LDA #$59   >   $0413: 2C 2A 04   BIT $042A
                     ||   >          ||         |||
                     ||   >          ||         |||
               STA $0413  >   $0413: 59 2A 04   EOR $042A,Y
      
               The innocuous BIT instruction has instantly been
               transformed into EOR - the favorite scrambling tool of
               copy protection programmers everywhere. Every sector
               transmitted from this point on will be EOR'd with the
               drive code before it's sent to the computer. Consider
               what happens if just ONE byte of the drive code from
               $042A - $0529 is altered: the main GEOS KERNAL,
               excluding work areas and disk drivers, is approximately
               16384 bytes. If 1 byte of every 254 is wrong, we have
               64 bytes with unknown values occupying our operating
               system, a system error for every occasion!
      
      $0495:   The next few instructions should seem familiar if
               you've been reading closely. They start the load of the
               second segment - the GEOS cold start routine at $5000.
               Look again at the VLIR block of the GEOS KERNAL: the
               third set of track/sector pointers reads - you got it -
               $14/$0F, consistent with what we've learned so far.
      
      $049F:   Something different is happening here.  If you've
               done your homework, you'll recognize the 1541 SEARCH
               subroutine $F510. This searches the current track for
               the specified sector header GCR bytes, the first eight
               of them significant and the rest as filler preceding
               the sector data block. If SEARCH fails to find a sync
               mark and 1541's normal error handler instead of
               returning to the fast loader.
      
      $04A7:   And here's the main attraction, ladies and
               gentlemen. Read two GCR bytes with JSR $04F3.
      
      $04C2:   Congratulations! You've just entered the BYTE COUNT
               ZONE. The protection check is checking the tail gap of
               every header and data block on the current track ($14)
               for 2 precisely located bytes. The X register contains
               the sector count ($13 = 19 dec). The protection check
               loops as follows: JSR $0502: This routine waits for
               either a GCR $55 or $67 in the current header/tail gap.
               If neither byte appears, the return address is pulled
               off the stack. The protection has failed and is
               getting ready to call it a day. 
      
      $04B0:   Count $100 (256) GCR bytes on the track.
      
      $04B5:   Count $45 (69) GCR bytes on the track. We've just
      
            K.J. REVEALED TRILOGY    PAGE [110]    (C)1990 K.J.P.B.