[Ken Shirriff] Takes A Bite Of The Apple-I

March 23, 2022 by 7 Comments

The Apple-I was a far cry from Apple’s later products. A $666 single-board computer, the product had some unique design features including using a shift register for video memory to save money. The shift registers of the day required high-current clock pulses that ranged from -11 to 5V and there was a DS0025 clock driver chip to handle the job. [Ken Shirriff] takes the unusual chip apart for us in a recent blog post.

The use of a shift register as memory isn’t a new idea. Really old computers like EDSAC used mercury delay lines as memory which was essentially a physical shift register. In those cases, the ALU and other processing only had to deal with a bit at a time, further simplifying things. For the Apple, there were seven shift registers to store 6-bits of display data and a cursor position. The 6 bits of character data drove — indirectly — a character generator ROM to convert the data into dots for the display.

Driving all those shift register flip flops requires a lot of clock current, so the DS0025 uses an unusual transistor design. There are 24 separate emitters in two groups. It acts like a large transistor, but you could also consider it as two 12-emitter transistors or 24 separate transistors in parallel. The metal wiring, interestingly enough, tapers because at the start of the conductor, the current for all 12 sub-transistors flows, but by the end, it is only the current for the last sub-transistor, so the conductor doesn’t have to be as wide. In addition, the two transistors have to have matched resistance which requires careful design so the transistors turn on at the same time.

The final result is an inverter that can provide 1.5 amps. This current helps overcome the relatively large capacitance in the shift register’s clock line. The clock rate was 1 MHz and the load capacitance was about 150 picofarads.

We enjoy [Ken’s] posts ranging from mysteries to space hardware. It is always interesting to see what is inside these devices or, at least, what was in the old devices we’ve all seen.

Ken Shirriff Breaks Open The Yamaha DX7

November 25, 2021 by 23 Comments

For better or worse, this synthesizer was king in the 1980s music scene. Sure, there had been synthesizers before, but none acheived the sudden popularity of Yamaha’s DX7. “Take on Me?” “Highway to the Dangerzone”?  That harmonica solo in “What’s Love Got to Do With It?”  All DX7. This synth was everywhere in pop music at the time, and now we can all get some insight from taking a look at this de-capped chip from [Ken Shirriff].

To be clear, by “look” that’s exactly what we mean in this case, as [Ken] is reverse-engineering the YM21280 — the waveform generator of the DX7 — from photos. He took around 100 photos of the de-capped chip with a microscope, composited them, and then analyzed them painstakingly. The detail in his report is remarkable as he is able to show individual logic gates thanks to his powerful microscope. From there he can show exactly how the chip works down to each individual adder and array of memory.

[Ken]’s hope is that this work improves the understanding of the Yamaha DX7 chips enough to build more accurate emulators. Yamaha stopped producing the synthesizer in 1989 but its ubiquity makes it a popular, if niche, platform for music even today. Of course you don’t need a synthesizer to make excellent music. The next pop culture trend, grunge, essentially was a rebellion to the 80s explosion of synths and neon colors and we’ve seen some unique ways of exploring this era of music as well.

Thanks to [Folkert] for the tip!

[Ken Shirriff] Picks Apart Mystery Chip From Twitter Photo

April 25, 2021 by 24 Comments

It’s no secret that the work of [Ken Shirriff] graces the front pages of Hackaday quite frequently. He’s back again, this time reverse engineering a comparator chip from a photo on Twitter. The mysterious chip was decapped, photographed under a microscope, and subsequently posted on the internet with an open call to figure out what it did.

[Ken] stepped up, and at first glance, it was obvious that most of the chip is unused, and there appeared to be four copies of the same circuit. After identifying resistors and the different transistor types, [Ken] found differential pairs.

Differential pairs form the heart of most op-amps, and by chaining them together, you can get a strong enough signal to treat it as a logic signal. Based on the design and materials, [Ken] estimates the chip is from the 1970s. Given that it appears to be ECL (Emitter-Coupled Logic), it could just be four comparators. But there are still a few things that don’t add up as two comparators have additional inverted outputs. Searching the part number offered few if any clues, so this will remain somewhat a mystery.

We’ve covered [Ken’s] incredible chip sleuthing before here, such as the Sharp EL-8 from 1969.

Inside An Oscillator With [Ken Shirriff]

February 21, 2021 by 13 Comments

We are always glad to see [Ken Shirriff] tear into something new and this month he’s looking inside a quartz oscillator module. Offhand, you’d think there’s not much to these. A slab of quartz and some sort of inverter, right? But as [Ken] mentions, “There’s more happening in the module than I expected…”

If you’ve ever wanted to decap devices, big hybrid modules like these are a good way to get started since you don’t need exotic chemicals to get at the insides. [Ken] managed to break the fragile crystal wafer on the way in. Inside was also a small CMOS IC die. Time to get out the microscope.

If you follow [Ken’s] blog, you know he’s no stranger to analyzing IC dice. The oscillator IC is a pretty standard Colpitts oscillator but it also provides a programmable divider and output drive.

The circuit uses some unusually configured capacitors. [Ken] takes the time to point out CMOS logic structures throughout. If you haven’t seen one of [Ken’s] deep dives before, before, it’s a great introduction.

You can learn more about crystal oscillator theory. We used some test equipment to characterize a crystal a few years ago.

What’s Inside An FPGA? Ken Shirriff Has (Again) The Answer

September 21, 2020 by 13 Comments

FPGAs are somewhat the IPv6 of integrated circuits — they’ve been around longer than you might think, they let you do awesome things that people are intrigued by initially, but they’ve never really broke out of their niches until rather recently. There’s still a bit of a myth and mystery surrounding them, and as with any technology that has grown vastly in complexity over the years, it’s sometimes best to go back to its very beginning in order to understand it. Well, who’d be better at taking an extra close look at a chip than [Ken Shirriff], so in his latest endeavor, he reverse engineered the very first FPGA known to the world: the Xilinx XC2064.

If you ever wished for a breadboard-friendly FPGA, the XC2064 can scratch that itch, although with its modest 64 configurable logic blocks, there isn’t all that much else it can do — certainly not compared to even the smallest and cheapest of its modern successors. And that’s the beauty of this chip as a reverse engineering target, there’s nothing else than the core essence of an FPGA. After introducing the general concepts of FPGAs, [Ken] (who isn’t known to be too shy to decap a chip in order to look inside) continued in known manner with die pictures in order to map the internal components’ schematics to the actual silicon and to make sense of it all. His ultimate goal: to fully understand and dissect the XC2064’s bitstream.

Of course, reverse engineering FPGA bitstreams isn’t new, and with little doubt, building a toolchain based on its results helped to put Lattice on the map in the maker community (which they didn’t seem to value at first, but still soon enough). We probably won’t see the same happening for Xilinx, but who knows what [Ken]’s up to next, and what others will make of this.

Ken Shirriff Unfolds A Nuclear Missile Guidance Computer With Impressive Memory

March 25, 2020 by 13 Comments

Longtime followers of [Ken Shirriff’s] work are accustomed to say asking “Where does he get such wonderful toys?”. This time around he’s laid bare the guidance computer from a Titan missile. To be specific, this is the computer that would have been found in the Titan II, an intercontinental ballistic missile that you may remember as a key part of the plot of the classic film WarGames. Yeah, those siloed nukes.

Amazingly these computers were composed of all digital logic, no centralized controller chip in this baby. That explains the need for the seven circuit boards which host a legion of logic chips, all slotting into a backplane.

But it’s not the logic that’s mind-blowing, it’s the memory. Those dark rectangles on almost every board in the image at the top of the article are impressively-dense patches of magnetic core memory. That fanout is one of two core memory modules that are found in this computer. With twelve plates per module (each hosting two bits) plus a parity bit on an additional plate, words were composed of 25-bits and the computer’s two memory modules could store a total of 16k words.

This is 1970’s tech and it’s incredible to think that when connected to the accelerometers and gyros that made up the IMU this could use dead reckoning to travel to the other side of the globe. As always, [Ken] has done an incredible job of walking through all parts of the hardware during his teardown. He even includes the contextual elements of his analysis by sharing details of this moment in history near the end of his article.

If you want to geek out a little bit more about memory storage of yore, you can get a handle on core, drum, delay lines, and more in Al Williams’ primer.

Ken Shirriff Explains His Techniques For Reverse Engineering Silicon

December 5, 2018 by 8 Comments

When it comes to reverse engineering silicon, there’s no better person to ask than Ken Shirriff. He’s the expert at teasing the meaning out of layers of polysilicon and metal. He’s reverse engineered the ubiquitous 555 timer, he’s taken a look at the inside of old-school audio chips, and he’s found butterflies in his op-amp. Where there’s a crazy jumble of microscopic wires and layers of silicon, Ken’s there, ready to do the teardown.

For this year’s talk at the Hackaday Superconference, Ken walked everyone through the techniques for reverse engineering silicon. Surprisingly, this isn’t as hard as it sounds. Yes, you’ll still need to drop acid to get to the guts of an IC (of course, you could always find a 555 stuck in a metal can, but then you can’t say ‘dropping acid’), but even the most complex devices on the planet are still made of a few basic components. You’ve got n-doped silicon, p-doped silicon, and some metal. That’s it, and if you know what you’re looking for — like Ken does — you have all the tools you need to figure out how these integrated circuits are made.

Continue reading “Ken Shirriff Explains His Techniques For Reverse Engineering Silicon”