this way: <> LOAD "BOOT",8 <>. When the load is complete (you
         may have to hit RUNSTOP/RESTORE), sys the monitor in with SYS
         32768 and hit RETURN. You can now find the boot file in BASIC
         memory at $0801. Interpret memory and scroll down from $0801 . Notice the INTRO. Disassembly of memory at $0801 
         and scrolling down reveals a loader file that loads the INTRO
         file and jumps to $2015.

      2) Load the INTRO file <> L "INTRO",08 <>. Start by disassembling
         memory at $2015 (D 2015). Scroll down through memory, and at
         $201A note the JSR $26B9. Disassemble $26B9 (D 26B9). Here we
         find the decryption routine that is the heart of this protection
         scheme. Refer to the Introduction for general information on
         this. Our task is to replace the encrypted data with valid
         program data. This is relatively easy. Be sure you have a write
         protect on your original and that the ORIGINAL is in the drive.
         Type G 26B9 to start the program up. The drive will run for a
         short time, and then stall. When the drive stops, reset the
         computer and re-SYS the monitor back in (SYS 32768). Disassemble
         memory at $26B9 again and notice that the code has indeed
         changed. This is the valid program code we needed for the break.

      Working with your backup:

      3) Now, all that's left is to save the retrieved data back to the
         backup. Checking the disk log provides the start and end
         addresses of $2000-2A00. Be sure to add one byte to the end
         address and save it to the backup
         <> S "@0:INTRO",08,2000,2A01 <>.

      4) Turn the computer off and on, and boot up your backup. It should
         load past the point that it loaded before our break.
         Unfortunately, it still refuses to load fully. Remember, we did
         find two separate number twenty errors on the original. We have
         disabled half of the protection, now let's do the rest.

      5) Reload the $8000 monitor <> LOAD "32768",8,1 <>. Sys it in with
         SYS 32768. From the half broken BACKUP, reload the INTRO file
         <> L "INTRO",08 <>. Again, start your disassembly at $2015
         . Scroll down, and try to follow the program flow. At
         $2140 you'll find a JUMP $C000. Using the MEMORY command change
         the 4C at $2140 (M 2140) to 00 and hit RETURN. This will stop or
         BREAK the program flow just before it jumps to $C000, allowing
         us to inspect memory in the LOADER file. Activate the INTRO file
         by typing GO 2015.

      6) When the drive stops, reset the computer and reload your $8000
         monitor <> LOAD "32768",8,1 <>. Sys it in with SYS 32768. Start
         by disassembling the code at $C000 . You'll find a jump
         to $C024. Disassembly of $C024 reveals another decryption

            K.J. REVEALED TRILOGY    PAGE [46]     (C)1990 K.J.P.B.