exact protection is a litte tricky and has been found on quite a
      few programs.
      
      Procedure:
      
      Loading the original produces a drive rattle. An error scan
      shows massive write errors on the original. A backup made with the
      C-64 Fast Copier produces a non working copy. Before starting to
      work on this program, do a disk log and an error scan to determine
      error type and location.
      
      Working vith your backup:
      
      1) Let's start by plugging Hesmon in the cartridge port and
      powering on. Insert your backup in the drive and load the boot
      file < LOAD"UXB",8,1 >. From the disk log we can determine that
      this file begins at memory location $032C. Start disassembly at
      $032C < D 032C >. Cursor down through the code. This code opens
      channels to the drive and loads a one character file name at
      $035B. If you Interpret memory at $035B < I 035B > you'll find
      the file name X. After the load, a jump to $08B0 is taken.
      
      2) Load the X file into memory < LOAD"X",8,l >. Begin disassembly
         at $0BB0. The following is an explanation of the program flow.
      
          D $08B0 : JSR 081E
          D $081E : $081E-$0841 opens an error channel to the drive
                    < I E260 > and does a JSR back because the JUMP to
                    $FFC0 is a kernal routine and always ends with a
                    JSR.
          D $08B3 : JSR 0844
          D $0844 : Sends a U1 (Block Read) command to the drive from
                    an encrypted form. The code from $084E-$085D decrypts
                    and sends the U1.
          D $0868 : JSR FFA5 : Inputs a byte from the serial port.
          D $0872 : CMP 081A ($32 or the 2 in a 23 error).
          D $0874 : BNE crash.
          D $0877 : JSR FFA5 : Inputs a byte from the serial port.
          D $087A : CMP 081D ($33 or the 3 in a 23 error).
          D $087C : BEQ to a JSR which closes channels and RTS back to
                    $08B6. Otherwise the program flow falls through to a
                    crash.
      
      3) There are many ways to break this title. Three will be given.
         Make all your changes using the Memory command and then resave
         the file to the backup as < S "@0:X" OB 0801 0977 >
      
       A) Place 3 NOPs at $08B3 over the JSR to $0844. This will cause
          the program to not even check protection.
      
            K.J. REVEALED TRILOGY    PAGE [12]     (C)1990 K.J.P.B.