Image Map Image Map
Results 1 to 5 of 5

Thread: Superbrain BIOS reverse engineering

  1. #1

    Default Superbrain BIOS reverse engineering

    Hi

    I'm reverse engineering one of the SB BIOSes - the Compustar 30 v2.0, which I have the source for and a boot disk. There's a problem though: several routines are hidden and there is no source code. Which means I can't move the BIOS about to accommodate a hard disk driver because the code is unavailable. Right now, I'm looking at it in ZSID, copying the code across to a new source file.

    Question is, has anyone already done this? The routines are:

    Code:
    DISK    .EQU     500FH+OFFSET	; E40Fh - Disk routine (talks to CPU2 for disk I/O)
    INIT    .EQU     5006H+OFFSET	; E406h - Called by boot to initialise the machine
    CRTIN   .EQU     5009H+OFFSET	; E409h - Implements conin at a guess
    CRTOUT  .EQU     500CH+OFFSET	; E40Ch - Implements conout at a guess
    WMSTRT	.EQU     5A80H+OFFSET	; EE80h - Warm boot routine
    Cheers
    JonB

  2. #2

    Default

    I've no experience with SuperBrain.

    There is a Z80 disassembler that I've used on Linux, which might be easier. You'd have to get a binary image of the BIOS code to your PC though. I found packages in the Ubuntu repository for "z80asm" and "z80dasm", and there is a third-party "zmac" available that does a good job of replacing RMAC. The "z80dasm" is what I've been using to reconstruct source code for lots of CP/M code.

  3. #3

    Default

    I do have disassemblers of course, and could use SAVE to dump the entire BIOS including the hidden bits. The only problem with these is that they tend to go out of synch pretty often (due to data segments in the code, usually).

    However, as I already have most of it as 8080 source code, commented, I'm stepping through the hidden parts with ZSID for now. One thing I noticed is that there are lots of duplicated bits of code. For example:

    Code:
    	; EB9F
    _EB9F:	ld a,09h	; Port C lower & upper input
    	out (PPICW),a	; PPI control
    	ld a,0bh	; Port B input, C upper & lower input
    	out (PPICW),a	; PPI control
    	ret
    	
    _EBA8:	and h		; no idea why..
    	ex de,hl	;
    	
    	;EBAA
    _EBAA:	ld a,0a8h	; Port C lower output, B output, Mode 0, Port C higher input, Port A output,
    			; Mode 2
    	out (PPICW),a	; PPI control
    	ret
    	
    	; EBAF - same as EB9F
    _EBAF:	ld a,09h	; Port C lower & upper input
    	out (PPICW),a	; PPI control
    	ld a,0bh	; Port B input, C upper & lower input
    	out (PPICW),a	; PPI control
    	ret
    	
    	; EBB8
    _EBB8:	adc a,d		;
    	push af		; save af
    	call _EBCE
    	pop af		; restore af
    	ret
    
    	; EBBF
    _EBBF:	ld a,0ah	; Port B input, C upper input
    	out (PPICW),a	; PPI control
    	in a,(PPIB)	;
    	rla		; roll left
    	jp c,_EBC3	; check for BUSAK = Normal
    	ld a,08h	; Port C lower output, Port B output, Port C upper input
    	out (PPICW),a	; PPI control
    	ret
    	
    	; EBCE - same as EB9F
    _EBCE:	ld a,09h	; Port C lower & upper input
    	out (PPICW),a	; PPI control
    	ld a,0bh	; Port B input, C upper & lower input
    	out (PPICW),a	; PPI control
    	ret
    	
    _EBD7:	ld l,e
    	ret
    	
    _EBD9:	jp c, DSKRET
    	ld a,08h	; Port C lower output, Port B output, Port C upper input
    	out (PPICW),a	; PPI control
    	ret
    	
    	; EBE1 - same as EB9F
    _EBE1:	ld a,09h	; Port C lower & upper input
    	out (PPICW),a	; PPI control
    	ld a,0bh	; Port B input, C upper & lower input
    	out (PPICW),a	; PPI control
    	ret
    The PPI chip port setting code at _EB9F is duplicated three times... way to go, Intertec!

  4. #4

    Default

    It's possible that repeated code is some artifact of the assembly process. For example, a buffer area of uninitialized space might contain left over data from memory. You'd have to analyze the code to see if any of those routines are ever actually executed.

  5. #5

    Default

    Yep, I'm on it.

    Someone else must have gone through this already, though. You can't add drivers to the BIOS without relocating parts of it to make space. There's a small user area at the end of the BIOS but it's less than 180 bytes..

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •