I see that Chad also used TTDigger....the best way to pickup the
labels... :-)
Here's the crux of what I've got so far. Referring to crypt78.c
(posted many moons ago as Frank mentioned, based on Bruce Tomlin's
pas source), you'll notice that 'carttest' is MungeCart(). And
Encrypt() is the routine we need to decipher and come up with the
basic math formula.
Hopefully the "bignum" routines from crytp78 can be carried over.
Otherwise I'll use the 'miracl' library.
; 264 bytes
; A_munge
; $F52E in bootROM
s: dc $C765,$ABCA,$EEF7,$8309
t: dc $E1D0,$9267,$62B6,$7255
dc $8E91,$DCC5,$81BE,$7820
dc $59B7,$E63D,$0645,$AFC8
dc $0831,$38D1,$FB73,$84A9
dc $17FC,$3487,$A394,$FA90
dc $B8ED,$CE3B,$5B0A,$43D9
dc $F353,$82B3,$0D6D,$5A60
dc $9D51,$A7B9,$1110,$BCE4
dc $7F80,$41E7,$E3F6,$5626
dc $35EC,$D6DF,$0C7F,$F49E
dc $AC52,$46EF,$CFBF,$A23F
dc $A413,$1597,$4A1C,$B042
dc $8CB1,$0558,$8018,$772B
dc $023E,$A849,$1A6A,$CB6E
dc $0B8A,$EBF1,$4F14,$798B
dc $D89F,$9B57,$19F8,$2A2D
dc $760E,$E82E,$4BF9,$0703
dc $DE93,$167E,$D4E5,$B2F0
dc $7D7A,$DAD2,$A1CC,$1DE0
dc $5E23,$A095,$221E,$3685
dc $FE1F,$39AA,$8996,$AD0F
dc $2FC0,$4727,$5D24,$EAC3
dc $A5F5,$215F,$1B40,$8FAE
dc $7425,$DDC1,$7CCD,$A670
dc $D733,$7B2C,$75BB,$8699
dc $BD54,$9A6C,$6332,$484C
dc $8DBA,$5C61,$C44E,$2937
dc $12C6,$989C,$D569,$6BE2
dc $044D,$E9C2,$883A,$DB64
dc $0144,$6FB5,$F230,$28FD
dc $5071,$3CB4,$6668,$C9D3
dc $CA83,$C7AB,$F765,$09EE
; 55 bytes
p: dc $703A,$C16F,$9A92,$E529
dc $18E7,$9E50,$D6A5,$8DCC
dc $4D52,$2AD4,$5C10,$7181
dc $24CF,$DA6A,$4A72,$EED5
dc $CA36,$1E1B,$2A20,$C0DC
dc $15E8,$EE53,$EBF3,$2E08
dc $7259,$35F8,$9957,$3B
; 55 bytes
pexp: dc $1C
dc $0EB0,$5BE6,$A4B9,$4A46
dc $39E7,$9435,$A963,$7313
dc $548A,$B517,$041C,$6049
dc $33F6,$9A92,$9CBB,$B572
dc $8D87,$86CA,$8830,$3705
dc $7A3B,$94FA,$FCCB,$821C
dc $964D,$7E26,$55CF
; 65 bytes
q: dc $1656,$1579,$9A53,$604F
dc $8755,$9FB2,$7872,$E5BC
dc $7DF8,$6FCA,$832A,$1FA7
dc $63A3,$552B,$D8B8,$45E2
dc $A11F,$412B,$041B,$9B5B
dc $E128,$C5E0,$6E7D,$C80B
dc $221E,$E7D4,$474C,$E5C8
dc $9222,$ADEF,$7018,$F13D
dc $1B
; 65 bytes
qexp: dc $05,$9585,$5E66,$94D8
dc $13E1,$D567,$EC9E,$1CB9
dc $6F1F,$7E1B,$F2A0,$CA87
dc $E9D8,$E8D5,$4AF6,$2E11
dc $78A8,$47D0,$4AC1,$06E6
dc $D6F8,$4A31,$781B,$9F72
dc $02C8,$87B9,$F511,$D339
dc $7224,$88AB,$7BDC,$063C
dc $4F47
; 120 bytes
; A_ROM
; $FED5 in bootROM
; Z (see below)
n: dc $09CA,$C9C6,$B412,$081B
dc $6058,$814B,$8601,$D8BF
dc $D925,$A07B,$DC32,$7984
dc $3B7C,$BC2F,$E2E2,$FA8D
dc $0A00,$3BC5,$ECAF,$2D8A
dc $CD06,$936A,$A514,$4677
dc $C46A,$B253,$36EF,$8CCE
dc $0CA2,$6871,$D373,$E8F7
dc $6D06,$B520,$EF23,$470C
dc $5155,$C8FE,$F458,$C43F
dc $20A7,$6738,$B076,$E2C4
dc $D805,$63F8,$3C58,$3B2D
dc $22CC,$88B3,$718F,$1D80
dc $0A87,$BDA1,$5923,$E970
dc $E2D3,$EC46,$6880,$4239
; 120 bytes
ap: dc $0481,$BE5B,$4C70,$0FBC
dc $42A2,$CD8C,$E700,$2656
dc $AE76,$6529,$3A00,$D1E6
dc $A29E,$5877,$6204,$F354
dc $2A30,$C37D,$DF69,$9DED
dc $C523,$B69D,$7F18,$CEF6
dc $390F,$1428,$F4DF,$F498
dc $F520,$C764,$A77E,$770D
dc $878D,$88EB,$CED6,$5963
dc $D770,$F64A,$E6FD,$836D
dc $BC6C,$EEF6,$4F88,$27BD
dc $EEBD,$615D,$A5B2,$5D78
dc $B0A4,$715E,$05C7,$BD6E
dc $AC4E,$5B2C,$8916,$2B7F
dc $2FB0,$7B14,$647D,$44E7
; 120 bytes
aq: dc $0549,$0B6B,$67A1,$F85F
dc $1DB5,$B3BE,$9F01,$B269
dc $2AAF,$3B52,$A231,$A79D
dc $98DE,$63B8,$80DE,$0738
dc $DFCF,$7848,$0D45,$8F9D
dc $07E2,$DCCD,$25FB,$7781
dc $8B5B,$9E2A,$420F,$9835
dc $1781,$A10D,$2BF5,$71E9
dc $E579,$2C35,$204C,$EDA8
dc $79E4,$D2B4,$0D5B,$40D1
dc $643A,$7842,$60EE,$BB06
dc $E948,$029A,$96A5,$DDB4
dc $7228,$1755,$6BC7,$6011
dc $5E39,$6274,$D00D,$BDF1
dc $B323,$7132,$0402,$FD53
Given the 120-byte values Z and Y, is there any code or a
program that I can download to solve for X in the following?
(X^2) MOD Z = Y
Z =
0x09,0xCA,0xC9,0xC6,0xB4,0x12,0x08,0x1B,
0x60,0x58,0x81,0x4B,0x86,0x01,0xD8,0xBF,
0xD9,0x25,0xA0,0x7B,0xDC,0x32,0x79,0x84,
0x3B,0x7C,0xBC,0x2F,0xE2,0xE2,0xFA,0x8D,
0x0A,0x00,0x3B,0xC5,0xEC,0xAF,0x2D,0x8A,
0xCD,0x06,0x93,0x6A,0xA5,0x14,0x46,0x77,
0xC4,0x6A,0xB2,0x53,0x36,0xEF,0x8C,0xCE,
0x0C,0xA2,0x68,0x71,0xD3,0x73,0xE8,0xF7,
0x6D,0x06,0xB5,0x20,0xEF,0x23,0x47,0x0C,
0x51,0x55,0xC8,0xFE,0xF4,0x58,0xC4,0x3F,
0x20,0xA7,0x67,0x38,0xB0,0x76,0xE2,0xC4,
0xD8,0x05,0x63,0xF8,0x3C,0x58,0x3B,0x2D,
0x22,0xCC,0x88,0xB3,0x71,0x8F,0x1D,0x80,
0x0A,0x87,0xBD,0xA1,0x59,0x23,0xE9,0x70,
0xE2,0xD3,0xEC,0x46,0x68,0x80,0x42,0x39
Y =
0xCF,0x21,0x53,0x4C,0x77,0x3F,0xBC,0xF3,
0x06,0xA4,0xA0,0x27,0xFD,0xF9,0x41,0x2A,
0xA8,0xA0,0x14,0xAC,0x84,0x74,0x52,0xF7,
0xEC,0x9E,0x93,0x6B,0xC6,0xCC,0xF3,0x69,
0xB8,0xDF,0xBB,0xF8,0x7F,0x0A,0xF1,0xBC,
0x15,0x9D,0x98,0x3A,0x77,0xFF,0x9E,0xFB,
0x9A,0x42,0x1F,0x94,0x59,0x8C,0xA0,0xDC,
0x68,0xD4,0xE2,0x82,0x62,0xEB,0x5D,0xEC,
0x41,0x28,0xE8,0x55,0xA6,0xB2,0xFA,0xC0,
0x02,0xA1,0xA2,0x36,0x71,0x3A,0x37,0x65,
0x16,0xCF,0x8F,0x67,0x74,0xE8,0xE8,0xEF,
0xA9,0xEF,0x04,0xDF,0x27,0x46,0x50,0xF8,
0xDD,0xFA,0x52,0x6C,0x6E,0x95,0x7A,0x3C,
0x62,0x1E,0x8C,0x2B,0x05,0x70,0x1A,0x31,
0xD4,0xB4,0xE2,0xAA,0xFB,0x60,0x24,0xE9
;
;
;
carttest: move.l #acc,_accpt
clr.l d0
move d0,T0477A
;
; void MungeCart(void)
;
move.b U11709,d0 ; $FFF9
andi.b #$F0,d0
lsl #8,d0
cmpi.l #$00004000,d0 ; <$4000?
bcs L00D5A
subi #$4000,d0
add.l #_image,d0
move.l d0,T0475A ; cartstart
; clear acc
checksum: clr.l d0
move #$00FF,d0
movea.l #acc,a0 ; acc
L00C2E: clr.b $00(a0,d0)
subq #1,d0
bpl.s L00C2E
; copy $FF7F->$FF00...$FFFF->$FFF8 to acc
clr.l d0
move.b #$7F,d0
movea.l #U11610,a1 ; $FF00
L00C42: move.b $00(a1,d0),d1
move.b d1,$00(a0,d0)
subq.b #1,d0
cmp.b #$F8,d0
bne.s L00C42
;
move.l #s,T0476A ; s
movea.l T0475A,a2 ; cartstart
clr.l d0
moveq #$01,d3
L00C66: bsr cscheck ; cscheck
adda.l #$00000100,a2
clr.l d3
cmpa.l #U11610,a2 ; $FF00
bne.s L00C66
;
moveq #$01,d3
bsr csrotate ; csrotate
bsr csrotate ; csrotate
move.l #t,T0476A ; t
suba.l #$00000100,a2
L00C94: bsr cscheck ; cscheck
suba.l #$00000100,a2
moveq #$01,d3
cmpa.l T0475A,a2 ; cartstart
bcc.s L00C94
;
move.b #$77,d0
movea.l #reg11,a2 ; reg11
movea.l #T0480A,a4 ; acc+$88
L00CB8: move.b $00(a0,d0),d1
move.b $50(a0,d0),d2
eor.b d2,d1
move.b $00(a4,d0),d2
eor.b d2,d1
move.b d1,$00(a2,d0)
subq #1,d0
bpl.s L00CB8
; A_mem[0x2000] = A_mem[0x2000] & 7;
clr.l d0
andi.b #$07,reg11 ; reg11
; A_mem[0x2004] = 0;
; ignore the following....
move.b reg11,d0 ; reg11
add.b U11708,d0
add.b U11709,d0
add.b U1170A,d0
add.b U1170B,d0
add.b U1170C,d0
add.b U1170D,d0
add.b U1170E,d0
add.b U1170F,d0
add.b L01722,d0
add.b L017A0,d0
add.b T04A43,d0
add.b U05B54,d0
add.b U0DA55,d0
add.b U0EF83,d0
add.b U1003F,d0
add.b U1098B,d0
add.b T04E06,d0
move.b d0,T04E06 ; reg11[4]
bsr.s encrypt
bra.s L00D66
movem.l (a7)+,d0-d7/a0-a5
clr.l d0
unlk a6
rts
; error
L00D5A: movem.l (a7)+,d0-d7/a0-a5
move #-$0002,d0
unlk a6
rts
L00D66: movem.l (a7)+,d0-d7/a0-a5
move T0477A,d0
unlk a6
rts
; void X_23FF(int addr, int munge)
;
cscheck: clr.l d2
movea.l T0476A,a3
clr.l d5
L00D7E: andi #$0F,ccr
lsr.b #1,d3
move.b $00(a0,d2),d5
addx.b d5,d0
move.b $00(a2,d2),d5
addx.b d5,d0
roxl.b #1,d3
move.b $00(a3,d0),d0
move.b d0,$00(a0,d2)
addq.b #1,d2
bne.s L00D7E
rts
; void ROLWork(void)
;
csrotate: clr.l d2
L00DA2: lsr.b #1,d3
move.b $00(a0,d2),d1
roxl.b #1,d1
roxl.b #1,d3
move.b d1,$00(a0,d2)
addq.b #1,d2
bne.s L00DA2
rts
;
;
;
encrypt:
; copy p to reg7
; copy pexp to reg5
goo: clr.l d1
move.b #$36,d1
move.b #$36,sizer3
move.b #$36,sizer5
movea.l #p,a1 ; p
movea.l #reg5,a2 ; reg5
movea.l #reg7,a3 ; reg7
movea.l #pexp,a4 ; pexp
L00DE4: move.b $00(a1,d1),$00(a3,d1)
move.b $00(a4,d1),$00(a2,d1)
subq #1,d1
bpl.s L00DE4
; ??
bsr L01042 ; divide , power
; copy reg9 to reg13
clr.l d1
move.b #$36,d1
movea.l #reg9,a4 ; reg9
movea.l #reg13,a1 ; reg13
L00E0A: move.b $00(a4,d1),$00(a1,d1)
subq #1,d1
bpl.s L00E0A
; copy q to reg7
; copy qexp to reg5
clr.l d1
move.b #$40,d1
move.b #$40,sizer3
move.b #$40,sizer5
movea.l #q,a1 ; q
movea.l #reg5,a2 ; reg5
movea.l #reg7,a3 ; reg7
movea.l #qexp,a4 ; qexp
L00E42: move.b $00(a1,d1),$00(a3,d1)
move.b $00(a4,d1),$00(a2,d1)
subq #1,d1
bpl.s L00E42
; ??
bsr L01042 ; divide , power
; copy reg9 to reg1
clr.l d1
move.b #$40,d1
move.b #$40,sizer1
movea.l #reg9,a1 ; reg9
movea.l #reg1,a4 ; reg1
L00E70: move.b $00(a1,d1),$00(a4,d1)
subq #1,d1
bpl.s L00E70
; copy aq to reg0[1]
clr.l d1
move.b #$77,d1
move.b d1,sizer0
movea.l #aq,a1 ; aq
movea.l #T04883,a4 ; reg0[1]
L00E92: move.b $00(a1,d1),$00(a4,d1)
subq #1,d1
bpl.s L00E92
; ??
bsr multiply ; multiply
; copy n to reg0[1]
clr.l d1
move.b #$77,d1
movea.l #n,a1 ; n
movea.l #T04883,a4 ; reg0[1]
L00EB2: move.b $00(a1,d1),$00(a4,d1)
subq #1,d1
bpl.s L00EB2
; ??
move.b offseta,sizea
bsr divide ; divide
; copy acc[?] to reg3
clr.l d1
movea.l #acc,a1 ; acc
move.b starta,d1
adda.l d1,a1
movea.l #reg3,a2 ; reg3
move.b #$77,d1
L00EE4: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L00EE4
; copy reg13 to reg1
clr.l d1
move.b #$36,d1
move.b d1,sizer1
movea.l #reg13,a2 ; reg13
movea.l #reg1,a3 ; reg1
L00F06: move.b $00(a2,d1),$00(a3,d1)
subq #1,d1
bpl.s L00F06
; copy ap to reg0[1]
clr.l d1
move.b #$77,d1
move.b d1,sizer0
movea.l #ap,a1 ; ap
movea.l #T04883,a2 ; reg0[1]
L00F28: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L00F28
; ??
bsr multiply ; multiply
; copy n to reg0[1]
clr.l d1
move.b #$77,d1
movea.l #n,a1 ; n
movea.l #T04883,a2 ; reg0[1]
L00F48: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L00F48
move.b offseta,sizea
; ??
bsr divide ; divide
; copy acc[?] to acc[1]
clr.l d1
move.b #$77,offsetr
movea.l #acc,a1 ; acc
move.b starta,d1
adda.l d1,a1
clr.b d1
movea.l #T04783,a2 ; acc[1]
L00F80: move.b $00(a1,d1),$00(a2,d1)
addq.b #1,d1
cmp.b #$78,d1
bne.s L00F80
; ??
move.l #reg3,addmod ; reg3
clr.l d0
move.b #$01,d0
bsr add ; add
; ??
move.l #n,T04772 ; n
bsr simplmod ; simplmod
; copy acc[1] to reg1
; copy acc[1] to reg0[1]
clr.l d1
move.b #$77,d1
movea.l #T04783,a1 ; acc[1]
movea.l #reg1,a2 ; reg1
movea.l #T04883,a3 ; reg0[1]
L00FC8: move.b $00(a1,d1),$00(a2,d1)
move.b $00(a1,d1),$00(a3,d1)
subq #1,d1
bpl.s L00FC8
; ??
dectest: bsr L010BE ; multiply , divide (n)
; compare reg11 to acc[?]
clr.l d1
movea.l #acc,a1 ; acc
move.b starta,d1
adda.l d1,a1
move.b #$77,d1
movea.l #reg11,a2 ; reg11
L00FF6: move.b $00(a2,d1),d3
cmp.b $00(a1,d1),d3
bne.s enbad
subq #1,d1
bpl.s L00FF6
; copy reg1 to $FF80-$FFF7
enout: moveq #$77,d1
movea.l #reg1,a1 ; reg1
movea.l #U11690,a2 ; $FF80
L01012: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L01012
move #$0000,T0477A
rts
enbad: addq #1,T0477A
cmpi #$0100,T0477A
beq.s L01040
addq.b #1,T04E06
bra encrypt
L01040: rts
;
; divide , power
L01042:
; copy reg11 to acc[1]
clr.l d1
move.b #$77,d1
movea.l #reg11,a1 ; reg11
movea.l #T04783,a2 ; acc[1]
L01054: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L01054
; acc[0] = 0
clr.b acc ; acc
; copy reg7 to reg0[1]
clr.l d1
move.b sizer3,d1
move.b d1,sizer0
movea.l #reg7,a1 ; reg7
movea.l #T04883,a2 ; reg0[1]
L0107E: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L0107E
; ??
move.b #$78,sizea
bsr divide ; divide
; copy acc[?] to reg3[?]
movea.l #acc,a1 ; acc
clr.l d1
move.b starta,d1
adda.l d1,a1
movea.l #reg3,a2 ; reg3
move.b sizer3,d1
L010B0: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L010B0
; ??
bsr.s power ; power
rts
;
; multiply , divide (n)
L010BE:
;
move.b #$77,sizer0
move.b #$77,sizer1
bsr multiply ; multiply
; copy n to reg0[1]
clr.l d1
move.b #$77,d1
movea.l #n,a1 ; n
movea.l #T04883,a2 ; reg0[1]
L010E4: move.b $00(a1,d1),$00(a2,d1)
subq #1,d1
bpl.s L010E4
; ??
move.b offseta,sizea
bsr divide ; divide
rts
