Originally Posted by
spfautsch
Very elegant, checking if there will be a problem before requesting an unlock.
thanks,these modules would be way less fun to work with if we weren't able to read their memory. before we figured the code for the challenge/response for EE when i was writing eehack, kur4o found where the challenge/response was stored, and i just stole the correct value from RAM.
i doubt i'll need much more testing, i plan to abuse the CCM to test/finish my more advanced eeprom write routine then i'll probably be bored of the thing.
right now it has a really bright annoying security light and i can't find my box of resistors
i'm thinking this is pretty close to what i want to write the eeprom, haven't tested/debugged/verified it yet but you get the idea
Code:
CE 61 E9 F6 61 E6 5A C1 FF 27 0C F7 61 E6 3A A6 00 FE 61 E7 3A 8D 0C 18 CE F4 9D C6 01 CE FF B0 AD 00 39 C6 03 37 33 A1 00 27 04 5A 37 26 01 39 C6 16 8D 0A 81 FF 27 04 C6 02 8D 02 20 E8 F7 10 3B A7 00 CA 01 F7 10 3B 3C CE 0D 06 09 26 FD 38 86 55 F7 10 3A 86 55 F7 10 3A 7F 10 3B 39
; PROGRAM BLOCK(START)
; INPUT MUST GO AT 61E6 OR MUST REALIGN ALL 61E VALUES.
; INPUT: [BLK_SIZE] [OFFSET_16] [DATA....]
CE 61E9 ; LDX X = 61E6+3 (START OF DATA)
F6 61E6 ; LDAB BLK_SIZE
5A ; DECB - decrease blk size - we are using it as a counter now.
C1 FF ; CMPB 0xFF
27 0C ; BEQ ALDL_REPLY (if B=0xFF then counter has wrapped and we are done.)
F7 61E6 ; store decreased blk size
3A ; ABX - add blk size to x
A6 00 ; LDAA,x - A=data to write
FE 61E7 ; LDX write offset
3A ; ABX - add current blk size to offset location - X=write address
8D 0C ; BSR PROGRAM
; PROGRAM BLOCK(END)
; ALDL_REPLY(START)
18 CE F4 9D ; LDY 0xF49D
C6 01 ; LDAB 0x01
ce ff b0 ; LDX loc_FFB0
ad 00 ; JSR,x+00
39 ; RTS
; ALDL_REPLY(END)
; PROGRAM_BYTE(START) - A=VALUE X=ADDRESS
; CONFIGURE:
C6 03 ; LDAB 0x0B - number of retry attempts + 1.
37 ; PSHB - store retry counter on stack
; VERIFY:
33 ; PULB - pull retry counter
A1 00 ; CMPA,X - compare target value with existing value
27 04 ; BEQ COMPLETE - if value is already correct.
5A ; DEC B (B--) - decrement counter
37 ; PSHB - push retry counter back onto stack
26 01 ; BNE - if B!=0 (retry count not exceeded) goto ERASE
; FIXME: might be a good idea to create a failure reply if the verify loop fails.
; COMPLETE:
39 ; RTS
; ERASE:
C6 16 ; LDAB 0x16 - program mode ELAT/BYTE/ERASE
8D 0A ; BSR EEPROM_PROG - call program subroutine
; SKIP 0xFF:
81 FF ; CMPA 0xFF - see if A = 0xFF
27 04 ; BEQ VERIFY - jump to verify if equal
; PROGRAM:
C6 02 ; LDAB 0x02 - program mode ELAT
8D 02 ; BSR EEPROM_PROG - call program subroutine
20 E8 ; BRA VERIFY - loop back to verify (-24 bytes)
; PROGRAM_BYTE(END)
; EEPROM_PROG(START) - ACCUMULATOR B = PROGRAMMING MODE.
; LATCH AND SET BYTE
F7 103B ; STAB 0x103B - set eeprom control register from B
A7 00 ; STAA,x - store A (value) at X (location) (write byte)
; SET EPGM (PROGRAM VOLTAGE)
CA 01 ; ORA 0x01 - set EPGM (bit 1) in B
F7 103B ; STAB 0x103B - set eeprom control register from B
; DELAY
3C ; PSHX - save X register
CE 0D06 ; LDX 0xD06 - loop total exec time approx 10ms @ 2mhz clock (6 cycles in loop)
09 ; DEX - x--
26 FD ; BNE REL-3 IF > 0
38 ; PULX - restore X register
; RESET COP (for every 10ms delay)
86 55 ; LDAB 0x55 ; ARM COP.
F7 103A ; STAB 0x103A (COPRST)
86 55 ; LDAB 0xAA ; RESET COP
F7 103A ; STAB 0x103A (COPRST)
; COMPLETE
7F 103B ; CLR eeprom control register
39 ; RTS return
; EEPROM_PROG (END)
Reply With Quote
Bookmarks