Re: [time-nuts] FE-5680A firmware dump (at last!)
From: paul swed paulswedb@... Just downloaded the information. The schematic really is shaping up very nicely. On the dumps any suggestion for looking at them? You have to use an 8051 disassembler to look at the FLASH dump: I have been using IDA http://www.hex-rays.com/products/ida/index.shtml because a friend of mine is a licensed user (this package is rather expensive!). Unfortunately I must go to his office to use the program, so I'll have to find a cheap (freeware?) alternative to disassemble 8051 code. Any suggestion? _ Elio Corbolante. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
I have no idea on a free disassembler. But there has to be one. Will look later tonight. Regards Paul. On Thu, Nov 8, 2012 at 8:44 AM, Elio C elio...@gmail.com wrote: From: paul swed paulswedb@... Just downloaded the information. The schematic really is shaping up very nicely. On the dumps any suggestion for looking at them? You have to use an 8051 disassembler to look at the FLASH dump: I have been using IDA http://www.hex-rays.com/products/ida/index.shtml because a friend of mine is a licensed user (this package is rather expensive!). Unfortunately I must go to his office to use the program, so I'll have to find a cheap (freeware?) alternative to disassemble 8051 code. Any suggestion? _ Elio Corbolante. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
I have found this: http://home.earthlink.net/~davesullins/software/dis51.html not tested, but it seems good On Thu, Nov 8, 2012 at 3:12 PM, paul swed paulsw...@gmail.com wrote: I have no idea on a free disassembler. But there has to be one. Will look later tonight. Regards Paul. On Thu, Nov 8, 2012 at 8:44 AM, Elio C elio...@gmail.com wrote: From: paul swed paulswedb@... Just downloaded the information. The schematic really is shaping up very nicely. On the dumps any suggestion for looking at them? You have to use an 8051 disassembler to look at the FLASH dump: I have been using IDA http://www.hex-rays.com/products/ida/index.shtml because a friend of mine is a licensed user (this package is rather expensive!). Unfortunately I must go to his office to use the program, so I'll have to find a cheap (freeware?) alternative to disassemble 8051 code. Any suggestion? _ Elio Corbolante. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
http://lmgtfy.com/?q=8051+disassembler paul swed wrote: I have no idea on a free disassembler. But there has to be one. Will look later tonight. Regards Paul. On Thu, Nov 8, 2012 at 8:44 AM, Elio C elio...@gmail.com wrote: From: paul swed paulswedb@... Just downloaded the information. The schematic really is shaping up very nicely. On the dumps any suggestion for looking at them? You have to use an 8051 disassembler to look at the FLASH dump: I have been using IDA http://www.hex-rays.com/products/ida/index.shtml because a friend of mine is a licensed user (this package is rather expensive!). Unfortunately I must go to his office to use the program, so I'll have to find a cheap (freeware?) alternative to disassemble 8051 code. Any suggestion? _ Elio Corbolante. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
http://lmgtfy.com/?q=8051+disassembler http://lmgtfy.com/?q=8051+disassembler Dear Chuck, I appreciate your ironic comment, but I was really serious regarding the suggestions for a 8051 disassembler for several reasons: - I think I'm already able to use Google - I have very few time to spare evaluating the output of a disassembler: I prefer to analyze the code - If you have ever used IDA you'll understand that it will be very difficult to find a freeware alternative with the same quality level. - Surely you have never seen the output produced by IDA, hence your ironic comment - I prefer to spend my time working with a fine tool than using a product which I do not know anything about its quality/reliability _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
Elio, The problem with diassemblers is they only do what the author needed. And, different people have different needs, and different ideas of what is best. I find that I use different disassemblers at different times. Some handle one problem very well, others handle others better. For a piddley little microprocessor like an 8051, it takes very little time to audition a whole bunch of disassemblers, to find out what works best for you. My LMGTFY response was to the request for a free 8051 disassembler. If you want something for free, you will have to take what is available. What is available, is easily found by using google. Notice that I did not tag the LGMTFY to your original message. IDA is not something that I am willing to afford. If I need something different from what one of the open source projects can supply, I put on my coding hat and do it my way. You should buy IDA, clearly nothing else would do for your needs. -Chuck Harris Elio C wrote: http://lmgtfy.com/?q=8051+disassembler http://lmgtfy.com/?q=8051+disassembler Dear Chuck, I appreciate your ironic comment, but I was really serious regarding the suggestions for a 8051 disassembler for several reasons: - I think I'm already able to use Google - I have very few time to spare evaluating the output of a disassembler: I prefer to analyze the code - If you have ever used IDA you'll understand that it will be very difficult to find a freeware alternative with the same quality level. - Surely you have never seen the output produced by IDA, hence your ironic comment - I prefer to spend my time working with a fine tool than using a product which I do not know anything about its quality/reliability _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
On Thu, Nov 8, 2012 at 7:32 AM, Chuck Harris cfhar...@erols.com wrote: If I need something different from what one of the open source projects can supply, I put on my coding hat and do it my way. That is the major advantage of Open Source. If the program does not have some feature you want you can rectify that problem yourself without having to say somebody should But really, for an 8051 you can resolve most ambiguities by hand -- Chris Albertson Redondo Beach, California ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
[time-nuts] FE-5680A firmware dump
Disassemblers are hardly rocket science. They are only a parser with a pile of memory to remember labels. Why not write your own? I've written them in the past (a long way in the past, and I've written cross-assemblers too), so I don't see anything difficult about writing one for the 8051. The nice part about writing your own is that you get to make it do exactly what you want. 73, Murray ZL1BPU ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
In message 69463259C455458FAE691C4D0DC8FF75@EEPC, Murray Greenman writes: Disassemblers are hardly rocket science. They are only a parser with a pile of memory to remember labels. Why not write your own? I wrote a framework for such reverse engineering, where the disassembler just has to decode the instructions: https://github.com/bsdphk/PyRevEng Feel free to extend... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Murray not rocket science for some is to others and actually I would just like to know how the RB actually works. So I am staying clear of another endless project. Because I am not that smart. ;-) Regards Paul WB8TSL On Thu, Nov 8, 2012 at 11:56 AM, Murray Greenman denw...@orcon.net.nzwrote: Disassemblers are hardly rocket science. They are only a parser with a pile of memory to remember labels. Why not write your own? I've written them in the past (a long way in the past, and I've written cross-assemblers too), so I don't see anything difficult about writing one for the 8051. The nice part about writing your own is that you get to make it do exactly what you want. 73, Murray ZL1BPU __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Just to be clear, I thanks all of you for the warm suggestions on writing an 8051 disassembler by myself, but it is not exactly what I was asking for... I asked for some _suggestions_ on a reasonable good disassembler. Even if I have the expertise to write my own disassembler, I just do not want to waste my little and precious spare time doing this. It may be strange to some of you, but in my day time I have a work to be done and when I return home I have lots of more important things to do than writing a disassembler. It took me several months to finally get some free time to dump the firmware of the FE-5680A: I prefer to rely on the (free and generous) support of my friend and get some more immediate results. BTW, the complexity of a product like IDA will be very difficult to be reached by a single programmer like me. Surely they spent several man-years in developing this fine product: if someone of you want to write something similar for me (free, of course!) is welcome! . sorry for my rantings and moaning _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
In message CA+FhqXcodUuLvDMiHTs8Fe-grLPqYf3Q=m8k2hmxpqnc1+p...@mail.gmail.com, Elio C writes: Just to be clear, I thanks all of you for the warm suggestions on writing an 8051 disassembler by myself, but it is not exactly what I was asking for... I asked for some _suggestions_ on a reasonable good disassembler. There is already a 8051 disassembler in PyReveng -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Poul Tried looking this up and have pretty odd results. A link please On Thu, Nov 8, 2012 at 1:13 PM, Poul-Henning Kamp p...@phk.freebsd.dkwrote: In message CA+FhqXcodUuLvDMiHTs8Fe-grLPqYf3Q= m8k2hmxpqnc1+p...@mail.gmail.com, Elio C writes: Just to be clear, I thanks all of you for the warm suggestions on writing an 8051 disassembler by myself, but it is not exactly what I was asking for... I asked for some _suggestions_ on a reasonable good disassembler. There is already a 8051 disassembler in PyReveng -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Hi A disassembler is only going to give you a steaming pile of assembly code. Assuming the origin of the code was a high(er) level language, you will have a major task ahead to turn it into anything rational. Writing a 8051 disassembler is likely a much easier project. Bob On Nov 8, 2012, at 12:11 PM, paul swed paulsw...@gmail.com wrote: Murray not rocket science for some is to others and actually I would just like to know how the RB actually works. So I am staying clear of another endless project. Because I am not that smart. ;-) Regards Paul WB8TSL On Thu, Nov 8, 2012 at 11:56 AM, Murray Greenman denw...@orcon.net.nzwrote: Disassemblers are hardly rocket science. They are only a parser with a pile of memory to remember labels. Why not write your own? I've written them in the past (a long way in the past, and I've written cross-assemblers too), so I don't see anything difficult about writing one for the 8051. The nice part about writing your own is that you get to make it do exactly what you want. 73, Murray ZL1BPU __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
In message cad2jfahjxbmuvqvydvah90l9ntlpkoeapdytz5fbaa75ceg...@mail.gmail.com, paul swed writes: Poul Tried looking this up and have pretty odd results. A link please https://github.com/bsdphk/PyRevEng -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
I've done lots of disassembly and strongly prefer an interactive disassembler. The reason is that code frequently combines tables and instructions and if you just try to straight disassemble you will get large sections of nonsense which even extend beyond the data due to multiple byte instructions vs the data boundary. More advanced disassemblers can also be told what compiler produced the code (guess until it looks best) and give you C code mixed in where it can figure it out. Doing this right isn't a trivial task. On 11/8/2012 5:04 PM, Bob Camp wrote: Hi A disassembler is only going to give you a steaming pile of assembly code. Assuming the origin of the code was a high(er) level language, you will have a major task ahead to turn it into anything rational. Writing a 8051 disassembler is likely a much easier project. Bob On Nov 8, 2012, at 12:11 PM, paul swed paulsw...@gmail.com wrote: Murray not rocket science for some is to others and actually I would just like to know how the RB actually works. So I am staying clear of another endless project. Because I am not that smart. ;-) Regards Paul WB8TSL On Thu, Nov 8, 2012 at 11:56 AM, Murray Greenman denw...@orcon.net.nzwrote: Disassemblers are hardly rocket science. They are only a parser with a pile of memory to remember labels. Why not write your own? I've written them in the past (a long way in the past, and I've written cross-assemblers too), so I don't see anything difficult about writing one for the 8051. The nice part about writing your own is that you get to make it do exactly what you want. 73, Murray ZL1BPU __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1427 / Virus Database: 2441/5380 - Release Date: 11/07/12 ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
In message 509c3858.6050...@verizon.net, Peter Gottlieb writes: The reason is that code frequently combines tables and instructions [...] What I do in PyRevEng is try to automate this and many other steps. The disassembler gets pointed at an address were we know there is an instruction, starting for instance at the RESET vector. The disassembler returns a disassembly of the instruction and two optional parts: A flow description and a pseudo-instruction. The flow description will tell where this instruction can go next, for instance, calls, jumps, returns and so on. This discovered addresses are added to the list of places to disassemble. If there is no flow description, the next instruction after this one is disassembled. But the way this is used is that it's driven by a python script, so that you can steer this process, for instance if you discover a table: for a in range(0xfff3, 0xfff9, 3): cpu.disass(a) There's a lot of other stuff you can do too, annotate stuff, define labels etc. etc. and the pseudo-instruction stuff is an experiment to allow data/constraint-driven disassembly as well. I have an older prototype of this which will spot C-function arguments, and propagate their types throug calls/local/global variables also. Once you've done all you can at this point, an analysis pass happens, which tries to make sense of the instruction flow by finding functions, code modules etc. Finally the output is generated, see two examples here: Listing: http://phk.freebsd.dk/misc/_.hp5370b.txt Flowgraph: http://phk.freebsd.dk/misc/_.hp5370b.pdf -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
[time-nuts] FE-5680A firmware dump (at last!)
I'm sorry for the long delay (due to personal reasons) but at last I was able to dump the contents of the PSD chips which contains the firmware of the FEI FE-5680A rubidium frequency standard! I have also updated the schematics with some more details/information. You will find the new schematics at: http://www.rhodiatoce.com/pics/time-nuts/FE-5680A/FE-5680A_schematics_v0.3.pdf and the firmware dump (FLASH/EEPROM/CPLD/UserSpace) in .HEX and .BIN format at: http://www.rhodiatoce.com/pics/time-nuts/FE-5680A/FE5680A_FirmwareDump_v001.rar _ Elio Corbolante. P.S. I tried to disassemble the FLASH binary image and it seems the dump is OK: I was able to identify where the CPU accesses the DDS and the ADC. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump (at last!)
Elio Just downloaded the information. The schematic really is shaping up very nicely. On the dumps any suggestion for looking at them? Thanks for your hard work. Regards Paul WB8TSL On Wed, Nov 7, 2012 at 7:24 PM, Elio C elio...@gmail.com wrote: I'm sorry for the long delay (due to personal reasons) but at last I was able to dump the contents of the PSD chips which contains the firmware of the FEI FE-5680A rubidium frequency standard! I have also updated the schematics with some more details/information. You will find the new schematics at: http://www.rhodiatoce.com/pics/time-nuts/FE-5680A/FE-5680A_schematics_v0.3.pdf and the firmware dump (FLASH/EEPROM/CPLD/UserSpace) in .HEX and .BIN format at: http://www.rhodiatoce.com/pics/time-nuts/FE-5680A/FE5680A_FirmwareDump_v001.rar _ Elio Corbolante. P.S. I tried to disassemble the FLASH binary image and it seems the dump is OK: I was able to identify where the CPU accesses the DDS and the ADC. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolante elio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Don forget the PSD813 :) It provides 128KB Flash and 8KB RAM... so it can be a bit more complicated Regards, Javier El 17/02/2012 11:09, Azelio Boriani escribió: In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolanteelio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
OK, then maybe there are ROM bank switching as the MCS51 can't execute beyon the 64K limit. It can be very challenging to follow a code that jumps between 64K ROM banks. Moreover the MCS51 has to address the external RAM by massive pointer use (the famous MOVX @DPTR,A and MOVX A,@DPTR instructions) beyond the 256byte internal easier to address RAM. Yes, you need a good disassembler, aware of bank switching and massive pointer use. On Fri, Feb 17, 2012 at 11:20 AM, Javier Herrero jherr...@hvsistemas.eswrote: Don forget the PSD813 :) It provides 128KB Flash and 8KB RAM... so it can be a bit more complicated Regards, Javier El 17/02/2012 11:09, Azelio Boriani escribió: In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolanteelio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/**mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Hi I'd bet that there's some code in there and some data tables. Without digging in, it's hard to say how big each is. We could easily find that there's 24K of code in the MCS51 and a bunch of tables in the PSD813. Bob -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Azelio Boriani Sent: Friday, February 17, 2012 6:06 AM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] FE-5680A firmware dump OK, then maybe there are ROM bank switching as the MCS51 can't execute beyon the 64K limit. It can be very challenging to follow a code that jumps between 64K ROM banks. Moreover the MCS51 has to address the external RAM by massive pointer use (the famous MOVX @DPTR,A and MOVX A,@DPTR instructions) beyond the 256byte internal easier to address RAM. Yes, you need a good disassembler, aware of bank switching and massive pointer use. On Fri, Feb 17, 2012 at 11:20 AM, Javier Herrero jherr...@hvsistemas.eswrote: Don forget the PSD813 :) It provides 128KB Flash and 8KB RAM... so it can be a bit more complicated Regards, Javier El 17/02/2012 11:09, Azelio Boriani escribió: In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolanteelio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/**mailman/listinfo/time-nutshttps://www.febo.c om/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nutshttps://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Maybe. Take into account that MCS51 OTP processors usually are 8K of code. I use, among the others, the AT89C55 that has 20K of flash ROM. It seems better to use a ROMless 8051 and place the code/tables in the PSD. On Fri, Feb 17, 2012 at 6:17 PM, Bob Camp li...@rtty.us wrote: Hi I'd bet that there's some code in there and some data tables. Without digging in, it's hard to say how big each is. We could easily find that there's 24K of code in the MCS51 and a bunch of tables in the PSD813. Bob -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Azelio Boriani Sent: Friday, February 17, 2012 6:06 AM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] FE-5680A firmware dump OK, then maybe there are ROM bank switching as the MCS51 can't execute beyon the 64K limit. It can be very challenging to follow a code that jumps between 64K ROM banks. Moreover the MCS51 has to address the external RAM by massive pointer use (the famous MOVX @DPTR,A and MOVX A,@DPTR instructions) beyond the 256byte internal easier to address RAM. Yes, you need a good disassembler, aware of bank switching and massive pointer use. On Fri, Feb 17, 2012 at 11:20 AM, Javier Herrero jherr...@hvsistemas.eswrote: Don forget the PSD813 :) It provides 128KB Flash and 8KB RAM... so it can be a bit more complicated Regards, Javier El 17/02/2012 11:09, Azelio Boriani escribió: In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolanteelio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/**mailman/listinfo/time-nuts https://www.febo.c om/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nuts https://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nuts https://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Hi I'm more or less guessing that there's a bunch of init data in there, a command processor for the serial i/o, and relatively little actual PLL loop and/or running code. Put another way - once it's up and running it's basically an analog part. If they have a field update option, they could just have a boot loader in the MCS51 and two images of everything else in the PSD813. Lots of possibilities Bob -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Azelio Boriani Sent: Friday, February 17, 2012 12:38 PM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] FE-5680A firmware dump Maybe. Take into account that MCS51 OTP processors usually are 8K of code. I use, among the others, the AT89C55 that has 20K of flash ROM. It seems better to use a ROMless 8051 and place the code/tables in the PSD. On Fri, Feb 17, 2012 at 6:17 PM, Bob Camp li...@rtty.us wrote: Hi I'd bet that there's some code in there and some data tables. Without digging in, it's hard to say how big each is. We could easily find that there's 24K of code in the MCS51 and a bunch of tables in the PSD813. Bob -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Azelio Boriani Sent: Friday, February 17, 2012 6:06 AM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] FE-5680A firmware dump OK, then maybe there are ROM bank switching as the MCS51 can't execute beyon the 64K limit. It can be very challenging to follow a code that jumps between 64K ROM banks. Moreover the MCS51 has to address the external RAM by massive pointer use (the famous MOVX @DPTR,A and MOVX A,@DPTR instructions) beyond the 256byte internal easier to address RAM. Yes, you need a good disassembler, aware of bank switching and massive pointer use. On Fri, Feb 17, 2012 at 11:20 AM, Javier Herrero jherr...@hvsistemas.eswrote: Don forget the PSD813 :) It provides 128KB Flash and 8KB RAM... so it can be a bit more complicated Regards, Javier El 17/02/2012 11:09, Azelio Boriani escribió: In my opinion you don't need the power of an IDA-class disassembler to process an 8051-like code. The MCS51 family processors have only 128 or 256 bytes of RAM (and at most 64K ROM) and cannot host complex code. On Fri, Feb 17, 2012 at 10:27 AM, Elio Corbolanteelio...@gmail.com wrote: From: Mike McCauley I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Don't worry: when I will be able to dump the firmware I will let it on the public domain. BTW, I have the opportunity to use the IDA disassembler (a friend of mine is a licensed user) so I think the disassembly of the code will be rather good. Any knowledge of a public domain 8051 disassembler which can rival IDA in performance/code analysis? _ Elio. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/**mailman/listinfo/time-nuts https://www.febo.c om/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nuts https://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. __**_ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/** mailman/listinfo/time-nuts https://www.febo.com/cgi-bin/mailman/listinfo/tim e-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
El 07/02/2012 0:30, Elio Corbolante wrote: From: Steve .iteration69 at gmail.com I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Id like to help with the disassembly if you can get the binary dump. Cheers. -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
From: Chris Albertson albertson.ch...@gmail.com Email some of the sellers in China and offer to buy a returned unit. they must have some On Mon, Feb 13, 2012 at 5:55 PM, EB4APL eb4...@cembreros.jazztel.es wrote: I don't mind sending something like $5 to a buy group and we'll have enough with a few of us. But if I were Elio I'll not feel very happy using a working unit for this kind of use, This is the answer I got from 'nichegeek': We do would like to help but sorry that what we got from supplier is good items although it is secondhand products. I will buy one working unit just to be dissectioned. _Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Elio, Let us contribute to the buy. If you can receive money by Paypal it wold be very easy. Best regards, Ignacio, EB4APL El 14/02/2012 13:26, Elio Corbolante escribió: From: Chris Albertsonalbertson.ch...@gmail.com Email some of the sellers in China and offer to buy a returned unit. they must have some On Mon, Feb 13, 2012 at 5:55 PM, EB4APLeb4...@cembreros.jazztel.es wrote: I don't mind sending something like $5 to a buy group and we'll have enough with a few of us. But if I were Elio I'll not feel very happy using a working unit for this kind of use, This is the answer I got from 'nichegeek': We do would like to help but sorry that what we got from supplier is good items although it is secondhand products. I will buy one working unit just to be dissectioned. _Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
I don't mind sending something like $5 to a buy group and we'll have enough with a few of us. But if I were Elio I'll not feel very happy using a working unit for this kind of use, I would try to not break anything and he is even talking of removing the programmable chips to read them in a programmer!. Anyway I'm recognize that a working unit could be advantageous for some tests. So if anybody wants to collect the money, let me know. Regards, Ignacio, EB4APL On 13/02/2012 4:22, Peter Gottlieb wrote: Better idea. Let's all donate a few bucks each and buy Elio an intact one. Peter On 2/12/2012 8:08 PM, EB4APL wrote: Hi, Has anybody tried to ask the guy who made the forensics in Youtube if he could send the remnants to Elio? He could make a very good use of them. Regards, Ignacio, EB4APL El 07/02/2012 0:30, Elio Corbolante wrote: From: Steve .iteratio...@gmail.com I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Also, what programmer do you have, Here at work I have a galep-5 which AFAIK can read both the mcu and cpld/fgpa/pga, whatever it is (provided they are not locked, or the state machine encrypted) My programmer is a MQP Pin-Master 48http://www.mqp.com/pm48.htm which directly support the PSD chip via JTAG (JAM STAPL files). According to this document:http://www.mqp.com/pdf/apnotes/30201.pdf the programmer does not support auxiliary functions like reading the device, but only erase/program/verify. The official programmer/software (FlashLINK/PSDsoft Express) http://www.st.com/internet/com/SOFTWARE_RESOURCES/TOOL/CONFIGURATION_UTILITY/um0050.zip permits to dump the content of the PSD in an .obj file, but at this date I have not this programmer and I have to build it http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf :-( If you are able to dump the software using your Galep 5, you are welcome!!! :-) Otherwise my two options will be: 1) to build a FlashLINK clone, hoping the PSD contents are not protected: according to this document http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf (Pag. 17) the protection flag can't be enabled using the JTAG interface... 2) to remove the PSD chip and read its contents using a different microprocessor (this will work for certain) _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1424 / Virus Database: 2112/4806 - Release Date: 02/12/12 ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Email some of the sellers in China and offer to buy a returned unit. they must have some On Mon, Feb 13, 2012 at 5:55 PM, EB4APL eb4...@cembreros.jazztel.es wrote: I don't mind sending something like $5 to a buy group and we'll have enough with a few of us. But if I were Elio I'll not feel very happy using a working unit for this kind of use, Chris Albertson Redondo Beach, California ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Hi, Has anybody tried to ask the guy who made the forensics in Youtube if he could send the remnants to Elio? He could make a very good use of them. Regards, Ignacio, EB4APL El 07/02/2012 0:30, Elio Corbolante wrote: From: Steve .iteratio...@gmail.com I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Also, what programmer do you have, Here at work I have a galep-5 which AFAIK can read both the mcu and cpld/fgpa/pga, whatever it is (provided they are not locked, or the state machine encrypted) My programmer is a MQP Pin-Master 48http://www.mqp.com/pm48.htm which directly support the PSD chip via JTAG (JAM STAPL files). According to this document:http://www.mqp.com/pdf/apnotes/30201.pdf the programmer does not support auxiliary functions like reading the device, but only erase/program/verify. The official programmer/software (FlashLINK/PSDsoft Express) http://www.st.com/internet/com/SOFTWARE_RESOURCES/TOOL/CONFIGURATION_UTILITY/um0050.zip permits to dump the content of the PSD in an .obj file, but at this date I have not this programmer and I have to build it http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf :-( If you are able to dump the software using your Galep 5, you are welcome!!! :-) Otherwise my two options will be: 1) to build a FlashLINK clone, hoping the PSD contents are not protected: according to this document http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf (Pag. 17) the protection flag can't be enabled using the JTAG interface... 2) to remove the PSD chip and read its contents using a different microprocessor (this will work for certain) _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
Better idea. Let's all donate a few bucks each and buy Elio an intact one. Peter On 2/12/2012 8:08 PM, EB4APL wrote: Hi, Has anybody tried to ask the guy who made the forensics in Youtube if he could send the remnants to Elio? He could make a very good use of them. Regards, Ignacio, EB4APL El 07/02/2012 0:30, Elio Corbolante wrote: From: Steve .iteratio...@gmail.com I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Also, what programmer do you have, Here at work I have a galep-5 which AFAIK can read both the mcu and cpld/fgpa/pga, whatever it is (provided they are not locked, or the state machine encrypted) My programmer is a MQP Pin-Master 48http://www.mqp.com/pm48.htm which directly support the PSD chip via JTAG (JAM STAPL files). According to this document:http://www.mqp.com/pdf/apnotes/30201.pdf the programmer does not support auxiliary functions like reading the device, but only erase/program/verify. The official programmer/software (FlashLINK/PSDsoft Express) http://www.st.com/internet/com/SOFTWARE_RESOURCES/TOOL/CONFIGURATION_UTILITY/um0050.zip permits to dump the content of the PSD in an .obj file, but at this date I have not this programmer and I have to build it http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf :-( If you are able to dump the software using your Galep 5, you are welcome!!! :-) Otherwise my two options will be: 1) to build a FlashLINK clone, hoping the PSD contents are not protected: according to this document http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf (Pag. 17) the protection flag can't be enabled using the JTAG interface... 2) to remove the PSD chip and read its contents using a different microprocessor (this will work for certain) _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1424 / Virus Database: 2112/4806 - Release Date: 02/12/12 ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
[time-nuts] FE-5680A firmware dump
Unfortunately my programmer is only able to erase/program/verify the PSD chip. The read option is not available! :-( To dump the firmware I need to desolder the chip and prepare a dedicated testbed: before doing this on a working FE-5680A, is there anyone of you who want to sell me a *nonworking* unit (better if it is a nonlocking one)? _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Also, what programmer do you have, Here at work I have a galep-5 which AFAIK can read both the mcu and cpld/fgpa/pga, whatever it is (provided they are not locked, or the state machine encrypted) Steve On Mon, Feb 6, 2012 at 10:07 AM, Elio Corbolante elio...@gmail.com wrote: Unfortunately my programmer is only able to erase/program/verify the PSD chip. The read option is not available! :-( To dump the firmware I need to desolder the chip and prepare a dedicated testbed: before doing this on a working FE-5680A, is there anyone of you who want to sell me a *nonworking* unit (better if it is a nonlocking one)? _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] FE-5680A firmware dump
From: Steve . iteratio...@gmail.com I've been considering ripping the firmware from the mcu as well. I've not got beyond the consideration stages, but i have all the equipment here at work. When you say that the read option is not available. is this because the chip has protection fuses enabled? Also, what programmer do you have, Here at work I have a galep-5 which AFAIK can read both the mcu and cpld/fgpa/pga, whatever it is (provided they are not locked, or the state machine encrypted) My programmer is a MQP Pin-Master 48 http://www.mqp.com/pm48.htm which directly support the PSD chip via JTAG (JAM STAPL files). According to this document: http://www.mqp.com/pdf/apnotes/30201.pdf the programmer does not support auxiliary functions like reading the device, but only erase/program/verify. The official programmer/software (FlashLINK/PSDsoft Express) http://www.st.com/internet/com/SOFTWARE_RESOURCES/TOOL/CONFIGURATION_UTILITY/um0050.zip permits to dump the content of the PSD in an .obj file, but at this date I have not this programmer and I have to build it http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf :-( If you are able to dump the software using your Galep 5, you are welcome!!! :-) Otherwise my two options will be: 1) to build a FlashLINK clone, hoping the PSD contents are not protected: according to this document http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/CD4566.pdf (Pag. 17) the protection flag can't be enabled using the JTAG interface... 2) to remove the PSD chip and read its contents using a different microprocessor (this will work for certain) _ Elio. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
