DSR 410 -Again-

BDM (NT) on Star Choice
Locked
Pichardo
Posts: 74
Joined: Tue Jun 17, 2008 11:19 pm

DSR 410 -Again-

Post by Pichardo » Wed Jul 06, 2011 7:35 am

I read this post . . .
Can someone post a Full Dump for this box?

I like to compare and try to disassembler with your help . . .

Keep Trying . . . !

usbbdm
Posts: 8627
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm » Wed Jul 06, 2011 8:14 am

Pichardo wrote:I read this post . . .


Can someone post a Full Dump for this box?

I like to compare and try to disassembler with your help . . .

Keep Trying . . . !
Send me an email and I will give you the dump.

Pichardo
Posts: 74
Joined: Tue Jun 17, 2008 11:19 pm

Post by Pichardo » Sat Jul 09, 2011 9:39 pm

Thankz a lot for your help boss... i receive the file.... make a compare with what i read direct from a dsr410 and see both are the same.... star with 99 99 99 99 ...

Now can you help me o point to me in the right direction to make the disassembler ?

Wich program ?

Start Address ?

Keep Trying . . . !

usbbdm
Posts: 8627
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm » Sat Jul 09, 2011 11:54 pm

I use the MC68331 disassem from this site. This was made several years ago. The first 4 bytes was the A7 address when reset. The second 4 bytes is the program entry address when reset. (RPC)

Pichardo
Posts: 74
Joined: Tue Jun 17, 2008 11:19 pm

Asm

Post by Pichardo » Sun Jul 10, 2011 11:33 am

I saw two program to disassembler here...

This is a disassembler with DISMIPS32

Code: Select all

;  900009F4,  90000D28,  900016D8,  
90000000 99999999   lwr     $t9,-0x6667($t4)
90000004 8A020000   lwl     $v0,0x0($s0)
90000008 00000FF0   
9000000C 00000040   sll     $0,$0,0x01
90000010 11119800   beq     $t0,$s1,0x8ffe6014
90000014 0000EEEE   
90000018 00000614   
9000001C F94EC43F   sdc2    sxy2,-0x3bc1($t2)
90000020 84020000   lh      $v0,0x0($0)
90000024 0000F94E   
And this is the same but with DISMOT68

Code: Select all

90000000 9999                            SUB.L D4,(A1)+
90000002 9999                            SUB.L D4,(A1)+
90000004 0000028A                        ORI.B #$8A,D0
90000008 F00F
9000000A 00004000                        ORI.B #$00,D0
9000000E 00000098                        ORI.B #$98,D0
90000012 1111                            MOVE.B (A1),-(A0)
90000014 EEEE
90000016 00001406                        ORI.B #$06,D0
9000001A 00003FC4                        ORI.B #$C4,D0
9000001E 4EF900000284                    JMP $00000284.L
90000024 4EF900000218                    JMP $00000218.L


Wichone is the correct ??

Keep Trying . . . !

usbbdm
Posts: 8627
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm » Sun Jul 10, 2011 1:59 pm

The first one is for MIPS 32 as its name says. The second one is for MOT68 (motorola 68331). That is the one to use.

Pichardo
Posts: 74
Joined: Tue Jun 17, 2008 11:19 pm

up !

Post by Pichardo » Mon Jul 11, 2011 6:07 pm

usbbdm wrote:The first one is for MIPS 32 as its name says. The second one is for MOT68 (motorola 68331). That is the one to use.
Thankz againg USBBDM . . .

One more question.....

Anybody know if this box DSR410 have a eeprom ?

I saw Flash, NVRAM and RAM.... where is the eeprom ?

Any Part# ?

Keep Trying . . . !

Harry181
Posts: 110
Joined: Sun Nov 26, 2006 3:13 am

Asm ?

Post by Harry181 » Tue Jul 12, 2011 1:02 am

Have you made any headway with the disassembly?

As far as an Eeprom, I dont think so...
Far East of the Western World

usbbdm
Posts: 8627
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm » Tue Jul 12, 2011 8:13 am

Not sure. But DCT2224 has EEPROM and special program needs to be written to read the EEPROM.

Pichardo
Posts: 74
Joined: Tue Jun 17, 2008 11:19 pm

asm . . .

Post by Pichardo » Tue Jul 12, 2011 1:20 pm

Harry181 wrote:Have you made any headway with the disassembly?

As far as an Eeprom, I dont think so...
This is the start in IDA . . Interrup Vector . .

Code: Select all

ROM:00000000 ; Processor:        68330
ROM:00000000 ; Target Assembler: 680x0 Assembler in MRI compatible mode
ROM:00000000 ; This file should be compiled with "as -M"
ROM:00000000
ROM:00000000 ; ===========================================================================
ROM:00000000
ROM:00000000 ; Segment type: Pure code
ROM:00000000 ; segment "ROM"
ROM:00000000                 dc.l $99999999
ROM:00000004                 dc.l [b]loc_28A[/b]
ROM:00000008                 dc.l $F00F0000
ROM:0000000C                 dc.l $40000000
ROM:00000010                 dc.l $1141111
ROM:00000014 dword_14:       dc.l $EEEE0000          ; DATA XREF: sub_2FC4+14o
ROM:00000018                 dc.l $13A60000
ROM:0000001C                 dc.l $3F1E4EF9
ROM:00000020 off_20:         dc.l loc_284            ; DATA XREF: sub_2FC4+28o
ROM:00000024                 dc.l $4EF90000
ROM:00000028                 dc.l $2184EF9
ROM:0000002C                 dc.l loc_1B1A
ROM:00000030                 dc.l $4EF90000
ROM:00000034                 dc.l $1B1A4EF9
ROM:00000038                 dc.l sub_397C
ROM:0000003C                 dc.l $4EF90000
ROM:00000040                 dc.l $1B204EF9
ROM:00000044                 dc.l sub_2C90
ROM:00000048                 dc.l $4EF90000
ROM:0000004C                 dc.l $214C4EF9
ROM:00000050                 dc.l sub_313C
ROM:00000054                 dc.l $4EF90000
ROM:00000058                 dc.l $31784EF9
ROM:0000005C                 dc.l sub_31B0
ROM:00000060                 dc.l $4EF90000
ROM:00000064                 dc.l $3B064EF9
ROM:00000068                 dc.l unk_3B10
ROM:0000006C                 dc.l $4EF90000
ROM:00000070                 dc.l $3C764EF9
ROM:00000074                 dc.l unk_3CF6
ROM:00000078                 dc.l $4EF90000
ROM:0000007C                 dc.l $3D3C4EF9
ROM:00000080                 dc.l unk_3DA0
ROM:00000084                 dc.l $4EF90000
ROM:00000088                 dc.l $3DB64EF9
ROM:0000008C                 dc.l unk_3DD0
ROM:00000090                 dc.l $4EF90000
ROM:00000094                 dc.l $3E304EF9
ROM:00000098                 dc.l unk_3E60
ROM:0000009C                 dc.l $4EF90000
ROM:000000A0                 dc.l $3E884EF9
ROM:000000A4                 dc.l unk_3EC8
ROM:000000A8                 dc.l $4EF90000
ROM:000000AC                 dc.l $3EFA4EF9
ROM:000000B0                 dc.l unk_F2
ROM:000000B4                 dc.l $4EF90000
ROM:000000B8                 dc.l $F64EF9
ROM:000000BC                 dc.l unk_1450
And the Code star in 028A

Code: Select all

ROM:00000284 ; ---------------------------------------------------------------------------
ROM:00000284
ROM:00000284 loc_284:                                ; DATA XREF: ROM:off_20o
ROM:00000284                 move.w  #1,d7
ROM:00000288                 bra.s   loc_28C
ROM:0000028A ; ---------------------------------------------------------------------------
ROM:0000028A
ROM:0000028A loc_28A:                                ; DATA XREF: ROM:00000004o
ROM:0000028A                 clr.w   d7
ROM:0000028C
ROM:0000028C loc_28C:                                ; CODE XREF: ROM:00000288j
ROM:0000028C                 ori     #$700,sr
ROM:00000290                 move.w  #$6045,($FFFFFA00).w
ROM:00000296                 moveq   #$A,d0
ROM:00000298                 movea.l #$FFFFFA4E,a0
ROM:0000029E
ROM:0000029E loc_29E:                                ; CODE XREF: ROM:000002A2j
ROM:0000029E                 clr.w   (a0,d0.w*4)
ROM:000002A2                 dbf     d0,loc_29E
ROM:000002A6                 move.l  #dword_7A120,d0 ; 7A120 contiene el valor 10 (numero de vueltas)
ROM:000002AC
ROM:000002AC loc_2AC:                                ; CODE XREF: ROM:000002BEj
ROM:000002AC                 move.b  #$55,($FFFFFA27).w ; Wachdog !!!!'
ROM:000002B2                 move.b  #$AA,($FFFFFA27).w
ROM:000002B8                 subi.l  #1,d0
ROM:000002BE                 bne.s   loc_2AC         ; Hasta aca el Boot en modo Supervisor
ROM:000002C0                 reset
Nexk the code start checking the value of some adrressss . . .

Code: Select all

ROM:000002C2                 move.w  #$A007,($FFFFFA58).w ; Comienza a revisar la NVRAM "$20262F00" ! ! !
ROM:000002C8                 move.w  #$7BF0,($FFFFFA5A).w ; Carga "$01CE2F3C" en $FA5A
ROM:000002CE                 move.b  #4,($FFFFFA21).w
ROM:000002D4                 movea.l #$FFA00000,a3
ROM:000002DA                 adda.l  #unk_FFDC0,a3
ROM:000002E0                 move.l  (a3),d0
ROM:000002E2                 cmpi.l  #$40856901,d0
ROM:000002E8                 beq.s   loc_338
ROM:000002EA                 cmpi.l  #$40856903,d0
ROM:000002F0                 beq.s   loc_338
ROM:000002F2                 cmpi.l  #$40856904,d0
ROM:000002F8                 beq.s   loc_338
ROM:000002FA                 cmpi.l  #$41376701,d0
ROM:00000300                 beq.s   loc_338
ROM:00000302                 cmpi.l  #$41376704,d0
ROM:00000308                 beq.s   loc_338
ROM:0000030A                 cmpi.l  #$41376705,d0
ROM:00000310                 beq.s   loc_338
ROM:00000312                 cmpi.l  #$41376901,d0
ROM:00000318                 beq.s   loc_338
ROM:0000031A                 cmpi.l  #$46891101,d0
ROM:00000320                 beq.s   loc_338
ROM:00000322                 cmpi.l  #$41376708,d0
ROM:00000328                 beq.s   loc_338
ROM:0000032A                 move.w  #$33FF,($FFFFFA44).w
ROM:00000330                 move.w  #$2F1,($FFFFFA46).w
ROM:00000336                 bra.s   loc_364
Si dichos valores estan salta a loc_338 y caso contrario se va a loc_364

Keep Trying . . . !

Harry181
Posts: 110
Joined: Sun Nov 26, 2006 3:13 am

Map?

Post by Harry181 » Thu Aug 25, 2011 1:42 am

Anyone got the map figured out?
Far East of the Western World

Locked