memory. The program code from $6140 to $6440 is encrypted with the
      value $C9; we'll need this piece of info later. To view the
      program in an executable state, change "JMP $6140" at $64A0 to
      "JMP $64A0" This creates an infinite loop from which we can safely
      press the reset button.
      
      Start the decryption process from GMON with the command "G 6000".
      The familiar "BOOTING GEOS ..." message appears on the screen,
      the drive whirs for a few seconds, then ... nothing. Press the
      reset button and re-activate GMON from BASIC (SYS 8192).  Again
      browse through the program code. Things look a little less
      confusing now.
      
      It's not immediately obvious where the call to the decryption
      routine takes place. We do know that our infinite loop at $64A0
      did not happen until AFTER the disk drive was accessed. Lets start
      from the top:
      
      $6000: JMP to $60A8
      
      $60A8: C-64 KERNAL system and non-maskable interrupt vectors
             initialized. Sprites are turned off. Screen memory is
             cleared, color memory filled, and the text "BOOTING GEOS..."
             is written directly to screen memory.
         
      $60EB: Check if GEOS BOOT should load from disk or RAM
             Expansion Unit (REU).
      
      $612A: Prepare for loading the fast loader (turbo) and
             protection code to the drive. The JSR to $6081 at $613A
             should be examined closely - this is where the decryption
             routine is called after the drive is initialized. Notice
             that the values $64 and $82 are placed into the C-64 Stack
             area ($0100 - $01FF). When the RTS at $60A2 is executed,
             the microprocessor will pull these two values from the stack
             and add 1 to get the return address ($6482 + 1 = $6483).
         
      $6140: This is the entry point after the decryption is complete.
             Here, the turbo code is being transmitted to the drive in a
             convoluted way - appropriate because the drive code itself
             is scattered in pieces throughout the program. As if
             fragmenting wasn't enough (it eventually wasn't), the turbo
             code is also BACKWARD! Backward and in pieces, the turbo
             code is eventually reconstructed in the 1541 drive RAM and
             finally activated at $6192.
      
      $61A1: Begin receiving data from the drive. Three separate program
             segments are loaded using zero-page indirect addressing mode
             ($04/$05 contain the current address being loaded). The
             first segment is loaded into $9000. GEOS keeps its disk
             turbo code here, regardless of the drive type. Without an
             REU, GEOS programs must swap
         
            K.J. REVEALED TRILOGY    PAGE [107]    (C)1990 K.J.P.B.