The Museum of HP Calculators

HP Forum Archive 16

[ Return to Index | Top of Index ]

HP71B Basic
Message #1 Posted by Tomas Larsson on 22 Sept 2006, 1:13 p.m.

Is there any way to "Reverse engineer" a "Protected" Basic program in a 71B.

      
Re: HP71B Basic
Message #2 Posted by Eric Smith on 22 Sept 2006, 2:29 p.m.,
in response to message #1 by Tomas Larsson

If you have it on a tape or disc, I think you can just change the file type bytes in the directory entry to remove the protection. As far as I know, the actual file contents are not any different than a non-protected program. I'm not aware of a specific program you can use to do that, but it shouldn't be too hard to write one as the HP-71 has very good HP-IL control capabilities.

Basically what is required is to have a subroutine that would issue the appropriate DDT commands to tell the drive to read sectors and send them to the HP-71. The main program would loop reading directory sectors and examining the directory entries until it finds the desired one, then change the bytes in the buffer and tell the drive to write it back to the medium.

The other approach would be to try to modify the file information in memory. The built-in "PEEK" and "POKE" commands were designed to prevent this, but I think there are LEX files that have unrestricted versions. Possibly in the JPCROM?

            
Re: HP71B Basic
Message #3 Posted by Tomas Larsson on 22 Sept 2006, 5:37 p.m.,
in response to message #2 by Eric Smith

I would have thought it worked as other basic compilers: in "private" mode, only pseudo code was stored on the media. BTW I have the program on mag-strips, and a EEPROM, I made some 20 years ago, sadly all listings gone and other stuff gone, by mistake, but I had a crash of nostalgie and thought to try to recover the stuff.

                  
Re: HP71B Basic
Message #4 Posted by Howard Owen on 22 Sept 2006, 5:43 p.m.,
in response to message #3 by Tomas Larsson

With LIF, generally, each file type has a "secure" and "protected" variation. So you can have text files containing BASIC code, or a "binary" (tokenized) BASIC program. Either type can be secure, protected, both or neither.

Regards,
Howard

      
Re: HP71B Basic
Message #5 Posted by Howard Owen on 22 Sept 2006, 5:39 p.m.,
in response to message #1 by Tomas Larsson

Get Tony Duell's LIF utilities for Linux. Even if you are on Windows, his C source code fully explains the various LIF types. There are two types of special protection, if I recall. One is merely marked as unreadable by the file type as Eric explained. The other is encrypted, but with a trivial key. (16 bits if I remember correctly.)

Regards, Howard

            
Re: HP71B Basic
Message #6 Posted by Tomas Larsson on 22 Sept 2006, 6:22 p.m.,
in response to message #5 by Howard Owen

Ok, so what I need to do, is to either transfer the EEPOM image to a pc or the ma-stics then, and try to decode them, any links how to do that.

I can easily set up something that reads the EEPROM, if i knew the electrical and the mecanical connections and so, just to program a PIC to read the EEPROM and send the contens to a PC, but where do I find the info needed to interface with the EEModule??

                  
Re: HP71B Basic
Message #7 Posted by Eric Smith on 22 Sept 2006, 6:47 p.m.,
in response to message #6 by Tomas Larsson

It's slightly tricky. It's not a regular bytewide parallel ROM, nor a convential bit-serial (I2C or SPI) ROM. It uses the nibble-serial Saturn bus. There are four data lines, a commmand/data line, and a clock (strobe). You send the module a read command, followed by five nibbles of address, then clock out the data (as many nibbles as you like).

The documentation on the Saturn bus is in the HP-71B Hardware Internal Design Specification, which is available on the MoHPC DVD or CD set.

Edited: 22 Sept 2006, 6:47 p.m.

                  
Much more tricky than that
Message #8 Posted by Mike on 23 Sept 2006, 4:21 p.m.,
in response to message #6 by Tomas Larsson

It's far more complicated than that. The EPROM are controlled by a memory controller chip. There is no direct access. The external pins require using the Saturn Bus protocol to access. When you remove the eprom from the 71B, it becomes brain-dead and won't respond to anything except a configuration command using the Saturn Bus protocol.

Eric Says:

You send the module a read command, followed by five nibbles of address, then clock out the data (as many nibbles as you like).

Reply:

Only after properly configuring the device. The only commands that the memory controller respond to, from power up, is a configuration sequence. It requires IDentifying the chip, configuration (assigning addresses) and then you can use read data commands.

Un privatizing a file is quite easy. I just don't happend to recall the sequence right now but basically using a poke at the right place does the trick. And yes, the JPCROM does have the ability to peek and poke in private areas. However, I don't think the X version can do it. For some reason, that was removed in the X version. I have both versions of JPCROM.

Edited: 23 Sept 2006, 4:26 p.m.

      
Perhaps this thread might prove useful ..
Message #9 Posted by Valentin Albillo on 22 Sept 2006, 7:33 p.m.,
in response to message #1 by Tomas Larsson

http://www.hpmuseum.org/cgi-sys/cgiwrap/hpmuseum/archv014.cgi?read=65456

Alternately, you can key in the MAKELEX program, which needs nothing but a bare bones HP-71B, then use it to enter the codes for some extended PEEK/POKE statements in a suitable LEX file published in MAKELEX format (there are several), then use the POKE statement thus made available to alter the required bytes in the file header in RAM to change its status to unprotected.

Listings for MAKELEX, a number of PEEK/POKE LEX files in MAKELEX format, as well as details on the exact locations to POKE in the file header are all available in past issues of PPC Journal, CHHU Journal, and other such old publications. If you've already got them it then becomes a simple matter of searching for the items mentioned.

Best regards from V.

            
Re: Perhaps this thread might prove useful ..
Message #10 Posted by Tomas Larsson on 22 Sept 2006, 8:27 p.m.,
in response to message #9 by Valentin Albillo

No, dont have them, avaible here??

                  
Re: Perhaps this thread might prove useful ..
Message #11 Posted by Howard Owen on 23 Sept 2006, 2:17 a.m.,
in response to message #10 by Tomas Larsson

Jake Schwartz's CD-ROMs have tons of old HP calculator user group journal back issues. They are fascinating reading from a number of perspectives. The Museum DVD has manuals for many, many old machines, including the HP-71 technical specs that Eric mentioned.

The reason you need a special PEEK and POKE is that the built-in versions respect the policy that protects the file headers from alteration. The hobbyist versions let you read or scribble over any old RAM you care to.

I don't type in HEX code to get that stuff. Instead, I use an older PC with ISA slots, and Christoph Klug's ISA PC HP-IL host adapter, driven with J.F. Garnier's EMU41 acting as a virtual HP-IL disk. Using that lash-up I can read the old "swap disk" images (found here) which contain many of the programs referred to in the old newsletters and journals.

Regards,
Howard

                        
Re: Perhaps this thread might prove useful ..
Message #12 Posted by Tomas Larsson on 23 Sept 2006, 6:27 a.m.,
in response to message #11 by Howard Owen

Ok, need to get those discs then. Problem: Dont have a HPIL/ISA card and dont have any computers with ISA slot.

Solution: Is there any HPIL/USB converters around? If not I have to make one. Shouldn't be too difficult I would think, Only problem is the magnetics, but since it's fairly low speed that wouldn't be critical, me thinks.

                              
You don't need any extra hardware
Message #13 Posted by Valentin Albillo on 23 Sept 2006, 9:20 a.m.,
in response to message #12 by Tomas Larsson

Hi, Tomas:

You don't need any extra hardware, at all. Do the following:

  1. Get the old documentation I told you, either for real or as compiled in the CDs and DVDs already mentioned. It's easy and inexpensive.

  2. Key in the MAKELEX program, it's just ten lines or so of BASIC code.

  3. Run MAKELEX and key in the hex listing for some unrestricted POKE LEX file, as found in the docs, it's only a small bunch of hexadecimal digits, with checksum and all to guarantee it's correctly entered.

  4. Use your new POKE to poke the correct values into the two or so locations in RAM where the file status is stored, as per the documentacion.
And that's it. No obsolete ISA cards, no complicated hardware settings. And this will work whether you have a physical HP-71B or an emulated one.

Best regards from V.

                                    
Re: You don't need any extra hardware
Message #14 Posted by Marcus von Cube, Germany on 23 Sept 2006, 11:28 a.m.,
in response to message #13 by Valentin Albillo

Valentin,

does that work, if the program in question is stored on EEPROM, as mentioned earlier in this thread? If it's copy protected, there is no easy way to move it to a RAM file were you can modify the protection flags.

It might be possible to create a dummy program file in memory of equal length and then use PEEK & POKE to transfer the EEPROM contents to this location...

Marcus

                                          
Re: You don't need any extra hardware
Message #15 Posted by Tomas Larsson on 23 Sept 2006, 12:21 p.m.,
in response to message #14 by Marcus von Cube, Germany

Good point, I was just thinking of that myself.

                                                
Re: You don't need any extra hardware
Message #16 Posted by Howard Owen on 23 Sept 2006, 2:33 p.m.,
in response to message #15 by Tomas Larsson

What sort of EPROM is it? If it's a CMT front port module, there's a fellow who has a full programming setup. He sells modules burned with your choice of images from time to time on eBay. He might be able to read your EPROM for you.

Regards/
Howard

                                                      
I have an EPROM Programmer
Message #17 Posted by Mike on 23 Sept 2006, 4:35 p.m.,
in response to message #16 by Howard Owen

Yep! I'm one of those fellows. . In fact, I have two. But I, currently can only program the front port EPROMs.

.

Edited: 23 Sept 2006, 4:48 p.m.

                                          
Re: You don't need any extra hardware
Message #18 Posted by Valentin Albillo on 23 Sept 2006, 2:45 p.m.,
in response to message #14 by Marcus von Cube, Germany

Hi, Marcus:

Tomas himself posted (the underlining is mine):

" BTW I have the program on mag-strips, and a EEPROM ...

    Assuming "mag-strips" actually means "HP-71B magnetic cards" and assuming he's got a physical HP-71B where to read them, my advice does apply without further hardware/software complications.

Best regards from V.

                                                
Re: You don't need any extra hardware
Message #19 Posted by Tomas Larsson on 23 Sept 2006, 4:46 p.m.,
in response to message #18 by Valentin Albillo

Yes, I have an older version on Magnetic "cards", and obviously what I learned here I can read them back to my 71B, modify the needed bits and have the code readable, I guess. I don't bother to reprogram the eeprom, but I also had a thought, that it can't be that difficult to read the eeprom, just build an eprom reader with a PIC, dump the contents to a PC. Obviously I need to find out the electrical and mechanical stuff for the eeprom module.

I guess that if I buy a DVD from here, all stuff should be in there, as well as needed info to design a HP-IL2USB/RS232 interface

EDIT I missed a couple of the messegas above, when I wrote this. I realize now that the com between the module and the 71B is little bit more complex, however it should be possible to write a program for a PIC and have it to read the module, even program it I would have thought.

Edited: 23 Sept 2006, 4:51 p.m.

                                                      
I have most of that info
Message #20 Posted by Mike on 23 Sept 2006, 4:52 p.m.,
in response to message #19 by Tomas Larsson

you say I guess that if I buy a DVD from here, all stuff should be in there, as well as needed info to design a HP-IL2USB/RS232 interface

reply If you have about a year to devote to it. Designing an HP-IL interface, from scratch is a major undertaking. If you found an HP-IL controller chip, the task is a bit easier. But you'd likely have to scrounge them from some old equipment. They are available, if you want to go through some Hong Kong exporters at about $30 a pop + shipping. But dealing with them isn't easy either.

you say I guess. I don't bother to reprogram the eeprom, but I also had a thought, that it can't be that difficult to read the eeprom, just build an eprom reader with a PIC, dump the contents to a PC.

my reply I am currently working on a custom memory interface controller, for one of my projects. But you can read the EPROM with a pic. In fact, I'm testing that very thing tomorrow. But you will have to understand the Saturn Bus to do it. It's not rocket science but it's also not trivial.

If you'd like to send me the EPROM, I can unprotect it and write it back to your EPROM.

BTW, what is the program you are trying to unprotect?

Edited: 23 Sept 2006, 5:11 p.m.

                                                            
Re: I have most of that info
Message #21 Posted by Tomas Larsson on 23 Sept 2006, 5:14 p.m.,
in response to message #20 by Mike

Quote:
I am working on a custom memory interface controller. But you can read the eprom with a pic. In fact, I'm testing that very thing tomorrow. But you will have to understand the Saturn Bus to do it. It's not rocket science but it's also not trivial.

If you'd like to send me the EPROM, I can unprotect it and write it back to your EPROM.

BTW, what is the program you are trying to unprotect?

Well, it's basically a datalogging sw that takes data from a ad/converter hooked on the IL-Bus.

And since these things interest me quite a lot, I thought it would be a fun task/project to do myself.

                                                                  
The reason I asked
Message #22 Posted by Mike on 23 Sept 2006, 5:16 p.m.,
in response to message #21 by Tomas Larsson

No problem. The reason I asked is because some people think they can unprotect all programs and use them from RAM. Some programs can only be run from the ROM (Assembler for instance) they were originally put on. You can unprotect the Assember but it won't run, if you move it to RAM or EPROM.

Edited: 23 Sept 2006, 5:16 p.m.

                                                                        
Re: The reason I asked
Message #23 Posted by Tomas Larsson on 23 Sept 2006, 5:24 p.m.,
in response to message #22 by Mike

Its written in 71B Basic.

                                          
Can't change what is in EPROM
Message #24 Posted by Mike on 23 Sept 2006, 4:33 p.m.,
in response to message #14 by Marcus von Cube, Germany

You CANNOT modify what is in EPROM. You must copy to RAM, modify and reprogram the EPROM.

I can do that for you, if you like. I have an EPROM programmer (2 in fact).

                              
You don't need HP-IL
Message #25 Posted by Mike on 23 Sept 2006, 4:31 p.m.,
in response to message #12 by Tomas Larsson

You don't need any HP-IL to get files to the PC. You do need a 9114 drive though, if you don't. You can use programs LIFUTIL for instance, to read and write 9114 LIF disks. You can edit them with any text editor.

However, I also have some programs that will allow you to modify bits on any file on the 71B. Not sure how I would get them to you, if you don't have an HP-IL or 9114B. I can provide them on EPROM, but prefer to keep my eproms. If you have an extra EPROM, I can program it for you, to include these programs.

I move files from PC to 71B all the time and don't have an HP-IL interface on my PC.

[ Return to Index | Top of Index ]

Go back to the main exhibit hall