIS WILL CLEAR OUT THE SYSTEM.
RERUN RESOURCE MOVER. NEXT, COPY ALL OF
 THE CODE SEGMENTS EXCEPT THE REAL BIG
ONE. FINALLY, COPY THE BIG ONE AND EXIT
. YOU NOW HAVE A CRACKED SLOTS PROGRAM.

YOU'LL NOTICE, THOUGH, THAT IT ISN'T AN
 APPLICATION AND YOU CAN'T RUN IT. (BY
THE WAY, YOU SHOULD THINK ABOUT COPYING
 IT TO ANOTHER DISK ABOUT NOW.) YOU CAN
TEST YOUR CRACK BY HOLDING OPTION AND C
OMMAND AND THE SAME TIME AND DOUBLE
CLICKING ON YOUR CRACKED SLOTS. "COMMAN
D-DOUBLE-CLICKING" AS THIS IS CALLED
TELLS THE FINDER TO TRY AND RUN IT NO M
ATTER WHAT IT LOOKS LIKE. OBVIOUSLY, THI
S
CAN CRASH THE MAC EASILY. IT WILL WORK 
FOR YOUR CRACKED SLOTS, THOUGH.

TO MAKE IT A NORMAL APPLICATION, PUT IT
 AND SET FILE ON THE SAME DISK. USE SET
FILE TO CHANGE ITS FILE TYPE TO APPL. (
IT'S GOT TO BE ALL UPPER CASE WITH NO
EXTRA CHARACTERS AROUND.) DO NOT SET TH
E CREATOR. CLICK THE "SET IT" BUTTON AND
THEN QUIT. 

THERE YOU HAVE IT, A FULLY RUNNING, CRA
CKED SLOTS GAME!

INTERESTING NOTES: YOU CAN PUT SET FILE
 ON THE SLOTS DISK AND MOVE FINDER INTO
THE WINDOW IF YOU LIKE BY SETTING ITS L
OCATION PARAMETERS.

IN ACTUALITY, YOU CAN USE ANY FILE AS T
HE CRACK DESTINATION, BUT THERE ARE
DIFFICULTIES. THE FIRST THING YOU'D HAV
E TO DO IS DELETE ALL THE RESOURCES THAT
WERE ORIGINALLY THERE. THIS IS WHAT I D
ID AT FIRST. I COPIED SOME ARBITRARY FIL
E
AND USED IT. UNFORTUNATELY, THOUGH, THE
 FINDER DOESN'T REALLY DELETE THEM. THEY
STILL TAKE UP MEMORY. SO ALTHOUGH IT WO
ULD WORK, STARTING WITH A TRULY BLANK
RESOURCE FORK WILL YIELD THE SMALLEST C
RACKED VERSION OF SLOTS.




THE ORIGINAL USED TWO SIZES OF THE SAN 
FRANCISCO FONT FOR THE GAME. NOWADAYS,
APPLE IS LEAVING THAT HIDEOUS FONT OFF 
OF THEIR DISKS. IF SLOTS DOESN'T FIND TH
E
SAN FRANCISO FONTS, (ACTUALLY IF THE FO
NT MANAGER DOESN'T FIND THEM), IT REVERT
S
TO THE SYSTEM FONT. THEREFORE, IF YOU M
OVE YOUR CRACKED SLOTS TO A DISK WITHOUT
THE SF FONT, THE TITLE SCREEN LOOKS HOR
RIBLE. THANKS TO THE NEET STRUCTURE OF
THE RESOURCE MANAGER, YOU CAN REALLY PU
T THE FONTS ANYWHERE YOU LIKE AND THEY'L
L
BE FOUND. THEREFORE, TO FIX THIS PROBLE
M, JUST USE RESOURCE MOVER TO COPY THE
TWO FONTS FROM THE SLOTS SYSTEM FILE TO
 YOUR CRACKED SLOTS FILE. IT WORKS GREAT
.


(1-16, LAST=7,E,P,Q,T) READ MSG.#

MESSAGE #8: CRACK CUTTHROATS!
(SPACEBAR QUITS MESSAGE)

MSG LEFT BY: RESET VECTOR
DATE POSTED: MON OCT 29  7:53:45 PM

INFOCOM HAS GOTTEN A LITTLE SMARTER ON 
THEIR PROTECTION, AND CUTTHROATS
WAS PROTECTED WITH BAD SECTORS, BUT A L
ITTLE SNOOPING WITH MIDIBUG PRODUCED
THE FOLLOWING CRACK:
COPY DISK WITH BLOCKSMITH
USE BLOCK EDIT ON BLOCK 44 AND CHANGE B
YTE 15D FROM 67 TO 60
IT'S CRACKED!
COURTESY OF ->RESET VECTOR!
THE POSTMEN
MACDIVISION 
WE DELIVER!

(1-16, LAST=8,E,P,Q,T) READ MSG.#

MESSAGE #9: CRACK D & S
(SPACEBAR QUITS MESSAGE)

MSG LEFT BY: THE BITMAN
DATE POSTED: SUN NOV  4 11:25:26 PM

SORRY IT TOOK SO LONG, HERE IS HOW 
DOLLARS & SENSE WAS CRACKED, OR HOW, 
MY COPY WAS MODIFIED..
 
BLOCK #      BYTE     WAS    CHANGE TO
---------------------------------------
425        146       6704    4E71
            FC       6700    6600
 
468        1E0       487A    6606
 
ALL NUMBERS ARE IN HEX, USE BLOCKEDITOR
OR FEDIT TO PATCH DISK....IF YOU DO NOT
FIND THES BYTES ON THESE BLOCKS, YOU MA
Y
HAVE TO SEARCH THE DISK....
 
BITMAN
 
 
P.S., MACASM IS COOL
 

(1-16, LAST=9,E,P,Q,T) READ MSG.#

MESSAGE #10: COPY MACPASCAL
(SPACEBAR QUITS MESSAGE)

MSG LEFT BY: MR. KRAC-MAN
DATE POSTED: SAT NOV 10  7:49:07 PM

BLOCKSMITH, MACBACKUP WILL NOT WORK ON 
MACINTOSH PASCAL V1.0.
COPY II MAC NORMAL WILL NOT WORK.
 
THIS WORKED FOR ME:
 
USE COPY II MAC
1) SECTOR COPY PASCAL AND INIT DEST.
2) BOOT UP SECT COPIED DISK W/WRITE
   PROTECT OFF AND TRY RUNNING, IT
   WILL BOMB AFTER A WHILE.
3) RUN COPY II MAC BIT COPY
4) BIT COPY WHOLE DISK
 
TRY IT NOW....IT SHOULD WORK.
 
IT WILL NOT WORK IF YOU JUST USE
BIT COPY OR EVEN IF YOU ERASE THEN
BIT COPY...DONT ASK ME WHY.
 
MR. KRAC-MAN

(1-16, LAST=10,E,P,Q,T) READ MSG.#

MESSAGE #11: EASIER PASCAL
(SPACEBAR QUITS MESSAGE)

MSG LEFT BY: MR. KRAC-MAN
DATE POSTED: SAT NOV 10  8:18:02 PM

JUST FIGURED WHATS GOING ON.
YOU CAN SECTOR COPY PASCAL THEN
BIT COPY ONLY TRACK 1 AND IT WILL
WORK.  I DEDUCE THAT LAME COPY II MAC'S
NIBBLE COPIER IS NOT VERY RELIABLE
AND HENCE SCREWS SOME DATA UP IF YOU
BIT COPY THE WHOLE THING, THUS
MAKING THE COPY NOT WORK.  THIS WAY
YOU ONLY BIT COPY TRACK 1 WHERE THE
PROTECTED BLOCK IS.
 
ALSO RELEASED PASCAL 1.0 IS 115K
LONG, NOT 110 AS SOME BROKEN ONES
LOOK.
 



YOUR 15 MINUTES ARE UP.  FOR $15 EXTRA,
YOU CAN GET 30 MINUTES!!




==============================
