Reverse Engineering Unobtanium

font

If you listen to [Bil Herd] and the rest of the Commodore crew, you’ll quickly realize the folks behind Commodore were about 20 years ahead of their time, with their own chip foundries and vertical integration that would make the modern-day Apple jealous. One of the cool chips that came out of the MOS foundry was the 6500/1 – used in the keyboard controller of the Amiga and the 1520 printer/plotter. Basically a microcontroller with a 6502 core, the 6500/1 has seen a lot of talk when it comes to dumping the contents of the ROM, and thus all the code on the Amiga’s keyboard controller and the font for the 1520 plotter – there were ideas on how to get the contents of the ROM, but no one tried building a circuit.

[Jim Brain] looked over the discussions and recently gave it a try. He was completely successful, dumping the ROM of a 6500/1, and allowing for the preservation and analysis of the 1520 plotter, analysis of other devices controlled by a 6500/1, and the possibility of the creation of a drop-in replacement for the unobtanium 6500/1.

The datasheet for the 6500/1 has a few lines describing the test mode, where applying +10 VDC to the /RES line forces the machine to make memory fetches from the external pins. The only problem was, no body knew how to make this work. Ideas were thrown around, but it wasn’t until [Jim Brain] pulled an ATMega32 off the top of his parts bin did anyone create a working circuit.

The code for the AVR puts the 6500/1 into it’s test mode, loads a single memory location from ROM, stores the data in PORTA, where the AVR reads it and prints it out over a serial connection to a computer. Repeat for every location in the 6500/1 ROM, and you have a firmware dump. This is probably the first time this code has been seen in 20 years.

Now the race is on to create a drop-in replacement of what is basically a 6502-based microcontroller. That probably won’t be used for much outside of the classic and retro scene, but at least it would be a fun device to play around with.

40 thoughts on “Reverse Engineering Unobtanium

    1. where do I punch in the elastic modulus of the springs in the keyboard switches?

      Does verilog accurately mimic the registration errors in the printing of the aluminum nameplate? Does it accurately place the double sided tape on the bottom of the nameplate? Does it accurately model the organic content of the soldering flux and its ability to attract insects?

      Tell us more about your “entire” C64

    1. Well, you can’t buy them anywhere and you don’t have the code, so yeah, unobtanium. This kind of reverse engineering helps preserve those ancient chips and make it possible to replicate them using an FPGA/CPLD or maybe a modern day microcontroller.

    2. All chips fail, it’s just a matter of when. RAM burns out, controllers stop working, ROMs encounter bit rot. A capacitor pops or a diode shorts and takes three or four chips with it. There’s a reason why mean time to failure is calculated.

      1. I have a lot of electronic equipment from the 1970’s and a little from the 60’s, and _none_ of the semiconductors have failed. Rubber parts in tape recorders and turntables rot, rechargeable batteries go bad, and switches get bad but can usually be brought back with contact cleaner. I can’t think of any capacitors I’ve had go bad in my own equipment, and the few that have gone bad in our products after 15 years are quite predictable, being the ones operated at a steady voltage with the least WVDC derating. The calculator I use every day HP-41cx) was made almost 30 years ago; and it, along with all the modules and accessories, work fine, except an inkjet printer that seems to have bad contacts at the print head.

          1. The company I work for did not start using SMT until after 2006, for various reasons that may not apply to many other companies and types of products. We still use leaded solder, as the European market is more trouble than it’s worth.

  1. We grant “copyright” to corporations EXPRESSLY so that they have an economic incentive to NOT allow their creations to BIT-ROT. Read our Constitution! Rights for individuals had to wait for amendments. But the preservation of knowledge was considered MORE important so it went in right away, before individual freedoms were added.

    It’s a freaking JOKE is what it is. We give corporations the right to engage in rent-seeking behavior, and we get NOTHING in return. We DO NOT get to enjoy the fruits of their government-subsidized profits. We get dead technology, forgotten work, and stories like this.

    1. Technically chip designs don’t fall under copyright laws…and this particular chip predates the 1984 semi conductor chip protection act.

      The act also explicitly allow reverse engineering of a chip.

      But go ahead, lets not let facts get in the way of your rant.

        1. They do. But there are a few things to be considered: Who would benefit from this NOT being done? The long non-existent corporation? Would someone buy the rights (from whom?) to produce a marketable product using that code? Even if the copyright returned to the actual authors, it’s been a breakthrough some good years ago when CBM employees who could theoretically be the owners of some firmware code – agreed that they won’t pursuit any copyright ownership. Now – OTOH – who may benefit from this BEING actually done? Every owner of a retro-device, which doesn’t have much practical value but it would be nice to revive it? And without anyone selling appropriate parts ever again – it would not be possible? And every owner of such piece of hardware already OWNS the licence (he bought it with the hardware) but couldn’t do anything… So yes, they’re dumping the code. For a good cause and the potential users of this won’t be violating much if they already have devices, which need this code to operate..

          1. human knowledge in the end should be owned by humanity

            we stand on the shoulders of those who came before us

            the particulars are irrelevant, are we civilized romans, or do we fiddle while the library burns?

        2. What would CBM do about the chip getting dumped? Rise from the grave and sue? All of the companies behind this chip have gone under and current corporation that took the old names like Commodore likely can’t do anything.

          It’s better to have it dumped and made available publicly than wait until copyright law expires and discover all of the electronics have degraded and nothing can be dumped. Even ROM chip will fail, the copper and some other metal never stops breaking down and eventually chip will have oxidized to the point it breaks connection between pins and the silicon waver inside.

      1. “The act also explicitly allow reverse engineering of a chip.”

        So I can reverse-engineer a flash chip with a copy of Windows on it ans sell that? Really?

        Tell us more about how we can legally copy the firmware on a chip

    1. I am also not fully satisfied (as always – I am the author ;-) so if you think something can be written better – let me know. I understand it and can augment or rephrase whatever is needed. Actually the test mode is described “enough” in the data sheet.

      In short TEST mode is entered when the /RST line is driven up to 10V. In this mode, instead of fetching from internal memory, every data is fetched from one of the 8-bit ports. The trick is to make the “switch” from “normal” mode to “TEST” mode without sending the CPU to the woods.

  2. Brian (and others at HaD), when are you finally going to learn the difference between “it’s” and “its” ?
    It’s really annoying to see things like :
    … into it’s test mode

        1. f off>anyone that says the people that comment [on the site that they read every damn day] that the people that make it happen suck. Grammar can takes a back seat as far as I am concerned. as long as the the meaning is apparent who gives crap?

      1. Brian, frankly the HaD contributors ought to have some basic language skills. I believe that’s something we can expect from people who (to some extent) write for a living.
        Matt Terndrup does it too in his latest contribution : “Perhaps, you’re circle of friends is getting …”

Leave a Reply to JerryCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.