let it gather the data we need to break the title. Then a simple
      memory save is all that's needed to complete the job.

      The benefit of breaking the programs using this protection
      scheme is the fact that almost all of them are file copyable
      afterwards. This means they can be placed on a disk with other
      programs.

      Please note that this protection scheme is very important to
      understand. The reason for this is the fact that there is a new
      scheme now on the market that very closely resembles it. This new
      scheme is NOT copyable by any nybble utility and must be hand
      broken. You'll find this new scheme discussed in the next
      chapter.



      IMPOSSIBLE MISSION : EPYX

      Procedure:

      Loading the original produces a rattle free load, and an error
      scan shows a number twenty error on track 16, sector 20. A backup
      made with the C-64 Fast Copier provides a non-working backup.
      Nybble utilities are capable of providing a backup. Loading the
      backup results in a load that stalls rather quickly. We can assume
      the protection is in the loader file. Before starting to work on
      this title, please make a backup and do a disk log (print-out is
      best).

      Working with your original:

      1) Turn off your computer and insert your reset button assembly
         into the cartridge port. Turn the computer on again and, from
         the utility disk, load the $8000 monitor <> LOAD "32768",8,1 <>.
         Sys the monitor in with SYS 32768 and hit RETURN. Let's begin by
         loading and inspecting the boot file <> L "RUN ME",08 <>. At the
         end of the load, start disassembly at $02A7 (D 02A7). Scroll
         down through the code and notice that the boot loads the file
         LOADER (LO*) and jumps to $B000.

      2) Load the LOADER file <> L "LO*",08 <>. Because this file
         resides in the BASIC interpreter location, we must turn BASIC
         off before we can examine any code. Change address location
         $0001 from 37 (77 on C-128) to 36 (76 on C-128). Use the MEMORY
         command (M 0001) to make your change. When the change has been
         made, we can inspect the code beginning at $B000.

      3) Disassemble starting at $B000 (D B000) and inspect the code from
         $B000 to $B00F. This is a decryption routine and is the heart of
         this protection scheme, as discussed in the introduction. Our

            K.J. REVEALED TRILOGY    PAGE [44]     (C)1990 K.J.P.B.

<<previous page - next page>>