| Author: | bluebirdpod (registered user: 28 posts ) |
|---|---|---|
| Date: | Mon, Oct 20th, 2008 @ 16:11 ( . ) |
it was -pg for gma, works perfect, Also here is what I have noticed, GMA85 titles, you can simply NOP out the JSR C800, that works fine, the GMA86 titles you need to NOP the JSR c800 and shortly there after you will need to change a BEQ to BNE to get it past that check, and so far all GMA87,GMA88,GMA89,GMA90 titles all need the A-register value loaded just like my first post. what I do to get the value is this, write out the .NIB title from the gamebase extras pack, and then put in your action replay type cartridge, reset normal with no fast load. load the program you are working with, and wait till you hear the drive head move way out, this is the check on track 38. before the head gets there, hit the freeze button, now jump into the monitor, do a H 0000 FFFF 20 00 C8, now disassemble the monitor at that address, make note of the address following the JSR C800, now boot up Byte Finder from hackers utility kit. Put in the working copy, and search for $20,$00,$C8 tracks 1 to 35 once it has located all traces,. write the T&S locations down and offsets. Now I change to a Fastload cartridge, it has a easy to use sector editor, read the sector in to the editor, and change whatever follows the 20 00 C8 to a JMP to its address that you wrote down in the first step. so if you had disassembled 20 00 C8 at $03B9 lets say, you would change whatever is after 20 00 C8 to 4C BC 03, usually its a PHA-48 and then load accumulator A9 01 or like, just make sure you write those values down, you will change them back to fix your working copy back to stock. now remove the FL cart, and place the AR back in, reset the AR without FL, now boot the title, this is a working copy. it will hang after the sync count on track 38, now jump into the monitor write down your A-register value. do this twice, I have seen erroneous values, boot it again and check the A-register again. Ok, now with your FL cart, edit the sector back to stock working condition, make a fast copy onto a new disk, now with your value, put in the FL cart, edit the sector with the JSR C800 and replace it with A9 XX EA xx=value you found in above step. Now you have a deprotected patched copy. The value is pushed onto the stack and used in the de-crunch routine to properly decrypt the title. Every gma title has a different value, but I did find a multi-title game had four different checks, put the A-register value was the same for all four!, that made it a little easier to work with. Otherwise its like working on four titles. Strange I think that was Cecc's collection, but the Hewson Collection only had one check and all titles on the first disk work, and none of the titles on disk two even load, could you verify disk 2 of the hewson collection Pete ?? |
--- 0 Users Online --- 0 Recent Unique Posters |