break for all is about the same. This code sets up a load of
         the actual protection check code within the GMA3 file. (Those
         of you interested in the drive code for the protection should
         load and inspect GMA3.) A JSR to $C800 within this code
         checks protection, and if the check is successful, a value of
         $97 is place at computer location $0002. Upon return from the
         JSR C800, the value in location $0002 is loaded into the
         accumulator and EORed with a value of $97. Lastly the code
         Branches if Equal (to 0) to $C02A. Remember, if protection WAS
         satisfied, a value of $97 was placed at $0002. The EOR Truth
         Table in the back of the book tells us that $97 EORed with
         $97 is in fact zero. If the branch does take place, it will
         cause a jump around the instruction at $C027 which is a JMP
         ($FFFC). This instruction is actually a Jump to a Kernal
         routine that does a system reset, which in turn will crash
         the load process.

      B) The break is now quite simple. We can jump around the whole
         protection check. All that is necessary is to replace the JSR
         C800 with a JUMP around the reset code to $C02A. We will
         replace the 20 00 C8 with 4C 2A C0 (JMP C02A). Remember, we
         don't want to allow any protection check because if the
         protection is not in place, the drive hangs up and goes into
         an endless spin. Let's make our changes with Disk Doctor.
      C) Using the converter in Hesmon, find the decimal equivalent to
         4C 2A C0. In a clear work space type <$ 004C>. The decimal
         value 76 will be returned. The same procedure for 002A and
         00C0 will return 42 and 192 respectively. Power down and
         remove Hesmon. From the Utility Disk, load Disk Doctor and
         again insert the backup into the drive. At Track 18/Sector 1,
         position 34, you'll find the Prg byte for the GM1 file. Place
         the cursor on the Track pointer at position 35 and press j to
         Jump to Link. You'll be taken to Track 17, Sector 1. Starting
         at position 0 cursor along and look for the hex bytes 20 00
         C8 (JSR C800) pattern. At position 34 you'll find the first
         byte of that pattern. Use the @ key to change three bytes
         starting at position 34 to 76, 42, 192 (decimal equivalent).
         Hit the r key to rewrite the sector and then y for yes. Your
         title is now free from all protection and may even be file
         copied if desired.
      Most computer software houses utilize some form of "copy
      protection" that prevents the average consumer from making backup
      copies of the program(s) that the company distributes. Even the

            K.J. REVEALED TRILOGY    PAGE [74]     (C)1990 K.J.P.B.

<<previous page - next page>>