The Prolok Saga (Was: Applesauce FDC
Tony Aiuto
tony.aiuto at gmail.com
Mon Jan 3 22:58:45 CST 2022
Just as my first product was about to go to market, the company president
decided we needed copy protection. He wanted Prolok. I objected, and
proposed that if I could break it in 24 hours, we wouldn't use it. I took
25 hours, and we did use it (fair is fair).
I finally found my notes and the unlock tool. The very cryptic notes
included inline. I haven't decided where to post the source yet. If anyone
has prolok'ed disks and want to try it out, I'll be happy to send it to
you. I don't run physical DOS machines any more, so my ability to test is
limited. If you want to just run a random EXE from 1983, you can try
UNPROLOK.EXE here.
https://drive.google.com/corp/drive/folders/1amoYi_fY6f2UYdYeTA1o86rmAtYpsLfF
--- snip ---
prolok.doc prolok information sheet
How to Un-Prolok a file
db xxx.exe
A: g 20 start up
g =27 3b skip int 1 and int 3 steal
r si 1 ruin debugger test
g 443
t
t
t should be at 54b
g =47d 481
AL is set to correct disk
B:
g 4a8
make sure AH is 0x10, Carry set
at 4c3 the is a write interrupt
that must succeed
g 4c5
r f NC clear Carry bit
r AX 0 set AH to 0
g 4d2 Carry should be on, AX = 1000
g 4ea make sure BX has 47 (from table at 870)
C:
repeat area from B to C for second entry in table
D:
g 51c
trick decryption part
t 700
t c0
t until SI = 533 (about 20 times)
g 53e
BX should be 0,
g 54e
r
ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0
si = 45a, di = 54d, cs, ss, ds, es = 283e
flags: NV UP EI PL ZR NA PE NC
g 57e
r f ZR
g 58b
r f ZR
g 5b0
t
g =5b6 5b9 skip steal of int 21
t
g =5bf 5d3
g =5e4 5e6 skip steal of int 27h
F: convert user program
r BX = number of 512 byte PAGES in file
g 5f4 ax has base segment of user code
g 627
at this point we have the converted user program in
main memory.
G: write it to disk
d 0
examine the first few bytes
if the first two are 5a 4d or 4d 5a then it is
a .EXE file else a .COM file.
N outfile.com if it was .EXE you will have to rename it after
compute PAGES * 0x200
r cx, bx the above value
w 970
q if you continue from this point bx, cx are set wrong
H: if we continued rather than writing the file
g 637
g =642 644
---
Data Areas (all in CS)
Address (+100) What
78b 88b store initial int 21h vector IP (0:84)
78d 88d store initial int 21h vector CS (0:86)
78b 88b store initial int 21h vector IP (0:9c)
78b 88b store initial int 21h vector CS (0:9e)
78b 88b segment of base of user code (cs:970)
^L
How to disassemble Un-Prolok.exe
d 0 l 100
d cs:0 l 450
u 11 l 40
u 430 l 29
d 458 l 3
u 45b l 23
u 47d l 90
u 50d l f
d cs:50d l f
u 51c l 32
u 54e l 98
u 5e6 l 180
d cs:765 l b
u 770 l 73
u 7e2 l 50
d cs:820 l 150
u 970 l 360
d cs:0800 l 800
d cs:1000 l 800
d cs:1800 l 800
d cs:2000 l 400
q
-------------- next part --------------
prolok.doc prolok information sheet
How to Un-Prolok a file
db xxx.exe
A: g 20 start up
g =27 3b skip int 1 and int 3 steal
r si 1 ruin debugger test
g 443
t
t
t should be at 54b
g =47d 481
AL is set to correct disk
B:
g 4a8
make sure AH is 0x10, Carry set
at 4c3 the is a write interrupt
that must succeed
g 4c5
r f NC clear Carry bit
r AX 0 set AH to 0
g 4d2 Carry should be on, AX = 1000
g 4ea make sure BX has 47 (from table at 870)
C:
repeat area from B to C for second entry in table
D:
g 51c
trick decryption part
t 700
t c0
t until SI = 533 (about 20 times)
g 53e
BX should be 0,
g 54e
r
ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0
si = 45a, di = 54d, cs, ss, ds, es = 283e
flags: NV UP EI PL ZR NA PE NC
g 57e
r f ZR
g 58b
r f ZR
g 5b0
t
g =5b6 5b9 skip steal of int 21
t
g =5bf 5d3
g =5e4 5e6 skip steal of int 27h
F: convert user program
r BX = number of 512 byte PAGES in file
g 5f4 ax has base segment of user code
g 627
at this point we have the converted user program in
main memory.
G: write it to disk
d 0
examine the first few bytes
if the first two are 5a 4d or 4d 5a then it is
a .EXE file else a .COM file.
N outfile.com if it was .EXE you will have to rename it after
compute PAGES * 0x200
r cx, bx the above value
w 970
q if you continue from this point bx, cx are set wrong
H: if we continued rather than writing the file
g 637
g =642 644
Data Areas (all in CS)
Address (+100) What
78b 88b store initial int 21h vector IP (0:84)
78d 88d store initial int 21h vector CS (0:86)
78b 88b store initial int 21h vector IP (0:9c)
78b 88b store initial int 21h vector CS (0:9e)
78b 88b segment of base of user code (cs:970)
How to disassemble Un-Prolok.exe
d 0 l 100
d cs:0 l 450
u 11 l 40
u 430 l 29
d 458 l 3
u 45b l 23
u 47d l 90
u 50d l f
d cs:50d l f
u 51c l 32
u 54e l 98
u 5e6 l 180
d cs:765 l b
u 770 l 73
u 7e2 l 50
d cs:820 l 150
u 970 l 360
d cs:0800 l 800
d cs:1000 l 800
d cs:1800 l 800
d cs:2000 l 400
q
More information about the cctech
mailing list