COUNTDOWN TO SHUTDOWN : ACTIVISION

         Procedure:

         Loading the original produces a rattle free load, and an error
         scan shows no standard errors. A backup made with the C-64 Fast
         Copier produces a non-working copy. A nybbled backup produces the
         same non-working copy. Before starting to work on this program,
         please make a (non-working) backup of the original, and a disk log
         to log the file addresses.

         1) Turn off your computer and insert your reset button
         assembly into the cartridge port. Turn the computer on again. Load
         the $C000 monitor from your utility disk <> LOAD"49152",8,1 <>. At
         the completion of the load, type SYS 49152 and hit RETURN. The
         monitor should be active now.

         Working with your backup:

         2) With your backup in the drive and the monitor active, load
         the boot file <> L "1C0P*",08 <>. When the load is complete,
         disassemble memory at $02A0. You'll find a loader routine that
         loads in the 1985 file and jumps to $0B79.

         3) Load the 1985 file into memory <> L " 19*",08 <>. After
         the load, start disassembly of code at $0B79 (D 0B79). The code is
         as follows: $0B79-$0BCB sets up a fast loader and loads in the
         logo screen. $0BCC is a JSR (GOSUB in BASIC) to the logo screen.
         $0BCF is the start of the main program load. It is this code
         that is of interest to us.

         4) The code at $0C40-$0C61 is a decryption routine. Examine
         it because it is the key to the de-protection. This routine allows
         decryption and examination of the protection code. At the end of
         this decryption routine is a RTS ($0C61). Using the Memory
         command (M 0C61), change the 60 to a 00. This will allow a
         normal operation of code until the 00  (Break or Stop) is
         encountered. The program, once started, will stop right after
         the decryption, allowing us to examine the protection routine.

         5) For our purposes, we will skip over the fast loader and
         logo screens. Let's start the program after the logo screen is run
         ($0BCF). Type G 0BCF and hit RETURN. The screen should turn
         black. Wait for about five seconds and reset the computer.
         Return to the monitor with SYS 49152. Using the INTERPRET
         command, examine code from $0A00 on (I 0A00). Code at $0AEF
         reveals a Block Execute (executes a protection check routine
         placed in drive memory) and code at $0B72 reveals a Memory Read


            K.J. REVEALED TRILOGY    PAGE [22]     (C)1990 K.J.P.B.