Note your encrypted byte changes and use the sector editor to 
         write them to you backup copy.  It should be Track/Sector 1/20,
         byte positions $AE/AF (174/175). Also make sure you have
         corrected the first change we made. Now reboot the GEOS backup.
         "Booting GEOS..."... no reset... You hear the drive head swing
         out to 36 and back. It's loading! The screen clears, the Desktop
         appears, and ... where's the mouse pointer? The joystick's dead.
         We've been caught! But how?
      
      8) The most common method is through checksums. If any bytes in the
         code have been changed, a checksum routine will usually detect
         it. The protection scheme can then assume tampering and take
         appropriate action. We could hunt for the checksum code or we
         could cover our tracks. Let's try covering our tracks.
      
      9) We really only altered one byte in "GEOSBOOT" but we'll have to
         change a few more to pull this one off. Where could we place our
         code? A technique we use is to add it right to the end of the
         file. The last byte of "GEOSBOOT" is at $642B so we can start
         our code at $642C.  But what's going to call our routine?  Look
         for a jump instruction away from the $6000 area.  At $621F, the
         code jumps to the $C000 area. Change that to jump to our code
         (JMP $642C).
      
     10) Now we have three bytes to correct: the drive code branch
         address at $63A5 and the JMP to our new code at $6220/6221. Our
         new code should be similar to the following:
      
         A 642C  LDX #$E7 ; restore original drive code BNE address
                 STX $63A5
                 LDX #$03 ; restore original JMP address - lo-byte
                 STX $6220
                 LDX #$C0 ; restore original JMP address - hi-byte
                 STX $6221
                 JMP $621F
      
         Re-encrypt the code and look at our new code at $642C. It, too,
         has been encrypted. Write down the encrypted bytes and the new
         jump address at $6220. We'll write these to the backup.
      
     11) After loading the sector editor, write our new, encrypted jump
         address to Track/Sector 1/20 - byte position 40 ($28). Then add
         our new, encrypted code to the last sector in the file - T/S
         1/7. Don't forget to change the last byte pointer at position 1
         to the last byte of the new code. Using the above example code,
         the new bytes would be start at position 56 ($38) and the last
         byte would be at position 73 ($49). Position 1 will changed to
         73 ($49).
      
     12) Now reboot GEOS. It should load clean as a whistle. Just
      
            K.J. REVEALED TRILOGY    PAGE [97]     (C)1990 K.J.P.B.