digital_ace
Inactive User
- Joined
- Feb 9, 2006
- Messages
- 4
- Reaction score
- 0
hi nozzer or hackmax,
to program defensively for type 5 keyroll to handle the addresses if cc decide to change them i have put this together.
would something like this work for this map call if they change addresses.
KEYMASK5_data:
.DB 0x3F,0x00,0x01,0xFA,0x3F,0x41,0xA6,0x02
.DB 0xCD,0x90,0xE3,0x3F,0x4D,0xA6,0x00,0xB7
.DB 0x4E,0xA6,0x0E,0xCD,0x90,0xE3,0xA6,0x00
.DB 0xB7,0x4E,0xA6,0x0E,0xCD,0x90,0xE3,0xA6
.DB 0x21,0xCC,0x6B,0x01,0x83,0x00,0x01,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
; *******************************************************************
; OK - this is where you add your new handler method
; The Keymask table is already provided for you above
; and is derived from the disassembly of the new keyroll
; type
;
CHKKEYMASK5:
LDI YH, high(M) ;Set Y pointer to start of decrypted EMM in RAM (0x019B)
LDI YL, low(M)
LDI ZH, high(KEYMASK5_data * 2) ;Set Z pointer to start of KEYMASK5 * 2 in Flash (0x0A70)
LDI ZL, low(KEYMASK5_data * 2)
CLR R18
KEYMASK5TOP:
CPI R18,0x01
BREQ KEYMASK5CHKLOOP
CPI R18,0x25
BREQ KEYMASK5CHKLOOP
CPI R18,0x0A
BREQ KEYMASK5CHKLOOP
CPI R18,0x13
BREQ KEYMASK5CHKLOOP
; Byte is a mask byte so check that its what we expect
LPM
LDD R17,Y+0
CP R0,R17
BRNE KEYMASK5CHKLOOPEND ; No, not an EMM we can use so exit
KEYMASK5CHKLOOP:
ADIW R30,0x01 ;Increase the ZL Flash pointer
INC R28 ;Increase the YL EMM Buffer pointer
INC R18
CPI R18,0x27 ;Have we done all 27 bytes of the EMM ?
BRNE KEYMASK5TOP ;Nope .. carry on checking the mask
RCALL DOKEYROLL5 ;Yes, This is a keychange EMM so handle type5 keyroll
KEYMASK5CHKLOOPEND:
RET
;If the mask check above passed then we are going to do the following block ;of code to process
;a Type 5 Keyroll (Map call).
DOKEYROLL5:
LDI X,(MP + 0xA)
ADD X,83
LDI Y,(MP + 0x13)
ADD Y,83
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
thx ace
to program defensively for type 5 keyroll to handle the addresses if cc decide to change them i have put this together.
would something like this work for this map call if they change addresses.
KEYMASK5_data:
.DB 0x3F,0x00,0x01,0xFA,0x3F,0x41,0xA6,0x02
.DB 0xCD,0x90,0xE3,0x3F,0x4D,0xA6,0x00,0xB7
.DB 0x4E,0xA6,0x0E,0xCD,0x90,0xE3,0xA6,0x00
.DB 0xB7,0x4E,0xA6,0x0E,0xCD,0x90,0xE3,0xA6
.DB 0x21,0xCC,0x6B,0x01,0x83,0x00,0x01,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
.DB 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
; *******************************************************************
; OK - this is where you add your new handler method
; The Keymask table is already provided for you above
; and is derived from the disassembly of the new keyroll
; type
;
CHKKEYMASK5:
LDI YH, high(M) ;Set Y pointer to start of decrypted EMM in RAM (0x019B)
LDI YL, low(M)
LDI ZH, high(KEYMASK5_data * 2) ;Set Z pointer to start of KEYMASK5 * 2 in Flash (0x0A70)
LDI ZL, low(KEYMASK5_data * 2)
CLR R18
KEYMASK5TOP:
CPI R18,0x01
BREQ KEYMASK5CHKLOOP
CPI R18,0x25
BREQ KEYMASK5CHKLOOP
CPI R18,0x0A
BREQ KEYMASK5CHKLOOP
CPI R18,0x13
BREQ KEYMASK5CHKLOOP
; Byte is a mask byte so check that its what we expect
LPM
LDD R17,Y+0
CP R0,R17
BRNE KEYMASK5CHKLOOPEND ; No, not an EMM we can use so exit
KEYMASK5CHKLOOP:
ADIW R30,0x01 ;Increase the ZL Flash pointer
INC R28 ;Increase the YL EMM Buffer pointer
INC R18
CPI R18,0x27 ;Have we done all 27 bytes of the EMM ?
BRNE KEYMASK5TOP ;Nope .. carry on checking the mask
RCALL DOKEYROLL5 ;Yes, This is a keychange EMM so handle type5 keyroll
KEYMASK5CHKLOOPEND:
RET
;If the mask check above passed then we are going to do the following block ;of code to process
;a Type 5 Keyroll (Map call).
DOKEYROLL5:
LDI X,(MP + 0xA)
ADD X,83
LDI Y,(MP + 0x13)
ADD Y,83
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
INC X
INC Y
LDS R16, (MP + X)
STS (MP + Y), R16
thx ace
