Rybags Posted May 24, 2012 Share Posted May 24, 2012 I'd guess that if it's just some sort of protection for preview copies that it's probably a small Rom size - maybe straight up 8K, or maybe some banking scheme never seen before. At the least though, dumping it as a standard 16K cart should give a clue to what it is. Quote Link to comment Share on other sites More sharing options...
+MrFish Posted May 24, 2012 Author Share Posted May 24, 2012 I'd guess that if it's just some sort of protection for preview copies that it's probably a small Rom size - maybe straight up 8K, or maybe some banking scheme never seen before. At the least though, dumping it as a standard 16K cart should give a clue to what it is. Yea, I'm not assuming it's using BBSB cart ROMs, but it's nice to have that option available in case it is. Quote Link to comment Share on other sites More sharing options...
+MrFish Posted June 10, 2012 Author Share Posted June 10, 2012 Here's the dump: It's an 8k cart and works in emulation the same as is does on a real machine, so far. Quote Link to comment Share on other sites More sharing options...
Mclaneinc Posted June 10, 2012 Share Posted June 10, 2012 Thanks MrFish..... I bet this gets a damn good look by our resident geniuses... Quote Link to comment Share on other sites More sharing options...
Kr0tki Posted June 10, 2012 Share Posted June 10, 2012 What a mysterious piece of junk... It's flagged as a diagnostic cartridge, and the only action it performs before jumping to the rainbow loop (it never returns from initialisation routine) is it copies its contents $A100..$BFFF to RAM $0100..$1FFF (doing EOR $FF on each copied byte). The copied area doesn't seem to be machine code, nor does it look like meaningful data to me. Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 10, 2012 Share Posted June 10, 2012 Yep, it looks meaningless. I tried running a Gr. 1 screen over it as well as a Mode F bitmap and nothing really grabs the attention. I guess trying PMs is in order but even PM data usually makes a little sense if you show it in a bitmap. Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 10, 2012 Share Posted June 10, 2012 Displayed as PMG data. Possibly using it as character set data might reveal something. Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 10, 2012 Share Posted June 10, 2012 No joy using as character set data either. Quote Link to comment Share on other sites More sharing options...
Shawn Jefferson Posted June 10, 2012 Share Posted June 10, 2012 Does it allow a disk boot even? Is this just some test cart then, with no link to any game of any kind? Strange the way it's labeled if that is the case. Strange also that it overwrites the stack at $100 ?? Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 10, 2012 Share Posted June 10, 2012 It's a diag mode cart, so no booting of any sort. There's no sense putting stuff in memory for later use either - the OS clears from $08 to top of Ram on coldstart. The only possible way the data could be used is if the user hotswapped another diag mode cart into the machine. The program part of the cart is pretty small. Here's about all you need: BFC3: 78 SEI BFC4: D8 CLD BFC5: A0 00 LDY #$00 BFC7: 98 TYA BFC8: 99 00 D0 LBFC8 STA HPOSP0,Y BFCB: 99 00 D4 STA DMACTL,Y BFCE: 99 00 D2 STA AUDF1,Y BFD1: C8 INY BFD2: D0 F4 BNE $BFC8 BFD4: 84 80 STY $80 BFD6: 84 82 STY $82 BFD8: C8 INY BFD9: 84 81 STY $81 BFDB: A9 A1 LDA #$A1 BFDD: 85 83 STA $83 BFDF: A2 1F LDX #$1F BFE1: 88 DEY BFE2: B1 82 LBFE2 LDA ($82),Y BFE4: 49 FF EOR #$FF BFE6: 91 80 STA ($80),Y BFE8: C8 INY BFE9: D0 F7 BNE $BFE2 BFEB: E6 81 INC $81 BFED: E6 83 INC $83 BFEF: CA DEX BFF0: D0 F0 BNE $BFE2 BFF2: 8E 0A D4 STX WSYNC BFF5: 8E 1A D0 STX COLBK BFF8: E8 INX BFF9: 4C F2 BF JMP $BFF2 BFFC: .BYTE $00,$FF BFFE: .WORD $BFC3 Quote Link to comment Share on other sites More sharing options...
Godzilla Posted June 10, 2012 Share Posted June 10, 2012 maybe it was meant as an anti-piracy dongle of some sort? Quote Link to comment Share on other sites More sharing options...
Shawn Jefferson Posted June 10, 2012 Share Posted June 10, 2012 (edited) Well, that would make some sense, except that there's no way to use it as such. You can't boot a disk with this cartridge, and the data copied to RAM doesn't make much sense. It's possible that the data copied to RAM needs to go through further deobfuscation before it makes any sense, but you're still left with the fact that the cartridge doesn't allow a boot, and doesn't pass control over. Most likely, it's some sort of test cart... (???) Edited June 10, 2012 by Shawn Jefferson Quote Link to comment Share on other sites More sharing options...
Mclaneinc Posted June 12, 2012 Share Posted June 12, 2012 Could it have been an 800 right hand cart that needed to be in with a left cart? Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 12, 2012 Share Posted June 12, 2012 No. The vector @ $BFFE is the giveaway, right cart can only live at $8000-$9FFF. It was an early thought I had but still, it wouldn't have helped with piracy, a 16K left cart is essentially the same as an 8K left + 8K right cart. Quote Link to comment Share on other sites More sharing options...
jblenkle Posted June 12, 2012 Share Posted June 12, 2012 Maybe if Mimo forwards the code to Bill Hogue, it would refresh his memory as to what it was... Quote Link to comment Share on other sites More sharing options...
Mclaneinc Posted June 12, 2012 Share Posted June 12, 2012 So its actually got no use at all? It can't be in because nothing can boot.... I hate to use the fake word but it does seem to be no use? If true its a shame for MrFish, looked like a really interesting item. Hope its not... Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 12, 2012 Share Posted June 12, 2012 It's a weird mystery. The only possible use is if you insert it, then hotswap another cart which runs as diag mode and requires that pattern to be left in Ram for it. Quote Link to comment Share on other sites More sharing options...
Bryan Posted June 12, 2012 Share Posted June 12, 2012 Can you see inside it at all? Perhaps it has some sort of NV memory that's become corrupted. Maybe it's meant to be used with some additional piece of debugging hardware. Quote Link to comment Share on other sites More sharing options...
+orpheuswaking Posted June 12, 2012 Share Posted June 12, 2012 I second sending the info and pictures of the cart to bill @ the big 5 website... Quote Link to comment Share on other sites More sharing options...
jblenkle Posted June 12, 2012 Share Posted June 12, 2012 If you read back...Mimo already contacted Bill about it, but he didn't remember what it was...maybe the code would make some sense to him and jog his memory. I second sending the info and pictures of the cart to bill @ the big 5 website... Quote Link to comment Share on other sites More sharing options...
Bryan Posted June 12, 2012 Share Posted June 12, 2012 The more I look at it, the more I think there's supposed to be some sort of custom HW or OS to go with this. Obviously a stock machine can't do anything with it, so I bet something is supposed to trigger an NMI and get us out of the loop or the user is supposed to throw a switch after the rainbow appears. Then, a custom OS ROM could check for the data or this could be a method for loading an SRAM block in a piece of debugging hardware. Also, does this data disassemble to any other type of CPU? Maybe I'll analyze the data block to see what bytes are most common. EDIT: Looks like 32 and 5E are the most popular. Quote Link to comment Share on other sites More sharing options...
Rybags Posted June 12, 2012 Share Posted June 12, 2012 It's not 6502 for sure. Maybe a simple analysis of the data - if it was a program then there'd probably be a distrubution such that a dozen or so values were clearly dominant. Quote Link to comment Share on other sites More sharing options...
Bryan Posted June 12, 2012 Share Posted June 12, 2012 Also, I think there's an attempt here to obfuscate the contents of the cart. The bit inversion is part of it, but there may be another layer once the data is accessed. EDIT: Forget what I said about NMI's. Any interrupt would corrupt the data at $01xx so it would have to be a reset which triggered use of the data (meaning a custom OS). I also wonder if this cartridge has other banks and what we're seeing isn't the whole story... Quote Link to comment Share on other sites More sharing options...
Bryan Posted June 12, 2012 Share Posted June 12, 2012 Mr Fish, what happens if you put the cartridge in an XL/XE and press RESET after the rainbow appears? Does it just appear again? (this is a test to see if the cartridge possibly undergoes a bank change after the copy, though none seems to be done explicitly) Quote Link to comment Share on other sites More sharing options...
+MrFish Posted June 12, 2012 Author Share Posted June 12, 2012 What a mysterious piece of junk... It's flagged as a diagnostic cartridge, and the only action it performs before jumping to the rainbow loop (it never returns from initialisation routine) is it copies its contents $A100..$BFFF to RAM $0100..$1FFF (doing EOR $FF on each copied byte). The copied area doesn't seem to be machine code, nor does it look like meaningful data to me. "piece of junk"? It seems pretty useless on it's own at the moment. I was hoping it had a copy of BBSB on it when I got it. I won't be throwing it in the trash just yet though. Could it have been an 800 right hand cart that needed to be in with a left cart? No. The vector @ $BFFE is the giveaway, right cart can only live at $8000-$9FFF. Also the cart explicitly says "Atari 800 XL" on the label. So its actually got no use at all? It can't be in because nothing can boot.... I hate to use the fake word but it does seem to be no use? If true its a shame for MrFish, looked like a really interesting item. Hope its not... I don't see much of a motive or possibility for it to be faked, although I suppose there's no way of knowing for sure. The cart and label are in very good condition, but so were all the other carts and labels in the lot. They were obviously well cared for. I was hoping someone else out there had a similar item. Maybe having a look inside the cart will reveal additional information. The guy sold me hundreds of dollars worth of carts in the lot for a mere $125, which inlcuded one real BBSB. He knew less than nothing about Ataris -- all the stuff had belonged to his grandfather. I didn't sense anything suspicious about his story or his demeanor. Can you see inside it at all? Perhaps it has some sort of NV memory that's become corrupted. Maybe it's meant to be used with some additional piece of debugging hardware. I can't see inside much. The cart would have to be disassembled. I'd hate to ruin the label, especially since it's in such good shape. Curiosity may get the better of me though... Mr Fish, what happens if you put the cartridge in an XL/XE and press RESET after the rainbow appears? Does it just appear again? (this is a test to see if the cartridge possibly undergoes a bank change after the copy, though none seems to be done explicitly) Same thing as what happens in emulation with the dump. Quote Link to comment Share on other sites More sharing options...
.thumb.png.ded02932a275f1b65822894720661bc4.png)
Like us on Facebook
Follow us on Twitter
AtariAge on Instagram
Watch us on YouTube
Chat on Discord
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.