cartridge port. Turn the computer on again and load the boot
         file from the original <> LOAD "DWARF",8: <>. You can list this
         file and inspect it. You'll find it loads the file called BOOT2
         and then a SYS 49152 ($C000).

      5) From your utility disk, load the $2000 monitor
         <> LOAD "8192",8,1 <>. Sys it in with SYS 8192. Now load the
         BOOT2 file <> L "BOOT2",08 <> and start disassembly at $C000
         (D C000). The first instruction at $C000 is a JSR to $C028.
         Disassemble $C028 (D C028) and here you'll find the decryption
         routine that is the heart of this protection scheme. It resides
         from $C028 to $C037. The break itself is very simple. Make sure
         you have a write protect tab on the ORIGINAL and that it is in
         the drive. Start the program by typing G C028 and press RETURN.
         The drive will spin for a short time and then stop. At this
         point, reset the computer and re-SYS the monitor back in with
         SYS 8192. Again disassemble code at $C028. You should find new
         code in the place of the encrypted code. All that's left is to
         save this broken loader back to the backup.

      Working with your backup:

      6) Reset the computer and place your prepared backup in the drive.
         Scratch the BOOT2 file <> OPEN15,8,15,"S0:BOOT2" <>. Re-SYS the
         monitor in with SYS 8192. The disk log provides the start and
         end addresses of the BOOT2 file. Be sure to add one byte to the
         end address. With your backup in the drive, save the BOOT2 file
         back to the backup <> S "BOOT2",08,C000,C151 <>.

      Your backup is completely broken and can now be copied with any
      whole disk copier. Unfortunately, it remains non-file copyable
      because of the way the programers set up the disk files.



      INTRO : PROTECTION SCHEME TYPE K

      This protection scheme is, at this writing, one of the most
      effective and prevalent methods of defeating today's nybble
      copiers. When you know what to look for, you'll find this scheme
      is being employed by many different software houses. I like to
      think of this protection as the "big brother" of the long sectors
      discussed in the previous section.

      This scheme can be recognized by the following similarities. When a
      disk error check is done, no write errors will be found on the
      original. When booted, no drive rattle will be encountered. The
      program cannot be backed up with either a fast copier or a nybbler.
      Usually, you will find data in the directory other than normal

            K.J. REVEALED TRILOGY    PAGE [50]     (C)1990 K.J.P.B.