Página inicial Explorar Ajuda
Entrar
pm
/
DuPAL_Analyzer
mirror de https://github.com/DuPAL-PAL-DUmper/DuPAL_Analyzer
1
0
Fork 0
Arquivos Issues 0 Wiki

Nenhuma descrição

Tree: 0505ec20e9
Branches Tags
DuPAL_Analyzer
ZIP TAR.GZ
Baglio Tabifata 0505ec20e9 Print feedback selection 5 anos atrás
.settings c8347d03c0 Update gitignore and pom 5 anos atrás
.vscode 5708cf1c58 fix launch.json 5 anos atrás
lib f17ba35b58 Add empty project 5 anos atrás
src 0505ec20e9 Print feedback selection 5 anos atrás
.classpath 7285306f42 Transform the project into a maven project 5 anos atrás
.gitignore c8347d03c0 Update gitignore and pom 5 anos atrás
.project 44d620fd08 Update README 5 anos atrás
CHANGELOG.md ddd62a3451 Update version and changelog 5 anos atrás
COPYING 07fee47c69 Add licence 5 anos atrás
README.md c949233088 Updated the README 5 anos atrás
TODO.md d6927bb9bd Add check whether restored partial dump is from a different PAL type 5 anos atrás
pom.xml ddd62a3451 Update version and changelog 5 anos atrás

README.md

DuPAL Analyzer

Introduction

The DuPAL Analyzer is a companion software to the DuPAL board. It uses the board's REMOTE CONTROL mode to remotely toggle the pins and read the outputs, and is meant to perform blackbox analisys on the registered PAL devices, which are a bit too much for the MCU firmware to handle by itself.

What this is NOT

Despite the "DUmper" part of the name, this tool is NOT meant to produce 1:1 binary dumps of the content of a PAL device, it is meant as an aid to the reversing procedure of an unknown PAL, automatizing a good part of the black box analisys.

It will produce a truth table that can be minimized and transformed into a list of equations that you can use to understand the workings of a PAL, and ideally produce an equivalent to program a new device.

The Analyzer

The analyzer lets the user select which type of PAL is inserted in the board's ZIF socket, whether the IO pins that are set as outputs are known (which saves some time), what is the board's serial interface, and where to save the output table. Once this is known, the application will:

  1. Connect to the board, reset it, and enable the REMOTE MODE, so it accepts command from the application.
  2. If which I/O pins are actually outputs is not known, the board will try to guess this and print the result. This procedure is not bulletproof (or it would take the same time as the proper analisys: in case it did not detect some outputs, these will be found during the analisys and will halt the procedure, allowing the user to specify them correctly for the next run).
  3. The analisys will start. The procedure can take hours to complete.
  4. A truth table formatted in a way that the espresso heuristic logic minimizer likes is saved to a file.

Supported devices

The following PAL models are supported:

Combinatorial

  • PAL10L8 (untested)
  • PAL16L8 (untested with new algorithm)

Registered

  • PAL16R4 (untested with new algorithm)
  • PAL16R6 (untested with new algorithm)
  • PAL16R8 (untested with new algorithm)

Command line

The format for command line execution is the following:

java -jar /path/to/dupal_analyzer.jar <serial_port> <pal_type> <output_file> [hex_output_mask]
  • serial_port: is just the serial port to use to connect to the DuPAL board. Connection is hardcoded at 57600bps 8n1 without flow control.
  • pal_type: is the type of PAL device that is going to be analyzed.
  • output_file: The file where the analyzer will save the generated truth table.
  • hex_output_mask: This mask (a byte represented as an hex number) is used to tell the Analyzer which IOs are configured as outputs. If it's not present, the Analyzer will try to guess it by itself. It's usually advisable to let the guessing run for a few minutes, then restart the analisys by specifying the guessed mask. If the mask is wrong, during the analisys an error will be thrown as soon as what was thought as an input is found to be an output. At that point the analisys can be restarted with the new mask.

The output mask format

The output mask is a byte represented as an hex value, where a bit is set when the corrisponding pin is considered an output. From MSB to LSB for a 20 pins PAL:

   7    6    5    4    3    2    1    0
.----.----.----.----.----.----.----.----.
| 12 | 19 | 13 | 14 | 15 | 16 | 17 | 18 |
'----'----'----'----'----'----'----'----'

From MSB to LSB for a 24 pins PAL:

   7    6    5    4    3    2    1    0
.----.----.----.----.----.----.----.----.
| 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 |
'----'----'----'----'----'----'----'----'

Setting the mask to 0x02, for example, will notify the analyzer that pin 17 on a 20 pins PAL or pin 16 on a 24 pins PAL is configured as an OUTPUT.

Pay attention to the weird position for pin 19, that position is caused by a desire to save a few lines on the firmware.

Requirements

Make sure you have at least a Java 1.8 compatible JRE installed and have access to your serial port devices (In linux it's usually sufficient to add your user to the dialout group).

Credits

  • Thanks to jammarcade.net for hosting all those PAL dumps, I used a lot of them to test my implementation.
  • Thanks to @mesillo for taking time to read my documentation and pointing out possible improvements.