Taylor SchweizerThe firmware for the arm is on an old D27256 EPROM, and the processor is a LG0080A running the Z80A instruction set. Getting a dump of the firmware is easy enough with an Arduino or something, unfortunately I only have some Teensies that aren't 5V compatible so I had to use some industrial equipment.
Introducing the National Instruments USB-6351.
Using a simple Labview program I pulled the data off the chip and into a binary file.
I then found this Z80 Disassembler and took a peak at the file. I found some ASCII characters being loaded into the register, and they correspond to some of the programming commands. This made me confident that I at least got the connections and stuff right.
From the disassembler:
And from the robot manual:
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
i have the same robot.
i also dumped the rom (mine is not identical to yours, while also labeled V1.3C!)
and got pretty far with reverse-engineering the software,
but didn't manage to untangle the motor control and kinematics code.
(kinematics seems to use a set of tan()-like tables located around 0x40da,
control of the motors seems to partially happen in hardware, so the interface is not obvious.)
but i have all the basic stuff, execution-flow, program parsing and execution...
the best entrypoint into the code is the 8251 uart chip.
it is initialized by writing zero into one of it's registers *three times*,
which is easy to find in the disassembly:
uart_status: .equ 0e9h
init_uart: equ 0x3ce5
init_uart:
xor a
out (uart_status),a
out (uart_status),a
out (uart_status),a
wit the io-address of the uart chip known, i could look for reads from it, and traced through the input parser to the implementations of individual commands.
(the code you found that loads ascii characters is actually the code that prints program listings.)
Are you sure? yes | no