Broadcasts.com - "HPR4022: dumping roms for fun and profit" (Hacker Public Radio)

Technology
SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en

HPR4022: dumping roms for fun and profit

Published: Jan. 2, 2024, midnight

disassembling - hex2bin is used for converting hexadecimal files into\na binary file. - used z80dasm to disassemble machine code into\nhexadecimal - use xxd to view the hex code and machine code side by side\n- ghidra, reverse engineering suite used for analysis

https://www.noagendashow.net/ https://twostopbits.com/\nhttps://en.wikipedia.org/wiki/Programmable_ROM https://en.wikipedia.org/wiki/Dual_in-line_package https://www.tablix.org/~avian/blog/articles/z80dasm/ https://ghidra-sre.org/\nhttps://hex2bin.sourceforge.net/

1.prom-location-on-board.jpg 2.prom-ready-to-read.jpg

Intelhex file snipet:

:100600003E0FCD8E043E0ECD8E04211441360023C4\n:1006100036003A6341326A41CDB204CDC404CD61A3\n:1006200005215541CB46C46306210F41CB6E281CE2\n:10063000210241CB4E28CE210F41CB7E2809FEEC72\n:10064000CAC306FEED287CCD45071849CB66284570\n:10065000210741CB76203B21154134CB8ECB9ECB5D\n:10066000961832FEFFC8CB4E2808FEE42004CB8E3D\n:10067000D1C9211941BED0FE31D8215541CB6628C0\n:1006800003FE31C8321341CBA7CBAF215541CBD6A6\n:10069000D1C9CD45072114413400003A2E41BEC2D4\n:1006A0001E0636000000211541CB46216B417E2BF2\n:1006B0002016BE200F3E132B772124413600210F38\n:1006C000413EFFC934C31806BE28EA3EC9CD8E0498\n:1006D0002115417EC60477CB5E200CCBA6AF01006E\n:1006E00041CD9104C31E063E2018F3210F41CB6675\n:1006F000202DCB6E28093A1341FEE4CCD107C93E28\n:10070000FFC9CDEB06210F41CB662013CB6E28EF3E\n:100710003A1341FEE12804FEE22004CDD107C93A94\n:100720001341C93E200614219042772310FCC921B1\n:100730002541367C233614CD5207C9212541362068\n:1007400023362018F2FB2125413680233601CD5374\n:1007500007C9F31680211241CBCECB964E0640CB73

xxd output showing text that's displayed on the screen when the\ndevice boots

000025d0: f4f5 f6f7 f9ef e1e2 0ded e8f8 30e4 3d3b  ............0.=;\n000025e0: 272f e550 3839 4f4b 4c2c 2e49 3637 5548  '/.P89OKL,.I67UH\n000025f0: 4a4e 4d59 3435 5446 4756 4252 3233 4553  JNMY45TFGVBR23ES\n00002600: 4458 4357 e631 5141 5ae7 20ec ebea 2020  DXCW.1QAZ. ...\n00002610: 2020 2020 0f53 454c 4543 5420 4143 5449      .SELECT ACTI\n00002620: 5649 5459 1053 454c 4543 5420 434c 4153  VITY.SELECT CLAS\n00002630: 5320 312d 3906 4c45 5353 4f4e 1053 454c  S 1-9.LESSON.SEL\n00002640: 4543 5420 4c45 5645 4c20 312d 3405 4c45  ECT LEVEL 1-4.LE\n00002650: 5645 4c12 5345 4c45 4354 2053 4543 5449  VEL.SELECT SECTI\n00002660: 4f4e 2031 2d32 1231 2d45 5841 4d50 4c45  ON 1-2.1-EXAMPLE\n00002670: 2050 524f 4752 414d 5310 322d 4241 5349   PROGRAMS.2-BASI\n00002680: 4320 434f 4d50 5554 4552 1045 5841 4d50  C COMPUTER.EXAMP\n00002690: 4c45 2050 524f 4752 414d 530e 5052 452d  LE PROGRAMS.PRE-\n000026a0: 4241 5349 4320 5631 2e30 1253 454c 4543  BASIC V1.0.SELEC

z80dasm output:

    push af         ;0040   f5  .\n    push bc         ;0041   c5  .\n    push de         ;0042   d5  .\n    push hl         ;0043   e5  .\n    ld hl,0410fh        ;0044   21 0f 41    ! . A\n    res 4,(hl)      ;0047   cb a6   . .\n    res 5,(hl)      ;0049   cb ae   . .\n    set 6,(hl)      ;004b   cb f6   . .\n    bit 0,(hl)      ;004d   cb 46   . F\n    jr nz,27        ;004f   20 19     .\n    bit 1,(hl)      ;0051   cb 4e   . N\n    jr z,41     ;0053   28 27   ( '\n    ld hl,0410eh        ;0055   21 0e 41    ! . A\n    inc (hl)            ;0058   34  4\n    ld a,(hl)           ;0059   7e  ~\n    cp 032h     ;005a   fe 32   . 2\n    jr nz,32        ;005c   20 1e     .\n    ld (hl),000h        ;005e   36 00   6 .\n    ld hl,0410ch        ;0060   21 0c 41    ! . A\n    inc (hl)            ;0063   34  4\n    jr nz,24        ;0064   20 16     .\n    inc hl          ;0066   23  #\n    inc (hl)            ;0067   34  4\n    jr 20       ;0068   18 12   . .\n    ld hl,0410ch        ;006a   21 0c 41    ! . A\n    inc (hl)            ;006d   34  4\n    jr nz,14        ;006e   20 0c     .\n    inc hl          ;0070   23  #\n    inc (hl)            ;0071   34  4\n    ld a,(hl)           ;0072   7e  ~\n    cp 00ch     ;0073   fe 0c   . .\n    jr nz,7     ;0075   20 05     .\n    ld hl,0410fh        ;0077   21 0f 41    ! . A\n    set 2,(hl)      ;007a   cb d6   . .

If you've gotten this far, the forth code, read bottom up:

-promreader\nmarker -promreader\n\n2variable low-mem\n2variable high-mem\n\n\\ 22-29\n$22 constant LOW-BYTE\n$21 constant DDRA\n$20 constant PINA\n\n\\ 53=PB0, 52=PB1\n$25 constant PAGE\n$24 constant DDRB\n$23 constant PINB\n%0000.0001 constant PAGE-SELECT\n%0000.0010 constant CHIP-ENABLE\n\n\\ 37-30 (reversed on board)\n$28 constant HIGH-BYTE\n$27 constant DDRC\n$26 constant PINC\n\n\\ 49-42 (reversed on board)\n$10b constant  PORTL\n$10a constant  DDRL\n$109 constant  DATA\n\nvariable LineFeed\nvariable Address\nvariable CheckSum\n\n$10 constant ByteCount\n0 constant RecordType\n\n: port-init ( -- )\n  PAGE-SELECT DDRB mset\n  CHIP-ENABLE DDRB mset\n  $ff DDRA mset\n  $ff DDRC mset\n  $ff DDRL mclr\n  $ff PORTL mset\n  CHIP-ENABLE PAGE mset\n  PAGE-SELECT PAGE mclr\n;\n\n: hex>ascii ( n -- c c ) dup $f0 and 4 rshift swap $0f and digit swap digit ;\n\n: checksum+ ( n -- )  CheckSum @ + CheckSum ! ;\n\n: .output ( n -- )  ( dup ) ( checksum+ ) emit emit ;\n\n: address ( n -- )\n  Address @\n  dup $ff00 and 8 rshift swap\n  $00ff and swap\n  dup checksum+\n  hex>ascii\n  .output\n  hex>ascii\n  .output\n;\n\n: add>bytes ( n -- n n ) dup $ff00 and 8 rshift swap $00ff and ;\n\n: build-record ( n -- ) dup checksum+ hex>ascii .output ;\n\n: header ( -- )\n    ." :"\n    ByteCount build-record\n    Address @ add>bytes swap build-record build-record\n    RecordType build-record\n;\n\n: .checksum ( -- )\n  CheckSum @ invert 1+\n  build-record\n  0 CheckSum !\n  cr\n;\n\n\n: address+ ( -- n ) Address @ 1+ dup Address ! ;\n\n: line-feed+ ( -- )\n  LineFeed @ 1+\n  dup\n  ByteCount = if\n    ( .checksum )\n    0 LineFeed !\n    cr\n  else\n    LineFeed !\n  then\n;\n\n: read-data ( -- d )\n  CHIP-ENABLE PAGE mclr 10 ms\n  DATA c@ 10 ms\n  CHIP-ENABLE PAGE mset 10 ms\n  ;\n\n: set-high-byte HIGH-BYTE c! ;\n\n: set-low-byte LOW-BYTE c! ;\n\n: get-data ( -- n )\n  Address @ add>bytes\n  set-low-byte\n  set-high-byte\n  read-data\n  build-record\n;\n\n: page-read ( -- )\n  0 CheckSum ! 0 Address ! cr\n  begin\n    0\n    header\n    begin\n      get-data\n      Address @ 1+ Address !\n      1+\n      dup 16 =\n    until\n    drop\n    .checksum\n    Address @\n    0=\n  until\n  ." :00000001FF" cr\n;\n\n\n: dump-prom ( -- )\n  port-init\n  ." Page 1" cr\n  page-read\n  PAGE-SELECT PAGE mset\n  ." Page 2" cr\n  page-read\n  ;

PROM location on board
\n

PROM ready to read
\n