Looking for a 6502 disassembler for reverse engineering

[bprosman]

Helping someone to reverse engineer a 6502 SBC. It has a 6052 processor, a 2K EPROM from F800-FFF, and a 2K Ram and 6522 "somewhere in the memory map". The memory decoding prom (82S129) is still to be read.
Any suggestion of a disassembler/emulator ?. I have the monitor in .HEX and .BIN format. For the rest no docuentation whatsoever.

Googling on MPS65 doesnt bring me anythig

Thanks in advance, Bram

[Pernod]

What are you trying to find out about it?

If you post the monitor then I could create a simple driver in MAME for it.

Same board is also discussed at http://forum.6502.org/viewtopic.php?f=3&t=3023

[BigEd]

Looks like a machine somewhat like this is the subject of this thread, which includes a ROM dump:

• Strange 6502 trainer

As for a disassembler, there are many listed here, but this one might be a good start:

• WFDis - 6502/65C02 interactive disassembler

[bprosman]

Thanks for the responses so far, looks indeed like the same board.

What are you trying to find out about it?

Try to reverse engineer it.

[BigEd]

I'll be interested to see the results! I see the auction listing over on 6502.org promises some notes on how to use the monitor - I suppose you don't any documentation at all?

It's a nice board, two sided, through hole, and a big multi-way connector for expansion.

[Pernod]

I have the ROM from the other forum running, the 6522 is at A000-A00F, and it's also expecting something at E003.

No keyboard or LED output yet so nothing to show.

[hansotten]

Some more info (its a Facebook discussion at 6502 Homebrew Hardware and Programming group where Bram and I participate about this SBC, photos and video shown while operating, now broken)

The memory decode PROM has been read out by the owner Ian Day

00000000 -> 0 -> 1011
00000001 -> 1 -> 1011
00000010 -> 2 -> 1011
00000011 -> 3 -> 1011
00000100 -> 4 -> 1011
00000101 -> 5 -> 1011
00000110 -> 6 -> 1011
00000111 -> 7 -> 1011

10100000 -> 160 -> 1101

11110000 -> 240 -> 0111
11110001 -> 241 -> 0111
11110010 -> 242 -> 0111
11110011 -> 243 -> 0111
11110100 -> 244 -> 0111
11110101 -> 245 -> 0111
11110110 -> 246 -> 0111
11110111 -> 247 -> 0111
11111000 -> 248 -> 0111
11111001 -> 249 -> 0111
11111010 -> 250 -> 0111
11111011 -> 251 -> 0111
11111100 -> 252 -> 0111
11111101 -> 253 -> 0111
11111110 -> 254 -> 0111
11111111 -> 255 -> 0111

So three Chip select lines, unknown which one is RAM or ROM. The one liner will be the 6522.

I looked at the disassembled ROM dump from 6502.org, I see the 6522 at address A000. I did not see other I/O yet.

What I see from the disassembly and the photos is:
65C02 at 2 MHz
RAM 6116 2K at 0000
6522 at A000
ROM 2K at F800 (pure 6502 code afaik in the ROM)
24 key keyboard/ 6 led matrix with 7400 and 7442 decoder and transistor for every led display
RS307-109 Darligton Driver Array
82S129 as show above
Transistor for reset?

[jgharston]

<plug> http://mdfs.net/Software/Assembler/DisAssem/ </plug>

[jms2]

Jonathan, the MkSrc.txt file on that page is a dead link - which is a pity because I'd be interested to try out mksrc65. I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.

[hoglet]

I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.

Phill's BeebDIS is pretty good.
viewtopic.php?t=14979

Dave

[BigEd]

FYI, Arne has just posted some (German) PDFs in the thread over on 6502.org.

Looks like a machine somewhat like this is the subject of this thread, which includes a ROM dump:

• Strange 6502 trainer

[jgharston]

Jonathan, the MkSrc.txt file on that page is a dead link - which is a pity because I'd be interested to try out mksrc65. I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.

Fixed.

[jms2]

I've been having another play with the latest version of Beebdis, but I'm struggling to get it to use the standard LABELS.TXT file (or any other list of labels for that matter). My control file looks like this:

Code: Select all

load $8000 filename.rom
save filename_dis.asm
symbols LABELS.TXT
cpu 6502
entry $8003

I know I have got the "load", "save" and "symbols" commands in the right order and correctly at the start of the control file, but whilst there are no errors it doesn't seem to recognise the symbol definitions - all the symbols are auto-generated.

What am I missing?

[Prime]

What am I missing?

Can you show us the contents of your LABELS.TXT please?

Cheers.

Phill.

[jms2]

It's just the standard one from the Beebdis zipfile. So this:

Code: Select all

; OS routines BBC A/B/B+/Master/Electron

OSCLI  $FFF7	
OSBYTE $FFF4	
OSWORD $FFF1	
OSWRCH $FFEE	
OSNEWL $FFE7	
OSASCI $FFE3	
OSRDCH $FFE0	
OSFILE $FFDD	
OSARGS $FFDA	
OSBGET $FFD7	
OSBPUT $FFD4	
OSGBPB $FFD1	
OSFIND $FFCE	
NNWRCH $FFCB	
NVRDCH $FFC8	
GSREAD $FFC5	
GSINIT $FFC2	
OSEVEN $FFBF	
OSRDSC $FFB9	
OSWRSC $FFB3	

; Vectors

USERV 	$0200
BRKV	$0202
IRQ1V	$0204
IRQ2V	$0206
CLIV	$0208
BYTEV	$020A
WORDV	$020C
WRCHV	$020E
RDCHV	$0210
FILEV	$0212
ARGSV	$0214
BGETV	$0216
BPUTV	$0218
GBPBV	$021A
FINDV	$021C
FSCV	$021E
EVENTV	$0220
UPTV	$0222
NETV	$0224
VDUV	$0226
KEYV	$0228
INSV	$022A
REMV	$022C
CNPV	$022E
INDV1	$0230
INDV2	$0232
INDV3	$0234

[hoglet]

I have a working example here:
viewtopic.php?p=199776#p199776

Dave

[jms2]

Thanks Dave! I can see that it has worked perfectly in your example (and appended its list of symbols onto the list of auto-generated ones), but it doesn't work for me. I've done the following things (all of which have had no effect):

- Use the .sym ending on my labels file, and reference that.
- Call up MCMON.sym instead (having copied it into the folder, obviously)
- Move the "symbols" directive in between "load" and "save", as in your example
- Shorten the filenames to less than 8 characters.
- Putting the "symbols" directive first in the control file (I know this is not what the manual says, but I'm clutching at straws!).

One thing did have an effect - I had the directive "cpu 6502" in my control file, but yours lacked it. So I deleted it out of mine as well. This resulted in no disassembly at all!

This is with BeebDis 1.20. I thought I had better try re-running your MCMON disassembly to see if that worked - but it didn't, instead it produced the hexdump preceded by what looks to be a list of all the assembler mnemonics used in the program.

[hoglet]

Seems that was working with a much older version:

Code: Select all

C:\Users\David Banks\Documents\LEVEL9\BeebDis>BeebDis.exe
BeebDis V0.91 2013-03, PhillHarvey-Smith.
Error: no control file

Here's another example using symbols that works with version 1.10:
https://github.com/hoglet67/BBCBasic4r3 ... isassembly

I would try with 1.20, but I can't remember how to re-build this on Linux

Dave

[Prime]

I think there may be a bug with 1.20 where it is not loading the symbols correctly.

Please standby for a fix.....

Cheers.

Phill.

[Prime]

Right I've hopefully fixed the bug with the symbol files not being read.
I've also added a verbosity system so you can set how much output you get whilst processing files.

Just uploaded to github.

Cheers.

Phill.

[jms2]

Great, thanks!

I've been wanting to get somewhere with Beebdis for a while, and realising that it generates Beebasm output is an even better reason to experiment with it. This was my first serious attempt and the symbols problem was a bit puzzling!

[jms2]

Just tried v1.25. I really like the slightly more verbose output at the command line - it helps a lot to see what the program is doing.

It reports that it loads the file to disassemble, says it is loading the symbols file, and then saves the result; but guess what... it still doesn't actually seem to import the labels. I tried with the two labels files that I have (one being Hoglet's, the other being the original file).

I also need to use the "cpu 6502" directive, otherwise I get nothing. Perhaps this is intentional though (it makes sense).