Unprotect Sidekick   by Independent (IND)

***************************** SIDEKICK Ver. 1.00A **************** This is the procedure for bypassing the copy protection scheme used by SIDEKICK, version 1.00A. Using DEBUG on SK.COM, NOP out the CALL 8780 at location 071A ----+ | Change the OR AL,AL at 072D to OR AL,01 --------+ | | | ......and that's it! | | | | (BEFORE ZAP) | | 78A7:071A E86380 CALL 8780 <----------------------------+ 78A7:071D 2E CS: | | 78A7:071E 8E163D02 MOV SS,[023D] | | 78A7:0722 2E CS: | | 78A7:0723 8B263F02 MOV SP,[023F] | | 78A7:0727 1F POP DS | | 78A7:0728 59 POP CX | | 78A7:0729 880E1300 MOV [0013],CL | | 78A7:072D 0AC0 OR AL,AL <----------+ | | | (AFTER ZAP) | | 78A7:071A 90 NOP <-----------------------------+ 78A7:071B 90 NOP <-----------------------------+ 78A7:071C 90 NOP <-----------------------------+ 78A7:071D 2E CS: | 78A7:071E 8E163D02 MOV SS,[023D] | 78A7:0722 2E CS: | 78A7:0723 8B263F02 MOV SP,[023F] | 78A7:0727 1F POP DS | 78A7:0728 59 POP CX | 78A7:0729 880E1300 MOV [0013],CL | 78A7:072D 0C01 OR AL,01 <----------+ ***************************** SIDEKICK Ver. 1.10A **************** This procedure will unprotect the version 1.10A of SIDEKICK. Many thanks to the individual who provided the procedure for the version 1.00A. The only major difference between the two versions is the offset address of the instructions to be modified. Using DEBUG on SK.COM, NOP out the CALL 8C1E at location 07CA ----+ | Change the OR AL,AL at 07D9 to OR AL,01 --------+ | | | ......and that's it! | | | | (BEFORE ZAP) | | 78A7:07CA E85184 CALL 8C1E <----------------------------+ 78A7:07CD 2E CS: | | 78A7:07CE 8E163E02 MOV SS,[023E] | | 78A7:07D2 2E CS: | | 78A7:07D3 8B264002 MOV SP,[0240] | | 78A7:07D7 1F POP DS | | 78A7:07D8 59 POP CX | | 78A7:07D9 0AC0 OR AL,AL <----------+ | | | (AFTER ZAP) | | 78A7:07CA 90 NOP <-----------------------------+ 78A7:07CB 90 NOP <-----------------------------+ 78A7:07CC 90 NOP <-----------------------------+ 78A7:07CD 2E CS: | 78A7:07CE 8E163E02 MOV SS,[023E] | 78A7:07D2 2E CS: | 78A7:07D3 8B264002 MOV SP,[0240] | 78A7:07D7 1F POP DS | 78A7:07D8 59 POP CX | 78A7:07D9 0C01 OR AL,01 <----------+ ***************************** SIDEKICK Ver. 1.11C **************** What follows is an unprotect scheme for version 1.11C of Borland International's Sidekick. The basic procedure is the same as that for version 1.1A with just location differences. So the only credit I can take is for finding the new locations! This is (of course), provided only for legal owners of Sidekick!! Also, make sure you 'DEBUG' a copy NOT the original! DEBUG SK.COM <ENTER> -U 801 <ENTER> -E 801 <ENTER> you will then see: 25E5:0801 E8. 90 <ENTER> repeat for 802 and 803: -E 802 <ENTER> 90 <ENTER> -E 803 <ENTER> 90 <ENTER> then: -A 810 <ENTER> OR AL,01 <ENTER> <ENTER> -U 801 <ENTER> you should then see (among other things): XXXX:801 90 NOP XXXX:802 90 NOP XXXX:803 90 NOP XXXX:810 0C01 OR AL,01 if so: -W <ENTER> -Q <ENTER> if not: -Q <ENTER> +++++++++++++++++++++++++++++++++++++++++++++++++++++ For SKN.COM, SKM.COM and SKC.COM the unprotect is the same but at the following locations: SK SKN SKM SKC --- --- --- --- 801 7DF 76F 7BC 802 7E0 770 7BD 803 7E1 771 7BE 810 7EE 77E 7CB To unprotect SKC.COM you would 'DEBUG SKC.COM' and then replace any occurence of '801' with '7BC'; '802' with '7BD' and so on. GOOD LUCK! ************************** MISC. ********************** TIMER Found on Compuserve Keywords: SIDEKICK PRINT BORLAND TIMER INTERRUPT FIX PATCH This is an explination of the internal workings of Print.Com, a file included in DOS for the IBM PC and compatibles. It explains how this program fails to do its part to insure integrity of all registers. For this reason some trouble was being experienced while using both SideKick and Print. .op The timer tick generates an interrupt 8 18.2 per second. When SK is not active, this interrupt is handled by the Bios as follows: It pushes all registers used by the routine (AX among others.) It updates the system timer count. It updates the disk motor timer count. It generates an int 1C. When the spooler is active, it has placed a vector at int 1C, pointing at the spooler's code. The spooler is therefore activated in the middle of the int 8 handling. The cause of the trouble is that the spooler now uses the ax register with out saving it first. The fact that this usually doesn't cause any problems is that the Bios int 8 routine restores the ax register when the Spooler returns. It generates an end-of-interrupt to the interrupt controler. It pops the registers that where pushed. It does an interrupt return. With SK loaded it's a different story because SK uses int 8 to check the keyboard for CTRL-Alt. We therefore replace the address of the bios int 8 routine with the address of our own routine. The address of the bios routine is saved in order to be able to call it later. When you first start SK from DOS, we read the int 10 detector and store it. Then, each time you activate SK, we also read and store the vector at int 10 and then replace it with an interrupt return. At each timer tick, the following happens: SK received the int 8 and calls the bios int 8 routine to make sure that the timer tick is properly handles. The bios int 8 routine does the same as above: It pushes all registers used by the routine (AX among others). It updates the system timer count. It updates the disk motor timer count. It generates an int 10. SK has replaced the vector that the spooler placed here with a IRET, so nothing happens. This is because we cannot allow the timer tick to pass through to programs which use it, for example to write on the screen. It generates an end-of-interrupt to the interrupt controler. It pops the registers that were pushed. It does an interrupt return. Back in SK's int 8 routine we make a call to the address that was stored at int 10 when SK was first started. In this way he still services any resident programs that were loaded before SK. With the spooler active we therefore make a call to the spooler. The spooler again corrupts the AX register because it uses it without saving it first. Back in SK we have no way of restoring the original contents of the AX register because we did not save it (why should we, we don't use it.) In short, the root of the trouble is that the spooler destroys the AX register. The fact that the Bio's int 8 routine saves and stores it is pure coincidence. I quote from the Technical Reference Manual, Pages 2-5, Section Interrupt Hex 1C-timer tick: "It is the responsibility of the application to save and restore all registers that will be modified." Relying on a version of the Bios which happens to save register AX is bad programming practice. However, the guy who wrote the print spooler did not rely on this because at another point in his program he does correctly save AX. Obviously he simply forgot and fortunately for him the Bios saved him. The following patch will fix the problem: SK.COM unprotected version change 7F8: 55 to 7F8: 50 SK.COM unprotected version change 805: 5D to 805: 58 SK.COM protected version change 801: 55 to 801: 50 SK.COM protected version change 80E: 5D to 80E: 58 Also on both above change 012C: 41 to 012C: 42