I'd noticed that the restriction was arbitrary, but I never considered hacking the OS to remove it. Your understanding of the EOS amazes me.
It wasn't really all that difficult to do since like you said, I knew it was arbitrary.
The first step was to prevent ERR:OVERFLOW. For this, I did 1E99 + 9E99 and set a break point at _FPAdd. From there, I just stepped through the code and waited for an ERR:OVERFLOW to be thrown. After about 3 iterations of this, I finally stumbled upon _CkValidNum which clearly compared the exponent to +99 and -99. I just disabled that check
(Actually, I still check for E-128)
The second step was to allow 3 digit exponents, but again, this was just a bit of "find the error." I set a breakpoint in the massive parser loop (endless "CP \ jr z" table) and watched as the errors unfolded for E127. I soon found a routine that used RLD to rotate the low nibble of the current byte being parsed into memory and I saw that on the third iteration, the memory location became invalid and a counter went to zero. My solution for this was just to do some code injection where I put a call to the end of the page and wrote my own routine to parse the number. All I had to do was watch for the overflow and add $A0 (BCD hack) if the new exponent was going to be in the correct 100-127 range and increase the counter by 1 to avoid the error.
So I guess that's a bit complicated, but the idea is that if something throws an exception, it's not very hard to catch by stepping through the code.
