Close

Reversing for Fun and Profit -- Why I Like to Do It

A project log for Z80 Reverse-Engineering And Hacking Adventures

What else can I say?

ziggurat29ziggurat29 06/15/2022 at 17:341 Comment

And in particular, why do I have a fetish for old Z-80 systems?

I cut my teeth on Z-80 systems a very long time ago, and after the thrill of BASIC wore off (a couple months) my ADD mind turned to things like how the machine worked under the hood, and interfacing to hardware of my own construction. Home computers in those days were a pretty lonely place with no Internet and also no modem in my case and anyway phone costs were exorbitant. So you were trapped in a small virtual universe.

One thing that fascinated me was the random number generator. In my then ignorance, I couldn't fathom how a deterministic machine could achieve randomness, and I was determined to find out. So I wrote a disassembler in BASIC, and then turned it onto the system's ROM. This wasn't really unusual -- folks did it all the time. But I was going to find that random number generator. Never mind I could have gone to the library and checked out some math books and been done, but this was more fun.

In the process, I got to see how the system boots itself, how device drivers are implemented, and how the BASIC interpreter works. In the course of this, I learned a bunch of internals that facilitated my producing my first published software: a cassette tape merge utility. (Essentially it was a linker of sorts, but for BASIC snippets, so you could avoid having to retype in your favorite common routines when you were setting for a new project. Ancient history.)

The process of disassembly is a voyage of discovery. A puzzle of deciphering a blob of superficially random numbers into a cogent pattern of intent. Some like crosswords, some like sudoku, I like disassembly. I find it relaxing.

It is also an anthropological exercise. You come to know in some small way the person behind these artifacts of their thinking. You can distinguish between human-created code and stuff that was emitted from some sort of generator. You can tell when multiple entities worked on a project, and sometimes you can observe the wreckage of ancient corporate battles long since fought and forgotten. (E.g. "Copyright Randy Cook" -> "Copyright Tandy Corp", because the character count matched and I guess The Shack couldn't be bothered with re-compiling from source.)

I have over the years disassembled other stuff, too, and created several new products resulting from the discoveries I have made about undocumented internals in systems. Sometimes these discoveries are quite amusing (e.g. you can find the name of a DLL injected into your process via Windows Hooks by passing an opaque value related to the hook to the 'GetClipboardFormatName()' API. This works because I found that the otherwise unrelated WindowsHooks and Clipboard components share a common internal and otherwise inaccessible 'atom table'. This was found by my disassembling win32k.sys. There were other fun discoveries that were product-enabling, but those tales are not the subject of this post.

I haven't really ever been a 'cracker' per se. (Well, there was the one time. Oh, wait, and then... OK, never mind. 'Mostly harmless.') But I do find the exercise mentally stimulating, and I think it keeps my analytical teeth sharp. And I learn new things all the time, whether it be technique or tidbits. In fact, I learned one just two days ago on this very project when I saw plain to see that 'ld (ix+nn), a' treats 'nn' as signed. I always assumed it was unsigned! I was at first baffled by the code upon reading asking 'why would they put these two things in two buffers 255 bytes apart?' until it shortly dawned on me that they were putting them next to each other at the offsets of 0, and -1. Who knew?!

As Eric mentioned, he and I have worked on a couple of prior adventures involving reversing Z-80 stuff [OMNI 4 - a Kaypro 2x Logic Analyzer] [Vintage Z80 palmtop compy hackery (TI-86)], and now this, and I have also worked with some others [Anatomy of a Philips VideoWRITER].

Eric finds the best junque! And he's great at reversing the hardware, which is a crucial leg up when reversing these embedded systems. Otherwise, I'm 'flying blind on a rocket cycle' (to quote that classic cinematic masterpiece: "Flash Gordon"). He's a demon armed with little more than a continuity tester and pencil and paper. And formidable conviction to getting to the bottom of things. He might not know now, but he doesn't know he will find out. And also he's actually quite good at the firmware part, too, despite his modesty in his self-representation. Creativeness and industriousness are not things that can be taught.

Anyway, to paraphrase Pascal: "I am sorry this is long but I lacked the time to make it short." I do ramble a bit.

I probably won't be making too many posts myself, and very soon have to return to the slave pits, anyway. Time is, alas, the elusive commodity. But I did want to make a statement about why I like to do these things. Anyone can do it, and I think everyone should try. Ultimately it might not be to your taste, and that's fine, but I find a lot of value in contemplating things from others' perspectives -- whether that be in design sensibilities or life in general.

So, sorry Johnny5ive. Yes! disassemble.

-ziggurat29

Discussions

Eric Hertz wrote 06/15/2022 at 19:40 point

Awesome!

You've a knack for answering questions I hadn't developed fully-enough to ask...

Usually something about Z80s that is so mind-boggling I wouldn't even know *how* to formulate the question. But this one, heh, I feel a bit stupid; we're usually *so* caught-up in "The Dig" I guess I never had the mindset to formulate: "So, my friend... How'd you get into all this, anyhow?" I'm glad you beat me to it, otherwise, who knows how long I'da taken!

Wow, a Disassembler written in BASIC! That, for some reason, never ocurred to me as even possible.

Great insight into a great mind, educational, inspirational, and funny, too. Thank you for sharing this! Feel free to blow up the log-entries here, any time, even if it has nothing to do with computing.

  Are you sure? yes | no