Posted By
Csabo
on 2024-03-22
07:54:20
|  Re: lost LVN demopart and Gotu Monitor
Sure! I disassembled the code and took a look at what it's doing. It's a simple RLE packer, EOR'ed with the password. By looking at the data, one can immediately see the cyclical nature of it - and assume that the password will be 4 characters long (since most of the data has a 4-byte repeating pattern).
The packer code starts depacking from $6F00 but also eventually jumps to $6F00. I think this was crucial for success, since it meant that the very first byte must be a valid opcode. (If it started depacking some data, any data, it would have been much harder, since it literally could be anything.) I took the first byte ($F1) and looked up what opcodes would result from that byte being EOR-ed with every lowercase and uppercase letter. Most of them didn't make any sense as a first instruction, but LDA #$xx ($A9) looked very promising, that gave me "x" as the starting letter. That LDA dictates that the 3rd byte will have to become an STA $xxxx ($8D), this gave me "n" as the 3rd letter.
Since I assumed it would be 4 letters, I tried some combinations, and "xena" was one of the guesses (name of the old TV show?). Try that and take a look at $6F00! The resulting code almost makes sense! I could literally see what it was trying to do: initialize some colors, clear the screen and jump to $7000. From there, I just kept "fixing" bytes to come up with letters. It's easy to see why "xenomena" produces a 4 byte repeating pattern.
It took me about an hour and a half. It was fun and very rewarding to see it start up 
|
