Fixing A 30-year Old Roland Bug

October 5, 2022 by Matthew Carlson 12 Comments

The Roland CM-500 is a digital synthesizer sound module released in 1991 that combines two incredibly powerful engines into one unit. However, in 2005 enthusiasts of the Roland MT-25 (one of the engines that went into the CM-500) noticed a difference between the vibrato rate on the MT-25 and the CM-500, rendering it less useful as now midi files would need to be adjusted before they sounded correct. Now thirty-something years later, there is a fix through the efforts of [Sergey Mikayev] and a fantastic writeup by [Cloudschatze].

They reached out to Roland Japan, who decided that since the device’s lifecycle had ended, no investigation was warranted. That led the community to start comparing the differences between the two systems. One noticeable difference was the change from an Intel 8098 to an 80C198. In theory, the latter is a superset of the former, but there are a few differences. First, the crystal frequency is divided by three rather than two, which means the period of the LFO would change even if the crystal stayed the same. Changing the 12 MHz crystal out for 8 MHz gave the LFO the correct period, but it broke the timings on the MIDI connection. However, this is just setting the serial baud rate divisor, which requires changing a few bytes.

Replace the ROM chip with a socket so you can slot your newly flashed PDIP-28 64kx8 ROM into a quick desoldering. Then swap the crystal, and you’ll have a machine that matches the MT-25 perfectly. The forum post has comparison audio files for your enjoyment. Finally, if you’re curious about other fixes requiring an inspiring amount of effort and dedication, here’s a game installer that was brought back from the dead by a determined hacker.

Remoticon 2021 // Rob Weinstein Builds An HP-35 From The Patent Up

April 7, 2022 by Chris Lott 40 Comments

Fifty years ago, Hewlett-Packard introduced the first handheld scientific calculator, the HP-35. It was quite the engineering feat, since equivalent machines of the day were bulky desktop affairs, if not rack-mounted. [Rob Weinstein] has long been a fan of HP calculators, and used an HP-41C for many years until it wore out. Since then he gradually developed a curiosity about these old calculators and what made them tick. The more he read, the more engrossed he became. [Rob] eventually decided to embark on a three year long reverse-engineer journey that culminated a recreation of the original design on a protoboard that operates exactly like the original from 1972 (although not quite pocket-sized). In this presentation he walks us through the history of the calculator design and his efforts in understanding and eventually replicating it using modern FPGAs.

The HP patent ( US Patent 4,001,569 ) contains an extremely detailed explanation of the calculator in nearly every aspect. There are many novel concepts in the design, and [Rob] delves into two of them in his presentation. Early LED devices were a drain on batteries, and HP engineers came up with a clever solution. In a complex orchestra of multiplexed switches, they steered current through inductors and LED segments, storing energy temporarily and eliminating the need for inefficient dropping resistors. But even more complicated is the serial processor architecture of the calculator. The first microprocessors were not available when HP started this design, so the entire processor was done at the gate level. Everything operates on 56-bit registers which are constantly circulating around in circular shift registers. [Rob] has really done his homework here, carefully studying each section of the design in great depth, drawing upon old documents and books when available, and making his own material when not. For example, in the course of figuring everything out, [Rob] prepared 338 pages of timing charts in addition to those in the patent. Continue reading “Remoticon 2021 // Rob Weinstein Builds An HP-35 From The Patent Up” →

An assortment of MemoryStick cards and devices, some of them, arguably cursed, like a MemoryStick-slot-connected camera.

Hacker Challenges MemoryStick To A Fight And Wins

March 20, 2022 by Arya Voronova 24 Comments

It’s amazing when a skilled hacker reverse-engineers a proprietary format and shares the nitty-gritty with everyone. Today is a day when we get one such write-up – about MemoryStick. It is one of those proprietary formats, a staple of Sony equipment, these SD-card-like storage devices were evidently designed to help pad Sony’s pockets, as we can see from the tight lock-in and inflated prices. As such, this format has always remained unapproachable to hackers. No more – [Dmitry Grinberg] is here with an extensive breakdown of MemoryStick protocol and internals.

If you ever want to read about a protocol that is not exactly sanely designed, from physical layer quirks to things like inexplicable large differences between MemoryStick and MemoryStick Pro, this will be an entertaining read for hackers of all calibers. Dmitry doesn’t just describe the bad parts of the design, however, as much as that rant is entertaining to read – most of the page is taken by register summaries, struct descriptions and insights, the substance about MemoryStick that we never got.

One sentence is taken to link to a related side project of [Dmitry] that’s a rabbithole on its own – he has binary patched MemoryStick drivers for PalmOS to add MemoryStick Pro support to some of the Sony Clie handhelds. Given the aforementioned differences between non-Pro and Pro standards, it’s a monumental undertaking for a device older than some of this site’s readers, and we can’t help but be impressed.

To finish the write-up off, [Dmitry] shares with us some MemoryStick bit-banging examples for the STM32. Anyone who ever wanted to approach MemoryStick, be it for making converter adapters to revive old tech, data recovery or preservation purposes, or simply hacker curiosity, now can feel a bit less alone in their efforts.

We are glad to see such great hacking on the MemoryStick front – it’s much needed, to the point where our only article mentioning MemoryStick is about avoiding use of the MemoryStick slot altogether. [Dmitry] is just the right person for reverse-engineering jobs like this, with extensive reverse-engineering history we’ve been keeping track of – his recent reverse-engineering journey of an unknown microcontroller in cheap E-Ink devices is to behold.

Mirror, Mirror On The Wall, Do My Eyes Deceive Me After All

February 19, 2022 by Matthew Carlson 4 Comments

Say what you will about illusions, [Create Inc] has some 3D prints that appear to change shape when viewed in a mirror. For example, circles transform into stars and vice versa. A similar trick was performed by [Kokichi Sugihara] in 2016, where he showed circles that appear as squares in the mirror. For the trick to work, the camera’s position (or your eye) is important as the shapes look different from different angles. The illusion comes in when your brain ignores any extra information and concludes that a much more complex shape is a simpler one. [Create Inc] walks you through the process of how the illusion works and how it was created in Blender.

When he posted the video on Reddit, most seemed to think that it wasn’t a mirror and there was some camera trickery. At its heart, this is reverse-engineering a magic trick, and we think it’s an impressive one. STL files are on Thingiverse or Etsy if you want to print your own. We covered a second illusion that [Kokichi] did that relies on a similar trick.

Continue reading “Mirror, Mirror On The Wall, Do My Eyes Deceive Me After All” →

Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter

January 13, 2022 by Matthew Carlson 26 Comments

Smart meters form mesh networks among themselves and transmit your usage data all around. Some of them even allow the power company to turn off your power remotely, through the mesh. You might want to know if any of this information is sensitive, or if the power shutdown system has got glaring security flaws and random people could just turn your house off. Hash Salehi has set out to get inside these meters, and luckily for the rest of us, he was kind enough to share his findings during Remoticon 2021. It’s a journey filled with wonderful tidbits about GNU Radio, embedded devices, and running your own power company inside a Faraday cage.

The smart meter in question is deployed by a power company known as Oncor in the Dallas, Texas, area. These particular meters form an extensive mesh network using a ZigBee module onboard that allows them to to pass messages amongst themselves that eventually make their way to a collector or aggregator to be uploaded to a more central location. Hash obtained his parts via everyone’s favorite online auction house and was surprised to see how many parts were available. Then, with parts in hand, he began all the usual reverse engineering tricks: SDR, Faraday cages, flash chip readers, and recreating the schematic. Continue reading “Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter” →

Ken Shirriff Breaks Open The Yamaha DX7

November 25, 2021 by Bryan Cockfield 23 Comments

For better or worse, this synthesizer was king in the 1980s music scene. Sure, there had been synthesizers before, but none acheived the sudden popularity of Yamaha’s DX7. “Take on Me?” “Highway to the Dangerzone”? That harmonica solo in “What’s Love Got to Do With It?” All DX7. This synth was everywhere in pop music at the time, and now we can all get some insight from taking a look at this de-capped chip from [Ken Shirriff].

To be clear, by “look” that’s exactly what we mean in this case, as [Ken] is reverse-engineering the YM21280 — the waveform generator of the DX7 — from photos. He took around 100 photos of the de-capped chip with a microscope, composited them, and then analyzed them painstakingly. The detail in his report is remarkable as he is able to show individual logic gates thanks to his powerful microscope. From there he can show exactly how the chip works down to each individual adder and array of memory.

[Ken]’s hope is that this work improves the understanding of the Yamaha DX7 chips enough to build more accurate emulators. Yamaha stopped producing the synthesizer in 1989 but its ubiquity makes it a popular, if niche, platform for music even today. Of course you don’t need a synthesizer to make excellent music. The next pop culture trend, grunge, essentially was a rebellion to the 80s explosion of synths and neon colors and we’ve seen some unique ways of exploring this era of music as well.

Thanks to [Folkert] for the tip!

[Ken Shirriff] Picks Apart Mystery Chip From Twitter Photo

April 25, 2021 by Matthew Carlson 24 Comments

It’s no secret that the work of [Ken Shirriff] graces the front pages of Hackaday quite frequently. He’s back again, this time reverse engineering a comparator chip from a photo on Twitter. The mysterious chip was decapped, photographed under a microscope, and subsequently posted on the internet with an open call to figure out what it did.

[Ken] stepped up, and at first glance, it was obvious that most of the chip is unused, and there appeared to be four copies of the same circuit. After identifying resistors and the different transistor types, [Ken] found differential pairs.

Differential pairs form the heart of most op-amps, and by chaining them together, you can get a strong enough signal to treat it as a logic signal. Based on the design and materials, [Ken] estimates the chip is from the 1970s. Given that it appears to be ECL (Emitter-Coupled Logic), it could just be four comparators. But there are still a few things that don’t add up as two comparators have additional inverted outputs. Searching the part number offered few if any clues, so this will remain somewhat a mystery.

We’ve covered [Ken’s] incredible chip sleuthing before here, such as the Sharp EL-8 from 1969.