Dec 092017
| Unprotect for Firehawk (Thexder II). | |||
|---|---|---|---|
| File Name | File Size | Zip Size | Zip Type |
| FHAWKUNP.DOC | 3610 | 1778 | deflated |
| FRHWKUNP.BAT | 283 | 173 | deflated |
| GAME-UNP.DAT | 1021 | 350 | deflated |
Download File FIREHAWK.ZIP Here
Contents of the FHAWKUNP.DOC file
INSTRUCTIONS FOR FIREHAWK Thexder II
This deprotect works on file GAME.EXE dated 9/24/90 with a length
of 37,378 bytes.
FIRSTLY THIS GAME IS A REAL NUISANCE TO PLAY WITH THE PASSIVE
PROTECTION SYSTEM REQUIRING YOU TO CONSULT THE MANUAL EACH AND
EVERY TIME YOU BOOT IT UP.
The game relies on 20 words picked at random from the manual to
"prove" that the game player is in possession of an official
manual (and presumably a registered bona fide owner).
To remove this nuisance you can proceed in one of two ways -
either get into the trenches and slug it out on an assembly
language level using Debug, Periscope or some other debugger to
find the pivot point where the program compares your entry to the
correct answer -- and then change the pivot point (JNZ) to a
forced branch (JMP)..... or to change the stored tables on the
disk to make the program think your answer is always correct.
In this particular case the latter seemed the easier choice
possibly because I stumbled across the page/paragraph/word table
and hence knew where it was. The entries are stored in 5 digraph
series (20 entries of 5 digraphs each) with the first three
digraphs being the page/paragraph/word-number in Hexadecimal.
Numbers 1-9 are the same in Hex or Decimal for the purposes of
this encryption process. The other two digraphs point to the
encrypted word in some fashion. I did not bother to locate them
since it's not necessary to actually find them on the disk for
this deprotect.
What we are going to do is change all the word pointers to point
to the same word so that no matter what page number/paragraph and
word number are selected at random; your entry will be seen as
correct.
I chose the fourth word in the series (page 09; para 02; word 02)
- SYSTEM as an easy one to remember. I also changed the on screen
prompt to prompt you to enter the word "system" to proceed with
the game. Any word on the list could have been chosen - however a
shorter one is easier to type.
Deprotect instructions-- Use A DISKCOPY of Firehawk II!!
Copy the file GAME.EXE to a disk or subdirectory together with all
the files from this zip file. DEBUG.COM must be in your path
statement or copied to the same disk or subdirectory. Run the
batch file Fhawkunp.BAT which will temporarily rename the file
GAME.EXE to GAME.DAT and then via DEBUG edit the appropriate
locations to accomplish the deprotect. The file GAME.DAT will
then be renamed back to GAME.EXE and in its deprotected form
should be copied back to the COPY of firehawk you are trying to
deprotect.
The page/para/word locations are at 8F58 to 8FBB on my version
while the screen text is located at 8E4F to 8F00 (for those who
are interested). You can find them for yourself using PCTOOLS FIND
function looking for the HEX string "090202".
For those who don't want to fool with their disks the following
list, when printed out, will make it easier to enter the original
codewords.
06/01/01 Spacecraft 06/08/03 Especially
06/09/06 flight 09/02/02 System
09/05/04 is (27)1B/05/02 when
1B/08/01 when (28)1C/02/01 press
1C/07/04 begin (31)1F/02/04 THE
1F/07/04 laser (33)21/01/05 number
21/02/03 increase (35)23/03/01 resuming
23/08/03 do (37)25/01/04 diskette
(33)21/07/05 activated (33)21/04/04 you
(28)1C/03/02 type (28)1C/07/02 the
Numbers in parens are, of course, the decimal value.
This deprotect works on file GAME.EXE dated 9/24/90 with a length
of 37,378 bytes.
FIRSTLY THIS GAME IS A REAL NUISANCE TO PLAY WITH THE PASSIVE
PROTECTION SYSTEM REQUIRING YOU TO CONSULT THE MANUAL EACH AND
EVERY TIME YOU BOOT IT UP.
The game relies on 20 words picked at random from the manual to
"prove" that the game player is in possession of an official
manual (and presumably a registered bona fide owner).
To remove this nuisance you can proceed in one of two ways -
either get into the trenches and slug it out on an assembly
language level using Debug, Periscope or some other debugger to
find the pivot point where the program compares your entry to the
correct answer -- and then change the pivot point (JNZ) to a
forced branch (JMP)..... or to change the stored tables on the
disk to make the program think your answer is always correct.
In this particular case the latter seemed the easier choice
possibly because I stumbled across the page/paragraph/word table
and hence knew where it was. The entries are stored in 5 digraph
series (20 entries of 5 digraphs each) with the first three
digraphs being the page/paragraph/word-number in Hexadecimal.
Numbers 1-9 are the same in Hex or Decimal for the purposes of
this encryption process. The other two digraphs point to the
encrypted word in some fashion. I did not bother to locate them
since it's not necessary to actually find them on the disk for
this deprotect.
What we are going to do is change all the word pointers to point
to the same word so that no matter what page number/paragraph and
word number are selected at random; your entry will be seen as
correct.
I chose the fourth word in the series (page 09; para 02; word 02)
- SYSTEM as an easy one to remember. I also changed the on screen
prompt to prompt you to enter the word "system" to proceed with
the game. Any word on the list could have been chosen - however a
shorter one is easier to type.
Deprotect instructions-- Use A DISKCOPY of Firehawk II!!
Copy the file GAME.EXE to a disk or subdirectory together with all
the files from this zip file. DEBUG.COM must be in your path
statement or copied to the same disk or subdirectory. Run the
batch file Fhawkunp.BAT which will temporarily rename the file
GAME.EXE to GAME.DAT and then via DEBUG edit the appropriate
locations to accomplish the deprotect. The file GAME.DAT will
then be renamed back to GAME.EXE and in its deprotected form
should be copied back to the COPY of firehawk you are trying to
deprotect.
The page/para/word locations are at 8F58 to 8FBB on my version
while the screen text is located at 8E4F to 8F00 (for those who
are interested). You can find them for yourself using PCTOOLS FIND
function looking for the HEX string "090202".
For those who don't want to fool with their disks the following
list, when printed out, will make it easier to enter the original
codewords.
06/01/01 Spacecraft 06/08/03 Especially
06/09/06 flight 09/02/02 System
09/05/04 is (27)1B/05/02 when
1B/08/01 when (28)1C/02/01 press
1C/07/04 begin (31)1F/02/04 THE
1F/07/04 laser (33)21/01/05 number
21/02/03 increase (35)23/03/01 resuming
23/08/03 do (37)25/01/04 diskette
(33)21/07/05 activated (33)21/04/04 you
(28)1C/03/02 type (28)1C/07/02 the
Numbers in parens are, of course, the decimal value.
December 9, 2017
Add comments