TITANIC : ACTIVISION
      
      Procedure:
      
      Loading the original disk produces a rattle free load, and an
      error scan shows no standard errors. A backup made with the C-64
      Fast Copier produces a non working copy. A backup made with a
      nybbler produces the same non working backup. Before starting to
      work on this program, please make a (non working) backup of the
      original, and a disk log to log the file addresses.
      
      Working with your backup:
      
      1) Let's start by plugging Hesmon in the cartridge port and loading
         the boot < L "*" 08 >. Checking with the disk log, start
         disassembly of code at $02D7  and cursor down through
         the code. The code from $02EE to $0301 opens a channel for
         loading, sets the file name " 1985  ", loads that file in and
         Jumps to $4635. We can load that file in ourselves and inspect
         it.
      
      2) Cursor down to a clear spot and load the 1985 file as 
         < L "  1985*" 08 >. Be sure to use two spaces before the 1985
         file name. The disk log shows this file ranges from 4400-46D8.
         Look at the file in ASCII by using the Interpret command I 4400
         and cursor down through memory. Take note of what it looks like,
         because we will be looking again later. Let's start disassembly
         at the Jump to $4635 . Cursor down through the code and
         note code from $4657 to $4668. Values are being set for the
         decrypter at $466F to $4690 (see Kracker Jax Revealed Vol I for
         more details). We want to execute the decrypter and stop the
         execution after the decryption takes place. To do this we must
         place a 00 (Break Instruction) at $4690. Use the Memory command
         to make your change  and change the 60 to a 00 and hit
         return. Now we can decrypt the code by executing at $4657. Use
         the GO command 

      3) When the monitor breaks,  use the Interpret command again
         starting at $4400 < I 4400 > and cursor down through memory again.
         This time note the Block-Execute at $4571. This command opens
         channel 2, addresses drive 0, and sends the code at track 3
         sector 0 to the RAM of the disk drive ($0400 in this case) and
         executes the code in the drive. This code is the protection
         check routine. While in the Interpret mode, also note the U1
         (Block-Read) of the same Track 3/Sector 0. This block read is
         used to checksum the drive code to check for tampering.
         Checksums throughout the computer code also check strategic
         areas of the computer code for tampering. If changes in the

            K.J. REVEALED TRILOGY    PAGE [32]     (C)1990 K.J.P.B.