this definitely looks like 6502 code. time to pull it into Ghidra.
196 comments
hmm, looks like there are a few instructions that aren't 6502. apparently Rockwell defined a few new ones. it would be nice if Ghidra could handle those. ahhhhh much better. thanks to whomever added R6518 support to Ghidra just now. oh wait that was me ok so funny story, the Ghidra target of "65C02" already supports these instructions. at least i know how to customize Ghidra... @tubetime It probably supports the WDC 6502 instruction set, which is a superset of the Rockwell CMOS extensions. some interesting routines. this one waits for the spindle speed (as measured by the index pulses) to exceed 3593 rpm (or so). they have a clever delay-by-x routine. the entry point is delay_entry. and yes, the routine calls its own rts as a way to insert cycles... so one of these drives blew a tantalum capacitor. i think i will take this board apart for reverse engineering purposes. there are multiple revisions but this will be a good starting point. with a combination of hot air and a desoldering gun, i've taken it down to just a few surface mount parts. i'm going to leave those in place for now since many of them are not marked. there is also no silkscreen. they scanned well. i've taken the top and bottom images and lined them up precisely. these reference images are 600dpi but i may go for a lower res version for KiCad since it stores the images in the pcb file, which slows it down a lot. @tubetime You're reminding me that I need to learn how to pull PCB images into Kicad and tweak my process. I usually have the layers stacked in GIMP and colourised red and blue, then use layer masks to hide the tracks I've entered into the schematic. I mean... zero? Maybe it's just a lil square jumper wire? Is that so wrong? @tubetime Looks like it's supposed to be a 0R jumper. Is it actually? @tubetime it's actually 100 ohms. someone back in the day was making resistors of various values that were all marked 0. great... @tubetime The “0” stands for “this marking gives you zero clues as to what the resistance of this resistor might be.” @tubetime A manufacture marking what looks like a 0 on SMT parts that are not zero-ohm is horrible. 😬 whew. got the layout and schematic captured. there were a few differences compared with the official schematic. solved a few mystery pins on these Seagate custom chips. they are connected to the magnetic heads. the ST-225 drive uses a similar circuit but it is an older design and less integrated. the ST-251's SSI257.2 chip drives the center taps of the head windings. they just "garbage collected" the transistors, head select decoder, and resistors driving it along with the transistors that set the write current. by looking at the ST-412 schematic, i figured out that the ST-251's SSI257 chip contains a bunch of steering diodes as well as an op amp (an NE592 equivalent). so on my schematic, i've named all the previously nameless pins and the circuit makes sense now. @tubetime Where is that betamax pin! congrats on the great reversing. kinda horrifying but this is the best way to test SMD parts out of circuit. @tubetime I have to imagine this is what Tombstone, AZ looks like @tubetime trick question: it only looks like a resistor, it’s actual function is a fuse, and is currently measuring infinity @tubetime 0 ohms. I forget the actual name but it's a junction. @tubetime oh thats the famous B(R)SET/B(R)CLR that are still available in the hc11! @tubetime It should recognise them if you tell it the chip is a 65C02. The WDesignC 65C02 implements those instructions too (and a few WDesignC specific ones) |
oh yeah. i've mapped it starting at address 0x3000 but the hardware maps the ROM chip in starting at 0x0100, where it just gets aliased all the way up to 0xFFFF. the absolute jump addresses located in the vectors at the top of the ROM refer to addresses starting at 0x3000, so i'm just using that.