2

Studying part of the code of firmware from the Datamaster, I wasn't able to find the I/O ports for the NEC765. Observing the hardware I have observed what it seems to be a 8048[1] in between both components, so the microcontroller is actually driving the FDC. The Datamaster expansion bus is almost the same they employed later in the 5150 PC and became known retrospectively as ISA[2].

One of my goals is to understand how communication between both devices occur so I can fully emulate them. I imagine it is an interrupt-driven design, but I don't know if it is memory mapped or I/O mapped.

What should I be seeking in such a design in order to be able to reverse-engineer it?

1- The components are relabelled. I cannot fully confirm the identity of the component.

2- While some sources say it is mirrored, it is not.

Improve this question
12
  • 2
    Please edit your question and add links to the software source files and to the schematics. Can't do anything without them. Thanks.
    – TonyM
    CommentedApr 22 at 14:47
  • 2
    Please clarify: The 8048 is connected to the Datamaster expansion bus (which is close to ISA), and the NEC765 is only connected to the 8048, is that correct? Depending on how the 8048 is connected, it can probably do lots of things, and you probably cannot get at the ROM in the 8048, so probably the best is to to observe the system when using the floppy and then forming a theory how it'd probably work.
    – dirkt
    CommentedApr 22 at 16:55
  • 1
    Best start would be to simply follow the way they are connected, as that specifies what each can do at all. Possibly adding this (including schematics) tot the question so others may iterate upon. Also, the bus isn't really a predecessor to ISA, but both modelled close to the 8085 bus (shared by the 8086/88), which in turn is an updated 8080 bus. Same way as S100 :)
    – Raffzahn
    CommentedApr 22 at 23:00
  • 2
    @dirkt I haven't worked with 8048s but according to sbprojects.net/projects/8049spy/index.php it might be possible to dump the ROM without having to decap.
    – Exophase
    CommentedApr 23 at 3:39
  • I will edit the question, to add the schematics asap. Unfortunately this design is not like in the case of the PC or other computers from IBM where the full schematics are available.
    – Borg Drone
    CommentedApr 23 at 6:23

1 Answer 1

Reset to default
5

What should I be seeking in such a design in order to be able to reverse-engineer it?

The contents of the 8048 can be dumped, I tested a device I have to program and dump the contents of the MCS-48 series of ICs

Then the obvious first step to reverse engineer it is to dump the ROM, use IDA Pro or whatever on it and find out what it does.

If you need a refresher on the ISA bus to see what the signals do, have e.g. a look here.

Best approach is to use a logic analyzer with enough channels and trace all signals.

If you don't have a logic analyzer with enough channels, deriving information from some signals only will be tedious, then understanding the ROM dump is the easier approach.

Improve this answer

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.