remember to watch your step when dealing with protection from
      Berkeley. They are notorious for their endless checksum
      routines.
      
      
      
      DESKPAK I : BERKELEY SOFTWORKS
      
      Dealing with Berkeley's protected applications presents a
      two-fold problem: 1) The installation code which stamps your GEOS
      serial number on the master and does a protection check and
      checksum routine. 2) The I%&%#$'&$ serial number verification that
      prevents you from taking your GEOS application to a friend's house
      and using it with his GEOS. Both, however, are relatively easy to
      break. This will be a general discussion of the first-generation of
      Berkeley applications, using Deskpak I as an example.
      
      The protection scheme on this first-generation is essentially
      the same. The code first checks to see if the disk has been
      installed. If it hasn't, it whips out to Track/Sector 35/0 and
      reads in the block. The block contains a direct I/O routine and
      some drive code that looks for non-standard data. If everything
      checks out, it installs your internal GEOS serial number to the
      master (no write-protect tabs allowed). It never does the check
      again, allowing you to copy the application to work disks. From
      then on, it does nothing but the serial number check. This works
      fine in theory, but is rather inconvenient if you want to show it
      to somebody else and you've forgotten your copy of GEOS.
      
      The protection does checksum itself, however. To bypass this,
      we'll demonstrate a technique we use called the byte-swap. This
      entails switching bytes in the code among themselves to force the
      protection to pass.
      
      Get out your GEOS Programmer's Reference Guide and make a backup
      of an UNINSTALLED Deskpak I master. Load the "DESKPAK READ" file
      from the Utility Disk and run it. The program reads
      Track/Sector 35/0 into 32768 ($8000) in memory. Load the $C000
      monitor ("49152") from the utility disk and study the code at
      $8000. Look up the GEOS subroutine calls in the reference guide.
      Half of this code is the drive routine that is sent to the 1541.
      The other half suspends GEOS I/O and sends the drive routine to the
      1541.
      
      The protection check itself is at $803E. It reads in some bytes
      and compares them. If they all match, it falls through to $8061.
      Otherwise, it branches to $8064. In fact, its not unlike GEOS v1.2
      protection (see previous GEOS v1.2 discussion). We can break the
      installation protection right here. However, we must contend with a
      checksum routine located in the main code, so we must keep the
      
            K.J. REVEALED TRILOGY    PAGE [98]     (C)1990 K.J.P.B.