HI All :) in 1982 or 1983 I removed a dongle with the following method (with a working program and dongle) step 1 logic analyser connected to the K7 port this helped me to find a suitable signal to use as a trigger step2 logic analyser connected to the 6502 A0..A15, D0..D7, R/W, SYNC and a few other signals with SYNC, A0..A15, D0..D7 I was able to trace the code executed and find in which location the check of the dongle was done.... as far as I remember I found 3 locations I patched them and the software works step 3 then I applied to patches to the disk I had a rom modified to be able to reset the commodore without loosing the memory content if someone has a working wordracft with a working dongle it is probably possible to do the same to remove it it took me less than 2 hours later the dongle was officially removed the software existed in 2 version the hard disk version (not protected) and the floppy version protected it's probably easier with modern logic analyser able to capture large event the one I was using was limited to 256 captures... but it was connected by IEEE488 to CBM3000 with a software to trace the execution Le 20/04/2025 à 21:56, Justin Cordesman a écrit : > I bet it’s something simple like enough gates for an XOR and I/O loopback. > > Justin > >> On Apr 20, 2025, at 14:10, Didier Derny <didier_at_aida.org> wrote: >> >> no way to find a working workcraft with it's dongle ? >> >> and put a logic analyser to analyse the transfers ? >> >> >> then eventually reproduce the dongle with a small fpga to understand how the system works ? >> >> >> >>> Le 20/04/2025 à 20:22, Rhialto a écrit : >>>> On Sun 20 Apr 2025 at 09:57:23 -0400, Craig Taylor wrote: >>>> See: http://bitbarn.co.uk/dryfire/dcpe.php#pets for how to emulate. >>> Interesting find! Especially the link near the end >>> http://bitbarn.co.uk/dryfire/dcpe.zip which contains some code to run on >>> the hardware from the page. It doesn't seem to be 100% complete >>> though, since the implementation of "dongle = shiftIn(dataIn, clockIn, >>> LSBFIRST);" seems to be missing. >>> >>> An interesting discrepancy is that the text mentions an 8-bit shift >>> register, and the WordCraft code shifts 15 bits in (and MSB, not LSB >>> first). This would fit better with the serial numbers, for instance one >>> instance of WordCraft claims it is serial number 16105. >>> >>> WordCraft also reads from both tape ports in parallel. I'm not sure if 2 >>> dongles are required, or if it simply accepts a dongle in either >>> position. >>> >>> So I have made an emulation of something, but it doesn't convince >>> WordCraft yet. >>> >>>>> On Sun, Apr 20, 2025 at 9:35?AM David Roberts <daver21145_at_gmail.com> wrote: >>>>> Do we need to warm up the cracking tools again?! >>>>> >>>>> Dave >>>>> >>>>> On Sun, 20 Apr 2025, 13:46 Rhialto, <rhialto_at_falu.nl> wrote: >>>>> >>>>>> Hi all. I was looking into the PET version of WordCraft. It is one of >>>>>> the fairly few programs that uses the 8096 memory expansion. But it is >>>>>> protected with a dongle on the tape port, and I did not come across any >>>>>> cracked versions. >>>>>> >>>>>> Does anybody know how to emulate the dongle? Or have one? Or have a >>>>>> cracked version of WordCraft? >>>>>> >>>>>> After startup, WordCraft appears to work, and you get into command mode. >>>>>> However no command actually works, and when trying to get into editing >>>>>> mode (STOP key), it executes a JAM instruction. >>>>>> >>>>>> So far I found out that you get to the "interesting" part of the code if >>>>>> you set a read breakpoint on E811. The code being executed is >>>>>> "encrypted" in the file as loaded from disk. It gets decrypted before it >>>>>> is run, and re-encrypted afterwards. I haven't found a trivial way to >>>>>> disarm it yet. >>>>>> >>>>>> There is a ROM on zimmers.net that suggests it is for use with >>>>>> WordCraft, but if so, it's not the protection part, since installing it >>>>>> does't seem to make a difference (although according to Vice, it does >>>>>> read from the $9xxx area several times). >>>>>> >>>>>> -Olaf. >>>>>> -- >>>>>> ___ Olaf 'Rhialto' Seibert <rhialto/at/falu.nl >>>>>> \X/ There is no AI. There is just someone else's work. --I. Rose >>>>>>Received on 2025-04-21 14:00:01
Archive generated by hypermail 2.4.0.