By Perseverance, the Snail Reached the Ark

I can’t touch the code on the stack, because it’s used as a decryption key. I mean, I could theoretically change a few bytes of it, then calculate the proper decrypted bytes on zero page by hand. But no.

Instead, I’m just going to copy this latest disk routine wholesale. It’s short and has no external dependencies, so why not? Then I can capture the decrypted zero page and see where that JMP ($0028) is headed.

*BLOAD TRACE5 *9734<2126.2166M

Image

Here’s the entire disassembly listing of boot trace #6:

96F8     A9 05   LDA #$05      Patch boot0 so it calls my routine instead of 96FA  8D 38 08   STA $0838      ...

Get PoC or GTFO, Volume 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.