Hello Steve,
I RDP's into my home system and ran the binary through my
decompiler. It looks like there might be an issue with how the ROM was
pulled. It's missing a byte every 32 bytes, so I'm getting a lot of
invalid opcodes. That could also explain the missing 128 bytes at the
end too.
Would you mind sharing the program you used to dump the firmware so I
can have a quick look through?
Darren Clark
On 1/22/24 23:21, Stephen Adolph wrote:
these look like 6301 opcodes. Maybe this worked.
take a look please when you can. thanks. Steve
On Tue, Jan 9, 2024 at 6:55 PM Darren Clark <biggran...@gmail.com> wrote:
TPDD2 firmware dumping - breaking this into a new thread.
It would be interesting to see if we can use the command 'Request
Block'
from page 89 to read the ROM of the CPU...
I dumped the ROM of the TPDD1 and got a good start at reverse
engineering it and documenting it here
https://github.com/BiggRanger/Tandy_PDD/tree/master can't believe
that
was over 7 years ago!
Looking at the schematic in the PDF, the HD6301V1 starts up in mode 6
just like with TPDD1, that places the firmware/ROM between 0xF000 and
0xFFFF in memory.
Is there anybody with a TPDD2 willing to try and dump 4K of data from
0xF000 to 0xFFFF and send it to me so I can start reverse engineering
and documenting it? It should look somewhat similar to this
https://github.com/BiggRanger/Tandy_PDD/blob/master/PDD1.HEX if it is
outputting good data.
From page 89 GET THE DATA FROM THE DRIVE'S MEMORY
Request Block - 5A5A 32 04 01 F000 40 (checksum) and see what
block of
64 bytes comes out.
Darren Clark
Here is a memory map of the TPDD1 from my reverse engineering earlier:
;----------------------------------------------------------
;Memory Map of PDD (using mode 6):
;----------------------------------------------------------
;0000-001F Internal Registers (see below)
;0080-00FF Internal RAM
;4000-4003 CPLD (Glue Logic + Hardware IO Control)
;8000-87FF External RAM (2K)
;F000-FFFF Internal ROM (4K)
;----------------------------------------------------------
;I/O ports
;Port.Bit I/O Pin# ID Function
;----------------------------------------------------------
;Port1.B0 Input Pin18 P10 CTS
;Port1.B1 Input Pin19 P11 DSR
;Port1.B2 Output Pin20 P12 RTS
;Port1.B3 Output Pin22 P13 DTR
;Port1.B4 Output Pin23 P14 PS Alarm (Low Battery LED)
;Port1.B5 Output Pin24 P15 LED101 (Drive Access LED)
;Port1.B6 Output Pin25 P16 To MA7340
;Port1.B7 Output Pin26 P17 SCAN
;Port2.B0 Input Pin11 P20 Mode (pulled Low)
;Port2.B1 Input Pin12 P21 Mode (pulled Hi)
;Port2.B2 Input Pin13 P22 (SCI) CLKOUT from CPLD for
BAUD rate
;Port2.B3 Input Pin14 P23 (SCI) /RXD
;Port2.B4 Output Pin15 P24 (SCI) /TXD
;----------------------------------------------------------
