For those who are interested...
Getting a copy of the PDD1 Software Manual really helped out with the
reverse engineering effort!
I've figured out a few command tables and added a bunch of documentation
to the assembly source.
I've updated the reverse engineering project here:
https://github.com/BiggRanger/Tandy_PDD
PDD.ASM has all the important stuff.
Findings so far:
1) The code was written in assembly and hand coded, I do not believe
that it was compiled from a higher level language.
2) There is nothing hidden in this code, no extra commands, no Easter
eggs, nothing.
3) There is only 6 bytes out of the 4K of ROM unused. This thing is full.
4) The software manual really filled in the gaps, the only thing not
documented well is the S-REC stuff to inject code into the drive, and
what really happens in INIT mode.
What's next:
1) Clean up the documentation a bit more.
2) Try and find a PDD2 (working or not, but only mechanically not as I
need the electronics working).
3) Try and dump the contents of the PDD2 ROM and reverse engineer that too.
Darren Clark
Below is a snapshot of the major findings and updates to the assembly
documentation
*(determine what code to run from dip switch settings)*
F04C PUL B ;get the masked dip switch values from the stack
F04D CMP B 0xD0 ;C is clear for 0xD0 and up
F04F BCC 0xF081 ;Mode=operation jump to code
F051 CMP B 0x30 ;C is set for 0x30 and down
F053 BCS 0xF084 ;Mode=init jump to code - Fall over to FDC mode
*(mode = operation)*
FB4E _lookupTable_For_0xFAF8: DW 251,147 ;operation command 0x0
Create/Access a directory refrence
FB50 DW 253,2 ;operation command 0x1 Open a file
FB52 DW 252,212 ;operation command 0x2 Close a file
FB54 DW 254,112 ;operation command 0x3 Read data from a file
FB56 DW 254,192 ;operation command 0x4 Write data to a file
FB58 DW 252,115 ;operation command 0x5 Delete a file
FB5A DW 251,122 ;operation command 0x6 Format a disk
FB5C DW 251,114 ;operation command 0x7 Get drive status
FB5E DW 251,102 ;operation command 0x8 Change to FDC mode
*(baud rate settings)*
FFB7 _table_BAUD_Rates: DB 11000000B ;BAUD 9600
FFB8 DB 01000000B ;BAUD 19200
FFB9 DB 01000000B ;BAUD 19200
FFBA DB 11010000B ;BAUD 150
FFBB DB 01110000B ;BAUD 300
FFBC DB 11110000B ;BAUD 600
FFBD DB 00110000B ;BAUD 1200
FFBE DB 10110000B ;BAUD 2400
FFBF DB 00100000B ;BAUD 4800
FFC0 DB 11000000B ;BAUD 9600
FFC1 DB 01000000B ;BAUD 19200
FFC2 DB 10000000B ;BAUD 38400
FFC3 DB 00000000B ;BAUD 76800
FFC4 DB 00100000B ;BAUD 4800
FFC5 DB 11000000B ;BAUD 9600
FFC6 DB 01000000B ;BAUD 19200
*(mode=FDC)*
FFC7 _table_FDC_Commands: DB 'F' ;F = FDC Format with verify
FFC8 DW 242,173
FFCA DB 'G' ;G = FDC Format without verify
FFCB DW 242,170
FFCD DB 'R' ;R = FDC Read one logical sector
FFCE DW 241,253
FFD0 DB 'W' ;W = FDC Write one logical sector with verify
FFD1 DW 242,20
FFD3 DB 'X' ;X = FDC Write one logical sector without verify
FFD4 DW 242,17
FFD6 DB 'A' ;A = FDC Read ID section
FFD7 DW 242,81
FFD9 DB 'B' ;B = FDC Write ID section with verify
FFDA DW 242,107
FFDC DB 'C' ;C = FDC Write ID section without verify
FFDD DW 242,104
FFDF DB 'S' ;S = FDC Search ID section
FFE0 DW 243,91
FFE2 DB 'D' ;D = FDC Check drive condition
FFE3 DW 243,200
FFE5 DB 'M' ;M = FDC Change modes
FFE6 DW 244,0
