Recovery
| Volume Number: | | 2
|
| Issue Number: | | 7
|
| Column Tag: | | Special Projects
|
Recovering Protected Basic Programs 
By DB Cooper, Seattle, WA
True Recovery at Last!
How many times have you saved what you thought was a completed MS Basic program to disk in protected mode, only to discover that was your only copy and now you need to make some changes? Recovering from Basic's protected option has been a hotly contested struggle between Basic programmers and the interpreter, which until now, has yielded very little in the way of a practical solution. In past issues of MacTutor, various attempts have been published, but each of these required that you do something to your program before you protected it. What if you didn't remember to do the special thing first? You were out of luck. Until now. After studying Mike Steiner's "Rescuit Program" in the September 1985 issue of MacTutor, I have invented a way to recover any protected Basic program after it is protected without any requirement on the author before he saved it. In otherwords, you can now unprotect any protected program without thinking about it ahead of time. Simply run this Basic program and your back in business! I accomplished this by writing the program below named 'Rescure(b)', which overwrites the encrypted code for: {Merge "it":'} at the front of the protected program. Then I set up a second program named 'It' which is merged to the protected program and then copies the program from memory to a file. This second step is based on Mike Steiner's article.
Version 2.1 Different
Unfortunately, this scheme didn't work with programs in the Microsoft Basic 2.1 Format, so I started to experiment. I determined that version 2.1 uses a seperate location in memory to store the names of the variables. I couldn't figure out how to find this table in memory directly, so instead I added a new variable "TenZZZZZZZZZZ" to the end of the table by defining it in the program, and had the routine search for ten Z's in a row. Then the program back tracks until it hits a binary zero, which defines the beginning and end of the variables table. (This method has worked with all the programs I have rescued, but I wouldn't bank on it always being successful.)
Cleaning up Garbage
At this point I ran into still another problem. The rescued program list still showed garbage in the variable and label names about 50% of the time. I scratched my head some more before I finally realized that the main listing must end with an odd number of characters (or even, when the first character is removed after the program has been loaded). I put in a counter to check for oddness.
After this final fix, the program seems to run quite well. When a rescue is completed, the rescued program must then be saved at once by the operator or the program rescued will not show the proper icon and the list window may show garbage when entered from the Desktop. (I still don't know the reason for the latter. ) At any rate, when 'Rescue(b)' has run, it leaves the rescued program loaded in memory, so you can simply do a "Save As" and your program will be fully recovered.
Ideas on the Encryption Used
The encryption method involves three steps; First, the binary value from each field is added to an offset in the range 0 to 255. If the sum is greater than 255, then 256 is subtracted so as to be in the proper range. Next, a mask in the same range is operated on the value using the logical XOR operand. Finally a second, different offset is subtracted from the result. The final binary code is truncated to the proper range and written to the file. (Note that, properly written, the same routine can be used to encode and decode the binary data.) Each position has its own offsets and masks which are calculated in some manner I couldn't determine, but these parameters are always the same at a given position, regardless of the program encrypted.
Since {Merge "It":'} is overwritten at the beginning of the file being rescued, it is best to use a copy of the same for the rescue. I added a separate, temporary file to store the values that were overwritten. These are later restored by the subroutine "Rescue" and the result is saved with the program code in the file: 'filename.IMOK'.
Using Rescue(b)
The programs work with files saved in both version 2.0 and 2.1 but must be run under the same version of BASIC. Files in version 2.0 are not saved properly when run under version 2.1 and presumably version 2.0 will not load version 2.1 files. If you have protected version 2.0 programs and don't have a backup of BASIC version 2.0, you're out of luck!
The program 'Rescue(b)' as listed below will rescue any Binary Basic programs. To rescue Decimal programs, change the 'MSBC' to 'MSBB' where indicated in the source code and save the modified Rescue program as a Decimal program file (ie: 'Rescue(d)'.) The second program listed below, called 'It', need only be written once and saved as a text file, but it must have the name "It" and both the 'Rescue' program and the 'It' program must reside on the default disk that has the Basic interpreter on it.
To use the program, make a copy of a Basic program and save it in protected mode. Then run the program 'Rescue(b)'. A standard file dialog box will come up and ask for the name of your protected program. Then the selected program will be loaded into memory, the 'It' text program will be read in and merged to the protected program, and the de-protection will take place (allow a minute or two for this, nothing will happen on the screen yet.) When done, another dialog box will come up indicating the process is done. At this point, the unprotected program will be in memory. Go to the File menu and do a "Save As" under a new file name, then quit Basic and try running and listing your new program. It should both run and list normally.
Well, that's about it. I have successfully rescued about a dozen different programs I previously protected, both Binary and Decimal, and in both version 2.0 and 2.1. It works properly on a skinny Mac, so presumably it will work on the bigger machines. The Program 'It' searches for the binary code for 'Merge "It":' in memory, so it shouldn't matter what size your Mac is.
Too bad the folks at Microsoft didn't employ a Password scheme to allow program recovery, then all of this wouldn't have been necessary! As a precaution against disgruntled vendors, I am publishing this article under a pen name. Don't try to find me, as my name suggests, I'm gone!
'<<< RESCUE PROTECTED MICROSOFT® BASIC FILES.
'<<< This program must be run under the same BASIC
'<<< type & version number as the file being recovered.
'<<< Keep the file named 'It' on the drive with basic.
'<<< Open temporary file to store values
OPEN "Garbage Bag" AS #1 LEN=174
FIELD #1,128 AS N$,2 AS I$,4 AS T$,2 AS L$,36 AS K$,2 AS B$
WINDOW 1,,(50,30)-(212,46),4
CALL TEXTFONT(0)
DIM Keep%(18)
'<<< Ask for protected Program to rescue.
PRINT "Select a file to rescue...";
ID$=FILES$(1,"MSBD")
'<<< (Use "MSBP" instead for decimal program.)
IF ID$="" THEN SYSTEM
WINDOW CLOSE 1
OPEN ID$ AS #2 LEN=2
FIELD #2,2 AS H$
'<<< Determine version and set type.
'<<< Decode length field of first Program line.
GET #2,1:Type$="MSBC"
Pre%=VAL("&H"+LEFT$(HEX$(CVI(H$)),2))+1
IF Pre%=247 OR Pre%=251 THEN Type$="MSBB"
RESTORE FirstLine
GET #2,2
Code%=VAL("&H"+MID$(RIGHT$("0"+HEX$(CVI(H$)),4),1,2))
READ Offset1%,Mask%,Offset2%
GOSUB Cryptor
Keep%(0)=Bite%
'<<< Decode and store positions 5-22 of Program
RESTORE OtherLines
Total%=Keep%(0):I%=2
WHILE I%<20
Place%=INT(I%/2)+2
GET #2,Place%
Char%=2*I%-4*Place%+9
Code%=VAL("&H"+MID$(RIGHT$("0"+HEX$(CVI(H$)),4),Char%,2))
READ Offset1%,Mask%,Offset2%
GOSUB Cryptor
Keep%(I%-1)=Bite%
IF I%=Total% AND I%<14 THEN Total%=Total%+Bite%
I%=I%+1
WEND
'<<< Write coded {MERGE "It":' } on Program
RESTORE Modify
FOR I%=1 TO 5
READ Convert%
LSET H$=MKI$(Convert%)
PUT #2,I%+2
NEXT I%
'<<< Recode length of new first line
'<<< Note Offsets are reversed for recoding
RESTORE FirstLine:Code%=Total%
READ Offset2%,Mask%,Offset1%
GOSUB Cryptor
GET #2,2:A$=RIGHT$("00"+HEX$(CVI(H$)),4)
MID$(A$,1,2)=RIGHT$("0"+HEX$(Bite%),2)
LSET H$=MKI$(VAL("&H"+A$))
PUT #2,2
CLOSE #2
NAME ID$ AS ID$,"TEXT"
'<<< Save old values to temporary file
FOR I%=1 TO 18
Kp$=Kp$+RIGHT$("0"+HEX$(Keep%(I%)),2)
NEXT I%
LSET N$=ID$
LSET I$=MKI$(LEN(ID$))
LSET T$=Type$
LSET L$=MKI$(Keep%(0))
LSET K$=Kp$
LSET B$=MKI$(Pre%)
PUT #1,1
CLOSE #1
'<<< Print message, then chain to Program.
'<<< The file 'It' will then be merged to
'<<< the end of the Program.
WINDOW 1,,(160,110)-(345,174),2
CALL TEXTFONT(0)
PRINT "Now merging the file 'It' to"
PRINT "'"+ID$+"'"
PRINT "Please enter 'Rescue' in the"
PRINT "Command Window...";
CHAIN ID$
'<<< Routine to code/decode protected file
Cryptor:
Code%=Code%+Offset1%+256
Code%=Code%-256*INT(Code%/256)
Bite%=Code% XOR Mask%
Bite%=Bite%-Offset2%+256
Bite%=Bite%-256*INT(Bite%/256)
RETURN
FirstLine:
DATA 118,27,244
OtherLines:
DATA 248,36,246,249,18,247,250,81,248
DATA 251,59,249,252,87,250,253,44,251
DATA 254,211,252,255,66,253,5,132,142
DATA 22,106,223,55,82,179,56,214,180
DATA 57,164,181,0,0,252,0,0,252
DATA 60,164,184,61,108,185,62,209,186
Modify:
DATA &HD28E,&H4F25,&H1846,&HCF76,&H47CE
REM}|{ Required marker for end of listing!!!
'<<< Type into Basic and save on same drive,
'<<< as Basic, as 'It', in Text format.
SUB Rescue STATIC
CLEAR:Peekloc!=45000!
DIM Keep%(18)
PRINT:PRINT "Rescue engaged!"
'<<< Find location of {MERGE "It":} in memory
ScanMem:
Peekloc!=Peekloc!+1
IF PEEK(Peekloc!)<>248 GOTO ScanMem
Flag%=0:RESTORE Peekvals
FOR I=1 TO 7
READ J%:IF PEEK(Peekloc!+I)<>J% THEN Flag%=1
NEXT I
IF Flag%=1 AND Peekloc!<127*1024 GOTO ScanMem
Peekloc!=Peekloc!-4:Begin1!=Peekloc!:Begin2!=Peekloc!
Peekvals:
DATA &H9E,&H20,&H22,&H49,&H74,&H22,&H3A
'<<< Recover decoded values and parameters
OPEN "Garbage Bag" AS #1 LEN=174
FIELD #1,128 AS N$,2 AS I$,4 AS T$,2 AS L$,36 AS k$,2 AS
GET #1,1
ID$=N$:Length%=CVI(I$)
Type$=T$:Keep%(0)=CVI(L$)
Kp$=k$:Pre%=CVI(B$)
CLOSE #1
KILL "Garbage Bag"
'<<< Write beginning of file
ID$=LEFT$(ID$,Length%)+".IMOK"
OPEN ID$ FOR OUTPUT AS #1
PRINT #1,CHR$(Pre%);
PRINT #1,CHR$(PEEK(Peekloc!+1));
PRINT #1,CHR$(Keep%(0));
PRINT #1,CHR$(PEEK(Peekloc!+3));
FOR I%=1 TO 18
Keep%(I%)=VAL("&H"+MID$(Kp$,2*I%-1,2))
PRINT #1,CHR$(Keep%(I%));
NEXT I%
Peekloc!=Peekloc!+22:I%=0
'<<< Copy file until }|{ marker is reached, then
'<<< skip to rescue5 if Program is version 2.0
rescue1:
PRINT #1,CHR$(PEEK(Peekloc!));
Peekloc!=Peekloc!+1
IF PEEK(Peekloc!+2)<>&HAF THEN GOTO rescue1
Flag%=1
IF PEEK(Peekloc!+3)<>ASC("}") THEN Flag%=0
IF PEEK(Peekloc!+4)<>ASC("|") THEN Flag%=0
IF PEEK(Peekloc!+5)<>ASC("{") THEN Flag%=0
IF Flag%=0 GOTO rescue1
PRINT #1,CHR$(0);CHR$(0);
IF Pre%>&HF7 GOTO rescue5
'<<< Make listing an Odd length
Begin1!=Peekloc!-Begin1!
Begin1!=Begin1!-1000*INT(Begin1!/1000)
IF (1 AND INT(Begin1!))=0 THEN PRINT #1,CHR$(0);
'<<< Find end of variable names using: TenZZZ...Z
'<<< This var MUST NOT appear anywhere else:
TenZZZZZZZZZZ=0
rescue3:
Peekloc!=Peekloc!+1
IF PEEK(Peekloc!)<>ASC("Z") GOTO rescue3
Flag%=1
FOR I%=1 TO 9
IF PEEK(Peekloc!+I%)<>ASC("Z") THEN Flag%=0
NEXT I%
IF Flag%=0 GOTO rescue3
J=Peekloc!+10
'<<< Backtrack to start of variables list.
rescue4:
Peekloc!=Peekloc!-1
IF PEEK(Peekloc!-1)<>&H0 GOTO rescue4
J=J-Peekloc!-4
'<<< If total listing is odd, skip first position.
Begin2!=Peekloc!-Begin2!
Begin2!=Begin2!-1000*INT(Begin2!/1000)
IF (1 AND INT(Begin2!))=0 THEN Peekloc!=Peekloc!+1
'<<< Print Variables table, EXCEPT: TenZ...ZZ
WHILE J>1
PRINT #1,CHR$(PEEK(Peekloc!));
Peekloc!=Peekloc!+1:J=J-1
WEND
rescue5:
PRINT "Voil"+CHR$(136)+"! Rescue Completed!"
CLOSE #1
NAME ID$ AS ID$,Type$
PRINT "Now loading into memory."
PRINT "Recommend you first use"
PRINT "'Save As' to save file...";
BEEP:FOR I%=1 TO 20000:NEXT I%
LOAD ID$
END SUB
