I bet it’s something simple like enough gates for an XOR and I/O loopback. Justin > On Apr 20, 2025, at 14:10, Didier Derny <didier@aida.org> wrote: > > no way to find a working workcraft with it's dongle ? > > and put a logic analyser to analyse the transfers ? > > > then eventually reproduce the dongle with a small fpga to understand how the system works ? > > > >> Le 20/04/2025 à 20:22, Rhialto a écrit : >>> On Sun 20 Apr 2025 at 09:57:23 -0400, Craig Taylor wrote: >>> See: http://bitbarn.co.uk/dryfire/dcpe.php#pets for how to emulate. >> Interesting find! Especially the link near the end >> http://bitbarn.co.uk/dryfire/dcpe.zip which contains some code to run on >> the hardware from the page. It doesn't seem to be 100% complete >> though, since the implementation of "dongle = shiftIn(dataIn, clockIn, >> LSBFIRST);" seems to be missing. >> >> An interesting discrepancy is that the text mentions an 8-bit shift >> register, and the WordCraft code shifts 15 bits in (and MSB, not LSB >> first). This would fit better with the serial numbers, for instance one >> instance of WordCraft claims it is serial number 16105. >> >> WordCraft also reads from both tape ports in parallel. I'm not sure if 2 >> dongles are required, or if it simply accepts a dongle in either >> position. >> >> So I have made an emulation of something, but it doesn't convince >> WordCraft yet. >> >>>> On Sun, Apr 20, 2025 at 9:35?AM David Roberts <daver21145@gmail.com> wrote: >>> >>>> Do we need to warm up the cracking tools again?! >>>> >>>> Dave >>>> >>>> On Sun, 20 Apr 2025, 13:46 Rhialto, <rhialto@falu.nl> wrote: >>>> >>>>> Hi all. I was looking into the PET version of WordCraft. It is one of >>>>> the fairly few programs that uses the 8096 memory expansion. But it is >>>>> protected with a dongle on the tape port, and I did not come across any >>>>> cracked versions. >>>>> >>>>> Does anybody know how to emulate the dongle? Or have one? Or have a >>>>> cracked version of WordCraft? >>>>> >>>>> After startup, WordCraft appears to work, and you get into command mode. >>>>> However no command actually works, and when trying to get into editing >>>>> mode (STOP key), it executes a JAM instruction. >>>>> >>>>> So far I found out that you get to the "interesting" part of the code if >>>>> you set a read breakpoint on E811. The code being executed is >>>>> "encrypted" in the file as loaded from disk. It gets decrypted before it >>>>> is run, and re-encrypted afterwards. I haven't found a trivial way to >>>>> disarm it yet. >>>>> >>>>> There is a ROM on zimmers.net that suggests it is for use with >>>>> WordCraft, but if so, it's not the protection part, since installing it >>>>> does't seem to make a difference (although according to Vice, it does >>>>> read from the $9xxx area several times). >>>>> >>>>> -Olaf. >>>>> -- >>>>> ___ Olaf 'Rhialto' Seibert <rhialto/at/falu.nl >>>>> \X/ There is no AI. There is just someone else's work. --I. Rose >>>>> >
Archive generated by hypermail 2.4.0.