View Single Post
Old 24 June 2016, 14:30   #29
Codetapper
2 contact me: email only!

Codetapper's Avatar
 
Join Date: May 2001
Location: Auckland / New Zealand
Posts: 3,128
The Band version in TOSEC is broken!

On the topic of Garfield: A Winter's Tail, I wanted to know why the Band trained version of the game doesn't work. It turns out some idiot encrypted the TetraPack 2.1 intro using the decryption key that happens to be stored (but never set) at $8:
Code:
        move.l  (8).L,d3
lbC000E move.l  (a0),d0
        eor.l   d3,d0
        move.l  d0,(a0)+
        cmpa.l  a1,a0
        blt.b   lbC000E
        lea     (lbL0024,pc),a0
        adda.l  #$20,a0
        jmp     (a0)

lbL0024	dc.l    $FC042F
        dc.l    $FC07DC
        dc.l    $FC07DD
        dc.l    $FC07DC
        dc.l    $FC07DC
        dc.l    $FC02EC
        dc.l    $FC0435
        dc.l    $FC02EC
If you've been cracking for a while, it's trivial to work out that the data at lbL0024 is an AmigaDos header ($3f3, 0, 1) so the value the game is expecting at $8 happens to be $fc07dc. I checked WinUAE and it has $fc0818, so the file unpacks as garbage and then jumps to it, crashing the machine.

To fix this particular problem, if you change offset $42c in the disk image from $2639 0000 0008 to $263c 00fc 07dc, the instruction move.l (8).L,d3 becomes move.l #$fc07dc,d3 and the decryption takes place. And once you do this, the +3 trainer appears correctly!

Clenched's fix can also be applied to that same image to make it a complete version.
Attached Thumbnails
Click image for larger version

Name:	the_band_garfield_2.png
Views:	67
Size:	2.5 KB
ID:	48957  
Codetapper is offline  
 
Page generated in 0.05265 seconds with 10 queries