snark barker

3 Articles

Remoticon Video: How To Reverse Engineer A PCB

December 1, 2020 by 4 Comments

You hold in your hand a circuit board from a product you didn’t make. How does the thing work? What a daunting question, but it’s both solvable and approachable if you know what you’re doing. The good news is that Eric Schlaepfer knows exactly what he’s doing and boiled down the process of reverse engineering printed circuit boards into this excellent workshop. It was presented live during the 2020 Hackaday Remoticon, and the edited video, which you’ll find below, was just published. Slides for the talk have been published on the workshop project page.

Need proof that he has skills that we all want? Last year Eric successfully reverse-engineered the legendary Sound Blaster audio card and produced his own fully-functional drop-in replacement called the Snark Barker. And then re-engineered it to work with the ancient MCA bus architecture. Whoa.

Continue reading “Remoticon Video: How To Reverse Engineer A PCB”

Giving Micro Channel Bus Computers A Sound Blaster Bark

December 1, 2020 by 15 Comments

Not many people today probably remember what ‘Micro Channel Architecture’ was about, though its acronym ‘MCA’ might ring a bell. Created by IBM to replace ISA (Industry Standard Architecture) and presumably claw back some of that sweet, sweet licensing money, it didn’t quite pan out as IBM hoped. As history shows us, PCI ended up replacing MCA in all of IBM’s systems. The IBM PS/2 systems that used MCA didn’t miss out on classic 1990s cards, such as the original Sound Blaster, but today MCA versions of the Sound Blaster are admittedly rather… rare, not to mention expensive.

But, no longer: decades after the last PS/2 users have moved on, [Tube Time] proudly presents the Snark Barker MCA. It’s a fully Sound Blaster compatible sound card. It supports AdLib synthesis, digital sound playback and recording, as well as a joystick input and MIDI. Based around a Xilinx XC9572XL CPLD and featuring what looks like a full-length MCA card, it would have made an original Sound Blaster card proud.

The GitHub repository not only contains the schematics, BOM and Verilog-based HDL for the CPLD, but also extensive documentation on the assembly and programming. As a bonus, there’s a troubleshooting section which covers some of the joys that came with the sloppy implementations of MCA across systems. Definitely worth a read.

If anyone decides to build this project and use it in their IBM PS/2 system, we would love to hear about it.

Of course, if all you need is a garden variety PCI Sound Blaster clone, the original Snark Barker is the way to go.

(Thanks, Darry)

Reverse Engineering The Sound Blaster

June 19, 2019 by 42 Comments

The first sound card to output PCM audio — the kind you need for audio samples — wasn’t the Sound Blaster. The AdLib Music Synthesizer Card could output PCM audio over software. The AdLib card also cost $200 at the time of its release. This was too much for some, and in time the Creative Labs Sound Blaster was released for the rock-bottom price of $125. This was a more capable card, and in the years since prices on the used market have gone through the roof. In 1990, you could buy a Sound Blaster for a Benjamin and a half, in 2019, prices on eBay are reaching and exceeding $400.

With the prices of used cards so high, we start to get into the territory where it starts to make sense to reverse engineer and re-manufacture the entire card. This hasn’t been done before, but that’s no matter for [Eric Schlaepfer], or [@TubeTimeUS]; he’s done crazier projects before, and this one is no different.

In reverse-engineering the Sound Blaster, there are a few necessary components. The Sound Blaster had an OPL2 chip for sound synthesis, which you can get through various vendors. The trick, though, is the microcontroller. This is really just an 8051 with a custom mask ROM.

The goal of this project is actually just to dump the ROM on the Intel 8051-alike microcontroller. This is something that’s relatively commonly done in high-tech labs, and luckily the Bay Area has [John McMaster], the guy who will take you into his lab and strip a die from its epoxy. Looking at the chip under the microscope, it was discovered the mask ROM on this chip was an implant ROM, with the ones and zeros represented by invisible ions in the substrate itself. There was no hope of reverse-engineering this chip from a purely visual inspection, but there was a sense amplifier on one of the data lines. By probing this sense amplifier while running through the address space, [Eric] was able to dump all the bytes of the ROM one bit at a time.

However, and there’s always a however, there are clone Sound Blasters out there, usually from China, and you can dump these chips if you’re lucky enough to get your hands on one. [Eric] reached out to the community and found these clone microcontrollers didn’t have the code protect bit set; dumping these was easy. This ROM was compared to the work [Eric] did with the sense amplifier, and after figuring out the order of the bits, it was found the code matched. The code was successfully cloned, and now new Sound Blasters can be made. Don’t tell eBay that, because someone is trying to sell one of [Eric]’s clone cards for $180.

All the code, files, materials, and everything needed to clone a Sound Blaster can be found in [Eric]’s GitHub, although there are a few open questions as to what’s going on in the Sound Blaster’s microcontroller. There’s a ‘secret’ 512-byte ROM on the die, and no one outside of an Intel NDA knows what it does. This could be used for a manufacturing test, but who knows. Other than that, there are a few features in the code that weren’t used, like previously unknown DSP commands, an ADPCM lookup table, and a routine that plays from SRAM without using DMA. It’s a deep dive into the inner workings of the most popular sound card of all time, and it’s quite simply amazing.