Mircea Vasiliu
14-02-2002, 10:09 AM
Hello to all interested!
Here is some info about the HEX. Maybe someone can check this out and confirm if it's ok or I made a mistake somewhere.
The PIC uses PORTA bit 0 and 1 for transmission control with the PC and PORTB bits 0-3 for reading data from PC and bits 4-7 for sending back data to PC.
In dex0 after program starts it expects the sequence:
0x5, 0xA, comm
from PC, where comm is 1, 2 or 3.
- for 1 it expects another command that can be 2, 3, 4
- for 2 it expects 1, 2, 3, 4, 5, 6, 7 or 8
- for 3 it expects 1, 2, 3, 4 or 5
The 5, A, 3 command seemed the most interesting. Its subcommands do something like this:
1 (076F) - writes to the PC 10 bytes of info, 4 taken from hex data at address 000A (1, 2, 0x13, 0x89) - someone said this could be hex version - and 6 bytes from EEPROM starting at address 0x78 with the third and fourth value complemented.
2 (04EA) - reads from PC 4 bytes with a length and then length groups of 4 bytes from which a control value is calculated. After this it send the control value (4 bytes) back to PC normally, complemented and 4 zeros.
3 (06F2) - reads from PC 12 values, does some heavy processing on them (maybe algo!!!) and writes them back to PC
4 (0715) - reads 12 values from PC, does some processing (some EEPROM values are involved this time) and writes them back to PC
5 (0792) - reads from PC 4 bytes that contain an EEPROM address, a value and a check. If the check is OK write the value to EEPROM.
All values send to PC are followed by a 1 byte XOR checksum
This is what I found so far. Maybe someone can help me further. What I don't know is the protocol used by the PC to communicate with the box. If someone has tried to reverse that it would be very helpful!! If we know what values are sent to the box it would be easier.
I will try (when I have some time) to make a small emulator of the PIC capable of running the hex and will try to feed him some values to see what it does, but this will be just a shot in the dark without some actual values.
All the best,
ldril
Here is some info about the HEX. Maybe someone can check this out and confirm if it's ok or I made a mistake somewhere.
The PIC uses PORTA bit 0 and 1 for transmission control with the PC and PORTB bits 0-3 for reading data from PC and bits 4-7 for sending back data to PC.
In dex0 after program starts it expects the sequence:
0x5, 0xA, comm
from PC, where comm is 1, 2 or 3.
- for 1 it expects another command that can be 2, 3, 4
- for 2 it expects 1, 2, 3, 4, 5, 6, 7 or 8
- for 3 it expects 1, 2, 3, 4 or 5
The 5, A, 3 command seemed the most interesting. Its subcommands do something like this:
1 (076F) - writes to the PC 10 bytes of info, 4 taken from hex data at address 000A (1, 2, 0x13, 0x89) - someone said this could be hex version - and 6 bytes from EEPROM starting at address 0x78 with the third and fourth value complemented.
2 (04EA) - reads from PC 4 bytes with a length and then length groups of 4 bytes from which a control value is calculated. After this it send the control value (4 bytes) back to PC normally, complemented and 4 zeros.
3 (06F2) - reads from PC 12 values, does some heavy processing on them (maybe algo!!!) and writes them back to PC
4 (0715) - reads 12 values from PC, does some processing (some EEPROM values are involved this time) and writes them back to PC
5 (0792) - reads from PC 4 bytes that contain an EEPROM address, a value and a check. If the check is OK write the value to EEPROM.
All values send to PC are followed by a 1 byte XOR checksum
This is what I found so far. Maybe someone can help me further. What I don't know is the protocol used by the PC to communicate with the box. If someone has tried to reverse that it would be very helpful!! If we know what values are sent to the box it would be easier.
I will try (when I have some time) to make a small emulator of the PIC capable of running the hex and will try to feed him some values to see what it does, but this will be just a shot in the dark without some actual values.
All the best,
ldril