Apple IIe ROM crack for emulators

26-11-2007, 03:01 PM

Hi Everyone,

Back in the day, many of the better "Krackists" had the ability to
break into the monitor at any time and examine/modify memory contents,
usually for cracking purposes. At the time, you needed to have an
older Apple II ROM or burn your own modified ROM chip, but with the
marvelous Apple IIe emulators out today, all you need to do is patch
your APPLE2E.ROM file. You could burn your own ROM with this code as
well, I suppose, but I make no guarantees on that since I've only
tested this mod with a couple of emulators, Virtual ][ and A2Oasis. I
would be interested in feedback on how this mod works with other
emulators, and if you are successful in burning a new ROM, please post
your experiences. I'm not daring enough just yet to risk a ROM mod on
my 20-year old Apple IIe.

I wrote this mod in SC-Assembler and would be happy to post the source
and modified ROM if anyone knows where I can upload the files (Asimov
does not appear to be accepting any new uploads).

To make the mods:

1) Make a copy of your APPLE2E.ROM file
2) With your favorite hex editor, make the following changes to the
file

Offset: 7FFC
Before: 62 FA (2 bytes to change)
After: CD FE

Offset: 7ECD (3C bytes to change)
Before:
A9 40 8D 07 C0 20 AA C5 F0 2C A0 01 A5 43 F0 04 D1 3C D0 0A 88 A5 42
D1 3C D0 03 20 92 FD 20 BA FC 90 E7 60 A0 0D 20 B4 FB 20 00 FE 68 68
D0 6C 8D 07 C0 20 D1 C5 8D 06 C0 F0 32 D0

After:
AD 00 C0 F0 FB C9 9B F0 03 4C 62 FA A0 00 B9 00 00 99 00 20 C8 D0 F7
A9 00 85 00 85 02 A9 01 85 01 A9 21 85 03 A5 00 85 02 E6 02 E6 00 D0
F6 E6 03 E6 01 A5 01 C9 09 D0 EC 4C 59 FF

Usage:
1) Select the APPLE2KRK.ROM file for use with your emulator
2) Boot
3) The system will appear to hang. It's waiting for a key press. Press
any key to continue normally or press ESC to enter the monitor.
4) Anytime you press Reset or Boot on your Apple IIe, the system will
wait for a key press before continuing.

What's going on:
The marvelous Krakowitz file gives a great in depth explanation, but
here's a brief summary:
1) The original reset vector address in the ROM is changed from $FA62
to $FECD. Why $FECD? That's normally the cassette tape save/load area
which I've replaced with a conditional call into the Monitor when ESC
is pressed. If any other key is pressed, the system jumps to $FA62 for
normal operation.

2) This modified ROM routine also copies all memory in $0000-$08FF
into a safer area, $2000-$28FF (hi-res picture area) before entering
the monitor to preserve that memory for analysis.

Maybe this file is 20 years too late, but for anyone who still enjoys
tinkering with their old Apple II, I hope this helps make your hobby
more enjoyable.

Happy Cracking!
Galael

26-11-2007, 03:01 PM

Galael,

Good to see retro-cracking is alive and well :-)

You may be interested in the Extended Debugging Monitor ROM - I've put
a copy online at http://blog.jamtronix.com/2007/05/ap...ing_monit.html

Regards

Jonno

26-11-2007, 03:01 PM

In article <1184383756.625094.316490@57g2000hsv.googlegroups. com>,
ogydgian@yahoo.com wrote:

> Hi Everyone,
>
> Back in the day, many of the better "Krackists" had the ability to
> break into the monitor at any time and examine/modify memory contents,
> usually for cracking purposes. At the time, you needed to have an
> older Apple II ROM or burn your own modified ROM chip,

Or connect a momentary-contact switch across the right two pins on the
CPU. But I'll grant that's tough to do if your emulator of choice
doesn't have source available.

G

26-11-2007, 03:01 PM

On Jul 14, 6:11 pm, jonnosan <jonno...@gmail.com> wrote:
> You may be interested in the Extended Debugging Monitor ROM - I've put
> a copy online athttp://blog.jamtronix.com/2007/05/apple_extended_debugging_monit.html

That looks very interesting - I have downloaded it and will try it in
my platinum IIe. I have been meaning to do something like this but
adapt the IIc ROM bank switching to the IIe allowing for 30KB of code.

26-11-2007, 03:01 PM

> Good to see retro-cracking is alive and well :-)
>
> You may be interested in the Extended Debugging Monitor ROM - I've put
> a copy online athttp://blog.jamtronix.com/2007/05/apple_extended_debugging_monit.html

Very cool. I'll have to play around with this.

Galael

26-11-2007, 03:01 PM

jonnosan wrote:
> Galael,
>
> Good to see retro-cracking is alive and well :-)
>
> You may be interested in the Extended Debugging Monitor ROM - I've put
> a copy online at http://blog.jamtronix.com/2007/05/ap...ing_monit.html

Glad to see this has made it to the public! I have one of these buried my
collection that was given to me by Applied Engineering circa 1986.

Now I don't have to scrape my knees crawling around in the attic <g>.

Steve

26-11-2007, 03:01 PM

Steven Hirsch wrote:
> jonnosan wrote:
>
>> Galael,
>>
>> Good to see retro-cracking is alive and well :-)
>>
>> You may be interested in the Extended Debugging Monitor ROM - I've put
>> a copy online at
>> http://blog.jamtronix.com/2007/05/ap...ing_monit.html
>
>
> Glad to see this has made it to the public! I have one of these buried
> my collection that was given to me by Applied Engineering circa 1986.
>
> Now I don't have to scrape my knees crawling around in the attic <g>.

Does anyone have a SeniorPROM image? It was once considered the
"Cadillac" of extended monitor ROMs.

-michael

NadaNet file server for Apple II computers!
Home page: http://members.aol.com/MJMahon/

"The wastebasket is our most important design
tool--and it's seriously underused."

A2forever · 25-01-2008, 03:07 PM

Actually , there is one F8 Non-Autostart Rom that was created by a well known cracker back in the day , The Freeze. He designed an awsome Non-Autostart F8 Rom , that had awsome capabilities of reading Hex , binary , Etc.. Plus it had a nicer sounding Bell! I have tried this in A2 Oasis Emulator , and it worked perfectly! I used Cider Press to exract the image from one of my .DSK files that I have stored on my drive , then I changed the file type too work with A2 Oasis , and that was that! It worked awsome! I have it working in one of my II PLUS's that I restored , along with the famous Pig-Font Rom! Instead of an Asterex for your monitor , it shows an Apple!

A2forever

26-11-2007, 03:01 PM	#1
ogydgian@yahoo.com Guest Posts: n/a	Apple IIe ROM crack for emulators Hi Everyone, Back in the day, many of the better "Krackists" had the ability to break into the monitor at any time and examine/modify memory contents, usually for cracking purposes. At the time, you needed to have an older Apple II ROM or burn your own modified ROM chip, but with the marvelous Apple IIe emulators out today, all you need to do is patch your APPLE2E.ROM file. You could burn your own ROM with this code as well, I suppose, but I make no guarantees on that since I've only tested this mod with a couple of emulators, Virtual ][ and A2Oasis. I would be interested in feedback on how this mod works with other emulators, and if you are successful in burning a new ROM, please post your experiences. I'm not daring enough just yet to risk a ROM mod on my 20-year old Apple IIe. I wrote this mod in SC-Assembler and would be happy to post the source and modified ROM if anyone knows where I can upload the files (Asimov does not appear to be accepting any new uploads). To make the mods: 1) Make a copy of your APPLE2E.ROM file 2) With your favorite hex editor, make the following changes to the file Offset: 7FFC Before: 62 FA (2 bytes to change) After: CD FE Offset: 7ECD (3C bytes to change) Before: A9 40 8D 07 C0 20 AA C5 F0 2C A0 01 A5 43 F0 04 D1 3C D0 0A 88 A5 42 D1 3C D0 03 20 92 FD 20 BA FC 90 E7 60 A0 0D 20 B4 FB 20 00 FE 68 68 D0 6C 8D 07 C0 20 D1 C5 8D 06 C0 F0 32 D0 After: AD 00 C0 F0 FB C9 9B F0 03 4C 62 FA A0 00 B9 00 00 99 00 20 C8 D0 F7 A9 00 85 00 85 02 A9 01 85 01 A9 21 85 03 A5 00 85 02 E6 02 E6 00 D0 F6 E6 03 E6 01 A5 01 C9 09 D0 EC 4C 59 FF Usage: 1) Select the APPLE2KRK.ROM file for use with your emulator 2) Boot 3) The system will appear to hang. It's waiting for a key press. Press any key to continue normally or press ESC to enter the monitor. 4) Anytime you press Reset or Boot on your Apple IIe, the system will wait for a key press before continuing. What's going on: The marvelous Krakowitz file gives a great in depth explanation, but here's a brief summary: 1) The original reset vector address in the ROM is changed from $FA62 to $FECD. Why $FECD? That's normally the cassette tape save/load area which I've replaced with a conditional call into the Monitor when ESC is pressed. If any other key is pressed, the system jumps to $FA62 for normal operation. 2) This modified ROM routine also copies all memory in $0000-$08FF into a safer area, $2000-$28FF (hi-res picture area) before entering the monitor to preserve that memory for analysis. Maybe this file is 20 years too late, but for anyone who still enjoys tinkering with their old Apple II, I hope this helps make your hobby more enjoyable. Happy Cracking! Galael

26-11-2007, 03:01 PM	#2
jonnosan Guest Posts: n/a	Re: Apple IIe ROM crack for emulators Galael, Good to see retro-cracking is alive and well :-) You may be interested in the Extended Debugging Monitor ROM - I've put a copy online at http://blog.jamtronix.com/2007/05/ap...ing_monit.html Regards Jonno

26-11-2007, 03:01 PM	#3
Gregory Weston Guest Posts: n/a	Re: Apple IIe ROM crack for emulators In article <1184383756.625094.316490@57g2000hsv.googlegroups. com>, ogydgian@yahoo.com wrote: > Hi Everyone, > > Back in the day, many of the better "Krackists" had the ability to > break into the monitor at any time and examine/modify memory contents, > usually for cracking purposes. At the time, you needed to have an > older Apple II ROM or burn your own modified ROM chip, Or connect a momentary-contact switch across the right two pins on the CPU. But I'll grant that's tough to do if your emulator of choice doesn't have source available. G

26-11-2007, 03:01 PM	#4
David Wilson Guest Posts: n/a	Re: Apple IIe ROM crack for emulators On Jul 14, 6:11 pm, jonnosan <jonno...@gmail.com> wrote: > You may be interested in the Extended Debugging Monitor ROM - I've put > a copy online athttp://blog.jamtronix.com/2007/05/apple_extended_debugging_monit.html That looks very interesting - I have downloaded it and will try it in my platinum IIe. I have been meaning to do something like this but adapt the IIc ROM bank switching to the IIe allowing for 30KB of code.

26-11-2007, 03:01 PM	#5
ogydgian@yahoo.com Guest Posts: n/a	Re: Apple IIe ROM crack for emulators > Good to see retro-cracking is alive and well :-) > > You may be interested in the Extended Debugging Monitor ROM - I've put > a copy online athttp://blog.jamtronix.com/2007/05/apple_extended_debugging_monit.html Very cool. I'll have to play around with this. Galael

26-11-2007, 03:01 PM	#6
Steven Hirsch Guest Posts: n/a	Re: Apple IIe ROM crack for emulators jonnosan wrote: > Galael, > > Good to see retro-cracking is alive and well :-) > > You may be interested in the Extended Debugging Monitor ROM - I've put > a copy online at http://blog.jamtronix.com/2007/05/ap...ing_monit.html Glad to see this has made it to the public! I have one of these buried my collection that was given to me by Applied Engineering circa 1986. Now I don't have to scrape my knees crawling around in the attic <g>. Steve

26-11-2007, 03:01 PM	#7
Michael J. Mahon Guest Posts: n/a	Re: Apple IIe ROM crack for emulators Steven Hirsch wrote: > jonnosan wrote: > >> Galael, >> >> Good to see retro-cracking is alive and well :-) >> >> You may be interested in the Extended Debugging Monitor ROM - I've put >> a copy online at >> http://blog.jamtronix.com/2007/05/ap...ing_monit.html > > > Glad to see this has made it to the public! I have one of these buried > my collection that was given to me by Applied Engineering circa 1986. > > Now I don't have to scrape my knees crawling around in the attic <g>. Does anyone have a SeniorPROM image? It was once considered the "Cadillac" of extended monitor ROMs. -michael NadaNet file server for Apple II computers! Home page: http://members.aol.com/MJMahon/ "The wastebasket is our most important design tool--and it's seriously underused."

25-01-2008, 03:07 PM	#8
A2forever Newbie Join Date: Jan 2008 Age: 41 Posts: 13 Thanks: 0 Thanked 0 Times in 0 Posts Rep Power: 0	Re: Apple IIe ROM crack for emulators Actually , there is one F8 Non-Autostart Rom that was created by a well known cracker back in the day , The Freeze. He designed an awsome Non-Autostart F8 Rom , that had awsome capabilities of reading Hex , binary , Etc.. Plus it had a nicer sounding Bell! I have tried this in A2 Oasis Emulator , and it worked perfectly! I used Cider Press to exract the image from one of my .DSK files that I have stored on my drive , then I changed the file type too work with A2 Oasis , and that was that! It worked awsome! I have it working in one of my II PLUS's that I restored , along with the famous Pig-Font Rom! Instead of an Asterex for your monitor , it shows an Apple! A2forever

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode