Seeking reverse-engineers - Apple II VisiCalc

Philip Pemberton classiccmp at philpem.me.uk
Wed Jan 28 16:07:12 CST 2009 

Tim McNerney wrote:
> I'd like to get Apple II VisiCalc running in emulation.
> Right now this isn't possible because of the copy protection.

So are you trying to reverse-engineer the entire application, or just the 
copy-protection?

What are your goals here?
   Remove the protection?
   Reverse-engineer the protection to the point where you can modify an 
emulator to emulate the protection ("bad" GCR, timing hacks and whatnot)?
   Tear the app apart, documenting absolutely everything?

> I have three versions of the Apple II software.  I know one of them 
> still boots (1983?)
> and have some confidence that the other two versions (1979 and 1981) 
> work too.

My first step would be to use some form of disc imaging apparatus (Catweasel?) 
to make a magnetic transition level image of the discs, then write some 
software to decode that into actual bytes and words.

I'm not sure how Apple discs work so you'll have to bear with me here. (I do 
have a decent amount of 6502 knowledge, though...)

I'd start by reverse engineering the boot sector, startup code or whatever. On 
a BBC Micro disc I'd look at the boot flags, then start tearing the !Boot 
program/CLI script apart. Move on from there as and when necessary.

The theory here is that the disc must be readable in some way -- either it's a 
"pure" AppleDOS (or whatever) disc, or it's got an AppleDOS boot track and the 
rest of the disc is some custom format or other.

Much as I hate using PCs as an example for anything.. as long as track 0 on a 
PC disc meets one of the standard formats (e.g. 360K, 720K, 1.4MB), and sector 
0:0:1 (cyl 0, head 0, sector 1) contains a valid PC/DOS boot sector (defined 
as "the checksum is valid and the 0x55AA signature is present") then the BIOS 
will boot the disc (by loading CHS 0:0:1 into memory at 0x7C00 and jumping to 
0x7C00). The BIOS really doesn't care about the filesystem, that's the 
operating system's job...

But like I said above, the amount of work involved is going to depend on what 
you want. Just reversing the copy protection to the point where you can 
emulate the protected tracks shouldn't be too difficult. Reverse engineering 
the entire application to the point where you can specify in great detail how 
the application works, and all its internal data structures... that's going to 
be difficult.

-- 
Phil.
classiccmp at philpem.me.uk
http://www.philpem.me.uk/

More information about the cctalk mailing list