The dark heart of Uukrul 5.25 3.5 (Broderbund, 1989)
#827 - This is a well-made RPG by Broderbund. Published in 1989 on 5.25" and 3.5" disks, it appears that the game was not cracked. Thanks to 4am for the disks (LoGo: "I hate p-code")

> Protection type <
On four standard Pascal sides for the 5.25" floppy and one 3.5" disk, we have an off-disk protection. When the player enters a sanctuary for the first time, the player has to provide a word of 5-chars by reading a word look-up sheet. If one fails to enter the right answer, the game displays "Your answer is incorrect". That is annoying because sanctuaries are really important to visit.

> How to copy <
Use Locksmith Fast Disk Backup, ZZCopy or Photonix II to copy your disks. Then, store them in a dry and safe place.

> Boot tracing and friends <
For once, I will not write a lot in that section because you will find my "cracking" notes later in the thread. One for the 5.25" version, another for the 3.5" version. They differ only by the address in RAM of the code to patch.
The idea of the pseudo-crack is to patch the keyboard read routine, when we know we are in front of the password protection check (ie. we have a string of 5 chars for the awaited answer, and an empty string for our answer) then we apply the patch (copy awaited answer to our empty string, reset the patched keyboard read routine, tell the program we entered a key) and that's it.

The dark heart of Uukrul is a Pascal-compiled program, so we find p-code. Thanks to some digging, I've been able to find the password routine in the $5x00 area but that has led to nothing because the password protection check seems to be compressed on disk and decyphered or uncompressed when needed in RAM. That's why I went with the patch idea.

The only thing you, as a player, have to do, is press return when you enter a new sanctuary for the first time. You'll never be annoyed again...

> How to patch <
There are three places to patch, refer to the next messages.
Please note that track and sector information are given for a PASCAL interleaving, similar to the ProDOS one. Beware!

The disk images are at http://www.brutaldeluxe.fr/crack/

Reboot and... enjoy,

LoGo
4/2016

The long text for the 5.25 crack...

----------------------------------------
STEP 1 / SEARCHING DATA ON DISK
----------------------------------------

THE BOOT DISK CATALOG

NAME IS  BSYS                           
$00/$0C  MESSAGES                       
$02/$00  FILE.FILE                      
$05/$08  SYSTEM.PASCAL                  
$0A/$0A  AUX.TBL                        
$0C/$04  UUKRUL.CODE                    
$0C/$08  AUX.LC                         
$10/$04  TITLE.PIX                      
$13/$04  AC.LO                          
$14/$06  SYSTEM.LIBRARY                 
$17/$04  SYSTEM.STARTUP                 
$19/$02  SYSTEM.MISCINFO                
$19/$04  AC.HI                          
$20/$08  ITEMNAMES                      
$21/$08  COLOUR.FONT                    
$21/$0C  U.ICONS                        
$22/$02  PRESET.IMAGE                   
$22/$08  CG.TBL                         

----------------------------------------
THE PATTERNS

We want to enable interrupts and enter
the IIgs Visit monitor to read memory...

We search for keyboard read
"AD00C0" IN BOOT DISK
$02/$07-$8F   $14/$0B-$15

"C030" IN BOOT DISK
We hear a click when we press a key
$02/$0B-$27   $0B/$08-$5F   $0D/$09-$A2 
$13/$02-$62   $13/$03-$52   $14/$0B-$2B 
$14/$0B-$33                             

> In common, we have T14/SB

-------------- DISK EDIT ---------------
TRACK $14/SECTOR $0B/VOLUME $FE/BYTE $10
----------------------------------------
$00/ 16 00 00 01 68 85 00 68    V@@A&#40;.@&#40;
$08/ 85 01 68 85 02 68 85 03    .A&#40;.B&#40;.C
$10/>2C<00 C0 10 FB AD 00 C0    ,@@P;-@@
$18/ 8D 10 C0 29 7F A0 00 91    .P@&#41;? @.
$20/ 02 98 C8 91 02 2C FF BF    B.H.B,??
$28/ 30 0B AD 30 C0 A0 08 C8    0K-0@ HH
$30/ D0 FD AD 30 C0 4C AE 02    P=-0@L.B
$38/ 00 00 00 00 06 00 01 00    @@@@F@A@
$40/ 00 00 3E 00 00 01 68 85    @@>@@A&#40;.
$48/ 00 68 85 01 68 68 68 0E    @&#40;.A&#40;&#40;&#40;N
$50/ 62 C0 2A 0E 61 C0 2A 48    "@*N!@*H
$58/ 4C AE 02 00 00 00 00 00    L.B@@@@@
$60/ 07 00 01 00 00 00 20 00    G@A@@@ @
$68/ 00 01 D8 A5 01 48 A5 00    @AX%AH%@
$70/ 48 60 00 00 00 00 00 00    H`@@@@@@
$78/ 00 00 10 00 00 01 F8 A9    @@P@@A8&#41;
----------------------------------------

* The patch to the keyboard routine

    keyboard routine is in
    FILE / 9 / SYSTEM.LIBRARY
    SEGMENT / 0 / USEFULS
    PROCEDURE / 10 / read keyboard

* The modified keyboard routine
* To re-enable interrupts

00/7410/ 68           PLA               
00/7411/ 85 00        STA 00            
00/7413/ 68           PLA               
00/7414/ 85 01        STA 01            
00/7416/ 68           PLA               
00/7417/ 85 02        STA 02            
00/7419/ 68           PLA               
00/741A/ 85 03        STA 03            
00/741C/ 58           CLI              ; Rewritten
00/741D/ AD 00 C0     LDA C000         ; keyboard
00/7420/ 10 FB        BPL 741D &#123;-05&#125;   ; routine to
00/7422/ 78           SEI              ; allow
00/7423/ EA           NOP              ; interrupts
00/7424/ 8D 10 C0     STA C010          

----------------------------------------
STEP 2 - SEARCHING DATA IN MEMORY
----------------------------------------

Now that we can enter the memory, we'll play the game
and visit memory in front of the password protection
that is shown when we first enter a new sanctuary &#40;only once&#41;

The unpacked code with the password message
"You have found a new Sanctuary..."

00/1A40/86 A6 20 03 72 6F 77 73 86 84 77 61 79 8B 06 66-.&amp; .rows..way..f        
00/1A50/86 0F 61 64 20 66 61 69 6C A3 97 20 1D 16 00 01-..ad fail#. ....        
00/1A60/81 20 6D 18 74 73 85 81 20 67 6C 6F 62 65 D4 65-. m.ts.. globeTe        
00/1A70/11 88 20 1F 6F 77 81 20 6D 0E 1B 61 07 20 72 0B-.. .ow. m..a. r.        
00/1A80/67 65 A8 EF 85 20 62 75 69 6C 74 C2 2E 81 20 67-ge&#40;o. builtB.. g        
00/1A90/C5 20 1F 61 6B 15 AB 84 08 65 76 65 0D 20 71 75-E .ak.+..eve. qu        
00/1AA0/61 6B 65 A6 81 20 65 1B 72 0B 63 65 88 81 20 63-ake&amp;. e.r.ce.. c        
00/1AB0/13 61 64 65 6C D5 6C 6C 61 70 73 15 00 02 81 E0-.adelUllaps....`        
00/1AC0/64 EA 20 63 6F 61 6C 15 63 65 C2 84 BF 2E 86 20-dj coal.ceB.?..         
00/1AD0/1F 6F 77 73 84 B7 0A 76 09 70 6F 77 09 A3 8C 1C-.ows.7.v.pow.#..        
00/1AE0/65 6D 14 69 63 84 64 76 09 73 11 69 15 2E 81 79-em.ic.dv.s.i...y        
00/1AF0/20 66 69 67 68 74 20 62 72 61 76 65 95 C3 83 20- fight brave.C.         
00/1B00/49 59 6F 75 20 68 61 76 65 20 66 6F 75 6E 64 20-IYou have found         
00/1B10/61 20 6E 65 77 20 53 61 6E 63 74 75 61 72 79 2E-a new Sanctuary.        
00/1B20/20 43 6F 6E 73 75 6C 74 20 79 6F 75 72 20 53 6F- Consult your So        
00/1B30/75 6C 20 41 6D 75 6C 65 74 73 20 74 6F 20 61 63-ul Amulets to ac        
00/1B40/74 69 76 61 74 65 20 69 74 2E 73 84 6C 14 67 81-tivate it.s.l.g.        
00/1B50/B9 2E 81 E7 E1 0E 64 73 0A 76 09 84 67 61 07 00-9..ga.ds.v..ga..        
00/1B60/02 81 EA 83 81 E7 08 77 69 72 6C A6 08 65 74 74-..j..g.wirl&amp;.ett        
00/1B70/6C 65 C2 84 BF 2E 84 20 70 72 18 14 09 85 F9 A3-leB.?.. pr....y#        
00/1B80/88 84 02 61 62 6C 65 2E 84 F6 DB 73 84 20 67 6C-...able..v&#91;s. gl        
00/1B90/6F 77 92 C0 74 61 6C 08 70 69 6B 65 88 81 20 70-ow.@tal.pike.. p        
00/1BA0/72 18 14 09 27 73 84 72 6D 2E 0F 18 20 62 6F 64-r...'s.rm... bod        
00/1BB0/79 20 77 72 13 68 15 83 9C 6C 15 73 84 67 14 79-y w                     

Now that interrupts are enabled, we can find in memory
where my entered string is stored, see $52C8
There is another string at $52D0 that is the right answer!

00/5190/01 00 5E 52 A8 51 C8 51 AA 51 AE A7 62 A9 4F A6-..^R&#40;QHQ*Q.'b&#41;O&amp;        
00/51A0/F7 00 1E 96 00 00 1E 96 C6 51 C8 51 C8 51 50 A9-w.......FQHQHQP&#41;        
00/51B0/62 A9 2E A9 F7 55 00 00 1E 96 4E 54 DA 51 DC 51-b&#41;.&#41;wU....NTZQ\\Q        
00/51C0/DC 51 1E 96 3E 96 E2 51 88 A9 E4 51 E8 F3 7A FE-\\Q..>.bQ.&#41;dQhsz~        
00/51D0/DE F3 F7 1C 00 00 3E 96 1E 96 F4 51 1E 96 03 00-^sw...>...tQ....        
00/51E0/00 00 FC 51 88 A9 FE 51 B6 78 4C 80 AC 78 F9 00-..|Q.&#41;~Q6xL.,xy.        
00/51F0/00 00 1E 96 00 1C 1E 96 1E 96 3E 96 B4 52 A0 9E-..........>.4R .        
00/5200/B6 52 BA 5A F6 64 C7 59 FB 00 BC 59 06 43 4F 4C-6R/ZvdGY&#123;.<Y.COL        
00/5210/4F 55 52 00 02 00 00 1B 1C 53 6F 75 6C 20 41 6D-OUR......Soul Am        
00/5220/75 6C 65 74 73 20 74 6F 20 61 63 74 69 76 61 74-ulets to activat        
00/5230/65 20 69 74 96 52 A0 9E 98 52 B8 82 98 8B 18 82-e it.R ..R8.....        
00/5240/FB 64 5F 00 01 5F 84 67 61 07 00 02 81 EA 83 81-&#123;d_.._.ga....j..        
00/5250/E7 08 77 69 72 6C A6 08 65 74 74 6C 65 C2 0E 96-g.wirl&amp;.ettleB..        
00/5260/4F 4C 4F 55 52 2E 46 4F 4E 54 A8 52 01 00 02 00-OLOUR.FONT&#40;R....        
00/5270/00 00 00 00 01 2E A0 9E 8C 52 36 89 98 8B 26 89-...... ..R6...&amp;.        
00/5280/F9 B8 01 00 96 52 A0 9E 98 52 B8 82 98 8B 14 82-y8...R ..R8.....        
00/5290/FB 52 5A 00 A5 00 B4 52 A0 9E B6 52 BA 5A F6 64-&#123;RZ.%.4R .6R/Zvd        
00/52A0/D9 59 FB 52 5A 00 A5 00 05 00 C8 52 07 00 08 00-YY&#123;RZ.%...HR....        
00/52B0/4F 00 01 4F E4 56 18 57 E6 56 C2 64 F6 64 22 62-O..OdV.WfVBdvd"b        
00/52C0/FB 00 7B 1F 02 03 07 00 04 4C 4F 47 4F DA C8 A1-&#123;.&#123;......LOGOZH!        
00/52D0/05 57 59 54 55 52 03 03 06 21 2C 30 34 2A 25 D7-.WYTUR...!,04*%W        
00/52E0/20 89 FE 20 93 FE AD E8 C0 20 58 FC A2 00 BD 1F- .~ .~-h@ X|".=.        
00/52F0/09 F0 06 20 ED FD E8 D0 F5 20 0C FD 4C 00 C6 8D-.p. m&#125;hPu .&#125;L.F.        

A close-up view of the strings

00/52B0/9C 00 01 20 E4 56 18 57-... dV.W
00/52B8/E6 56 C2 64 F6 64 22 62-fVBdvd"b
00/52C0/FB C9 7B 1F 75 23 07 00-&#123;I&#123;.u#..
00/52C8/00 1B 04 0D AE 03 9D 1D-........
00/52D0/05 57 59 54 55 52 76 28-.WYTURv&#40;
00/52D8/06 21 2C 30 34 2A 25 03-.!,04*%.
00/52E0/20 89 FE 20 93 FE AD E8- .~ .~-h

Here, we find the Sanctuary URTAS message
The one we see when entered in the sanctuary
or when one has to provide the right password answer

00/5670/D7 A0 00 20 1C 75 20 96 00 5F 24 6C 40 E6 BC E0-W . .u .._$l@f<`        
00/5680/43 71 DE 30 EB 82 1C 3F 10 FC 0B B6 97 04 12 46-Cq^0k..?.|.6...F        
00/5690/1E 58 1D 7E E1 5B 0D ED 77 66 35 A3 BE 9B EE B3-.X.~a&#91;.mwf5#>.n3        
00/56A0/4D 0C 9F 4D 6B 07 EC EA 10 08 30 75 B2 4A 11 00-M..Mk.lj..0u2J..        
00/56B0/50 76 14 20 C5 5E F1 F8 5C 3B 36 DC FB B3 BB 21-Pv. E^qx\\;6\\&#123;3;!        
00/56C0/FB 9F 6D 47 3F 1D 00 00 00 00 00 00 00 00 00 00-&#123;.mG?...........        
00/56D0/00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00-................        
00/56E0/06 00 FB 84 16 57 18 57 18 57 DC 64 F6 64 CD 64-..&#123;..W.W.W\\dvdMd        
00/56F0/FB 00 08 57 A0 9E 9C 00 10 53 61 6E 63 74 75 61-&#123;..W ....Sanctua        
00/5700/72 79 20 55 52 54 41 53 3A 57 FA 64 18 57 DC 64-ry URTAS/Wzd.W\\d        
00/5710/F6 64 C7 64 FB CC 24 57 FA 64 FA 64 EA 70 0A 71-vdGd&#123;L$Wzdzdjp.q        
00/5720/61 70 FB CC 00 CC 03 00 CC 05 07 CC 06 DC DD C8-ap&#123;L.L..L..L.\\&#93;H        
00/5730/A1 2F D9 DC C0 04 04 BA D8 DC C0 04 04 BA 95 DA-!/Y\\@../X\\@../.Z        
00/5740/95 CC 04 00 CC 03 DB 00 C9 A1 08 DB 0A 82 CC 04-.L..L.&#91;.I!.&#91;..L.        
00/5750/01 CC 03 D9 DC C0 04 04 DB BB DC 01 82 CC 05 B9-.L.Y\\@..&#91;;\\..L.9        
00/5760/F6 AD 00 00 37 00 08 00 04 00 09 00 48 00 02 03-v-..7.......H...        
00/5770/C6 04 DA AA 17 D9 C6 10 CD 18 10 C7 ED 00 C6 04-F.Z*.YF.M..Gm.F.        
00/5780/00 00 CD 19 02 95 D8 C6 04 CD 19 05 C6 10 CD 19-..M...XF.M..F.M.        
00/5790/03 05 08 CD 19 09 AD 00 1E 00 06 00 06 00 2E 00-...M..-.........        
00/57A0/04 04 9D 1F 0C 03 86 01 82 CC 01 C7 9A 00 3E C7-.........L.G..>G        
00/57B0/09 01 C7 85 00 CD 19 0A C7 9C 00 6E D7 A6 0A 52-..G..M..G..nW&amp;.R        
00/57C0/65 73 74 69 6E 67 2E 2E 2E CD 19 05 C7 9C 00 79-esting...M..G..y        
00/57D0/D7 A6 0F 41 6E 79 20 6B 65 79 20 74 6F 20 73 74-W&amp;.Any key to st        
00/57E0/6F 70 CD 19 05 CD 1E 0B CD 1E 0B CD 01 03 A7 1F-o                       

----------------------------------------
STEP 2 - THE PASCAL BOOT PROCESS
----------------------------------------

The Pascal boot process
After boot 1, it jumps to &#40;$FFF8&#41;
that goes to $FEE9 then $D69E

FFF8/ E9 FE EF FE EF FE EF FE

00/FEE9/ AD 83 C0     LDA C083          
00/FEEC/ 4C 9E D6     JMP D69E          

D69E/ D8 78 A9 00 85 BD 85 BE
This is where the erase memory routine is.

The addreses on disk/
FEE9 AT T4/S6/E9, no need to change
D69E AT T2/S6/9E, we must change

----------------------------------------
STEP 3 - OUR PATCH
----------------------------------------

The objective of the patch is to/
- wait for a string of 5 chars at $52D0
- wait for a string of 0 char  at $52C8
- copy right string to our string
- replace our call to our patch with std code
- tell the program we pressed a key

----------- DISASSEMBLY MODE -----------
005A/A9 00          LDA   #$00          ; Clear $0000-$07FF
005C/85 BD          STA   $BD           
005E/85 BE          STA   $BE           
0060/A2 08          LDX   #$08          
0062/A8             TAY                 
0063/91 BD          STA   &#40;$BD&#41;,Y       
0065/C8             INY                 
0066/D0 FB          BNE   $0063         
0068/CA             DEX                 
0069/D0 F8          BNE   $0063         
006B/A2 27          LDX   #$27          ; Install our patch
006D/BD 80 08       LDA   $0880,X       
0070/9D C0 03       STA   $03C0,X       
0073/CA             DEX                 
0074/10 F7          BPL   $006D         
0076/AD 80 C0       LDA   $C080         ; Standard boot
0079/6C F8 FF       JMP   &#40;$FFF8&#41;       
007C/00             BRK                 
007D/00             BRK                 
007E/00             BRK                 ; This is our
007F/00             BRK                 ; patch...
0080/AD C8 52       LDA   $52C8         ; our answer must be 
0083/D0 1B          BNE   $00A0         ; an empty string on entry
0085/AD D0 52       LDA   $52D0         ; the official answer must be
0088/C9 05          CMP   #$05          ; a string of 5 chars
008A/D0 14          BNE   $00A0         ; if fails, jump
008C/A2 05          LDX   #$05          ;
008E/BD D0 52       LDA   $52D0,X       ; copy the right answer
0091/9D C8 52       STA   $52C8,X       ; to our answer buffer
0094/BD E0 03       LDA   $03E0,X       ; reset the kbd routine
0097/9D 1D 74       STA   $741D,X       ; to avoid calling us again
009A/CA             DEX                 
009B/10 F1          BPL   $008E         
009D/A9 9C          LDA   #$9C          ; tell we pressed a key
009F/60             RTS                 
00A0/AD 00 C0       LDA   $C000         ; read keyboard in a
00A3/10 FB          BPL   $00A0         ; standard way
00A5/78             SEI                 
00A6/60             RTS                 

----------------------------------------
STEP 4 - PATCHING THE DISK
----------------------------------------

So, what do we have to do?
-> T0/S0/ install the patch code
This one will erase $0000-$07FF, then
it will install our patch at $3C0 &#40;a safe area&#41;
Then, it will jump to &#40;$FFF8&#41;

-> T2/S6/ change Pascal memory reset
This one will erase $0800..$BFFF &#40;$B8 pages&#41;
And then the standard boot process will continue

-> T14/SB/ the keyboard read routine
We install our interrupts de/enabler, then
we tell the code to call $3C0, our patch code

* Install the patch code

-------------- DISK EDIT --------------- BEFORE
TRACK $00/SECTOR $00/VOLUME $FE/BYTE $5A
----------------------------------------
$00/ 01 E0 60 F0 03 4C E3 08    A``0CL#H
$08/ AD 00 08 C9 04 B0 0A 69    -@HID0J&#41;
$10/ 02 8D 00 08 E6 3D 4C 5C    B.@H&amp;=L\\
$18/ C6 A9 00 8D 78 04 AD 81    F&#41;@.8D-.
$20/ C0 AD 81 C0 A9 D0 85 3F    @-.@&#41;P.?
$28/ A9 26 85 02 A9 10 85 0F    &#41;&amp;.B&#41;P.O
$30/ A9 00 20 FF 08 A9 FE 85    &#41;@ ?H&#41;>.
$38/ 3F A9 02 85 02 A9 23 85    ?&#41;B.B&#41;#.
$40/ 0F A9 00 20 FF 08 AD 89    O&#41;@ ?H-.
$48/ C0 A9 D0 85 3F A9 10 85    @&#41;P.?&#41;P.
$50/ 02 A9 24 85 0F A9 00 20    B&#41;$.O&#41;@ 
$58/ FF 08>AD 80 C0 6C F8 FF    ?H-.@,8?
$60/ 00 00 00 00 00 00 00 00    @@@@@@@@
$68/ 00 00 00 00 00 00 00 00    @@@@@@@@
$70/ 00 00 00 00 00 00 00 00    @@@@@@@@
$78/ 00 00 00 00 00 00 00 00    @@@@@@@@
$80/ 00 00 00 00 00 00 00 00    @@@@@@@@
$88/ 00 00 00 00 00 00 00 00    @@@@@@@@
$90/ 00 00 00 00 00 00 00 00    @@@@@@@@
$98/ 00 00 00 00 00 00 00 00    @@@@@@@@
$A0/ 00 00 00 00 00 00 00<00    @@@@@@@@
$A8/ 00 00 00 00 CD D5 D3 D4    @@@@MUST
$B0/ A0 C2 CF CF D4 A0 C6 D2     BOOT FR
$B8/ CF CD A0 D3 CC CF D4 A0    OM SLOT 
$C0/ B6 CE CF A0 C6 C9 CC C5    6NO FILE
$C8/ A0 D3 D9 D3 D4 C5 CD AE     SYSTEM.
$D0/ C1 D0 D0 CC C5 A0 0C 53    APPLE LS
$D8/ 59 53 54 45 4D 2E 41 50    YSTEM.AP
$E0/ 50 4C 45 BD 88 C0 20 F8    PLE=.@ 8
$E8/ 08 A2 00 BD AC 08 20 FD    H"@=,H =
$F0/ FB E8 E0 15 D0 F5 F0 FE    ;&#40;`UP50>
$F8/ A9 0A 4C 24 FC EA EA 4A    &#41;JL$<**J
----------------------------------------

-------------- DISK EDIT --------------- AFTER
TRACK $00/SECTOR $00/VOLUME $FE/BYTE $5A
----------------------------------------
$00/ 01 E0 60 F0 03 4C E3 08    A``0CL#H
$08/ AD 00 08 C9 04 B0 0A 69    -@HID0J&#41;
$10/ 02 8D 00 08 E6 3D 4C 5C    B.@H&amp;=L\\
$18/ C6 A9 00 8D 78 04 AD 81    F&#41;@.8D-.
$20/ C0 AD 81 C0 A9 D0 85 3F    @-.@&#41;P.?
$28/ A9 26 85 02 A9 10 85 0F    &#41;&amp;.B&#41;P.O
$30/ A9 00 20 FF 08 A9 FE 85    &#41;@ ?H&#41;>.
$38/ 3F A9 02 85 02 A9 23 85    ?&#41;B.B&#41;#.
$40/ 0F A9 00 20 FF 08 AD 89    O&#41;@ ?H-.
$48/ C0 A9 D0 85 3F A9 10 85    @&#41;P.?&#41;P.
$50/ 02 A9 24 85 0F A9 00 20    B&#41;$.O&#41;@ 
$58/ FF 08>A9 00 85 BD 85 BE    ?H&#41;@.=.>
$60/ A2 08 A8 91 BD C8 D0 FB    "H&#40;.=HP;
$68/ CA D0 F8 A2 27 BD 80 08    JP8"'=.H
$70/ 9D C0 03 CA 10 F7 AD 80    .@CJP7-.
$78/ C0 6C F8 FF 00 00 00 00    @,8?@@@@
$80/ AD C8 52 D0 1B AD D0 52    -HRP&#91;-PR
$88/ C9 05 D0 14 A2 05 BD D0    IEPT"E=P
$90/ 52 9D C8 52 BD E0 03 9D    R.HR=`C.
$98/ 1D 74 CA 10 F1 A9 9C 60    &#93;4JP1&#41;.`
$A0/ AD 00 C0 10 FB 78 60<00    -@@P;8`@
$A8/ 00 00 00 00 CD D5 D3 D4    @@@@MUST
$B0/ A0 C2 CF CF D4 A0 C6 D2     BOOT FR
$B8/ CF CD A0 D3 CC CF D4 A0    OM SLOT 
$C0/ B6 CE CF A0 C6 C9 CC C5    6NO FILE
$C8/ A0 D3 D9 D3 D4 C5 CD AE     SYSTEM.
$D0/ C1 D0 D0 CC C5 A0 0C 53    APPLE LS
$D8/ 59 53 54 45 4D 2E 41 50    YSTEM.AP
$E0/ 50 4C 45 BD 88 C0 20 F8    PLE=.@ 8
$E8/ 08 A2 00 BD AC 08 20 FD    H"@=,H =
$F0/ FB E8 E0 15 D0 F5 F0 FE    ;&#40;`UP50>
$F8/ A9 0A 4C 24 FC EA EA 4A    &#41;JL$<**J
----------------------------------------

* Patching Pascal's memory erase routine

-------------- DISK EDIT --------------- BEFORE
TRACK $02/SECTOR $06/VOLUME $FE/BYTE $9E
----------------------------------------
$80/ 60 50 40 4A C9 03 B0 0B    `P@JIC0K
$88/ 49 03 AA BD 2A BF 49 02    IC*=*?IB
$90/ AA F0 02 A2 09 60 80 FE    *0B"I`.>
$98/ B0 FE 00 FF 5C FF>D8 78    0>@?\\?X8
$A0/ A9 00 85 BD<85 BE A8 AA    &#41;@.=.>&#40;*
$A8/ 91 BD C8 D0 FB E6 BE E8    .=HP;&amp;>&#40;
$B0/ E0>C0<D0 F4 A0 C7 84 C6    `@P4 G.F
$B8/ 20 58 D7 85 D0 86 D1 20     XW.P.Q 
$C0/ 58 D7 E0 00 F0 3F C5 D0    XW`@0?EP
$C8/ D0 3B E4 D1 D0 37 F0 08    P;$QP70H
$D0/ 03 18 38 48 3C 38 18 48    CX8H<8XH
$D8/ A2 05 A0 05 B1 C5 DD CE    "E E1E&#93;N
$E0/ D6 D0 09 A0 07 B1 C5 DD    VPI G1E&#93;
$E8/ D2 D6 F0 05 CA E0 02 B0    RV0EJ`B0
$F0/ E9 E0 04 D0 0A A0 0B B1    &#41;`DPJ K1
$F8/ C5 C9 01 D0 02 A2 06 A4    EIAPB"F$
----------------------------------------

----------- DISASSEMBLY MODE -----------
009E/A9 08          LDA   #$08          ; Start at $0800
00A0/85 BE          STA   $BE           
00A2/A9 00          LDA   #$00          
00A4/85 BD          STA   $BD           
00A6/A8             TAY                 
00A7/AA             TAX                 
00A8/91 BD          STA   &#40;$BD&#41;,Y       ; Zeroes memory
00AA/C8             INY                 
00AB/D0 FB          BNE   $00A8         
00AD/E6 BE          INC   $BE           
00AF/E8             INX                 
00B0/E0 B8          CPX   #$B8          ; until $C000
00B2/D0 F4          BNE   $00A8         

-------------- DISK EDIT --------------- AFTER
TRACK $02/SECTOR $06/VOLUME $FE/BYTE $9E
----------------------------------------
$80/ 60 50 40 4A C9 03 B0 0B    `P@JIC0K
$88/ 49 03 AA BD 2A BF 49 02    IC*=*?IB
$90/ AA F0 02 A2 09 60 80 FE    *0B"I`.>
$98/ B0 FE 00 FF 5C FF>A9 08    0>@?\\?&#41;H
$A0/ 85 BE A9 00 85 BD<A8 AA    .>&#41;@.=&#40;*
$A8/ 91 BD C8 D0 FB E6 BE E8    .=HP;&amp;>&#40;
$B0/ E0>B8<D0 F4 A0 C7 84 C6    `8P4 G.F
$B8/ 20 58 D7 85 D0 86 D1 20     XW.P.Q 
$C0/ 58 D7 E0 00 F0 3F C5 D0    XW`@0?EP
$C8/ D0 3B E4 D1 D0 37 F0 08    P;$QP70H
$D0/ 03 18 38 48 3C 38 18 48    CX8H<8XH
$D8/ A2 05 A0 05 B1 C5 DD CE    "E E1E&#93;N
$E0/ D6 D0 09 A0 07 B1 C5 DD    VPI G1E&#93;
$E8/ D2 D6 F0 05 CA E0 02 B0    RV0EJ`B0
$F0/ E9 E0 04 D0 0A A0 0B B1    &#41;`DPJ K1
$F8/ C5 C9 01 D0 02 A2 06 A4    EIAPB"F$
----------------------------------------

* Patching the keyboard routine

-------------- DISK EDIT --------------- BEFORE
TRACK $14/SECTOR $0B/VOLUME $FE/BYTE $10
----------------------------------------
$00/ 16 00 00 01 68 85 00 68    V@@A&#40;.@&#40;
$08/ 85 01 68 85 02 68 85 03    .A&#40;.B&#40;.C
$10/>2C 00 C0 10 FB AD 00 C0<   ,@@P;-@@
$18/ 8D 10 C0 29 7F A0 00 91    .P@&#41;? @.
$20/ 02 98 C8 91 02 2C FF BF    B.H.B,??
$28/ 30 0B AD 30 C0 A0 08 C8    0K-0@ HH
$30/ D0 FD AD 30 C0 4C AE 02    P=-0@L.B
$38/ 00 00 00 00 06 00 01 00    @@@@F@A@
$40/ 00 00 3E 00 00 01 68 85    @@>@@A&#40;.
$48/ 00 68 85 01 68 68 68 0E    @&#40;.A&#40;&#40;&#40;N
$50/ 62 C0 2A 0E 61 C0 2A 48    "@*N!@*H
$58/ 4C AE 02 00 00 00 00 00    L.B@@@@@
$60/ 07 00 01 00 00 00 20 00    G@A@@@ @
$68/ 00 01 D8 A5 01 48 A5 00    @AX%AH%@
$70/ 48 60 00 00 00 00 00 00    H`@@@@@@
$78/ 00 00 10 00 00 01 F8 A9    @@P@@A8&#41;
----------------------------------------

----------- DISASSEMBLY MODE -----------
0010/58             CLI                 ; Enable interrupts
0011/20 C0 03       JSR   $03C0         ; call our patch code
0014/EA             NOP                 ; nop &#40;was BPL&#41;
0015/EA             NOP                 ; nop &#40;was $FB&#41;
0016/78             SEI                 ; Stop interrupts
0017/EA             NOP                 ; a NOP
0018/8D 10 C0       STA   $C010         ; std code again

-------------- DISK EDIT --------------- AFTER
TRACK $14/SECTOR $0B/VOLUME $FE/BYTE $10
----------------------------------------
$00/ 16 00 00 01 68 85 00 68    V@@A&#40;.@&#40;
$08/ 85 01 68 85 02 68 85 03    .A&#40;.B&#40;.C
$10/>58 20 C0 03 EA EA 78 EA<   X @C**8*
$18/ 8D 10 C0 29 7F A0 00 91    .P@&#41;? @.
$20/ 02 98 C8 91 02 2C FF BF    B.H.B,??
$28/ 30 0B AD 30 C0 A0 08 C8    0K-0@ HH
$30/ D0 FD AD 30 C0 4C AE 02    P=-0@L.B
$38/ 00 00 00 00 06 00 01 00    @@@@F@A@
$40/ 00 00 3E 00 00 01 68 85    @@>@@A&#40;.
$48/ 00 68 85 01 68 68 68 0E    @&#40;.A&#40;&#40;&#40;N
$50/ 62 C0 2A 0E 61 C0 2A 48    "@*N!@*H
$58/ 4C AE 02 00 00 00 00 00    L.B@@@@@
$60/ 07 00 01 00 00 00 20 00    G@A@@@ @
$68/ 00 01 D8 A5 01 48 A5 00    @AX%AH%@
$70/ 48 60 00 00 00 00 00 00    H`@@@@@@
$78/ 00 00 10 00 00 01 F8 A9    @@P@@A8&#41;
----------------------------------------

The notes for the 800k version.
Addresses in RAM differ from the 5.25" version.

----------------------------------------
THE 800K VERSION
----------------------------------------

* The match of code/data between the two versions
* 5.25" - 3.5"

T0/S0/00 - BLOCK $00
T2/S6/9E - BLOCK $AD
14/SB/10 = BLOCK $C8

* This is how the original blocks are/

Block/ $0000 &#40;0&#41;        Volume name/ ?               Wednesday   7-Apr-16  2/56 
Prefix/ /UTILITAIRES/UTILITIES/                                                 
Byte $0000A6                                                                    
&#40;c&#41; Q      00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F            Edit mode 
1988ZSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS 
    Z 000/ 01 E0 70 B0 04 E0 40 B0 39 BD 88 C0 20 20 08 A2   .`p0.`@09=.@  ."   
  b Z 010/ 00 BD 25 08 09 80 20 FD FB E8 E0 1D D0 F3 F0 FE   .=%... &#125;&#123;h`.Psp~   
B y Z 020/ A9 0A 4C 24 FC 4D 55 53 54 20 42 4F 4F 54 20 46   &#41;.L$|MUST BOOT F   
L   Z 030/ 52 4F 4D 20 53 4C 4F 54 20 34 2C 20 35 20 4F 52   ROM SLOT 4, 5 OR   
O G Z 040/ 20 36 8A 85 43 4A 4A 4A 4A 09 C0 85 15 8D 5D 09    6..CJJJJ.@...&#93;.   
C l Z 050/ A9 00 8D 78 04 85 14 A9 0A 85 0E AD 83 C0 AD 83   &#41;..x...&#41;...-.@-.   
K e Z 060/ C0 A9 D0 85 13 A9 AA 85 0A A9 00 85 0B A9 13 85   @&#41;P..&#41;*..&#41;...&#41;..   
  n Z 070/ 02 20 40 09 AD 8B C0 AD 8B C0 A9 FE 85 13 A9 BD   . @.-.@-.@&#41;~..&#41;=   
W   Z 080/ 85 0A A9 00 85 0B A9 01 85 02 20 40 09 AD 8B C0   ..&#41;...&#41;... @.-.@   
A B Z 090/ AD 8B C0 A9 D0 85 13 A9 BE 85 0A A9 00 85 0B A9   -.@&#41;P..&#41;>..&#41;...&#41;   
R r Z 0A0/ 08 85 02 20 40 09>AD 80 C0 6C F8 FF 00 00 00 00   ... @.-.@lx....   
D e Z 0B0/ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................   
E d Z 0C0/ 85 0B A9 18 85 02 20 40 09 AD 8B C0 A9 D0 85 13   ..&#41;... @.-.@&#41;P..   
N o Z 0D0/ A0 00 B1 10 18 69 18 85 0A C8 B1 10 69 00 85 0B    .1..i...H1.i...   
  n Z 0E0/ A9 08 85 02 20 40 09 A5 43 C9 50 F0 08 90 1A>AD   &#41;... @.%CIPp...-   
    Z 0F0/ 80 C0<6C F8 FF A2 00 8E C4 FE E8 8E C6 FE E8 8E   .@lx"..D~h.F~h.   
                                                                                
Block/ $00AD &#40;173&#41;      Volume name/ ?               Wednesday   7-Apr-16  2/52 
Prefix/ /UTILITAIRES/UTILITIES/                                                 
Byte $015A9E                                                                    
&#40;c&#41; Q      00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F            Edit mode 
1988ZSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS 
    Z 000/ CF 90 02 A5 CF C9 08 B0 01 A8 38 20 28 D6 B9 48   O..%OI.0.&#40;8 &#40;V9H   
  b Z 010/ D6 20 37 D6 A5 CE 18 20 2B D6 B9 50 D6 20 37 D6   V 7V%N. +V9PV 7V   
B y Z 020/ E6 CF D0 C3 20 37 D6 18 AD FB DF 29 03 2A 05 C8   fOPC 7V.-&#123;_&#41;.*.H   
L   Z 030/ AA BD 80 C0 A6 C8 60 A2 11 CA D0 FD E6 46 D0 02   *=.@&amp;H`".JP&#125;fFP.   
O G Z 040/ E6 47 38 E9 01 D0 F0 60 01 30 28 24 20 1E 1D 1C   fG8i.Pp`.0&#40;$ ...   
C l Z 050/ 70 2C 26 22 1F 1E 1D 1C A0 56 A9 00 99 FF 02 88   p,&amp;".... V&#41;....   
K e Z 060/ D0 FA A2 55 B1 3E 29 FC 99 00 02 51 3E C8 C9 02   Pz"U1>&#41;|...Q>HI.   
  n Z 070/ 1D 00 03 6A 6A 9D 00 03 CA 10 E9 C0 02 D0 E3 60   ...jj...J.i@.Pc`   
W   Z 080/ 60 50 40 4A C9 03 B0 0B 49 03 AA BD 2A BF 49 02   `P@JI.0.I.*=*?I.   
A B Z 090/ AA F0 02 A2 09 60 80 FE B0 FE 00 FF 5C FF>D8 78   *p.".`.~0~.\\Xx   
R r Z 0A0/ A9 00 85 BD 85 BE<A8 AA 91 BD C8 D0 FB E6 BE E8   &#41;..=.>&#40;*.=HP&#123;f>h   
D e Z 0B0/ E0>C0<D0 F4 A0 C7 84 C6 20 58 D7 85 D0 86 D1 20   `@Pt G.F XW.P.Q    
E d Z 0C0/ 58 D7 E0 00 F0 3F C5 D0 D0 3B E4 D1 D0 37 F0 08   XW`.p?EPP;dQP7p.   
N o Z 0D0/ 03 18 38 48 3C 38 18 48 A2 05 A0 05 B1 C5 DD CE   ..8H<8.H". .1E&#93;N   
  n Z 0E0/ D6 D0 09 A0 07 B1 C5 DD D2 D6 F0 05 CA E0 02 B0   VP. .1E&#93;RVp.J`.0   
    Z 0F0/ E9 E0 04 D0 0A A0 0B B1 C5 C9 01 D0 02 A2 06 A4   i`.P. .1EI.P.".$   

Block/ $00C8 &#40;200&#41;      Volume name/ ?               Wednesday   7-Apr-16  2/54 
Prefix/ /UTILITAIRES/UTILITIES/                                                 
Byte $019110                                                                    
&#40;c&#41; Q      00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F            Edit mode 
1988ZSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS 
    Z 100/ 16 00 00 01 68 85 00 68 85 01 68 85 02 68 85 03   ....h..h..h..h..   
  b Z 110/>2C 00 C0 10 FB AD 00 C0<8D 10 C0 29 7F A0 00 91   ,.@.&#123;-.@..@&#41; ..   
B y Z 120/ 02 98 C8 91 02 2C FF BF 30 0B AD 30 C0 A0 08 C8   ..H..,?0.-0@ .H   
L   Z 130/ D0 FD AD 30 C0 4C AE 02 00 00 00 00 06 00 01 00   P&#125;-0@L..........   
O G Z 140/ 00 00 3E 00 00 01 68 85 00 68 85 01 68 68 68 0E   ..>...h..h..hhh.   
C l Z 150/ 62 C0 2A 0E 61 C0 2A 48 4C AE 02 00 00 00 00 00   b@*.a@*HL.......   
K e Z 160/ 07 00 01 00 00 00 20 00 00 01 D8 A5 01 48 A5 00   ...... ...X%.H%.   
  n Z 170/ 48 60 00 00 00 00 00 00 00 00 10 00 00 01 F8 A9   H`............x&#41;   
W   Z 180/ 00 85 07 85 06 85 05 85 04 A2 0C 46 09 66 08 90   .........".F.f..   
A B Z 190/ 0E A5 04 7D 26 00 85 04 A5 05 7D 33 00 85 05 CA   .%.&#125;&amp;...%.&#125;3...J   
R r Z 1A0/ 10 E9 D8 60 95 47 23 11 55 27 63 31 15 07 03 01   .iX`.G#.U'c1....   
D e Z 1B0/ 00 40 20 10 05 02 01 00 00 00 00 00 00 00 00 00   .@ .............   
E d Z 1C0/ 2C 00 27 00 02 00 00 00 00 00 4C 00 00 01 68 85   ,.'.......L...h.   
N o Z 1D0/ 00 68 85 01 68 85 08 68 85 09 68 85 02 68 85 03   .h..h..h..h..h..   
  n Z 1E0/ 20 7E 03 A0 00 A2 03 18 F8 B1 02 79 04 00 91 02    ~. ."..x1.y....   
    Z 1F0/ C8 CA 10 F5 4C 6A 03 00 00 00 00 00 1B 00 09 00   HJ.uLj..........   

----------------------------------------
* WHERE IN MEMORY ARE OUR DATA?
----------------------------------------

*5300.537F for the password string
                                        
00/5300/A0 9E 16 53 64 89 98 8B- ..Sd...
00/5308/54 89 F9 9E 01 00 20 53-T.y... S
00/5310/A0 9E 22 53 42 83 98 8B- ."SB...
00/5318/9E 82 FB 53 5A 00 A5 00-..&#123;SZ.%.
00/5320/3E 53 A0 9E 40 53 44 5B->S .@SD&#91;
00/5328/80 65 63 5A FB 53 5A 00-.ecZ&#123;SZ.
00/5330/A5 00 05 00 52 53 07 00-%...RS..
00/5338/08 00 0A 00 01 0A 6E 57-......nW
00/5340/A2 57 70 57 4C 65 80 65-"WpWLe.e
00/5348/AC 62 FB 20 72 1F 01 00-,b&#123; r...
00/5350/07 00 00 61 72 6B 61 6E-...arkan
00/5358/61 20 05 53 48 4F 48 49-a .SHOHI
00/5360/CD 1E 06 21 26 2F 2A 2D-M..!&amp;/*-
00/5368/2E C6 20 89 FE 20 93 FE-.F .~ .~
00/5370/AD E8 C0 20 58 FC A2 00--h@ X|".
00/5378/BD 1F 09 F0 06 20 ED FD-=..p. m&#125;

* Key press
                                        
00/749A/ 68           PLA               
00/749B/ 85 00        STA 00            
00/749D/ 68           PLA               
00/749E/ 85 01        STA 01            
00/74A0/ 68           PLA               
00/74A1/ 85 02        STA 02            
00/74A3/ 68           PLA               
00/74A4/ 85 03        STA 03            
00/74A6/ 58           CLI               
00/74A7/ 20 C0 03     JSR 03C0          
00/74AA/ EA           NOP               
00/74AB/ EA           NOP               
00/74AC/ 78           SEI               
00/74AD/ EA           NOP               
00/74AE/ 8D 10 C0     STA C010          
00/74B1/ 29 7F        AND #7F           
00/74B3/ A0 00        LDY #00           
00/74B5/ 91 02        STA &#40;02&#41;,Y        
00/74B7/ 98           TYA               
00/74B8/ C8           INY               

* Our patched routine in block 0
* Other changes match the 5.25" ones

Block/ $0000 &#40;0&#41;        Volume name/ ?               Wednesday   7-Apr-16  3/14 
Prefix/ /UTILITAIRES/UTILITIES/                                                 
Byte $000000                                                                    
                                                                                
11A0/ A2 27       LDX  #$27       "'    11CC/ 9D A7 74    STA  $74A7,X    .'t   
11A2/ BD B5 09    LDA  $09B5,X    =5.   11CF/ CA          DEX             J     
11A5/ 9D C0 03    STA  $03C0,X    .@.   11D0/ 10 F1       BPL  $11C3      .q    
11A8/ CA          DEX             J     11D2/ A9 9C       LDA  #$9C       &#41;.    
11A9/ 10 F7       BPL  $11A2      .w    11D4/ 60          RTS             `     
11AB/ AD 80 C0    LDA  $C080      -.@   11D5/ AD 00 C0    LDA  $C000      -.@   
11AE/ 6C F8 FF    JMP  &#40;$FFF8&#41;    lx   11D8/ 10 FB       BPL  $11D5      .&#123;    
11B1/ 00          BRK             .     11DA/ 78          SEI             x     
11B2/ 00          BRK             .     11DB/ 60          RTS             `     
11B3/ 00          BRK             .     11DC/ 00          BRK             .     
11B4/ 00          BRK             .     11DD/ 00          BRK             .     
11B5/ AD 52 53    LDA  $5352      -RS   11DE/ 00          BRK             .     
11B8/ D0 1B       BNE  $11D5      P.    11DF/ 00          BRK             .     
11BA/ AD 5A 53    LDA  $535A      -ZS   11E0/ 00          BRK             .     
11BD/ C9 05       CMP  #$05       I.    11E1/ 00          BRK             .     
11BF/ D0 14       BNE  $11D5      P.    11E2/ 00          BRK             .     
11C1/ A2 05       LDX  #$05       ".    11E3/ 00          BRK             .     
11C3/ BD 5A 53    LDA  $535A,X    =ZS   11E4/ 00          BRK             .     
11C6/ 9D 52 53    STA  $5352,X    .RS   11E5/ 00          BRK             .     
11C9/ BD E0 03    LDA  $03E0,X    =`.   11E6/ 00          BRK             .     

I've sent the new versions to Asimov...');