no way to find a working workcraft with it's dongle ? and put a logic analyser to analyse the transfers ? then eventually reproduce the dongle with a small fpga to understand how the system works ? Le 20/04/2025 à 20:22, Rhialto a écrit : > On Sun 20 Apr 2025 at 09:57:23 -0400, Craig Taylor wrote: >> See: http://bitbarn.co.uk/dryfire/dcpe.php#pets for how to emulate. > Interesting find! Especially the link near the end > http://bitbarn.co.uk/dryfire/dcpe.zip which contains some code to run on > the hardware from the page. It doesn't seem to be 100% complete > though, since the implementation of "dongle = shiftIn(dataIn, clockIn, > LSBFIRST);" seems to be missing. > > An interesting discrepancy is that the text mentions an 8-bit shift > register, and the WordCraft code shifts 15 bits in (and MSB, not LSB > first). This would fit better with the serial numbers, for instance one > instance of WordCraft claims it is serial number 16105. > > WordCraft also reads from both tape ports in parallel. I'm not sure if 2 > dongles are required, or if it simply accepts a dongle in either > position. > > So I have made an emulation of something, but it doesn't convince > WordCraft yet. > >> On Sun, Apr 20, 2025 at 9:35?AM David Roberts <daver21145_at_gmail.com> wrote: >> >>> Do we need to warm up the cracking tools again?! >>> >>> Dave >>> >>> On Sun, 20 Apr 2025, 13:46 Rhialto, <rhialto_at_falu.nl> wrote: >>> >>>> Hi all. I was looking into the PET version of WordCraft. It is one of >>>> the fairly few programs that uses the 8096 memory expansion. But it is >>>> protected with a dongle on the tape port, and I did not come across any >>>> cracked versions. >>>> >>>> Does anybody know how to emulate the dongle? Or have one? Or have a >>>> cracked version of WordCraft? >>>> >>>> After startup, WordCraft appears to work, and you get into command mode. >>>> However no command actually works, and when trying to get into editing >>>> mode (STOP key), it executes a JAM instruction. >>>> >>>> So far I found out that you get to the "interesting" part of the code if >>>> you set a read breakpoint on E811. The code being executed is >>>> "encrypted" in the file as loaded from disk. It gets decrypted before it >>>> is run, and re-encrypted afterwards. I haven't found a trivial way to >>>> disarm it yet. >>>> >>>> There is a ROM on zimmers.net that suggests it is for use with >>>> WordCraft, but if so, it's not the protection part, since installing it >>>> does't seem to make a difference (although according to Vice, it does >>>> read from the $9xxx area several times). >>>> >>>> -Olaf. >>>> -- >>>> ___ Olaf 'Rhialto' Seibert <rhialto/at/falu.nl >>>> \X/ There is no AI. There is just someone else's work. --I. Rose >>>>Received on 2025-04-20 21:00:01
Archive generated by hypermail 2.4.0.