(back to project page)

Creating the Phantoms Five Binary for Disassembly

There are a few different cracked copies of Phantoms Five. Most of them don't include the title screen, which is a shame. They just launch directly into the "game over" screen. The only "complete" version I've found online is the San Inc ProDOS conversion, but that uses compression which makes it harder to disassemble.

I have in my personal collection a cracked copy that holds the title sequence in one file, and the game itself in two others, one of which uses a custom loader because it partially overwrites DOS. To make the disassembly more coherent I combined the two parts of the game binary into one. Because of the custom loader this is a bit complicated to do.

DOS 3.3 'B' files have a 4-byte header that specifies the load address and the file length. Many cracked games use a trick where they take a small file loader, put it at the front of a large file, and then set the file's length to be just the length of the loader. If you BRUN the file, DOS will only read the short loader, and then transfer control to it. The loader can then manually load the rest of the file's contents by parsing the track/sector list directly.

The copy of Phantoms Five I have is driven by a small Applesoft program, which does the following:

  1. Relocates itself to $8000, clears the screen, enables graphics.
  2. BRUN "PHANTOMS FIVE.START", which loads from $2FD to $6FFF. When executed, it displays the title sequence, returning to the caller when a key is hit.
  3. BLOAD "PHANTOMS FIVE.1", which loads from $400 to $3046.
  4. BRUN "PHANTOMS FIVE.2", which loads from $200 to $2B2.

The file "PHANTOMS FIVE.2" file is 122 sectors long on disk. Subtracting the T/S list leaves 121 sectors, for a length of 31,232 ($7A00). The loader at $200 opens "PHANTOMS FIVE.2" and starts reading sectors at $3F00. The first sector is the loader, so the actual game data starts at $4000. A little math says that we will read data into $3F00-B8FF, which overwrites a bit of RWTS, so that doesn't seem right.

If you look at the T/S list contents, the 114th entry is zeroed out, and the load program stops when it encounters a zero. So there are actually 113 sectors, for a length of 28,928 ($7100), and we'll read data into $3F00-AFFF. The loader jumps to code at $3000, which copies $2000-2FFF to $B000-BFFF, so that all makes sense.

Very little of "PHANTOMS FIVE.START" is still in memory after the other parts are loaded. It appears that the code from $300-3FF isn't actually used by anything at all, and didn't need to be included. The bottom line is we don't need to worry about any of that for the main game disassembly.

Now that we now where the data is, how do we turn this into a single file?

The first thing we need to do is extract the full binaries, which we can do with CiderPress. The trouble is that CiderPress will respect the 'B' file length embedded in "PHANTOMS FIVE.2" and only extract the first part of the file unless we change the file's type.

Steps to extract the binaries:

  1. Download the disk image and open it with CiderPress.
  2. Select "PHANTOMS FIVE.2", right-click, Actions > Edit Attributes. Change the file type from BIN ($06) to ??? ($F2).
  3. Select all of the "PHANTOMS FIVE" files (you can skip the BAS file) and Actions > Extract. Click "Configure to preserve Apple II formats". Click "Extract".
  4. (Optional: change "PHANTOMS FIVE.2" back to BIN ($06). Ignore the warning.)
  5. Close CiderPress.

Now we want to combine the two game binaries into a single binary, which we can do with SourceGen's file slicing and concatenation tools. Steps:

  1. Select Tools > Slice Files, open "PHANTOMS FIVE.2#f20000".
  2. We want to remove the 4-byte BIN header and the file loader in the first sector. We can do this by setting the slice start to 256. (The part we're discarding ends with 00 00 00, the part we're keeping starts with "d5 aa d5 aa").
  3. We want to remove the extra $900 bytes from the end. Do this by setting the slice length to $7000.
  4. Click "Save", and save it as "sliced2". Close the file slicer tool window.
  5. Select Tools > Concatenate Files. Click "Add Files", and select "PHANTOMS FIVE.1#060400" and "sliced2". (You can select both at once with Ctrl+click, or just add them one at a time; just make sure they're in the correct order.)
  6. Click "Save", and save it as "PhantomsFive". Overall length should be 40007.

If you create a new SourceGen project for the binary, the initial address is $400. The initial entry point is $3000. The data that should load at $4000 comes right after it at $3047 (+002C47), so put an address change to $4000 there. The relocation code moves $2000 to $B000, so select everything from $2000-2FFF and add an address override for $B000.

Copyright 2020 by Andy McFadden