ChanServ changed the topic of ##yamahasynths to: Channel dedicated to questions and discussion of Yamaha FM Synthesizer internals and corresponding REing. Discussion of synthesis methods similar to the Yamaha line of chips, Sound Blasters + clones, PCM chips like RF5C68, and CD theory of operation are also on-topic. Channel logs: https://freenode.irclog.whitequark.org/~h~yamahasynths
Xyz39808 has joined ##yamahasynths
Xyz_39809 has quit [Ping timeout: 260 seconds]
<whitequark>
anyone knows if there are any NV memories in DIP26?
<cr1901_modern>
Not in EPROMs at least- 27c32 is 24 pins, the next number up- 27c64- is 28 pins
<whitequark>
cr1901_modern: thanks
<whitequark>
i am currently soldering an adapter to enable glasgow to work with any 8-bit *ROM
<whitequark>
with the standard pinouts
<whitequark>
well
<whitequark>
it has a 32-pin socket
<whitequark>
so it will be able to do 24, 28, 32
<whitequark>
selected with jumpers :D
<cr1901_modern>
Nice :D! Sounds like fun!
<whitequark>
cr1901_modern: i *hate* parallel busses
<whitequark>
i spent 12 hours straight today doing nothing but soldering wires
<cr1901_modern>
Sounds like fun to m- oh who am I kidding, parallel soldering is a PITA. I just enjoy parallel chips.
<whitequark>
and of course i accidentally read the DIP pinout flipped around at least three times
<whitequark>
i think i had to more than half of the work in the end
<cr1901_modern>
This is exactly why I have an unfinished floppy to FPGA adapter on perfboard to my right
<cr1901_modern>
1. I screwed up the pinout by forgetting to flip it
<cr1901_modern>
2. I used the wrong buffer chip that craps out if it doesn't receive 5V power (I meant to use one that could run on 3.3V power)
<Foone>
whitequark: btw, would you know any reason why an 8051 would be putting out low voltages on some I/O pins, when it's getting a perfectly fine power supply?
<Foone>
I just ask given your known love for the 8051 :)
<Sarayan>
To annoy you?
<Sarayan>
Maybe a god hid in it?
<Foone>
no you're thinking of comets and/or the big bang. I'm pretty sure this chip is made of neither
<Foone>
although I guess technically it's made of the big bang, as is... everything
<Sarayan>
I thought the 8051 was there at the big bang
<Foone>
nah, it was given to primitive ape-man in the monolith
<Sarayan>
oh, of course
<Sarayan>
og learns tools, og learns fire, og learns dptr
<Foone>
I don't understand dptr yet and I'm kinda scared to try
<Foone>
I think I've given up on the 8051 disassembly anyway. I think this board is fuckt in other ways, primarily involving capacitors hidden inside ICs
<Sarayan>
it's the one pointer to external memory isn't it?
<Sarayan>
used to movx to, well, move to/from external memory
<Sarayan>
s/used to/used with
<Foone>
dunno. I have precious little sanity left, trying to learn too much about 8051 going to use up too much of my precious free space in my brain
<Sarayan>
Sane
<whitequark>
Foone: i actually only really used 8051 as an architecture
<whitequark>
i've never used a non-IP variant of 8051
<whitequark>
other than possibly as a child
<whitequark>
anyway you can ping me (or perhaps, more usefully, @8051Enthusiast) if you have questions
<whitequark>
i know the architecture at the "has been implementing a CPU core" level
<whitequark>
@8051Enthusiast is like three entire levels above me
<cr1901_modern>
8051 (and some STM32 variants) is cool because you can extend their code spaces to access external memories. I wish more micros did that
<whitequark>
i think it's a fairly common feature on mid-range microcontrollers
UnluckyPony has quit [Quit: *Mreow*]
<andlabs>
could you do it in software instead of jumpers?
<andlabs>
maybe add support for non-JEDEC-compliant EEPROMs and also testing TI 74xx logic chips
<andlabs>
no I am not suggesting Glasgow replace the TL866 why do you ask?
<andlabs>
(well replace and improve upon because of the non-JEDEC-compliant part)
<whitequark>
andlabs: have you heard of my ATF15xx RE project?
<andlabs>
no, nor do I know what ATF15xx is
<whitequark>
microchip CPLD series, last true 5V CPLD still in active production
<whitequark>
(used to be atmel)
<andlabs>
oh
<whitequark>
i reverse-engineered large parts of the bitstream
<andlabs>
neat
<whitequark>
should not be hard to finish it
<andlabs>
I wonder if we can use that on some homebrew games...
<whitequark>
yes, that is part of the idea
<andlabs>
oh?
<andlabs>
lol
<andlabs>
was not expecting that in common
<whitequark>
the toolchain is horrible
<whitequark>
wincupl
<whitequark>
so i was thinking
<whitequark>
if there was a FOSS toolchain, lots of retro enthusiasts could use programmable logic easily
<andlabs>
...oh
<andlabs>
we're on the opposite end of the ideas
<whitequark>
oh
<andlabs>
you want to program CPLDs, I want to extract the programs like ROM dumps
<whitequark>
oh
<andlabs>
especially before they die
<whitequark>
from... CPLDs?
<andlabs>
well you said it was a bitstream
<whitequark>
oh sorry i forgot to finish my thought
<whitequark>
the reason CPLDs are related
<whitequark>
is that by producing a CPLD bitstream on the fly tailored to a specific arbitrary flash pinout (including virtual vcc/gnd) and flashing it
<whitequark>
i can make an adapter for glasgow programming of eeproms that's just
<andlabs>
oh
<whitequark>
the CPLD connected to every pin of DIP64 or whatever
<whitequark>
and the glasgow connector
<andlabs>
and then you would write the bitstream to wire things correctly
<whitequark>
well not exactly
<whitequark>
i would write a bitstream generator
<whitequark>
that takes a pinout in some easily readable form (eg pin list on CLI)
<whitequark>
and automatically produces a CPLD bitstream that lets you program this specific EEPROM
<andlabs>
yeah
<andlabs>
I didn't think that was possible, that sounds neat
<whitequark>
ha! :D
<andlabs>
*I didn't think of that possibility to begin with, let alone it being possible
<andlabs>
though I also don't know how TL866 works
<whitequark>
before glasgow i'm not sure if anyone ever actually *deployed* on the fly bitstream generation
<andlabs>
I know its makers are annoyed other people do know
<whitequark>
anyway
<whitequark>
the main problem is high voltage programming
<whitequark>
the CPLD is not 12V tolerant
<andlabs>
but yeah no I want to read out the contents of CPLDs used for copy protection
<whitequark>
oh
<whitequark>
oh yeah sure if any of those are ATF15xx you can use my tool to convert the bitstreams to verilog
<whitequark>
(once RE is finished; the tool already exists but isn't directly usable yet)
<whitequark>
ATF1502, ATF1504, ATF1508 are what you might see
<whitequark>
ATF1532 is a theoretical part, ATF1516 might or might not have been fabbed
<cr1901_modern>
2 switching supplies generate the power supply rail and programming voltages, and a shitload of board space is dedicated to the transistors to route voltages to the ZIF socket
<cr1901_modern>
(A while ago, someone paid me to prototype some open source firmware for the board, so I took a look inside)
<andlabs>
heh
<andlabs>
neat
SceneCAT has joined ##yamahasynths
<whitequark>
cr1901_modern: so, applet was not reading flash correctly, i was looking for a bug in applet
<Lord_Nightmare>
removing that window to get good access to the die for decap shenanigans is actually not so simple
<cr1901_modern>
ValleyBell: That's pretty cool! What's playing now
superctr__ is now known as superctr
Xyz_39809 has joined ##yamahasynths
Xyz39808 has quit [Ping timeout: 244 seconds]
<whitequark>
cr1901_modern: wtf
<whitequark>
1. the specific way in which it is corrupted is... profoundly bizarre
<whitequark>
if i read the bad bytes, it OSCILLATES
<whitequark>
at TWENTY SIX MEGAHERTZ
<whitequark>
reliably and repeatably
<whitequark>
2. i managed to read it in a way that two consecutive reads match
<whitequark>
... by undervolting a 5V flash to 3V3
<Sarayan>
when it comes to you metastability is not a joke :-)
<cr1901_modern>
Wow nice work whitequark! You unlocked the secret IP core of that chip. In 1996, that particular Flash vendor was experimenting with multipurpose ICs like Silego Greenpak! But the functionality of the oscillator was dummied out
<cr1901_modern>
or so we thought
<cr1901_modern>
:o
<whitequark>
lol
<sorear>
i have more questions about the 20V8 chip from the other day, where do you even come up with a number like that
<whitequark>
number like what?
<cr1901_modern>
whitequark: Was one bit oscillating, or were all the data lines oscillating as like in the traces you uploaded?
<whitequark>
cr1901_modern: neither
<sorear>
well right now you have a 5V0 chip that you're running at 3V3 and the weirdest thing it does is oscillate, a 20V8 anything is much weirder :p
<sorear>
(or rather not oscillate)
<whitequark>
cr1901_modern: *most* bits oscillate in *different* ways
<whitequark>
sorear: 20V8 is the part number
<whitequark>
PALCE20V8
<whitequark>
has nothing to do with voltage
* cr1901_modern
wonders if the addrs and data lines somehow fused together on die... what a screwy chip
<cr1901_modern>
If /OE and /CE are tied down, one could in theory make an oscillator by programming the EPROM with consecutive bytes starting at 0x01, and connecting the data lines to the address lines. :P
<sorear>
you're assuming there's an identical and zero-jitter delay from every address in to every data out
<whitequark>
cr1901_modern: so, there could be something screwy that happened to it
<whitequark>
at first i mixed up a pinout, so the EEPROM ended up with GND=VCC=0V, but some voltage applied to the address pins through the shift regs
<sorear>
not immediately sure if it would oscillate (thinking of how 3 inverters oscillate and 1 doesn't) but it definitely wouldn't be a counter
<whitequark>
it heated up... considerably
<whitequark>
warm to touch
<cr1901_modern>
Definitely plausible
<whitequark>
but i don't think this is the reason for it oscillating, cuz this only happens on select few cells with no apparent pattern
<whitequark>
like
<whitequark>
it's a 128K flash and there are like thirty cells that seem to cause oscillations
<cr1901_modern>
I would be curious to see datasheet params for the max voltage _relative to vcc_
<sorear>
don't you generally specify a max current for that, not a max voltage? the max voltage is 0.7V unless something has gone very wrong
<whitequark>
not specified either
<whitequark>
but glasgow limits it to something like 200 mA
<whitequark>
lemme look it up
<cr1901_modern>
there's current limiter ICs on glasgow?
<whitequark>
yes
<sorear>
thirty cells = thirty inconsistent bits out of 1Mbit?
<whitequark>
there are *multiple* current limiter ICs on glasgow
<cr1901_modern>
I thought there were resistors for some reason
<whitequark>
there are also resistors!
<cr1901_modern>
Why both? I can guess, but...
<whitequark>
let's see
<sorear>
are you thinking of the pulls?
<whitequark>
1. level shifters have 33 ohm resistors in series with them, which protects level shifters from a short circuit or other fault
<whitequark>
(but doesn't prevent using glasgow with true TTL)
<cr1901_modern>
sorear: no, I looked at the schematic before, I know the I/O pins have resistors in series. And I thought those were the current limiters/short circuit protection
<whitequark>
2. IO banks (which mainly provide power to level shifters, but also can provide it to DUT) use TPS73101 LDOs with current foldback, which limit both short-circuit current (to 200 mA) and overload current (to about 350 mA)
<whitequark>
3. the entire board uses a TPD3S014 current-limit switch, which makes sure it never consumes more than 0.5 A from USB
<whitequark>
together with some clever use of passives (thanks marcan!) this ensures that:
<whitequark>
- shorting a level shifter results in, well, nothing. it slightly heats up
<whitequark>
- shorting an IO bank results in, well, nothing. the LDO heats up. the device can detect the condition if you connect Vsense
<whitequark>
- shorting Vbus results in the device rebooting and no further damage
<whitequark>
among design goals i had two that are basically "you should be able to stick a screwdriver anywhere in external connectors and nothing bad should ever happen" + "you should be able to stick a screwdriver more or less anywhere on the board and nothing bad should happen most of the time"
<whitequark>
it is definitely possible to unintentionally kill a glasgow (part or whole), like by connecting a car battery to it
<whitequark>
but as long as you stick to 0..5V i actually don't know how you could manage to do it
<whitequark>
it is also somewhat harder to kill a DUT powered by it because of the current limiting, though only revC2 will make this truly reliable
<whitequark>
sorear: no, 30 inconsistent bytes
<whitequark>
it seems that the entire byte is corrupted somehow
<sorear>
woah, this is a synchronous write asynchronous read memory?
<cr1901_modern>
That prob sounds right, not knowing the programming algorithm in detail
<cr1901_modern>
sorear: Re: the 0.7V remark... Idk how resilient 90s-today's chips are, but as described wq had Vcc tied to GND, but a positive voltage on the addr pins. This would be seen as a _negative_ voltage relative to vcc. And that could very well damage the chip
<cr1901_modern>
This would be seen as a _negative_ voltage relative on the addr lines to vcc
<whitequark>
sorear: that's a normal eeprom, no?
<whitequark>
they pretend to be a ROM
Xyz39808 has joined ##yamahasynths
<cr1901_modern>
Maybe the 30 bytes can be brute-force reconstructed :P
Xyz_39809 has quit [Ping timeout: 260 seconds]
<whitequark>
cr1901_modern: i already read them out!
<whitequark>
they read out just fine if i undervolt the flash to 3.3 V
<whitequark>
and yes, i did make sure that this is a 5 V flash
<Lord_Nightmare>
so its a fried PAL/GAL and a damaged flash ROM holding the basic code?
<Lord_Nightmare>
is that what's wrong with the octagon device?
<Lord_Nightmare>
the flash ROM i assume is easy enough to replace, that pal/gal will be a pain in the ass, unless octagon is still around and can send you a spare or a .jed file
<Lord_Nightmare>
or am i totally misunderstanding what's wrong here
<whitequark>
Lord_Nightmare: no no
<whitequark>
the flash ROM is a completely random ROM i seem to have pulled from a 2000s PC motherboard
<Lord_Nightmare>
could it be a "5v" flash device which has on-chip voltage level converters and is mostly 3.3v internally (like the gameboy color cpu chip is)?
<whitequark>
i was using it for testing the glasgow applet to avoid damaging the octagon stuff
<whitequark>
(rightfully so, in retrospect)
<Lord_Nightmare>
gameboy color cpu is a weirdass device
<Lord_Nightmare>
its 3.3v internally, with 5v io pins, and i think that's the only part that's 5v
<Lord_Nightmare>
it gets both 3.3v and 5v power
<Lord_Nightmare>
the gba is EVEN MORE 3.3v than the gameboy color is, somehow
<Lord_Nightmare>
its possible gbc still uses 5v for the external ram
<Lord_Nightmare>
but gba uses 3.3v
<Lord_Nightmare>
gbc still has an actual analog sound core with op-amps/multipliers for the master output volume on-die
<Lord_Nightmare>
gba uses PWM for master volume, so sounds really bad at low volume
<whitequark>
hrm
<whitequark>
seems... unlikely
<whitequark>
this is just AT29C010A
<whitequark>
seems like bog standard EEPROM
<Lord_Nightmare>
i agree. it is weird.
<Lord_Nightmare>
although 29c010a parts are flash, so its definitely possible its a mixed 5v/3.3v part
<Lord_Nightmare>
and the 5v io buffers are fired
<Lord_Nightmare>
*fried
<Lord_Nightmare>
whateevr the case its an easy part to replace, they're available on ebay afaik