Understanding Shinobi & Stuff

This is the disassemble for the small code block in the space executable. I inserted a few comments to aid understanding and analysis, but what the code itself does is still TBD. ;; allocated at 0x00000000 _lbC000000: jmp (_lbC000036r).L _symb000002: ;; this label points to the jmp target EQU *-4 ;; and is changed later by code _lbL000006: dc.l $00018B20 _lbL00000A: dc.l $0000A124 ;; Subroutine start _lbC00000E: lsl.b #$1, d6 bne _lbC00001C move.b (a4)+, d6 ori.b #$10, CCR roxl.b #$1, d6 _lbC00001C: rts ;; --- Subroutine end ;; --- Subroutine start _lbC00001E: moveq #0, d0 _lbC000020: lsl.b #$1, d6 bne _lbC00002E move.b (a4)+, d6 ori.b #$10, CCR roxl.b #$1, d6 _lbC00002E: roxl.l #$1, d0 dbf d5, _lbC000020 rts ;; --- Subroutine end _lbC000036r: movem.l d0-d7/a0-a6, -(a7) move.l (_lbC00000A,PC), d7 movea.l #_lbL000264r, a

  Last time we looked at the structure of the executables zob and space. Using a custom tool, we could see that zob is mostly a small (300 bytes) code block, while space has a small code block (612 bytes) and a larger data block (40kb) which is probably compressed code.  If we disassemble zob, this is what we see. I started to analyze some of it but didn't get far.  _lbC000000 movem.l d0-d7/a0-a6, -(a7) ;; save all registers at addr of A7 lea ($dff180).l, a6 ;; $dff180 is a memory register, COLOR00 lea (_lbL0000C6,pc), a0 ;; load PC+offset (given by label) into A0 lea ($120).l, a1 move.l (a0)+, d0 move.l (a0)+, d1 move.l (a0)+, d5 movea.l a1, a2 adda.l d0, a0 adda.l d1, a2 move.l -(a0), d0 eor d0, d5 _lbC000024 lsr.l #$1, d0 bne _lbC00002A bsr _lbC0000A0 _lbC00002A bcs _lbC00005E moveq #$8, d1 moveq #$1, d3 lsr.l #$1, d0 bne _lbC000036