[dorkbotpdx-blabber] Anyone know 80c31 code?
Ar Keys
arkeys at gmail.com
Wed Oct 26 14:34:30 EDT 2011
Paul, Try BSD.
On Oct 26, 2011 10:55 AM, "Paul Stoffregen" <paul at pjrc.com> wrote:
>
>
>> You know who used to really know this stuff? Search for 8051 anything
and see how long it takes before you get to paul stoffregons site. Suprised
he hasn't fielded this one.
>
>
> I'm sorry, I can't get involved in this right now. Maybe at the Nov 7th
meetup?
>
> At the moment I'm working on 4-way AVR SPI port sharing: between USB mass
storage driver in interrupt context, and 3 Arduino libraries in main program
context, where one of them is the SD card library. So not only are
thread-safety issues and race conditions problems, but also higher level
SCSI protocols to simulate media removal for exclusive access when
filesystem operations are needed. There are very thorny issues, like
managing what sequence of SCSI sense data has been reported to the host, so
access isn't given back too quickly where the host doesn't invalidate its
cached filesystem data (of course, difficulty multiplied times 3 operating
systems). Even on the microcontroller, the whole thing runs event driven
because it's interrupt context, so there's lots of complex state machine
code. No part of this thing is easy.
>
> This is probably some of the most difficult code I've ever written. I've
already managed to crash or utterly lock up Linux many times in the last
couple days. Yes, Linux crashing! I've always depended on Linux's awesome
stability for all my previous USB driver work. Currently I have a mac
connected to the USB protocol analyzer, so at least I can capture the
packets, and I might get another machine for logging events (Linux is
failing me... for the first time ever), but the troubles are at much higher
levels of abstraction that can't be readily seen from such a low level.
It's turning out to be incredibly hard.
>
> I just can't get involved in a reverse engineering project right now.
Maybe later?
>
>
>
>> If you got that far there should certainly be some simulators you can use
to walk through the code.
>>
>> Don.
>> On Oct 25, 2011, at 4:40 PM, Jerry Biehler wrote:
>>
>>> A couple years ago I picked up a remote for what I think was a military
weapons loader. I think it must have been a prototype since it has a serial
number of 1. Its pretty neat. Has a fwd/back joystick with twist and a whole
bunch of buttons. Connection to the loader was through a bayonet style MS
connector which I have the mate on its way.
>>>
>>> Tracing things out I have figured out the stick's pots go direct to the
connector. Button presses and the lights that accompany those presses as
well as other status lights are handled though a 80c31 (promless version of
the 80c51). I figure I can figure out the key presses and what they do by
hooking it to a ttl serial to usb adapter and just watching what the output
is for each button. The problem is I dont know how to address the lights
though the uC.
>>>
>>> So, I got an old Hi Lo ALL-07 universal programmer from my friend Mike
at surplus gizmos. Managed to find dos software and get it working and read
the code off the EPROM (D2732A). Took the binary, converted it to hex, and
then ran that though a 8051 disassembler.
>>>
>>> This is what I have. I can figure out a little of it but I dont know
enough to really figure out what is going on. I can see where it reads from
the serial ports and to the serial ports, but I dont quite understand hex.
Can anyone help?
>>>
>>> Hope this is not too long for a email.
>>>
>>> Thanks
>>>
>>> -Jerry
>>>
>>> ;
>>> ; D52 V3.3.6 8052 Disassembly of loader.hex
>>> ; 10/25/11 15:16
>>> ;
>>> org 0
>>> ;
>>> X0000: clr p1.0 ; 0000 c2 90 B.
>>> setb p1.0 ; 0002 d2 90 R.
>>> X0004: mov sp,#63h ; 0004 75 81 63 u.c
>>> lcall X0130 ; 0007 12 01 30 ..0
>>> lcall X014c ; 000a 12 01 4c ..L
>>> X000d: jnb ri,X000d ; 000d 30 98 fd 0.}
>>> clr ri ; 0010 c2 98 B.
>>> mov a,sbuf ; 0012 e5 99 e.
>>> subb a,#53h ; 0014 94 53 .S
>>> jnz X000d ; 0016 70 f5 pu
>>> X0018: lcall X0036 ; 0018 12 00 36 ..6
>>> lcall X003f ; 001b 12 00 3f ..?
>>> lcall X005a ; 001e 12 00 5a ..Z
>>> jnc X0026 ; 0021 50 03 P.
>>> ljmp X0125 ; 0023 02 01 25 ..%
>>> ;
>>> X0026: lcall X0099 ; 0026 12 00 99 ...
>>> jnc X002e ; 0029 50 03 P.
>>> ljmp X0125 ; 002b 02 01 25 ..%
>>> ;
>>> X002e: lcall X0105 ; 002e 12 01 05 ...
>>> lcall X013a ; 0031 12 01 3a ..:
>>> sjmp X0018 ; 0034 80 e2 .b
>>> ;
>>> X0036: mov dptr,#X0004 ; 0036 90 00 04 ...
>>> movx a, at dptr ; 0039 e0 `
>>> mov r1,a ; 003a f9 y
>>> inc dptr ; 003b a3 #
>>> movx a, at dptr ; 003c e0 `
>>> mov r2,a ; 003d fa z
>>> ret ; 003e 22 "
>>> ;
>>> X003f: mov a,r2 ; 003f ea j
>>> swap a ; 0040 c4 D
>>> anl a,#0fh ; 0041 54 0f T.
>>> orl a,#80h ; 0043 44 80 D.
>>> mov r3,a ; 0045 fb {
>>> mov a,r2 ; 0046 ea j
>>> anl a,#0fh ; 0047 54 0f T.
>>> rl a ; 0049 23 #
>>> rl a ; 004a 23 #
>>> orl a,#40h ; 004b 44 40 D@
>>> mov r2,a ; 004d fa z
>>> mov a,r1 ; 004e e9 i
>>> anl a,#0c0h ; 004f 54 c0 T@
>>> rl a ; 0051 23 #
>>> rl a ; 0052 23 #
>>> orl a,r2 ; 0053 4a J
>>> mov r2,a ; 0054 fa z
>>> mov a,r1 ; 0055 e9 i
>>> anl a,#3fh ; 0056 54 3f T?
>>> mov r1,a ; 0058 f9 y
>>> ret ; 0059 22 "
>>> ;
>>> X005a: mov r7,#0 ; 005a 7f 00 ..
>>> X005c: mov r6,#3 ; 005c 7e 03 ~.
>>> X005e: mov a,r7 ; 005e ef o
>>> cjne a,#0,X0066 ; 005f b4 00 04 4..
>>> mov a,r1 ; 0062 e9 i
>>> ljmp X006e ; 0063 02 00 6e ..n
>>> ;
>>> X0066: cjne a,#1,X006d ; 0066 b4 01 04 4..
>>> mov a,r2 ; 0069 ea j
>>> ljmp X006e ; 006a 02 00 6e ..n
>>> ;
>>> X006d: mov a,r3 ; 006d eb k
>>> X006e: mov r4,a ; 006e fc |
>>> lcall X0161 ; 006f 12 01 61 ..a
>>> jc X0093 ; 0072 40 1f @.
>>> lcall X018b ; 0074 12 01 8b ...
>>> jc X0093 ; 0077 40 1a @.
>>> cjne a,rb0r4,X0095 ; 0079 b5 04 19 5..
>>> inc r7 ; 007c 0f .
>>> cjne r7,#3,X005c ; 007d bf 03 dc ?.\
>>> mov a,t3 ; 0080 e5 ff e.
>>> lcall X0161 ; 0082 12 01 61 ..a
>>> jc X0093 ; 0085 40 0c @.
>>> lcall X0161 ; 0087 12 01 61 ..a
>>> jc X0093 ; 008a 40 07 @.
>>> lcall X0161 ; 008c 12 01 61 ..a
>>> jc X0093 ; 008f 40 02 @.
>>> clr c ; 0091 c3 C
>>> ret ; 0092 22 "
>>> ;
>>> X0093: setb c ; 0093 d3 S
>>> ret ; 0094 22 "
>>> ;
>>> X0095: djnz r6,X005e ; 0095 de c7 ^G
>>> sjmp X0093 ; 0097 80 fa .z
>>> ;
>>> X0099: mov r7,#0 ; 0099 7f 00 ..
>>> mov 20h,#0 ; 009b 75 20 00 u .
>>> mov 22h,#0 ; 009e 75 22 00 u".
>>> X00a1: mov r6,#3 ; 00a1 7e 03 ~.
>>> X00a3: lcall X018b ; 00a3 12 01 8b ...
>>> jc X00d4 ; 00a6 40 2c @,
>>> mov 21h,a ; 00a8 f5 21 u!
>>> mov a,20h ; 00aa e5 20 e
>>> cjne a,#1,X00bb ; 00ac b4 01 0c 4..
>>> mov a,21h ; 00af e5 21 e!
>>> anl a,#0c0h ; 00b1 54 c0 T@
>>> rl a ; 00b3 23 #
>>> rl a ; 00b4 23 #
>>> cjne a,rb0r7,X00d6 ; 00b5 b5 07 1e 5..
>>> ljmp X00be ; 00b8 02 00 be ..>
>>> ;
>>> X00bb: mov 20h,#1 ; 00bb 75 20 01 u .
>>> X00be: cjne a,#3,X00ca ; 00be b4 03 09 4..
>>> mov a,21h ; 00c1 e5 21 e!
>>> anl a,#3fh ; 00c3 54 3f T?
>>> clr c ; 00c5 c3 C
>>> subb a,#3 ; 00c6 94 03 ..
>>> jnc X00ec ; 00c8 50 22 P"
>>> X00ca: mo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://music.columbia.edu/pipermail/dorkbotpdx-blabber/attachments/20111026/9808b54a/attachment.html>
More information about the dorkbotpdx-blabber
mailing list