By Perseverance, the Snail Reached the Ark
I can’t touch the code on the stack, because it’s used as a decryption key. I mean, I could theoretically change a few bytes of it, then calculate the proper decrypted bytes on zero page by hand. But no.
Instead, I’m just going to copy this latest disk routine wholesale. It’s short and has no external dependencies, so why not? Then I can capture the decrypted zero page and see where that JMP ($0028) is headed.
*BLOAD TRACE5 *9734<2126.2166M
Here’s the entire disassembly listing of boot trace #6:
96F8 A9 05 LDA #$05 Patch boot0 so it calls my routine instead of 96FA 8D 38 08 STA $0838 ...
Get PoC or GTFO, Volume 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
