64B0 STA $61FF  ; ($F98F) 
                          64B3 JMP $6140  ;continue...
      
      
      Start up the boot again (G 6000), but this time, as soon as you 
      hear the drive motor turn on, UNPLUG THE SERIAL CABLE FROM THE BACK 
      OF THE COMPUTER. DO NOT TURN OFF THE DRIVE! Reset the computer, 
      activate "GMON", THEN reconnect the serial cable to you computer. 
      Using "GMON's" drive monitor, enter drive memory and IMMEDIATELY 
      transfer the drive code from $0300 to $07FF in drive memory to a
      safe area of memory in the computer. How about $8300 - $87FF?
      
      After the transfer has completed, reset the drive and save the 
      drive code from computer memory to your work disk. Now that it's 
      safely stored, print a disassembly of the code.

      Look through it carefully before you read any further. Ready? 
      Nervous? Do you have 'Inside Commodore DOS" open and waiting?
      Lets DO IT!
      
      $0457: Disable interrupts, save stack pointer, and signal
             computer that the data will be coming soon.
      
      $0466: JSR to MAIN LOOP of loader.
      
      $0483: Set up buffer pointer for data buffer at $0600.
      
      $048B: Read and send first segment (turbo code). First
             track/sector is $13/$0D and is stored at
             $0528/$0529 for use by other subroutines.
      
      Let's stop here. Using a sector editor or "GMON" drivemon, look 
      at the first sector of the GEOS KERNAL. This is a block of 
      track/sector pointers (GEOS VLIR file). Our GEOS shows 3 file 
      chains starting at $13/$0D (!!!), $14/$11, and $14/$0F. WRITE THESE
      DOWN! (Your GEOS may have slightly different values but the concept
      is the same).
      
      JSR $04CF: Main subroutine to read and transmit the data. Tracing
              it through reveals a fairly standard fast loader. I
              won't go into detail about these subroutines unless
              they're directly related to the protection scheme. If
              you want to understand how each of the DOS and Floppy
              Disk Controller routines work, READ THE REFERENCE
              GUIDES MENTIONED ABOVE AND TRY ALL OF THE EXAMPLES!
      
              The data transmission routine from $03FF - $0456 is
              VERY significant. Stay tuned ...
      
       $0490: Here's where the nastiness really starts. A value of
              #$59 is stored to $0413. Big deal, right? Look what
              effect it has on the transmission routine:
      
            K.J. REVEALED TRILOGY    PAGE [109]    (C)1990 K.J.P.B.