LisaList2

Advanced search  

News:

2019.06.07 fixed NChat for the "Curve" theme, will eventually move it to its own page and add it to the default theme as well. Other plugins are next. see post in the Meta board for details

Pages: [1]   Go Down

Author Topic: AppleNet ROM disassembly attempts  (Read 240 times)

stepleton

  • Sr. Member
  • ****
  • Karma: +38/-0
  • Offline Offline
  • Posts: 103
AppleNet ROM disassembly attempts
« on: September 01, 2020, 07:33:38 pm »

I've been trying to learn more about the AppleNet networking cards by peering at ROM disassemblies. There are two to choose from: the boot ROM that tells the Lisa how to boot from AppleNet, and the Z8 ROM for the AppleNet card's MCU. It's likely that a full understanding will require a careful analysis of both,* but I know 68k assembly best :)

So, I've had a good look through the boot ROM, and while I hardly understand everything, I may have found enough organisation for other people to delve if they're feeling curious. My commentary is here, alongside some reverse-engineered schematics I'd derived earlier:

https://github.com/stepleton/applenet/blob/master/applenet_boot_rom.txt

There are plenty of mysteries, including why the boot program overwrites $110 (the place where the Lisa's own boot ROM stores a pointer to the bitmap display RAM) and, well, anything at all about what the routine at disassembly address $3B2 is doing.

Have a look if you like a puzzle. If it's of interest, Bitsavers has the Z8 ROM disassembly as well, albeit without commentary---I've only begun looking at this code and know very little.

(Oh, and: the thread title says "attempts" --- I'd imagined that discussions of the Z8 disassembly might appear here too someday.)

* An additional item to disentangle is the PAL chip---the equations for it live on Bitsavers, but it's a bit too hard for me to understand on its own. It'll probably be useful to interpret what it does from the point of view of the Z8, which manipulates some of its inputs.
Logged

rayarachelian

  • Administrator
  • Sr. Member
  • *****
  • Karma: +17/-0
  • Offline Offline
  • Posts: 333
  • "But what's puzzling you is the nature of my game"
    • LisaEm
Re: AppleNet ROM disassembly attempts
« Reply #1 on: September 01, 2020, 08:27:50 pm »


There are plenty of mysteries, including why the boot program overwrites $110 (the place where the Lisa's own boot ROM stores a pointer to the bitmap display RAM) and, well, anything at all about what the routine at disassembly address $3B2 is doing.


My guess about the bytes being different is that it's constantly listening to the network, and so when the bytes are different, that's the start of some packet, and then the values have some sort of signature/checksum that means, "received properly"

That shift+sub block at 412 seems like an early CRC operation, generally I'm used to seeing chains of shift+xor, but this can work too. The goal here is to provide a hash.
Edit: it's a variant of, or similar to the BSD Checksum: https://en.wikipedia.org/wiki/BSD_checksum
478 is probably broadcasting those 46 bytes as a request for a boot loader aimed at whatever the server is, or broadcasting the node id or something like that.
46 bytes is too small to be anything else.
« Last Edit: September 02, 2020, 03:30:51 pm by rayarachelian »
Logged
Fate whispers to the warrior, 'You can not withstand the storm.'  The warrior whispers back, 'I am the storm.'
Pages: [1]   Go Up