Unprotect The Last Ninja by Independent (IND)
831 of 863 files
independent
- Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal.
-
Last modified Dec 31, 1979 8:22:46 PM
MD5 checksum 5d127334adb3781c79221717b2191bda
Mime type data
Download NINJA.UNP
Size 5 kB
- Text / Guides and how-tos
************************************************************************
The following text is written to demonstrate how to unprotect
the game, 'THE LAST NINJA', solely for the use of making legal
backup copies for the original owner.
************************************************************************
In order to unprotect NINJA, you first must understand the copy
protection scheme which is used by ACTIVISION. The copy protection
does not reside in just one program, but in three separate EXE files
on disk A. If you only plan to run this program on one type of display
monitor, then only one program needs to be unprotected.
ACTIVISION has three separate EXE files to accomodate the three
types of graphics it supports. There is a copy protection scheme
in each one of these files. However, this unprotect will work
identically for all cases. The files that are in question are as
follows:
E.EXE - EGA DISPLAY
C.EXE - CGA DISPLAY
T.EXE - SPECIAL TANDY DISPLAY
For this example, I will use E.EXE, however, as stated before,
this unprotect will work for any of the display programs.
STEP 1: Make a copy of the NINJA A disk using DISKCOPY. After this
has been completed, you can put away your original disk.
STEP 2: Rename E.EXE to E.ZAP.
STEP 3: Enter DOS DEBUG by entering the following command:
A> debug e.zap
STEP 4: ACTIVISION uses the return codes from DOS interrupt 13 to
determine if the original disk is being used. Therefore,
you must first find all occurances of interrupt 13. To
do this, use the DEBUG search command:
-s cs:100 9999 cd 13
The results of this command should look similar to the
following:
1229:0579
1229:0588
1229:05AB
STEP 5: The first address displayed is where the program is checking
the boot record. This one can be ignored. The second address
is the interrupt which checks the hidden file, XEMAG.SYS.
XEMAG.SYS resides on track number nine. If you unassemble the
statements just prior to the interrupt, you should be able
to see where '09' is moved to the CH register.
This is the one in which you are interested in. Next, enter
the following command:
-u 1229:0588 (the address used should be the
address obtained from the previous
step)
This should produce results that look like the following:
1229:0028 INT 13
1229:002A JNB 0032 (this address may vary)
1229:002C MOV AX,000A
1229:002F JMP 0081 (this address may also vary)
STEP 6: The JNB instruction is the branch which is taken when the
program receives a wrong return code from the interrupt. The
address that is branched to contains the display which tells
you to insert your original disk. The JMP instruction is the
branch that is taked when everything is fine. Therefore, to
unprotect NINJA, you simply replace the JNB instruction with
the JMP instruction. To do this, enter:
-a 1229:0028 (the addresses are obtained from
the previous unassemble step)
You will then get the following prompt:
1229:0028
On this line, simply enter an unconditional jump.
1229:0028 JMP 0081 (the address used here was also
obtained from step #5)
At the next prompt, simply hit the enter key. This should
return the DOS DEBUG prompt.
STEP 7: Write the altered code back to disk by entering:
-w
When this is finished, exit DEBUG by entering:
-q
STEP 8: Rename E.ZAP to E.EXE.
The copy protection has now been removed from disk A. and you can
make as many backup copies as you wish. As far as disk B is comcerned,
there is no copy protection and it can be copied using DISKCOPY.
The reason that programs such as DISKCOPY and even COPYIIPC do
not effectively copy disk A is very simple yet hard to detect. In
actuality, ACTIVISION has changed the boot record on the original
disk so that it will receive an invalid return code from the interrupt
13 (this is the first occurance of CD13 found when doing the DEBUG
search). The above mentioned programs cannot effectively copy the
boot record from disk A. Therefore, when a copy is made, the programs
still won't execute.
If you find that this text has been of any value to you, a
donation of any sum of money would be greatly appreciated. Please
send it to my 14 year old son (he really did all of the work !) at
the following address:
Christian Sartler
4530 Maple Road
East Troy, Wisc. 53120
If any questions should arise or additional help is required,
just leave me a note on EXEC-PC bulletin board, 414-964-5160.
Gary Sartler