EPROMs, those UV-erasable memory chips of the 80s and 90s, once played a crucial role in countless electronic devices. They’ve become relics of a bygone era, but for enthusiasts of vintage electronics, the allure of these light-sensitive devices remains strong. Today, we’re diving into [Kevin Osborn]’s nostalgic journey as he uncovers the secrets of old EPROMs loaded with Atari 7800 code.
[Kevin] used to work at General Computer Company, which produced the Atari 7800 and several games for the system. Thus, he had a handful of old carts and development EPROMs sitting up in his attic along with an old console. Recently, he decided to try and uncover what was on the EPROMs and begun an investigation. They wouldn’t run in his Atari, and he quickly realized why: the EPROMs weren’t cryptographically signed, so the system wouldn’t load them.
After a little work, he was able to dump the EPROMs with the help of a TL866II+ reader. After some hacking, he was able to fettle the data on the EPROMs into something that would run on the A7800 emulator. This was easy enough, as the emulator doesn’t run checks for properly signed code. From there, he was able to use a UV phone sanitizer to wipe the EPROMs, and re-burn them with signed versions of their original code. This took the application of some high voltage, but with the aid of an external power supply, it worked. He was able to successfully run the obscure ROMs on real Atari 7800 console hardware.
UV-erasable PROMs, or EPROMs, have long been superseded by the more convenient electrically-erasable PROMs, or EEPROMs. Their advent rapidly sped up embedded development for all of us, and should be greatly appreciated. If you’ve been tinkering with your own ancient retro finds, don’t hesitate to drop us a line.
Does anybody know exactly what the Atari 7800 signature scheme actually is? Has anyone dumped the roms in the console? 1986 seems pretty early for public-key crypto to be used in consumer electronics. A 960-bit RSA signature might still be a little out of reach for us to break today.
It seems that tools for generating the signature have been available since beginning of 2000s, a78sign and sign7800. But not sure how their history is, from forum posts it sounds like the original Atari utility was leaked and the private keys with it.
It appears to be legit public key crypto.
The signing code and master key were literally built into an Atari ST app. That and the signing apps for other systems like Lynx and Jaguar were found on a hard drive from an Atari dumpster. Another copy of the 7800 app was found in a different dumpster hard drive. If it weren’t for Atari’s famous dumpstering of everything and its persistent dumpster divers, the key likely would never have been found. All hope would not quite have been lost even then, as there was some code signed at the minimum 4K, with escapes into unsigned space. That could have been used as a very inefficient key.
As to why… GCC was in Cambridge MA… not too far from the offices of RSA. Think about it.
I actually had to check to see which signer was which, but I wrote sign7800 way back in 2004 by disassembling the ST app and hand-decompling it to C. The other one (I don’t remember who made a78sign) was written at a high level by using cyrpto library calls. I liked that we ended up with two completely different approaches.
Now as to the title of this article, I don’t consider these to be the fussy chips. The fussy ones are the ones that need -5V and +12V just to read them, and can burn out simply from not having the -5V. Even the good programmers back in the ’90s couldn’t read 2708 and earlier, because nothing new used those voltages. Having a highter Vpp only made it worse.
I found an old, rare 8080-based computer with 16K of 2708 chips a long time ago, and finally read them a few months ago. But my first attempt at reading 2708 chips ended up with a dead 2708 from an Apple II clock card (contents already known, but I still need to mod the card to take a 2716) so I was nervous all the way. I also damaged a Blue Pill board while making the second dumper; they don’t like momentary +12 volts on GPIO pins.
Oh, and I like that he used a Phone Soap as an eraser. I’ve picked up a few of those cheap over the past year or two, but no chance to test them out, and I still have my old eraser from the 90s anyhow. The one thing to keep in mind is I think they have a timer for only about 5 minutes, but an EPROM really needs more like 20-30 minutes, so you should run them for multiple cycles.
I recall the big issue for UV erasing was getting the UV dosage “just right, but not too short” to avoid bit “regrowth” where the sunken gate charge was not completely eliminated so the old programmed bits would pot back up while in operation. This was often based on the UV light source’s luminance which varied a lot, not to mention the variations in the PROM’s programming variance.
There was a simple rule on some early “smart” programmers that (spot) checked successful programming then over-programmed something like 3 or 4X the time it took to get the first successful image. Not fool proof but, worked well. Remember, these stored floating gate charges were supposed to last for at least 10 years.
And the old UV bulbs luminance waned as they aged. Our shop repair guys would bump up the erasure times as the bulb aged. Nothing worse then trying to debug a system that has partially programmed/erased memory! This is usually caught with a power-up checksum check and later CRC (the old PC ROMs reserved a byte to set the sum to zero — not exactly perfect, but at least 0 is the all-programmed state). That practice didn’t work too well for equipment that ran 24/7 like airport navigation monitoring equipment, so we later had a background task do that “continuously” using the idle task and the FAA later “required” that “idle” time be used for that purpose after we presented that during a code review!
The local airport said they “fixed” that, by hooking the equipment shelter’s reset line to the phone line so when they lifted the tower’s phone, it reset the problematic equipment (which wasn’t ours, so I reported that back to our field engineers and sales office).
At least all of those parts are NMOS. The later ones that didn’t need -5V had on-chip charge pumps for the Vss since the gate voltages weren’t fast enough without it.
My college senior design project was a PMOS Intel 1702A UVEPROM programmer that had +5 and -9V supplies and used -47V programming pulses: see https://www.cpu-galaxy.at/cpu/ram%20rom%20eprom/rom/intel%201702%20section.htm I programmed and used it on my 8008 “PC” (not a misprint). FUN!
I have like 50 of those 1702’s. They look great, with that white and gold. And I’d like to use them in a project just for their looks. But… Well… 256 bytes at 750ns read cycle…? I haven’t found a project yet where the CPU or some other state machine runs so slow that I can use them. :)
Slow and low-density is not the only problem with 1702As, it’s still that -47V programming pulse that needs to be finessed. But it’s not that bad — I used a bootstrapped 7805 with a high-voltage signal transistor since the load current wasn’t too high — straight out of an Intel app note. There was a specified rise/fall time, but I didn’t own a oscilloscope when I built it, so I relied on luck. Slowing it down is easy, the harder thing to contend with trying to do anything comparable to a lowly Atmel ATmega328’s tiny 8KB flash would need 32 of these & need four 3-to-8 bit decoders too!
“Now as to the title of this article, I don’t consider these to be the fussy chips. The fussy ones are the ones that need -5V and +12V just to read them, and can burn out simply from not having the -5V. Even the good programmers back in the ’90s couldn’t read 2708 and earlier, because nothing new used those voltages. Having a highter Vpp only made it worse. ”
I think the same. If we see those chips in context with the hardware of its time, then they weren’t that hard to get going. In the 90s, labs and universities still had kept older PCs for programming older EPROMs.
The C64 (please forgive me for that dreadful example) was very famous as a cheap EPROM reader/programmer. Many hobbyist grade programmers directly attached to user port and the supplied software could handle EPROMs older than 2764/27128 just fine.
On PC platform, the situation was completely different. “Prommers” were expensive, unless they were from the 80s or unless they were intelligent and platform-independent (serial connection).
Specially built PC programmers like Willem were expensive, costing 1000s of USD in the 90s (Euro didn’t exist, so I can’t use it for comparison). And they attached to parallel port, which was undergoing lots of changes at the time (PS/2 mode, SPP, EPP, ECP, nibble mode). Also, Windows NT and its children had no API for LPT port and direct i/o was forbidden (unless PortTalk or special drivers were installed).
Of course, about the late 2000s, this slowly changed. Cheap programmers from China appeared and made EPROM programmers accessible to hobbyists again.
Also, around 2000, some electronic books already had simple EPROM Reader schematics included. By using a port expander and a little VB/Delphi program, it was possible to read EPROMs (parallel EPROMs, ofc) via LPT ports.
On the older Atari ST, C64 or ZX Spectrum machines, by contrast, an EPROM programmer could be built or bought for less than 100 USD.
Relics of a bygone era? There are thousands of them keeping you safe in rail interlockings (of a bygone era) and sill being modified and updated today.
I think a few industries still have this kind of technology around. Electricity distribution for one does
+1
And “One Time Programmable” versions are readily available, too.
OTP EPROMs are normal EPROMs, but without the precious Quarz window.
That’s why they can be produced cheaply.
Also, please don’t forget one very very important detail!
Parallel EPROMs aren’t just outdated predecessors of flash storage and serial EPROMs. No.
What’s really fascinating : They’ share similarities to processors (state machines) and mappers!
Traditional EPROMs can be used as address-decoders, for example.
The PLA chip in C64 can be replaced by an EPROM that holds the correct bit patterns.
Depending on the inputs, the EPROM’s outputs do change.
http://www.geocities.ws/sieg.peter/pla/pla.html
Personally, I think that’s something that’s not enough valued these days.
An EPROM can used as a substitute for a diode matrix, making it an ideal device for a morse keyer.
In the past, radio amateurs did use classic EPROMs as a keyer for morse beacons.
No microcontroller was needed, no software had to be written. The little EPROM did it all alone.
One thing to watch for: after erasing a device leave it ,minimal, a day before checking if it’s empty, they have a thing to “restore” their old info or parts of it. Foundout the hard way, looong ago ;(
There is a schematic somewhere on the Internet for an adapter board that will automatically switch 18V to 21 V for programmers like the minipro (with power supplied by s DC-DC converter). This is a big problem with 2716’s, I have an Intel manual that even says that really early Intel 2716’s needed 25V.
That’s interesting!
As far as I remember, 2732 and 2764 were not difficult to program at all.
When I was a student in 1984 I built one on a Saturday afternoon using a 68000 and assembly language.
Vpp was supplied from a lab power supply. My development system was a “Profikit 68000” by Force Computers.
I meant I built a EPROM programmer, not an EPROM.
I remember programming some by hand. A bunch of switches, a 12.5V supply from a 317. That was for a breadboard made test system based on old 8031/51.
I soo tired of this and built my 1st PC interface card. A hand etched ISA card, some turbo pascal, and it became an eprom programmer. The sun, and a baking tray of eeproms was my eraser. As long as you had a bunch, the week or so for erasing was not a problem.
Fun times.
Congrats, I think you did a really good job here! 🙂👍
And I agree, PC bus/ISA bus and Turbo Pascal (and Quick Basic) were great tools.
That’s why many prototypes and industrial/professional boards built for measuring, controlling, regulating were/are often ISA based (MSR, Messen-Steuern-Regeln) .
In essence, ISA bus and the aforementioned DOS-based development software gave us PC users a similar hacking experience to that of home computer users (a big user port and full control over hardware; DOS didn’t block access).
With one notable difference, maybe. “We” had access to high-resolution monitors (Hercules inn720x348, later EGA/VGA), hundreds of kilobytes of RAM and hard disks with a few dozen MB storage capacity. A far cry from the ZX81 and C64. 😁
(No offense, though, these systems were still fun to tinker with! 🙂👍)
There was an idiot on twitter mouthing off about how proms/eproms wasn’t a big deal. So many things need eproms and eeproms to run. It’s one of the hidden bits of the modern world.