Rob Northern Decrypted2
Rob Northern Decrypted2 - Xenon 2
------------------------------------------------------------------------------ RNC - XENON II last revision 2006/12/27 ------------------------------------------------------------------------------ $40088:[]move.l a6,(sp) $4008A:[]lea.l $40016(pc),a6 ; register $4008E:[]movem.l d0-d7/a0-a7,(a6) $40092:[]lea.l $40(a6),a6 ; $40056 $40096:[]move.l (sp)+,-$8(a6) $4009A:[]move.l $10,d0 ; save Illegal vector $400A0:[]pea $400ac(pc) ; $400A4:[]move.l (sp)+,$10 ; new Illegal vector $400AA:[]illegal ------------------------------------------------------------------------------ $400AC:[]move.l d0,$10 ; restore Illegal vector $400B2:[]movem.l $8,d0-d7 ; $400BA:[]movem.l d0-d7,(a6) ; save exception vectors $400BE:[]lea.l $40144(pc),a0 ; $400C2:[]move.l a0,$10 ; new Illegal vector (toggle Trace) $400C8:[]lea.l $40080(pc),a0 $400CC:[]move.l a0,(a0) $400CE:[]illegal ; Trace ON ------------------------------------------------------------------------------ dummy code ------------------------------------------------------------------------------ $400D0:[]bra $400e0 $400D4:[]bra $400fc $400D8:[]bra $4013c $400DC:[]bra $40108 $400E0:[]bra $4010c $400E4:[]bra $400ec $400E8:[]bra $40104 $400EC:[]bra $4011c $400F0:[]bra $40138 $400F4:[]bra $40120 $400F8:[]bra $40110 $400FC:[]bra $40114 $40100:[]bra $401aa ; skip this code $40104:[]bra $40124 $40108:[]bra $400f8 $4010C:[]bra $40140 $40110:[]bra $400d4 $40114:[]bra $400e8 $40118:[]bra $400f4 $4011C:[]bra $40134 $40120:[]bra $400dc $40124:[]bra $4012c $40128:[]bra $400d8 $4012C:[]bra $400e4 $40130:[]bra $40118 $40134:[]bra $400f0 $40138:[]bra $40128 $4013C:[]bra $40100 $40140:[]bra $40130 ------------------------------------------------------------------------------ new Illegal vector - Trace ON/OFF ------------------------------------------------------------------------------ $40144:[]movem.l d0/a0/a1,-(sp) $40148:[]lea.l $4017e(pc),a0 $4014C:[]move.l a0,$24 ; new Trace vector $40152:[]lea.l $406d0,(pc),a0 $40156:[]move.l a0,$20 ; new Privilege Violation vector $4015C:[]addi.l #$2,$e(sp) ; next PC after illegal op-code $40164:[]ori.b #$7,$c(sp) ; Supervisor ON $4016A:[]bchg #$7,$c(sp) ; Trace ON/OFF $40170:[]lea.l $40080(pc),a1 $40174:[]beq.s $40190 $40176:[]movea.l (a1),a0 ; previous address $40178:[]move.l $4(a1),(a0) ; restore previous encrypted long word $4017C:[]bra.s $401a4 ------------------------------------------------------------------------------ new Trace vector - encrypt/decrypt ------------------------------------------------------------------------------ $4017E:[]andi.w #$f8ff,sr $40182:[]movem.l d0/a0/a1,-(sp) $40186:[]lea.l $40080(pc),a1 ; $4018A:[]movea.l (a1),a0 ; previous address $4018C:[]move.l $4(a1),(a0) ; restore previous encrypted long word $40190:[]movea.l $e(sp),a0 ; current address $40194:[]move.l a0,(a1) ; save current address $40196:[]move.l (a0),$4(a1) ; save current encrypted long word $4019A:[]move.l -$4(a0),d0 ; get long word for decryption $4019E:[]not.l d0 ; $401A0:[]swap d0 ; $401A2:[]eor.l d0,(a0) ; decrypt current address $401A4:[]movem.l (sp)+,d0/a0/a1 $401A8:[]rte ------------------------------------------------------------------------------ load new exception vectors ------------------------------------------------------------------------------ $401AA:[]move.l $4,$7c $401B4:[]lea.l $401d4(pc),a0 $401B8:[]movea.l #$8,a1 $401BE:[]lea.l $40088(pc),a4 $401C2:[]moveq.l #$7,d0 $401C4:[]moveq.l #$0,d1 $401C6:[]move.w (a0)+,d1 $401C8:[]add.l a4,d1 $401CA:[]move.l d1,(a1)+ $401CC:[]dbra d0,$401c4 $401D0:[]bra $401e4 $401D4:[]... $401E4:[]cmpi.b #$fa,$13d $401EC:[]bne.s $40200 $401EE:[]move.w #$60fe,$7c $401F6:[]move.l #$1f,$13c ------------------------------------------------------------------------------ $40200:[]lea.l $404d0(pc),a0 ; sector buffer $40204:[]bsr $4039c ; FDC Init $40208:[]moveq.l #$6,d2 ; main loop counter ------------------------------------------------------------------------------ main loop - read sectors and compare counter ------------------------------------------------------------------------------ $4020A:[]moveq.l #$0,d0 $4020C:[]subq.l #$1,d2 $4020E:[]beq.s $4026e ; skip after 6 errors $40210:[]moveq.l #$1,d0 $40212:[]bsr $40276 ; read sector and count $40216:[]beq.s $4020a $40218:[]move.l d0,-(sp) ; save first sector counter $4021A:[]moveq.l #$6,d0 ; RNC sector $4021C:[]bsr $40276 ; read sector and count $40220:[]beq.s $4020a $40222:[]move.l (sp)+,d1 ; restore first sector counter $40224:[]sub.l d1,d0 $40226:[]bmi.s $4020a ; skip on error $40228:[]mulu #$64,d0 $4022C:[]divu d1,d0 $4022E:[]cmp.b #$2,d0 $40232:[]blt.s $4020a ; skip on error ------------------------------------------------------------------------------ magic key calculation ------------------------------------------------------------------------------ $40234:[]moveq.l #$5,d1 $40236:[]moveq.l #$0,d0 $40238:[]cmpi.l #$526f6220,(a0) ;'Rob ' $4023E:[]bne.s $4020a $40240:[]cmpi.l #$4e6f7274,$4(a0) ;'Nort' $40248:[]bne.s $4020a $4024A:[]cmpi.l #$68656e20,$8(a0) ;'hen ' $40252:[]bne.s $4020a $40254:[]cmpi.l #$436f6d70,$c(a0) ;'Comp' $4025C:[]bne.s $4020a $4025E:[]add.l (a0)+,d0 $40260:[]rol.l #$3,d0 ; DE534692 $40262:[]dbra d1,$4025e $40266:[]lea.l $40056(pc),a0 $4026A:[]move.l d0,$1c(a0) ; <<< save magic key for xor ($406DC) $4026E:[]bsr $403d4 ; clean up $40272:[]bra $404a2 ; exit ------------------------------------------------------------------------------ read sector in d0 and return counter ------------------------------------------------------------------------------ $40276:[]movem.l d1-d3/a1,-(sp) $4027A:[]bsr $4028c $4027E:[]tst.w d0 $40280:[]beq.s $40284 $40282:[]moveq.l #$0,d1 $40284:[]move.l d1,d0 $40286:[]movem.l (sp+),d1-d3/a1 $4028A:[]rts ------------------------------------------------------------------------------ DMA read ------------------------------------------------------------------------------ $4028C:[]move.w #$84,$ff8606 $40294:[]move.w d0,$ff8604 $4029A:[]move.l a0,d0 ; sector buffer $404d0 $4029C:[]move.b d0,$ff860d ; DMA low $402A2:[]lsr.l #$8,d0 ; $402A4:[]move.b d0,$ff860b ; DMA mid $402AA:[]lsr.l #$8,d0 ; $402AC:[]move.b d0,$ff8609 ; DMA high $402B2:[]move.w #$90,$ff8606 ; $402BA:[]move.w #$190,$ff8606 ; toggle DMA read $402C2:[]move.w #$90,$ff8606 ; $402CA:[]move.w #$16,$ff8604 ; 512 byte blocks $402D2:[]move.w #$80,$ff8606 ; select command register $402DA:[]lea.l $ff860b,a1 $402E0:[]moveq.l #$0,d1 ; clear counter $402E2:[]move.l a0,d2 $402E4:[]move.l #$61a80,d3 $402EA:[]illegal ; Trace OFF (timing) $402EC:[]move.w #$80,$ff8604 ; read sector $402F4:[]subq.l #$1,d3 $402F6:[]beq.s $4032a $402F8:[]movep.w $0(a1),d0 $402FC:[]cmp.w d0,d2 $402FE:[]beq.s $402f4 $40300:[]addi.l #$200,d2 $40306:[]addq.l #$1,d1 ; counter+1 $40308:[]movep.w $0(a1),d0 $4030C:[]cmp.w d0,d2 $4030E:[]bne.s $40306 $40310:[]subq.l #$1,d3 $40312:[]beq.s $4032a ; Force Interrupt (skip on error) $40314:[]btst #$5,$fffa01 ; ready? $4031C:[]bne.s $40310 $4031E:[]illegal ; Trace ON $40320:[]bsr $40486 ; get status $40324:[]andi.w #$10,d0 $40328:[]rts ------------------------------------------------------------------------------ Force Interrupt (skip on error) ------------------------------------------------------------------------------ $4032A:[]bsr $4046e $4032E:[]moveq.l #$ffffffff,d0 $40330:[]rts ------------------------------------------------------------------------------ FDC Seek in d2 ------------------------------------------------------------------------------ $40332:[]move.w #$86,$ff8606 $4033A:[]move.w d2,$ff8604 $40340:[]move.w #$14,d0 ; seek $40344:[]bsr $40440 ; FDC command in d0 $40348:[]bmi.s $4035a ; skip on error $4034A:[]move.w $40076(pc),d0 $4034E:[]lsl.w #$1,d0 $40350:[]lea.l $40078(pc),a0 $40354:[]move.w d2,$0(a0,d0.w) $40358:[]moveq.l #$0,d0 $4035A:[]rts ------------------------------------------------------------------------------ skip on error ------------------------------------------------------------------------------ $4035C:[]moveq.l #$54,d1 $4035E:[]bsr $4046e ; Force Interrupt $40362:[]btst #$2,d0 ; Track 00? $40366:[]bne.s $40378 $40368:[]moveq.l #$60,d0 ; step-out $4036A:[]bsr $40440 ; FDC command in d0 $4036E:[]bmi.s $40374 $40370:[]subq.l #$1,d1 $40372:[]bne.s $40362 $40374:[]moveq.l #$ffffffff,d0 $40376:[]rts $40378:[]moveq.l #$54,d2 $4037A:[]sub.l d1,d2 $4037C:[]move.w $40076(pc),d0 $40380:[]lsl.l #$1,d0 $40382:[]lea.l $40078(pc),a0 $40386:[]clr.w $0(a0,d0.w) $4038A:[]move.w #$82,$ff8606 ; Track register $40392:[]moveq.l #$0,d0 ; $40394:[]move.w d0,$ff8604 ; $4039A:[]rts ------------------------------------------------------------------------------ FDC Init ------------------------------------------------------------------------------ $4039C:[]movem.l d0-d2/a0,-(sp) $403A0:[]lea.l $4007e(pc),a0 $403A4:[]move.w $43e,(a0) ; save Flock $403AA:[]st $43e ; set $403B0:[]move.w #$82,$ff8606 ; Track register $403B8:[]move.w $ff8604,d2 $403BE:[]lea.l $4007c(pc),a0 $403C2:[]move.w d2,(a0) ; save Track Register $403C4:[]bsr $403f2 ; Drive select $403C8:[]moveq.l #$0,d0 ; Restore $403CA:[]bsr $40440 ; FDC command in d0 $403CE:[]movem.l (sp)+,d0-d2/a0 $403D2:[]rts ------------------------------------------------------------------------------ FDC end ------------------------------------------------------------------------------ $403D4:[]movem.l d0-d2/a0,-(sp) $403D8:[]move.w $4007c(pc),d2 ; Track $403DC:[]bsr $40332 ; FDC Seek $403E0:[]bsr $40426 ; Drive deselect $403E4:[]move.w $4007e(pc),$43e ; restore Flock $403EC:[]movem.l (sp)+,d0-d2/a0 $403F0:[]rts ------------------------------------------------------------------------------ Drive select ------------------------------------------------------------------------------ $403F2:[]move.w $40076(pc),d0 $403F6:[]addq.b #$1,d0 $403F8:[]lsl.b #$1,d0 $403FA:[]ori.w #$0,d0 $403FE:[]eori.b #$7,d0 $40402:[]andi.b #$7,d0 $40406:[]illegal ; Trace OFF $40408:[]move.b #$e,$ff8800 $40410:[]move.b $ff8800,d1 $40416:[]andi.b #$f8,d1 $4041A:[]or.b d0,d1 $4041C:[]move.b d1,$ff8802 $40422:[]illegal ; Trace ON $40424:[]rts ------------------------------------------------------------------------------ Drive deselect ------------------------------------------------------------------------------ $40426:[]movem.l d0/d1,-(sp) $4042A:[]move.w #$3a98,d0 $4042E:[]bsr $4049c ; wait $40432:[]move.b #$7,d0 $40436:[]bsr $40406 $4043A:[]movem.l (sp)+,d0/d1 $4043E:[]rts ------------------------------------------------------------------------------ FDC command in d0 ------------------------------------------------------------------------------ $40440:[]ori.w #$3,d0 $40444:[]move.w #$80,$ff8606 $4044C:[]move.w d0,$ff8604 $40452:[]move.l #$60000,d0 $40458:[]btst #$5,$fffa01 ; ready? $40460:[]beq.s $40486 ; get status $40462:[]subq.l #$1,d0 $40464:[]bne.s $40458 $40466:[]bsr $4046e ; Force Interrupt $4046A:[]moveq.l #$ffffffff,d0 $4046C:[]rts ------------------------------------------------------------------------------ DMA Force Interrupt ------------------------------------------------------------------------------ $4046E:[]move.w #$80,$ff8606 $40476:[]move.w #$d0,$ff8604 $4047E:[]move.w #$f,d0 $40482:[]bsr $4049c ; wait $40486:[]move.w #$80,$ff8606 $4048E:[]moveq.l #$0,d0 $40490:[]move.w $ff8604,d0 ; get status $40496:[]andi.w #$1f,d0 $4049A:[]rts ------------------------------------------------------------------------------ wait d0 ------------------------------------------------------------------------------ $4049C:[]dbra d0,$4049c $404A0:[]rts ------------------------------------------------------------------------------ exit ------------------------------------------------------------------------------ $404A2:[]lea.l $40016(pc),a0 $404A6:[]move.l d0,(a0) ; magic key $404A8:[]movem.l $40056(pc),d0-d7 ; old exception vectors magic key = d7 $404AE:[]move.l $4,d0 $404B4:[]move.l d0,d1 $404B6:[]lea.l $406d0(pc),a0 ; <<< next PC $404BA:[]move.l a0,$2(sp) $404BE:[]illegal ; Trace OFF $404C0:[]movem.l d0-d7,$8 ; restore exception vectors $404C8:[]movem.l $40016(pc),d0-d7/a0-a6 ; magic key in d0 $404CE:[]rte ------------------------------------------------------------------------------ $404D0: 52 6F 62 20 4E 6F 72 74 68 65 6E 20 43 6F 6D 70 Rob Northen Comp $404E0: 6C C6 06 66 A6 AB 2A DF C9 E4 13 C8 27 90 4F 20 l..f..*.......O ------------------------------------------------------------------------------
Back to Assembly_language