Rapidlok documentation 

Rapidlok documentation (Kracker Jax revealed)
======================


Rapidlok is a recent protection scheme that has appeared on the disks
of some recent big-name producers (Accolade, Avalon Hill, Microprose...),
and uses its own "DOS" system to load files.  Rapidlok disks will usually
have only track 18 standard formatted, the rest of the tracks being formatted
in the Rapidlok manner.  The Rapidlok DOS resides in an encoded format on
track 18, sectors 18, 15, 12, 9, 6, and 3.  Each time a file is loaded
through Rapidlok, a short machine-language auto-boot file loads the Rapidlok
DOS for track 18 and stores it in the disk-drive memory from $0300-07FF.
Currently, we know of 6 different versions of Rapidlok DOS.  Each relies on
the same basic track formatting, but in addition to loading Rapidlok files,
they do a complicated check on certain sync lengths, header lengths, and
track to track alignment.

RAPIDLOK FORMAT
---------------

Like Commodore DOS, Rapidlok formats its tracks by first writing a header
block, and then a $0255 byte long data block.  The method through which
Rapidlok converts this data into REAL bytes is much too confusing to explain
in this overview.  The following is how Rapidlok would format one track:


1/  The Reference Header:

The first header on a Rapidlok track is the track reference header.  It is
actually a normal Commodore DOS header for that track, sector 0 in GCR
format.  It is written with a SYNC LENGTH of $0029 bytes.  If Rapidlok DOS
detects a reference header without the correct sync length, the load will
abort.

Example:
SYNC:  $0029 Bytes: 52 57 35 29 6B 74 DC B5  =  track 19, sector 0


2/  The LONG-SYNC Rapidlok Header:

The second header on a Rapidlok track is actually the header for Rapidlok
sector 0.  All Rapidlok headers begin with a $75, and contain 7 important
bytes that the Rapidlok loader needs to detect.  These bytes are followed
by 3 or 4 GAP BYTES that are written out as #$00's.  (Any attempt to read
these bytes will return a different byte value each time.)  The Rapidlok
header block for sector 0 (1st header block) has a SYNC LENGTH of $003c
bytes, though.  The Rapidlok loader will fail if this sync length is not
found.

Example:
SYNC:  $003c Bytes: 75 93 59 25 D6 ED 7A 4C 00 00 00 00  =  sector 0

The remaining headers for sectors 1 through the maximum have SYNC LENGTHS
of $0005, and are not checked by the loader.


3/  The Rapidlok Data Block:

Each data block begins with a $6B value and follows the header for that
particular sector.  Each data block contains approximately $0255 bytes of
data, which is converted into normal DATA and sent from the drive to the
computer.  Each data block has a sync-length of $0005 bytes, and is not
checked by the loader.  Sometimes a Rapidlok sector will be blank.  The
data block will then begin with a $55 byte and continue with $0254 more
#$55 bytes.

Example of Full Rapidlok Data Block:
SYNC:  $0005 Bytes: 6B BB C9 24 BA FF 35 DF.............

Example of an Empty Rapidlok Data Block:
SYNC:  $0005 Bytes: 55 55 55 55 55 55 55 55.............


4/  The Rapidlok Bit Rate:

As far as BIT RATES and storage sizes go, Rapidlok formats tracks in the
following manners for the following zones:

       Track Zone   Bit-Rate   # of sectors
       ------------------------------------
       1-17           $60         12
       19-35          $40         11


5/  The Rapidlok EXTRA-SECTOR

After all the headers and data blocks for each sector of a track are written
out, a special "extra-sector" is written on the disk as part of Rapidlok's
main protection scheme.  The block has a SYNC LENGTH of $0014, and begins
with a #$55 byte.  The first byte is followed by a certain number of #$7B
bytes in a row, giving the entire block a specific length.  A special
"decoder" master-key block is written on track 36 of each Rapidlok disk.
At the beginning boot of the program, Rapidlok DOS moves the disk-drive head
to track 36, reads in the special key, decodes it and ends up with a list
of 35 numbers.  Each number is the specific length of the EXTRA SECTOR for
each equivalent track!  During Rapidlok file loads, if the DOS extra-sector
length does not match the master-key number for that track, the DOS dies.
The MASTER-KEY on track 36 is the most difficult portion of Rapidlok formats
to reproduce.

Example of Extra-sector:
SYNC:  $0014 Bytes: 55 7B 7B 7B 7B 7B......7B (x amount of bytes)


6/  Overview of Rapidlok DOS:

Each track contains sectors 0-11 (Tracks 1-17) or sectors 0-10 (Tracks 19-35)
Each "sector" is composed of a header block beginning with a $75 and is
followed by a data-block beginning with a $6B (or a $55 if blank).  Each
Rapidlok track also contains a reference header AND an extra-sector of
special length that much match a "master-key".  Remember, during loads,
Rapidlok DOS is constantly checking the special sync lengths described above.
Even the slightest mismatch from the norm will halt the program load.  Thus,
if your disk drive speed is slightly off from 300 RPM, you may experience
difficulties in loading some Rapidlok formatted programs.

If you examine the directory sectors of track 18 on a Rapidlok disk with a
track and sector editor, you will notice that after each file name is a
sequence of two or three bytes.  Rapidlok DOS actually uses these bytes much
in the way Commodore DOS does the track and sector pointer.  The actual
beginning track and sector number and program length are embedded (encoded)
in these bytes.

Little is known about the Rapidlok master-key on track 36.  The routine that
Rapidlok uses to decode it can be copied, but actually writing out the key
has not yet been done.

On recent Rapidlok versions (5 and 6 to be specific), they use TRACK to TRACK
alignment.  What this means is that if you were on track 19 and you had just
read sector 0, if you were to immediately skip the drive-head to track 20 and
read the first information you encountered, you would be reading the data
for sector 0 of track 20.  This is a very simple explanation.  Sometimes
track-to-track alignment can be done with a "skew", i.e. track 19, sector 0
matches track 20, sector 6, which in turn matches track 21, sector 12.  The
skew is 6.

Rapidlok DOS uses a combination of blank sectors ($55) and full sectors ($6B)
on one track.  This track must be perfectly aligned with the track before it.
When DOS finishes reading the last sector of the first track, it bumps the
drive-head to the half and half track.  If the track-to-track alignment is
correct, it will encounter a full Rapidlok sector, and will continue to load.
If the alignment is incorrect, even off by one sector, the drive will
encounter an empty sector ($55) and the loader will then commit suicide
within your drive.  So even if a person could exactly duplicate two Rapidlok
tracks, he would also have to get the timing within his format routine exact
enough to align the tracks correctly.

Example of Rapidlok Protected Track:

      SYNC LENGTH           BYTES             DESCRIPTION
      ---------------------------------------------------
      $0029         52 55 35 29 4B 74 DC B5   track 1,0 reference header
      $003C         75 93 59 25 D6 ED 7A 00   sector 0 header
      $0005         6B BB C9 24 BA FF 35 DF   sector 0 data block
      $0005         75 92 59 25 D6 ED 6E 00   sector 1 header
      $0005         6B DE 59 24 96 7B ED F7   sector 1 data block
      .....         .......................   .....................
      .....         .......................   .....................
      .....         .......................   .....................
      $0005         75 92 E9 25 D6 ED 65 00   sector 11 header
      $0005         6B F7 D9 24 EF 4E AD DB   sector 11 data block
      $0014         55 7B 7B 7B 7B 7B 7B 7B   "extra-sector" for key


7/  Points of Interest:

Track 18 on ALL Rapidlok disks is formatted in standard DOS (i.e. 18 sectors)
but it also contains the Rapidlok "extra-sector" ($55 7B 7B 7B 7B 7B..etc).
The Rapidlok auto-boot will not load Rapidlok DOS into drive memory UNLESS
this extra sector is found.  It uses the 2nd byte (7B) as a decoder for the
DOS stored on sector 18, 15, 12, 9, 6, and 3.

On all Rapidlok disks released in the past 2 years, tracks 19 through 35 have
ALWAYS been formatted in Rapidlok style.  Tracks 1-17 usually vary, depending
upon the program.  Huge programs will Rapidlok format all these tracks,
others will use combinations of standard format with Rapidlok format.  Often
if a game has a high-score list that is saved to disk, the Rapidlok format
will leave track 1 open as standard DOS so the high-score list can be written
to disk using a simple B-W or U2 command.  Writing out in Rapidlok format is
almost impossible (it would take up too much disk drive memory).












































Comments











Post a Comment


Leave your comments.. Everything posted is the truth and it took decades to unravel.























Popular posts from this blog









Protection Analysis





















   ONLINE > RECOLLECTION issue 2 Menu > Protection Analysis   Copy protection on the C64  by Pete Rittwage (of the C64 Preservation Project)  http://c64preservation.com   =====================================================  With extras by  Fungus, Antitrack & Ignorance of Nostalgia  http://nostalgia.c64.org  =====================================================   As we all know, many different protection methods were developed in the 1980's in a cat-and-mouse game with those that wanted to make a copy or remove the protection from a commercial C64 disk. My experience has been in exploring how the disk drive hardware was exploited by the publishers to keep you from being able to make a copy. The methods steadily increased in complexity from the release of the C64 until the early 90's, at which point the publishers seemed to give up on physical disk protection and started using manual or code lookups. Today, physical disk protection seems to have made a comeback on th








Read more










RapidLok Copy Protection for Commodore 64 disk




















Image







      http://www.root.org/~nate/c64/KrackerJax/index.htm                    INTRODUCTION              Thank you for your purchase of the Kracker Jax Revealed Trilogy.          The Trilogy is a compilation of our three separate Kracker Jax          Revealed books, Volumes 1 - 3. These books were individually          released over a period of two years, and represent countless hours          of investigation.              We've condensed Volumes One and Two into one book, while Volume          Three continues to be a separate book. All are included with your          purchase of the Trilogy.              The Kracker Jax Revealed series represents the best compilation          of this type of material ever assembled. The 3 Volumes were put          together from a mountain of raw data that was the end result of          years of hands on experience by people who were masters of the          craft of unlocking the mysteries of copy protection.              Inside these pages, you'








Read more










V-Max Copy Protection for Commodore 64 disk





















   V-Max Copy Protection for Commodore 64 disk.   There was four main versions of this copy protection, then some versions with variations.  V-max protection was used my many different publishers including Activision, Cinemaware, Mindscape, Origin, Sega, Taito, Thunder Mountain and a few others.   There are already some great write ups on V-Max including this one from Pete Rittwage HERE: http://c64preservation.com/vmax   There was copiers that could make copies of V-Max software in the 1980’s like Burst Nibbler and Supercard. Plus many others that could copy a V-Max protected disk then you applied a parameter (crack) on the copy for it to work, like Disk Invaders, Fast Hackem, Maverick, etc.   There is also a NEW release in the V-Max copy programs called: Revolution V by Lord Crass. This program can be found here: http://csdb.dk/release/?id=134573   Even MORE information can be found here from a Post by Lord Crass made on the Lemon64 forums: http://www.lemon64.com/forum/viewtopic.php?t








Read more