********************* TK SOLVER Ver. 1(2J) ********************** =====>>> version TK-1(2J)/PC-DOS/IBM5150 <<<===== only ------------------------------------------------------------------- FROM : THE A.S.P ; (Against Software Protection) ORIGINALLY SUBMITTED TO ASA FULTONS BBS (THE SHINING SUN -305 273-0020) AND TO WHIT WYANTS BBS ( -203-966-8869) PLEASE NOTE THAT THESE UNPROTECT PROCEDURES INVOLVE FROM 4 HOURS TO ___________________________________________________________________ 40 OR MORE HOURS ( 18+ HOURS FOR 'TK!' ) OF SINGLE STEPPING THRU CODE AND FIGURING OUT THE INTENT OF THE ORIGINAL CODE.. SO I WOULD APPRECIATE IT WHEN U PASS THIS ON TO OTHER BOARDS YOU DO NOT ALTER THIS OR TRY TO TAKE CREDIT FOR MY LOST SLEEP.... THE A.S.P... ORLANDO FLA. (J.P. TO HIS FRIENDS) IF YOU HAVE A HARD DISK OR WANT TO CREATE A BACKUP COPY THAT IS NOT TIED INTO THE 'TK!' DISKETTE...IN CASE YOUR ONLY COPY GOES BAD .. THIS PATCH WILL REMOVE THE COPY PROTECTION COMPLETELY.... AS WELL AS LET TK! RUN AS A STAND ALONE PROGRAM (AS WAS DONE WITH VISICALC). AS ALWAYS THIS IS FOR YOUR PERSONAL PEACE OF MIND ONLY IT IS NOT MEANT TO BYPASS ANY COPYRIGHTS..YOU ARE BY LAW BOUND BY YOUR PURCHASE LICENSE AGREEMENT. IF YOU HAVE A HARD DISK AND WANT TO PUT THE PROGRAM ON SUCH WHY SHOULD YOU BE TIED TO A FLOPPY. YOU HAD TO GIVE UP A LOT OF 'BIG MACS' TO GET YOUR HARD DISK. FIRST OF ALL WHEN I REFER TO THE "B:" DRIVE , IF U HAVE A HARD DISK U CAN SUBSTITUTE THE APPROPRIATE DRIVE LETTER FOR THE "B:" DRIVE. I ALSO ASSUME THAT THE ORIGINAL "TK!" IS IN THE "A:" DRIVE. 1). FORMAT 1 SYSTEM DISK UNDER DOS 2.0 OR 2.1 2). LABEL IT ACCORDING TO THE ORIGINAL 'TK!' DISKETTE 3). COPY THE (UNHIDDEN) FILES FROM THE ORIGINAL DISKETTE TO THE CORRESPONDING 2.X FORMATTED DISKETTE 4). PUT THE ORIGINAL 'TK!' DISKETTE IN THE "A:" DRIVE 5). COPY CON: B:SOFTARTS.(C) ENTER :THAT'S ALL FOLKS! PRESS :CNTL-Z THEN ENTER YOU SHOULD SEE: 1 FILE(S) COPIED MESSAGE THIS TAKES CARE OF THE HIDDEN FILES. 6). I WONT TELL U HOW TO USE DEBUG OR ANY 'PATCHER' PROGRAMS ON THE BBS'S, I ASSUME U HAVE A BASIC UNDERSTANDING. 7). FIRST I ASSUME U HAVE DEBUG.COM ON A RAM OR C: OR B: DRIVE . 8). ENTER >DEBUG ENTER -N A:TK.COM -F CS:100 L EFFF 0 -L -N B:TK2.COM -R CX :EFFF -W -Q 9). ENTER >B:DEBUG B:TK2.COM ENTER -E 951 90 90 90 'THIS DISABLES BREAK POINT -E 957 90 90 90 ' AND SINGLE STEP OVERIDES -E 511 CC NOTE: THE ORIGINAL TK! SHOULD NOW BE IN THE "A:" DRIVE -G NOTE: PROGRAM SHOULD STOP AT CS:511 WHAT WE DID WAS LET TK! READ ALL THE OTHER PIECES OF HIMSELF FROM THE VARIOUS DISK SECTORS (THE GOOD AND BAD SECTORS), DO ALL THE DECRYPTING AND SET UP ALL AREAS OF HIMSELF, IN OTHERWORDS WE LET HIM DO ALL THE WORK FOR US. WE DIDNT EVEN HAVE TO FOOL WITH BAD TRACKS, OR ANY DECRYPTING OURSELVES OH THE REASON FOR WRITING TK2.COM WITH LENGTH OF "EFFF" WAS TO RESERVE THIS PROGRAM AREA SIZE SO WHEN TK! RAN HE WOULD BUILD ALL HIS ROUTINES IN "OUR" PROTECTED PROGRAM AREA, THEN DONT U SEE WE CAN SAVE TK2.COM AS TK3.COM WITH ALL THE TK! SAFELY STORED IN OUR PROTECTED TK2 MEMORY AREA. -E 511 E8 -E 57C CC -G -E 57C FF -T -R NOTE: AT THIS POINT COPY DOWN ALL THE REGISTERS AND FLAGS SETTINGS A SHIFT PRTSC WILL DO IT FOR U. -R AX 0 -R BX 0 -R CX EFFF -R DX 0 -N B:TK3.COM -W -R AX 0 -R BX B230 -R CX A000 -R DX 5898 NOTE AT THIS POINT "BP" REGISTER HAD BETTER BE ZEROS -G PRESS THE "ENTER" SINCE TK! IS WAITING ON IT NOTE: TK! SHOULD NOW COME UP AS IT NORMALLY WOULD NOW REBOOT THE SYSTEM WITH A DOS SYSTEM DISK IN A DRIVE. ------ 10). ENTER >B:DEBUG B:TK3.COM ENTER -E 951 E8 46 FF ;RESTORE CNTL-BREAK,BREAKPOINT -E 957 E8 51 FF WHAT WE WILL DO NEXT IS BYBASS ALL THE SECTOR READ CODE, DECRYPT LOGIC SINCE TK! HAS ALREADY DONE THAT ONCE AND PUT IT IN OUT PROTECTED PROGRAM AREA THAT WE SAVED AS TK3.COM. (CODE THAT SHOULD BE GENERATED) . . . . * ENTER -A 252 MOV SI,1230 ;BE3012 MOV DI,0100 ;BF0001 MOV AX,0 ;B80000 MOV BX,B230 ;BB30B2 MOV CX,A000 ;B900A0 MOV DX,5898 ;BA9858 MOV SP,B2AD ;BCADB2 MOV BP,0 ;BD0000 JMP BX ;FFE3 -N B:TK4.COM -W -Q 11). PLACE YOUR ORIGINAL TK! IN A SAFE PLACE SINCE WE WILL NO LONGER NEDD IT. 12). PLACE DISK WITH TK4.COM IN "A:" DRIVE OR RUN FROM HARD DISK ENTER >TK4 YOU SHOULD SEE THE ORIGINAL COPYRIGHT SCREEN AND THE PROGRAM WILL JUST SIT THERE. YOU MUST PRESS ENTER SINCE THE MESSAGE 'PRESS ENTER TO START" IS NOW BEING BYPASSED. IF ALL WENT WELL U NOW HAVE UNPROTECTED, DECRYPTED, STANDALONE VERSION OF TK!SOLVER..... NOTE: NOW ALL OF 'TK!' COPY PROTECTION IS REMOVED, AND U MAY DISKCOPY (OR COPY) AND RENAME TK4.COM TO TK.COM TO ANY WHERE IN THE SYSTEM YOUR LITTLE HEART DESIRES. OTHER NOTES: ------------------------------------------------------------------------- 1). CHECKS FOR SPECIALLY FORMATTED TRACKS COMPLETELY REMOVED 2). U MAY LOAD ALL THE FILES ON THE NEWLY FORMATTED AND UNPROTECTED DISKETTE DIRECTLY TO HARD OR RAM DISK, IN ANY SUB-DIRECTORY U SET UP 3). SOMEONE WANTED TO KNOW WHY I USED UPPER CASE FOR EVERYTHING. FIRST AFTER ABOUT 8 TO 20 HOURS OF STARING AT THE TUBE., I AM NOT ABOUT TO SHIFT THE CHARACTERS, AND SECONDLY I AM SO EXCITED , AFTER DOING SOMETHING THAT AT FIRST SEEMED IMPOSSIBLE, AND IN A HURRY TO GET IT OUT ON A BBS, SO THAT U MAY USE THE NEWLY GLEAMED KNOWLEDGE. ENJOY YOUR NEW FOUND FREEDOM..HARD DISKS FOREVER!!!!!