(bad?) DMK/PDI dump of Gize!/XIX - need advice...

Note that if the DMK is a proper dump and the only check is on the bad sector, it should pass, because openMSX should use the DMK to emulate the exact situation as on real hardware.

Hey max,

Looks like the boot sector in disk A is corrupted. It shouldn't be 33h 33h at location 25h, but 32h 33h (which changes it to proper code, and this also matches what is on the other disks). This makes it all suddenly make sense

Also seems like the chapter on "Procedure for invoking MSX-DOS" in the technical handbook talks about this a little:
https://fms.komkon.org/MSX/Handbook/th-3.txt

I just tried this on my original disk and it boots. Phew!

Patch for DISK A is ready...

https://drive.google.com/file/d/1tKqRHCqTl4Sur1XwPFLkbPZnw1C...

The only question I have why picture on the screen not changing during the game? I am walking around and see the same desert, only coordinates are changing... Is that how it meant to be or it is another form of protection?

Here is the protection from the game, it decoding in segments from 9837h to 997B and then transferring code from 9987h to 8000h and loading game code, decrypting it and executing at 9800h.

9800:   ld     sp,#97fe   
9803:   ld     hl,#9800   
9806:   push   hl         
9807:   ld     hl,#8000   
980A:   push   hl         
980B:   ld     hl,#9821   
980E:   ld     de,#15d1   
9811:   ld     bc,#01a7   
9814:   call   #99d8      
9817:   xor    (hl)       
9818:   rlca              
9819:   ld     (hl),a     
981A:   inc    hl         
981B:   dec    bc         
981C:   ld     a,b        
981D:   or     c          
981E:   jp     nz,#9814   
9821:   ld     hl,#9837   
9824:   ld     de,#3044   
9827:   ld     bc,#0191   
982A:   call   #99d8      
982D:   xor    (hl)       
982E:   rlca              
982F:   ld     (hl),a     
9830:   inc    hl         
9831:   dec    bc         
9832:   ld     a,b        
9833:   or     c          
9834:   jp     nz,#982a   
9837:   ld     hl,#fe18   
983A:   ld     (#8000),hl 
983D:   ld     a,(#fcc1)  
9840:   ld     (#9877),a  
9843:   ld     hl,#8200   
9846:   ld     c,#05      
9848:   ld     de,#0597   
984B:   ld     b,#08      
984D:   call   #986f      
9850:   jp     nz,#986a   
9853:   inc    de         
9854:   djnz   #984d      
9856:   call   #986f      
9859:   jp     z,#986a    
985C:   cp     #08        
985E:   jp     nz,#986a   
9861:   ld     de,#0000   
9864:   call   #986f      
9867:   jp     z,#988f    
986A:   dec    c          
986B:   jp     nz,#9848   
986E:   ret               
986F:   push   hl         
9870:   push   de         
9871:   push   bc         
9872:   ld     bc,#01f9   
9875:   xor    a          
9876:   rst    30h
9877:   ld     d,h        
9878:   ld     b,h        
9879:   ld     bc,#d1c1   
987C:   pop    hl         
987D:   and    a          
987E:   ret               
987F:   ld     e,e        
9880:   ld     e,e        
9881:   ld     e,e        
9882:   jr     nz,#98d8   
9884:   ld     (hl),l     
9885:   ld     l,(hl)     
9886:   ld     h,l        
9887:   ld     (hl),l     
9888:   ld     (hl),b     
9889:   ld     l,#20      
988B:   ld     e,l        
988C:   ld     e,l        
988D:   ld     e,l        
988E:   nop               
988F:   ld     hl,#98a5   
9892:   ld     de,#5caf   
9895:   ld     bc,#0123   
9898:   call   #99d8      
989B:   xor    (hl)       
989C:   rlca              
989D:   ld     (hl),a     
989E:   inc    hl         
989F:   dec    bc         
98A0:   ld     a,b        
98A1:   or     c          
98A2:   jp     nz,#9898   
98A5:   ld     hl,#98bb   
98A8:   ld     de,#460c   
98AB:   ld     bc,#010d   
98AE:   call   #99d8      
98B1:   xor    (hl)       
98B2:   rlca              
98B3:   ld     (hl),a     
98B4:   inc    hl         
98B5:   dec    bc         
98B6:   ld     a,b        
98B7:   or     c          
98B8:   jp     nz,#98ae   
98BB:   ld     hl,#98d1   
98BE:   ld     de,#6f6c   
98C1:   ld     bc,#00f7   
98C4:   call   #99d8      
98C7:   xor    (hl)       
98C8:   rlca              
98C9:   ld     (hl),a     
98CA:   inc    hl         
98CB:   dec    bc         
98CC:   ld     a,b        
98CD:   or     c          
98CE:   jp     nz,#98c4   
98D1:   ld     a,(#fcc1)  
98D4:   ld     (#990b),a  
98D7:   ld     hl,#8200   
98DA:   ld     c,#05      
98DC:   ld     de,#0597   
98DF:   ld     b,#08      
98E1:   call   #9903      
98E4:   jp     nz,#98fe   
98E7:   inc    de         
98E8:   djnz   #98e1      
98EA:   call   #9903      
98ED:   jp     z,#98fe    
98F0:   cp     #08        
98F2:   jp     nz,#98fe   
98F5:   ld     de,#0000   
98F8:   call   #9903      
98FB:   jp     z,#9923    
98FE:   dec    c          
98FF:   jp     nz,#98dc   
9902:   ret               
9903:   push   hl         
9904:   push   de         
9905:   push   bc         
9906:   ld     bc,#01f9   
9909:   xor    a          
990A:   rst    30h
990B:   nop               
990C:   ld     b,h        
990D:   ld     bc,#d1c1   
9910:   pop    hl         
9911:   and    a          
9912:   ret               
9913:   ld     e,e        
9914:   ld     e,e        
9915:   ld     e,e        
9916:   jr     nz,#996c   
9918:   ld     (hl),l     
9919:   ld     l,(hl)     
991A:   ld     h,l        
991B:   ld     (hl),l     
991C:   ld     (hl),b     
991D:   ld     l,#20      
991F:   ld     e,l        
9920:   ld     e,l        
9921:   ld     e,l        
9922:   nop               
9923:   ld     hl,#9939   
9926:   ld     de,#6f32   
9929:   ld     bc,#008f   
992C:   call   #99d8      
992F:   xor    (hl)       
9930:   rlca              
9931:   ld     (hl),a     
9932:   inc    hl         
9933:   dec    bc         
9934:   ld     a,b        
9935:   or     c          
9936:   jp     nz,#992c   
9939:   ld     hl,#994f   
993C:   ld     de,#2a59   
993F:   ld     bc,#0079   
9942:   call   #99d8      
9945:   xor    (hl)       
9946:   rlca              
9947:   ld     (hl),a     
9948:   inc    hl         
9949:   dec    bc         
994A:   ld     a,b        
994B:   or     c          
994C:   jp     nz,#9942   
994F:   ld     hl,#9965   
9952:   ld     de,#78b9   
9955:   ld     bc,#0063   
9958:   call   #99d8      
995B:   xor    (hl)       
995C:   rlca              
995D:   ld     (hl),a     
995E:   inc    hl         
995F:   dec    bc         
9960:   ld     a,b        
9961:   or     c          
9962:   jp     nz,#9958   
9965:   ld     hl,#997b   
9968:   ld     de,#50a6   
996B:   ld     bc,#004d   
996E:   call   #99d8      
9971:   xor    (hl)       
9972:   rlca              
9973:   ld     (hl),a     
9974:   inc    hl         
9975:   dec    bc         
9976:   ld     a,b        
9977:   or     c          
9978:   jp     nz,#996e   
997B:   ld     hl,#9987   
997E:   ld     de,#8000   
9981:   ld     bc,#0041   
9984:   ldir              
9986:   ret               
9987:   ld     a,(#fcc1)  
998A:   ld     (#8011),a  
998D:   ld     hl,#9800   
9990:   ld     de,#0432   
9993:   ld     bc,#01f9   
9996:   xor    a          
9997:   rst    30h
9998:   ld     d,h        
9999:   ld     b,h        
999A:   ld     bc,#00da   
999D:   add    a,b        
999E:   ld     hl,#9800   
99A1:   ld     de,#7061   
99A4:   ld     bc,#0200   
99A7:   push   hl         
99A8:   push   de         
99A9:   pop    hl         
99AA:   add    hl,hl      
99AB:   add    hl,de      
99AC:   add    hl,hl      
99AD:   add    hl,de      
99AE:   ld     e,h        
99AF:   ld     d,l        
99B0:   rlc    h          
99B2:   rlc    h          
99B4:   rrc    l          
99B6:   add    hl,de      
99B7:   ld     de,#1119   
99BA:   add    hl,de      
99BB:   ex     de,hl      
99BC:   ld     a,d        
99BD:   pop    hl         
99BE:   xor    (hl)       
99BF:   rlca              
99C0:   ld     (hl),a     
99C1:   inc    hl         
99C2:   dec    bc         
99C3:   ld     a,b        
99C4:   or     c          
99C5:   jr     nz,#99a7   
99C7:   ret               

The main points here are 9837h (check and jump) -> 988Fh, 98A5h, 98BBh, 98D1h (check and jump) -> 9923h, 9939h, 994Fh, 9965h, 997Bh (move code to 8000h and execute).

---

I used decrypted main game loading code and moved it to load from boot sector. So now we loading game code, decrypting it and executing.

The boot block loading code from offset 1A00h (sector offset 0Dh) on the 9800h. Now it consist from decoded game loader, here how it looks:

	PHASE	9800h

_CODE:
	LD	SP,97FEh

	LD	HL,_8000
	LD	DE,8000h
	PUSH	DE
	LD	BC,_8000_LEN
	LDIR
	RET

_8000:
	PHASE	8000h

.start:
	LD	A,(FCC1h)
	LD	(.slot),A

	LD	HL,9800h	; read to address of 9800h from
	LD	DE,0432h	; offset [0432h x 200h] 1 sector (200h bytes)
	LD	bc,01F9h
	XOR	A
	RST	30h
.slot:
	DB	00h
	DW	0144h

	JR	C,.start	; loop if read error

	LD	HL,9800h
	PUSH	HL
	LD	DE,7061h
	LD	BC,0200h

.loop:
	PUSH	HL
	PUSH	DE
	POP	HL
	ADD	HL,HL
	ADD	HL,DE
	ADD	HL,HL
	ADD	HL,DE
	LD	E,H
	LD	D,L
	RLC	H
	RLC	H
	RRC	L
	ADD	HL,DE
	LD	DE,1119h
	ADD	HL,DE
	EX	DE,HL
	LD	A,D
	POP	HL
	XOR	(HL)
	RLCA
	LD	(HL),a
	INC	HL
	DEC	BC
	LD	A,B
	OR	C
	JR	NZ,.loop

	RET

	DEPHASE

_8000_LEN:	EQU	$ - _8000

_CODE_LEN:	EQU	$ - _CODE