|DM-15CC ROM grabbing|
Message #1 Posted by David Jedelsky on 12 Aug 2012, 12:29 p.m.
Hello everybody! :)
I'm back from holidays, so I will write some information (as I promised some time ago in reply to Mark Hardman's question) how we scanned the HP1x calculator ROMs.
uhmgawa in previous thread had brave reactions how the ROM grabbing is easy :). It looks like he is very well equipped with logical analyzers and other gadgets :). I agree this way it could be very easy to grab the ROM. But I have literally no single piece of such equipment. Even access to something like this anywhere. So I decided to grab the ROMs directly with our DM-15CC calculator. It means using board with ARM cpu (LPC1114) running at 48MHz. Don't you think it is much more fun?
The DM-15CC calculator has serial link over USB. So the idea was easy. Just read few logical signals in loop (finally just two: the ISA bus and sync signal) and send read values over serial link into PC where the received data is stored into file. And as a second step write simple utility to decode signals in a of-line way from grabbed serial line data.
After few tests I have found the actual bottleneck of the whole 'system' ... the maximal usable speed of serial line. So I just used small capacitor to slow-down the calculator's clock to be able to obtain usable samples.
Then I have written the of-line decoding utility using python. It just read the grabbed serial data and decodes the address:data pairs from it. Nothing especially big ... some 160 lines in python :).
Here is the whole process:
- HW preparation -> connect ISA and SYNC signal to grabbing calc and attach slow-down capacitor
- Pressing ON+[+] on the real calc (it is infinite self-test)
- Start serial data grab into file on PC
- Run it for few minutes ...
- Offline decoding - run the python decoder and grep the output to create final ROM file
So, for all interested. Yes! We are also using the self-test trick :).
Finally, somebody could be interested how long it took to do it everything from the start to the final ROM file (if anybody want to do it by yourself). I divided it into two sessions (well, the time is precious) approx. two hours each:
- First one: the ARM code and read of serial data into PC
- Second one: decoding utility and final dump
At the end I apologize to all who hoped I will uncover some big secrets in my post :) (I hope nobody expected anything special) ... and I hope you appreciate it :)
Edited: 13 Aug 2012, 7:38 a.m.