I have sucessfully read the roms from the M1 mainboard using the TOP853 rom programmer.
The process was surprisingly smooth. I was prepared for all sorts of problems along the way, but it just worked. Uncanny...
I ran the
TOP853 software from virtualbox to read the roms into .bin files and then i used
bokken from the ubuntu repos to parse and look at the files. This is how I did it:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_bjxYStF5rjIryBaPhsJC_0YsuKK71x6WsEl0PwkAUDtdRcZW6Lc-LPpgP_4c575TDdgXPqECy2tAnTvQIVFm8KVlQIZeeCw1GL96bIvOKBnUDsIZpa6L7VLz1u443HITarHEMQ8EDc/s1600/select_chip1.png) |
Open the chip select dialog in TOP853. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsJnAvwuzSgiC97l69lbWUvU2Sm9-83EX0Ly9WFnG7ejqJau908VsJIzmeqldy8P8kXsp_SMtVl2ZbfbOOI-cHpP55vZhadRnTVvl5ZrsHd8GE_qSYEBEmfpZGpUhM_5rSeGij-IgJG0Q/s1600/select_chip_2.png) |
Type in 27256 and select EPROM. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcNHGPzbB7oyGqRBFQc-fuWDcfH8ASpEmQfdhtuWkNBgJIGc-vriLf1SdjQdwAttzxCXEtv5p-6NLjwthw_d9EH6knwBp6S-uBeJCj9lQpnWXak40W4t8DsPDCfsahercyYwJfKDE0mqw/s1600/select_delay.png) |
Select a long delay for reliable reading. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQXKzn0yO58e8cOmAlT4G3jKuFUud6E2OYDIzlCwsSM7xGtv7ZRrjCNXWBSlWXwPpJJqgr_IRaF50VvcArjU_nnfWCLMNqc9XHJX8CaHoJoqRGckw47SxgRhtXhW5hb8dwb5PaM8J2UbY/s1600/read_rom.png) |
Start reading the chip into the buffer. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbesVZoGgu3RBP4AJlBUW3C8rnjWeUyLICzyYgLJl6_v1mc8x7Az7JfjQz1TZjGSyZUYneWtivfHqGFik1zP_Q-1SwrYzDtfRaSxOaiBmMZBy-ZJyhgImoJvKXtMjQTbiJFepuQHiqV6g/s1600/save.png) |
Save the buffer to .bin file. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRp8DB3U_5BFT51FXycSciYUrHdNj8mlQnRbk1X3TSW1fK18CQD53_cJuuD9dy_PRCAp29lxS28Roq1ziz9YbNzorQji2vSfIXzStVGiLBM_XpVMq6LF7Q5XHtk-Cq504Cp3LVwecvIZc/s1600/bokken_open_rom.png) |
Open bokken and select the .bin file. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy6EdNowiNaOZYmn8VxVJrkktrktYvb3zuNChQ_l_a4MXj-rjRsk40DogahyphenhyphenVfz0f42XV-pexbhV_9G76TcwSaHlaUIXmdqLVyq2H13FzZyWicDxg1QyuWJuNHkQyqmuMZup7IYZrfNzo/s1600/disasm.png) |
You can browse the dis-assembled code. |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtsTtR6xKXretH0-JyML_RCoC-hPtJutvYYsS170WMKkn7qLjVH2jLHl4h_X_4E3c10q1-FSS8tOeREcoAuopON_8aZ0W-8aUoO8D8g-OOHZyyDDXTU9egxR0aysmu4VsWJ9Q94APWlfY/s1600/strings.png) |
You can view the strings table. |
The plan ahead now is to buy a few replacement roms (modern variants with identical pin-out) and copy the images over and see if they work. Once they work I can start modifying the code slightly.
Figuring out what to change in the code and where might seem harder than it is. I thought about ho to do it and I came up with the idea that the strings tell me something about what the code does, so all I have to do is to follow the strings and see which code pushes the strings around. Next I just identify which strings relate to which functions (such as loading/saving MSD data) and hijack those routines by jumping to an unused location where I have some space for my own code.
Well in theory at least.
No comments:
Post a Comment