Looking for a 6502 disassembler for reverse engineering

Development tools discussion area.
Post Reply
bprosman
Posts: 313
Joined: Sun Mar 29, 2015 10:27 pm
Contact:

Looking for a 6502 disassembler for reverse engineering

Post by bprosman » Sat Dec 29, 2018 10:16 am

Helping someone to reverse engineer a 6502 SBC. It has a 6052 processor, a 2K EPROM from F800-FFF, and a 2K Ram and 6522 "somewhere in the memory map". The memory decoding prom (82S129) is still to be read.
Any suggestion of a disassembler/emulator ?. I have the monitor in .HEX and .BIN format. For the rest no docuentation whatsoever.

Googling on MPS65 doesnt bring me anythig

Thanks in advance, Bram
Ian_Day_6502_solder.jpg
Ian_Day_6502_components.jpg

User avatar
Pernod
Posts: 1619
Joined: Fri Jun 08, 2012 10:01 pm
Location: Croydon, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by Pernod » Sat Dec 29, 2018 11:12 am

What are you trying to find out about it?

If you post the monitor then I could create a simple driver in MAME for it.

Same board is also discussed at http://forum.6502.org/viewtopic.php?f=3&t=3023
Last edited by Pernod on Sat Dec 29, 2018 11:32 am, edited 1 time in total.
- Nigel

BBC Model B: ATPL Sidewise, Acorn Speech, 2xWatford Floppy Drives, AMX Mouse, Viglen case, BeebZIF, etc.

User avatar
BigEd
Posts: 2591
Joined: Sun Jan 24, 2010 10:24 am
Location: West
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by BigEd » Sat Dec 29, 2018 11:27 am

Looks like a machine somewhat like this is the subject of this thread, which includes a ROM dump: As for a disassembler, there are many listed here, but this one might be a good start:

bprosman
Posts: 313
Joined: Sun Mar 29, 2015 10:27 pm
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by bprosman » Sat Dec 29, 2018 11:34 am

Thanks for the responses so far, looks indeed like the same board.
What are you trying to find out about it?
Try to reverse engineer it.

User avatar
BigEd
Posts: 2591
Joined: Sun Jan 24, 2010 10:24 am
Location: West
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by BigEd » Sat Dec 29, 2018 11:50 am

I'll be interested to see the results! I see the auction listing over on 6502.org promises some notes on how to use the monitor - I suppose you don't any documentation at all?

It's a nice board, two sided, through hole, and a big multi-way connector for expansion.

User avatar
Pernod
Posts: 1619
Joined: Fri Jun 08, 2012 10:01 pm
Location: Croydon, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by Pernod » Sat Dec 29, 2018 12:26 pm

I have the ROM from the other forum running, the 6522 is at A000-A00F, and it's also expecting something at E003.

No keyboard or LED output yet so nothing to show.
- Nigel

BBC Model B: ATPL Sidewise, Acorn Speech, 2xWatford Floppy Drives, AMX Mouse, Viglen case, BeebZIF, etc.

hansotten
Posts: 1
Joined: Mon Dec 10, 2018 11:47 am
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by hansotten » Sat Dec 29, 2018 6:10 pm

Some more info (its a Facebook discussion at 6502 Homebrew Hardware and Programming group where Bram and I participate about this SBC, photos and video shown while operating, now broken)

The memory decode PROM has been read out by the owner Ian Day

00000000 -> 0 -> 1011
00000001 -> 1 -> 1011
00000010 -> 2 -> 1011
00000011 -> 3 -> 1011
00000100 -> 4 -> 1011
00000101 -> 5 -> 1011
00000110 -> 6 -> 1011
00000111 -> 7 -> 1011

10100000 -> 160 -> 1101

11110000 -> 240 -> 0111
11110001 -> 241 -> 0111
11110010 -> 242 -> 0111
11110011 -> 243 -> 0111
11110100 -> 244 -> 0111
11110101 -> 245 -> 0111
11110110 -> 246 -> 0111
11110111 -> 247 -> 0111
11111000 -> 248 -> 0111
11111001 -> 249 -> 0111
11111010 -> 250 -> 0111
11111011 -> 251 -> 0111
11111100 -> 252 -> 0111
11111101 -> 253 -> 0111
11111110 -> 254 -> 0111
11111111 -> 255 -> 0111

So three Chip select lines, unknown which one is RAM or ROM. The one liner will be the 6522.

I looked at the disassembled ROM dump from 6502.org, I see the 6522 at address A000. I did not see other I/O yet.

What I see from the disassembly and the photos is:
65C02 at 2 MHz
RAM 6116 2K at 0000
6522 at A000
ROM 2K at F800 (pure 6502 code afaik in the ROM)
24 key keyboard/ 6 led matrix with 7400 and 7442 decoder and transistor for every led display
RS307-109 Darligton Driver Array
82S129 as show above
Transistor for reset?
Last edited by hansotten on Sat Dec 29, 2018 6:10 pm, edited 1 time in total.

User avatar
jgharston
Posts: 3651
Joined: Thu Sep 24, 2009 11:22 am
Location: Whitby/Sheffield
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jgharston » Sun Dec 30, 2018 1:38 am

Code: Select all

$ bbcbasic
PDP11 BBC BASIC IV Version 0.25
(C) Copyright J.G.Harston 1989,2005-2015
>_

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Sun Dec 30, 2018 9:00 am

Jonathan, the MkSrc.txt file on that page is a dead link - which is a pity because I'd be interested to try out mksrc65. I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.

User avatar
hoglet
Posts: 8455
Joined: Sat Oct 13, 2012 6:21 pm
Location: Bristol
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by hoglet » Sun Dec 30, 2018 9:07 am

jms2 wrote:
Sun Dec 30, 2018 9:00 am
I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.
Phill's BeebDIS is pretty good.
viewtopic.php?t=14979

Dave

User avatar
BigEd
Posts: 2591
Joined: Sun Jan 24, 2010 10:24 am
Location: West
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by BigEd » Sun Dec 30, 2018 1:26 pm

FYI, Arne has just posted some (German) PDFs in the thread over on 6502.org.
BigEd wrote:
Sat Dec 29, 2018 11:27 am
Looks like a machine somewhat like this is the subject of this thread, which includes a ROM dump:

User avatar
jgharston
Posts: 3651
Joined: Thu Sep 24, 2009 11:22 am
Location: Whitby/Sheffield
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jgharston » Mon Dec 31, 2018 6:39 am

jms2 wrote:
Sun Dec 30, 2018 9:00 am
Jonathan, the MkSrc.txt file on that page is a dead link - which is a pity because I'd be interested to try out mksrc65. I've never found any program which allows you to interactively disassemble 6502 code such that you end up with usable source code, but it looks like this might do it.
Fixed.

Code: Select all

$ bbcbasic
PDP11 BBC BASIC IV Version 0.25
(C) Copyright J.G.Harston 1989,2005-2015
>_

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Mon Jan 21, 2019 8:58 pm

I've been having another play with the latest version of Beebdis, but I'm struggling to get it to use the standard LABELS.TXT file (or any other list of labels for that matter). My control file looks like this:

Code: Select all

load $8000 filename.rom
save filename_dis.asm
symbols LABELS.TXT
cpu 6502
entry $8003
I know I have got the "load", "save" and "symbols" commands in the right order and correctly at the start of the control file, but whilst there are no errors it doesn't seem to recognise the symbol definitions - all the symbols are auto-generated.

What am I missing?
Last edited by jms2 on Mon Jan 21, 2019 8:58 pm, edited 1 time in total.

Prime
Posts: 2765
Joined: Sun May 31, 2009 11:52 pm
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by Prime » Mon Jan 21, 2019 9:54 pm

jms2 wrote:
Mon Jan 21, 2019 8:58 pm
What am I missing?
Can you show us the contents of your LABELS.TXT please?

Cheers.

Phill.
Last edited by Prime on Mon Jan 21, 2019 9:55 pm, edited 1 time in total.

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Mon Jan 21, 2019 10:30 pm

It's just the standard one from the Beebdis zipfile. So this:

Code: Select all

; OS routines BBC A/B/B+/Master/Electron

OSCLI  $FFF7	
OSBYTE $FFF4	
OSWORD $FFF1	
OSWRCH $FFEE	
OSNEWL $FFE7	
OSASCI $FFE3	
OSRDCH $FFE0	
OSFILE $FFDD	
OSARGS $FFDA	
OSBGET $FFD7	
OSBPUT $FFD4	
OSGBPB $FFD1	
OSFIND $FFCE	
NNWRCH $FFCB	
NVRDCH $FFC8	
GSREAD $FFC5	
GSINIT $FFC2	
OSEVEN $FFBF	
OSRDSC $FFB9	
OSWRSC $FFB3	

; Vectors

USERV 	$0200
BRKV	$0202
IRQ1V	$0204
IRQ2V	$0206
CLIV	$0208
BYTEV	$020A
WORDV	$020C
WRCHV	$020E
RDCHV	$0210
FILEV	$0212
ARGSV	$0214
BGETV	$0216
BPUTV	$0218
GBPBV	$021A
FINDV	$021C
FSCV	$021E
EVENTV	$0220
UPTV	$0222
NETV	$0224
VDUV	$0226
KEYV	$0228
INSV	$022A
REMV	$022C
CNPV	$022E
INDV1	$0230
INDV2	$0232
INDV3	$0234

User avatar
hoglet
Posts: 8455
Joined: Sat Oct 13, 2012 6:21 pm
Location: Bristol
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by hoglet » Tue Jan 22, 2019 8:03 am

I have a working example here:
viewtopic.php?p=199776#p199776

Dave

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Tue Jan 22, 2019 7:45 pm

Thanks Dave! I can see that it has worked perfectly in your example (and appended its list of symbols onto the list of auto-generated ones), but it doesn't work for me. I've done the following things (all of which have had no effect):

- Use the .sym ending on my labels file, and reference that.
- Call up MCMON.sym instead (having copied it into the folder, obviously)
- Move the "symbols" directive in between "load" and "save", as in your example
- Shorten the filenames to less than 8 characters.
- Putting the "symbols" directive first in the control file (I know this is not what the manual says, but I'm clutching at straws!).

One thing did have an effect - I had the directive "cpu 6502" in my control file, but yours lacked it. So I deleted it out of mine as well. This resulted in no disassembly at all!

This is with BeebDis 1.20. I thought I had better try re-running your MCMON disassembly to see if that worked - but it didn't, instead it produced the hexdump preceded by what looks to be a list of all the assembler mnemonics used in the program.

User avatar
hoglet
Posts: 8455
Joined: Sat Oct 13, 2012 6:21 pm
Location: Bristol
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by hoglet » Tue Jan 22, 2019 8:12 pm

Seems that was working with a much older version:

Code: Select all

C:\Users\David Banks\Documents\LEVEL9\BeebDis>BeebDis.exe
BeebDis V0.91 2013-03, PhillHarvey-Smith.
Error: no control file
Here's another example using symbols that works with version 1.10:
https://github.com/hoglet67/BBCBasic4r3 ... isassembly

I would try with 1.20, but I can't remember how to re-build this on Linux :oops:

Dave

Prime
Posts: 2765
Joined: Sun May 31, 2009 11:52 pm
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by Prime » Tue Jan 22, 2019 8:44 pm

I think there may be a bug with 1.20 where it is not loading the symbols correctly.

Please standby for a fix.....

Cheers.

Phill.

Prime
Posts: 2765
Joined: Sun May 31, 2009 11:52 pm
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by Prime » Wed Jan 23, 2019 2:48 pm

Right I've hopefully fixed the bug with the symbol files not being read.
I've also added a verbosity system so you can set how much output you get whilst processing files.

Just uploaded to github.

Cheers.

Phill.

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Wed Jan 23, 2019 4:41 pm

Great, thanks!

I've been wanting to get somewhere with Beebdis for a while, and realising that it generates Beebasm output is an even better reason to experiment with it. This was my first serious attempt and the symbols problem was a bit puzzling!

User avatar
jms2
Posts: 2262
Joined: Mon Jan 08, 2007 6:38 am
Location: Derby, UK
Contact:

Re: Looking for a 6502 disassembler for reverse engineering

Post by jms2 » Wed Jan 23, 2019 7:26 pm

Just tried v1.25. I really like the slightly more verbose output at the command line - it helps a lot to see what the program is doing.

It reports that it loads the file to disassemble, says it is loading the symbols file, and then saves the result; but guess what... it still doesn't actually seem to import the labels. :( I tried with the two labels files that I have (one being Hoglet's, the other being the original file).

I also need to use the "cpu 6502" directive, otherwise I get nothing. Perhaps this is intentional though (it makes sense).

Post Reply