The Prolok Saga (Was: Applesauce FDC

Tony Aiuto tony.aiuto at gmail.com
Mon Jan 3 22:58:45 CST 2022


Just as my first product was about to go to market, the company president
decided we needed copy protection. He wanted Prolok. I objected, and
proposed that if I could break it in 24 hours, we wouldn't use it. I took
25 hours, and we did use it (fair is fair).

I finally found my notes and the unlock tool.  The very cryptic notes
included inline. I haven't decided where to post the source yet. If anyone
has prolok'ed disks and want to try it out, I'll be happy to send it to
you. I don't run physical DOS machines any more, so my ability to test is
limited.  If you want to just run a random EXE from 1983, you can try
UNPROLOK.EXE here.
https://drive.google.com/corp/drive/folders/1amoYi_fY6f2UYdYeTA1o86rmAtYpsLfF


--- snip ---
prolok.doc                              prolok information sheet

How to Un-Prolok a file

db xxx.exe

A:      g 20            start up
        g =27 3b        skip int 1 and int 3 steal
        r si 1          ruin debugger test
        g 443
        t
        t
        t               should be at 54b
        g =47d 481
                        AL is set to correct disk

B:
        g 4a8
                        make sure AH is 0x10, Carry set
                        at 4c3 the is a write interrupt
                        that must succeed
        g 4c5
        r f NC          clear Carry bit
        r AX 0          set AH to 0

        g 4d2           Carry should be on, AX = 1000
        g 4ea           make sure BX has 47 (from table at 870)
C:
        repeat area from B to C for second entry in table

D:
        g 51c
                        trick decryption part
        t 700
        t c0
        t       until SI = 533  (about 20 times)
        g 53e
                        BX should be 0,
        g 54e
        r
                        ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0
                        si = 45a, di = 54d, cs, ss, ds, es = 283e
                        flags: NV UP EI PL ZR NA PE NC
        g 57e
        r f ZR
        g 58b
        r f ZR

        g 5b0
        t
        g =5b6 5b9      skip steal of int 21
        t
        g =5bf 5d3
        g =5e4 5e6      skip steal of int 27h

F:                      convert user program
        r               BX = number of 512 byte PAGES in file
        g 5f4           ax has base segment of user code
        g 627

                        at this point we have the converted user program in
                        main memory.

G:                      write it to disk
        d 0
                        examine the first few bytes
                        if the first two are 5a 4d  or 4d 5a then it is
                        a .EXE file else a .COM file.

        N outfile.com   if it was .EXE you will have to rename it after

                        compute PAGES * 0x200
        r cx, bx        the above value
        w 970
        q               if you continue from this point bx, cx are set wrong
H:                      if we continued rather than writing the file
        g 637
        g =642 644

---
Data Areas (all in CS)

Address (+100)          What

78b     88b             store initial int 21h vector IP (0:84)
78d     88d             store initial int 21h vector CS (0:86)

78b     88b             store initial int 21h vector IP (0:9c)
78b     88b             store initial int 21h vector CS (0:9e)

78b     88b             segment of base of user code (cs:970)

^L

How to disassemble Un-Prolok.exe

d   0 l 100
d cs:0 l 450

u  11 l 40
u 430 l 29
d 458 l 3
u 45b l 23
u 47d l 90
u 50d l f

d cs:50d l f
u 51c l 32
u 54e l 98
u 5e6 l 180

d cs:765 l b

u 770 l 73
u 7e2 l 50

d cs:820 l 150

u 970 l 360
d cs:0800 l 800
d cs:1000 l 800
d cs:1800 l 800
d cs:2000 l 400

q
-------------- next part --------------
prolok.doc				prolok information sheet


How to Un-Prolok a file

db xxx.exe

A:	g 20		start up
	g =27 3b	skip int 1 and int 3 steal
	r si 1		ruin debugger test
	g 443
	t
	t
	t		should be at 54b
	g =47d 481
			AL is set to correct disk

B:
	g 4a8
			make sure AH is 0x10, Carry set
			at 4c3 the is a write interrupt
			that must succeed
	g 4c5
	r f NC		clear Carry bit
	r AX 0		set AH to 0

	g 4d2		Carry should be on, AX = 1000
	g 4ea		make sure BX has 47 (from table at 870)
C:
	repeat area from B to C for second entry in table

D:
	g 51c
			trick decryption part
	t 700
	t c0
	t	until SI = 533	(about 20 times)
	g 53e
			BX should be 0,
	g 54e
	r
			ax = 0, bx = 0, cx = 0, dx = 1, sp = 866, bp = 0
			si = 45a, di = 54d, cs, ss, ds, es = 283e
			flags: NV UP EI PL ZR NA PE NC
	g 57e
	r f ZR
	g 58b
	r f ZR

	g 5b0
	t
	g =5b6 5b9	skip steal of int 21
	t
	g =5bf 5d3
	g =5e4 5e6	skip steal of int 27h

F:			convert user program
	r		BX = number of 512 byte PAGES in file
	g 5f4		ax has base segment of user code
	g 627

			at this point we have the converted user program in
			main memory.

G:			write it to disk
	d 0
			examine the first few bytes
			if the first two are 5a 4d  or 4d 5a then it is
			a .EXE file else a .COM file.

	N outfile.com	if it was .EXE you will have to rename it after

			compute PAGES * 0x200
	r cx, bx	the above value
	w 970
	q		if you continue from this point bx, cx are set wrong


H:			if we continued rather than writing the file
	g 637
	g =642 644




Data Areas (all in CS)


Address (+100)		What

78b	88b		store initial int 21h vector IP (0:84)
78d	88d		store initial int 21h vector CS (0:86)

78b	88b		store initial int 21h vector IP (0:9c)
78b	88b		store initial int 21h vector CS (0:9e)

78b	88b		segment of base of user code (cs:970)




How to disassemble Un-Prolok.exe

d   0 l 100
d cs:0 l 450

u  11 l 40
u 430 l 29
d 458 l 3
u 45b l 23
u 47d l 90
u 50d l f

d cs:50d l f

u 51c l 32
u 54e l 98
u 5e6 l 180

d cs:765 l b

u 770 l 73
u 7e2 l 50

d cs:820 l 150

u 970 l 360
d cs:0800 l 800
d cs:1000 l 800
d cs:1800 l 800
d cs:2000 l 400

q



More information about the cctech mailing list