Subject: Re: [stella] 7800 development From: Keith Gerdes <kwg@xxxxxxxxxxxx> Date: Wed, 08 Aug 2001 07:26:19 -0500 |
I see that Chad also used TTDigger....the best way to pickup the labels... :-) Here's the crux of what I've got so far. Referring to crypt78.c (posted many moons ago as Frank mentioned, based on Bruce Tomlin's pas source), you'll notice that 'carttest' is MungeCart(). And Encrypt() is the routine we need to decipher and come up with the basic math formula. Hopefully the "bignum" routines from crytp78 can be carried over. Otherwise I'll use the 'miracl' library.
; 264 bytes ; A_munge ; $F52E in bootROM s: dc $C765,$ABCA,$EEF7,$8309 t: dc $E1D0,$9267,$62B6,$7255 dc $8E91,$DCC5,$81BE,$7820 dc $59B7,$E63D,$0645,$AFC8 dc $0831,$38D1,$FB73,$84A9 dc $17FC,$3487,$A394,$FA90 dc $B8ED,$CE3B,$5B0A,$43D9 dc $F353,$82B3,$0D6D,$5A60 dc $9D51,$A7B9,$1110,$BCE4 dc $7F80,$41E7,$E3F6,$5626 dc $35EC,$D6DF,$0C7F,$F49E dc $AC52,$46EF,$CFBF,$A23F dc $A413,$1597,$4A1C,$B042 dc $8CB1,$0558,$8018,$772B dc $023E,$A849,$1A6A,$CB6E dc $0B8A,$EBF1,$4F14,$798B dc $D89F,$9B57,$19F8,$2A2D dc $760E,$E82E,$4BF9,$0703 dc $DE93,$167E,$D4E5,$B2F0 dc $7D7A,$DAD2,$A1CC,$1DE0 dc $5E23,$A095,$221E,$3685 dc $FE1F,$39AA,$8996,$AD0F dc $2FC0,$4727,$5D24,$EAC3 dc $A5F5,$215F,$1B40,$8FAE dc $7425,$DDC1,$7CCD,$A670 dc $D733,$7B2C,$75BB,$8699 dc $BD54,$9A6C,$6332,$484C dc $8DBA,$5C61,$C44E,$2937 dc $12C6,$989C,$D569,$6BE2 dc $044D,$E9C2,$883A,$DB64 dc $0144,$6FB5,$F230,$28FD dc $5071,$3CB4,$6668,$C9D3 dc $CA83,$C7AB,$F765,$09EE ; 55 bytes p: dc $703A,$C16F,$9A92,$E529 dc $18E7,$9E50,$D6A5,$8DCC dc $4D52,$2AD4,$5C10,$7181 dc $24CF,$DA6A,$4A72,$EED5 dc $CA36,$1E1B,$2A20,$C0DC dc $15E8,$EE53,$EBF3,$2E08 dc $7259,$35F8,$9957,$3B ; 55 bytes pexp: dc $1C dc $0EB0,$5BE6,$A4B9,$4A46 dc $39E7,$9435,$A963,$7313 dc $548A,$B517,$041C,$6049 dc $33F6,$9A92,$9CBB,$B572 dc $8D87,$86CA,$8830,$3705 dc $7A3B,$94FA,$FCCB,$821C dc $964D,$7E26,$55CF ; 65 bytes q: dc $1656,$1579,$9A53,$604F dc $8755,$9FB2,$7872,$E5BC dc $7DF8,$6FCA,$832A,$1FA7 dc $63A3,$552B,$D8B8,$45E2 dc $A11F,$412B,$041B,$9B5B dc $E128,$C5E0,$6E7D,$C80B dc $221E,$E7D4,$474C,$E5C8 dc $9222,$ADEF,$7018,$F13D dc $1B ; 65 bytes qexp: dc $05,$9585,$5E66,$94D8 dc $13E1,$D567,$EC9E,$1CB9 dc $6F1F,$7E1B,$F2A0,$CA87 dc $E9D8,$E8D5,$4AF6,$2E11 dc $78A8,$47D0,$4AC1,$06E6 dc $D6F8,$4A31,$781B,$9F72 dc $02C8,$87B9,$F511,$D339 dc $7224,$88AB,$7BDC,$063C dc $4F47 ; 120 bytes ; A_ROM ; $FED5 in bootROM ; Z (see below) n: dc $09CA,$C9C6,$B412,$081B dc $6058,$814B,$8601,$D8BF dc $D925,$A07B,$DC32,$7984 dc $3B7C,$BC2F,$E2E2,$FA8D dc $0A00,$3BC5,$ECAF,$2D8A dc $CD06,$936A,$A514,$4677 dc $C46A,$B253,$36EF,$8CCE dc $0CA2,$6871,$D373,$E8F7 dc $6D06,$B520,$EF23,$470C dc $5155,$C8FE,$F458,$C43F dc $20A7,$6738,$B076,$E2C4 dc $D805,$63F8,$3C58,$3B2D dc $22CC,$88B3,$718F,$1D80 dc $0A87,$BDA1,$5923,$E970 dc $E2D3,$EC46,$6880,$4239 ; 120 bytes ap: dc $0481,$BE5B,$4C70,$0FBC dc $42A2,$CD8C,$E700,$2656 dc $AE76,$6529,$3A00,$D1E6 dc $A29E,$5877,$6204,$F354 dc $2A30,$C37D,$DF69,$9DED dc $C523,$B69D,$7F18,$CEF6 dc $390F,$1428,$F4DF,$F498 dc $F520,$C764,$A77E,$770D dc $878D,$88EB,$CED6,$5963 dc $D770,$F64A,$E6FD,$836D dc $BC6C,$EEF6,$4F88,$27BD dc $EEBD,$615D,$A5B2,$5D78 dc $B0A4,$715E,$05C7,$BD6E dc $AC4E,$5B2C,$8916,$2B7F dc $2FB0,$7B14,$647D,$44E7 ; 120 bytes aq: dc $0549,$0B6B,$67A1,$F85F dc $1DB5,$B3BE,$9F01,$B269 dc $2AAF,$3B52,$A231,$A79D dc $98DE,$63B8,$80DE,$0738 dc $DFCF,$7848,$0D45,$8F9D dc $07E2,$DCCD,$25FB,$7781 dc $8B5B,$9E2A,$420F,$9835 dc $1781,$A10D,$2BF5,$71E9 dc $E579,$2C35,$204C,$EDA8 dc $79E4,$D2B4,$0D5B,$40D1 dc $643A,$7842,$60EE,$BB06 dc $E948,$029A,$96A5,$DDB4 dc $7228,$1755,$6BC7,$6011 dc $5E39,$6274,$D00D,$BDF1 dc $B323,$7132,$0402,$FD53 Given the 120-byte values Z and Y, is there any code or a program that I can download to solve for X in the following? (X^2) MOD Z = Y Z = 0x09,0xCA,0xC9,0xC6,0xB4,0x12,0x08,0x1B, 0x60,0x58,0x81,0x4B,0x86,0x01,0xD8,0xBF, 0xD9,0x25,0xA0,0x7B,0xDC,0x32,0x79,0x84, 0x3B,0x7C,0xBC,0x2F,0xE2,0xE2,0xFA,0x8D, 0x0A,0x00,0x3B,0xC5,0xEC,0xAF,0x2D,0x8A, 0xCD,0x06,0x93,0x6A,0xA5,0x14,0x46,0x77, 0xC4,0x6A,0xB2,0x53,0x36,0xEF,0x8C,0xCE, 0x0C,0xA2,0x68,0x71,0xD3,0x73,0xE8,0xF7, 0x6D,0x06,0xB5,0x20,0xEF,0x23,0x47,0x0C, 0x51,0x55,0xC8,0xFE,0xF4,0x58,0xC4,0x3F, 0x20,0xA7,0x67,0x38,0xB0,0x76,0xE2,0xC4, 0xD8,0x05,0x63,0xF8,0x3C,0x58,0x3B,0x2D, 0x22,0xCC,0x88,0xB3,0x71,0x8F,0x1D,0x80, 0x0A,0x87,0xBD,0xA1,0x59,0x23,0xE9,0x70, 0xE2,0xD3,0xEC,0x46,0x68,0x80,0x42,0x39 Y = 0xCF,0x21,0x53,0x4C,0x77,0x3F,0xBC,0xF3, 0x06,0xA4,0xA0,0x27,0xFD,0xF9,0x41,0x2A, 0xA8,0xA0,0x14,0xAC,0x84,0x74,0x52,0xF7, 0xEC,0x9E,0x93,0x6B,0xC6,0xCC,0xF3,0x69, 0xB8,0xDF,0xBB,0xF8,0x7F,0x0A,0xF1,0xBC, 0x15,0x9D,0x98,0x3A,0x77,0xFF,0x9E,0xFB, 0x9A,0x42,0x1F,0x94,0x59,0x8C,0xA0,0xDC, 0x68,0xD4,0xE2,0x82,0x62,0xEB,0x5D,0xEC, 0x41,0x28,0xE8,0x55,0xA6,0xB2,0xFA,0xC0, 0x02,0xA1,0xA2,0x36,0x71,0x3A,0x37,0x65, 0x16,0xCF,0x8F,0x67,0x74,0xE8,0xE8,0xEF, 0xA9,0xEF,0x04,0xDF,0x27,0x46,0x50,0xF8, 0xDD,0xFA,0x52,0x6C,0x6E,0x95,0x7A,0x3C, 0x62,0x1E,0x8C,0x2B,0x05,0x70,0x1A,0x31, 0xD4,0xB4,0xE2,0xAA,0xFB,0x60,0x24,0xE9 ; ; ; carttest: move.l #acc,_accpt clr.l d0 move d0,T0477A ; ; void MungeCart(void) ; move.b U11709,d0 ; $FFF9 andi.b #$F0,d0 lsl #8,d0 cmpi.l #$00004000,d0 ; <$4000? bcs L00D5A subi #$4000,d0 add.l #_image,d0 move.l d0,T0475A ; cartstart ; clear acc checksum: clr.l d0 move #$00FF,d0 movea.l #acc,a0 ; acc L00C2E: clr.b $00(a0,d0) subq #1,d0 bpl.s L00C2E ; copy $FF7F->$FF00...$FFFF->$FFF8 to acc clr.l d0 move.b #$7F,d0 movea.l #U11610,a1 ; $FF00 L00C42: move.b $00(a1,d0),d1 move.b d1,$00(a0,d0) subq.b #1,d0 cmp.b #$F8,d0 bne.s L00C42 ; move.l #s,T0476A ; s movea.l T0475A,a2 ; cartstart clr.l d0 moveq #$01,d3 L00C66: bsr cscheck ; cscheck adda.l #$00000100,a2 clr.l d3 cmpa.l #U11610,a2 ; $FF00 bne.s L00C66 ; moveq #$01,d3 bsr csrotate ; csrotate bsr csrotate ; csrotate move.l #t,T0476A ; t suba.l #$00000100,a2 L00C94: bsr cscheck ; cscheck suba.l #$00000100,a2 moveq #$01,d3 cmpa.l T0475A,a2 ; cartstart bcc.s L00C94 ; move.b #$77,d0 movea.l #reg11,a2 ; reg11 movea.l #T0480A,a4 ; acc+$88 L00CB8: move.b $00(a0,d0),d1 move.b $50(a0,d0),d2 eor.b d2,d1 move.b $00(a4,d0),d2 eor.b d2,d1 move.b d1,$00(a2,d0) subq #1,d0 bpl.s L00CB8 ; A_mem[0x2000] = A_mem[0x2000] & 7; clr.l d0 andi.b #$07,reg11 ; reg11 ; A_mem[0x2004] = 0; ; ignore the following.... move.b reg11,d0 ; reg11 add.b U11708,d0 add.b U11709,d0 add.b U1170A,d0 add.b U1170B,d0 add.b U1170C,d0 add.b U1170D,d0 add.b U1170E,d0 add.b U1170F,d0 add.b L01722,d0 add.b L017A0,d0 add.b T04A43,d0 add.b U05B54,d0 add.b U0DA55,d0 add.b U0EF83,d0 add.b U1003F,d0 add.b U1098B,d0 add.b T04E06,d0 move.b d0,T04E06 ; reg11[4] bsr.s encrypt bra.s L00D66 movem.l (a7)+,d0-d7/a0-a5 clr.l d0 unlk a6 rts ; error L00D5A: movem.l (a7)+,d0-d7/a0-a5 move #-$0002,d0 unlk a6 rts L00D66: movem.l (a7)+,d0-d7/a0-a5 move T0477A,d0 unlk a6 rts ; void X_23FF(int addr, int munge) ; cscheck: clr.l d2 movea.l T0476A,a3 clr.l d5 L00D7E: andi #$0F,ccr lsr.b #1,d3 move.b $00(a0,d2),d5 addx.b d5,d0 move.b $00(a2,d2),d5 addx.b d5,d0 roxl.b #1,d3 move.b $00(a3,d0),d0 move.b d0,$00(a0,d2) addq.b #1,d2 bne.s L00D7E rts ; void ROLWork(void) ; csrotate: clr.l d2 L00DA2: lsr.b #1,d3 move.b $00(a0,d2),d1 roxl.b #1,d1 roxl.b #1,d3 move.b d1,$00(a0,d2) addq.b #1,d2 bne.s L00DA2 rts ; ; ; encrypt: ; copy p to reg7 ; copy pexp to reg5 goo: clr.l d1 move.b #$36,d1 move.b #$36,sizer3 move.b #$36,sizer5 movea.l #p,a1 ; p movea.l #reg5,a2 ; reg5 movea.l #reg7,a3 ; reg7 movea.l #pexp,a4 ; pexp L00DE4: move.b $00(a1,d1),$00(a3,d1) move.b $00(a4,d1),$00(a2,d1) subq #1,d1 bpl.s L00DE4 ; ?? bsr L01042 ; divide , power ; copy reg9 to reg13 clr.l d1 move.b #$36,d1 movea.l #reg9,a4 ; reg9 movea.l #reg13,a1 ; reg13 L00E0A: move.b $00(a4,d1),$00(a1,d1) subq #1,d1 bpl.s L00E0A ; copy q to reg7 ; copy qexp to reg5 clr.l d1 move.b #$40,d1 move.b #$40,sizer3 move.b #$40,sizer5 movea.l #q,a1 ; q movea.l #reg5,a2 ; reg5 movea.l #reg7,a3 ; reg7 movea.l #qexp,a4 ; qexp L00E42: move.b $00(a1,d1),$00(a3,d1) move.b $00(a4,d1),$00(a2,d1) subq #1,d1 bpl.s L00E42 ; ?? bsr L01042 ; divide , power ; copy reg9 to reg1 clr.l d1 move.b #$40,d1 move.b #$40,sizer1 movea.l #reg9,a1 ; reg9 movea.l #reg1,a4 ; reg1 L00E70: move.b $00(a1,d1),$00(a4,d1) subq #1,d1 bpl.s L00E70 ; copy aq to reg0[1] clr.l d1 move.b #$77,d1 move.b d1,sizer0 movea.l #aq,a1 ; aq movea.l #T04883,a4 ; reg0[1] L00E92: move.b $00(a1,d1),$00(a4,d1) subq #1,d1 bpl.s L00E92 ; ?? bsr multiply ; multiply ; copy n to reg0[1] clr.l d1 move.b #$77,d1 movea.l #n,a1 ; n movea.l #T04883,a4 ; reg0[1] L00EB2: move.b $00(a1,d1),$00(a4,d1) subq #1,d1 bpl.s L00EB2 ; ?? move.b offseta,sizea bsr divide ; divide ; copy acc[?] to reg3 clr.l d1 movea.l #acc,a1 ; acc move.b starta,d1 adda.l d1,a1 movea.l #reg3,a2 ; reg3 move.b #$77,d1 L00EE4: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L00EE4 ; copy reg13 to reg1 clr.l d1 move.b #$36,d1 move.b d1,sizer1 movea.l #reg13,a2 ; reg13 movea.l #reg1,a3 ; reg1 L00F06: move.b $00(a2,d1),$00(a3,d1) subq #1,d1 bpl.s L00F06 ; copy ap to reg0[1] clr.l d1 move.b #$77,d1 move.b d1,sizer0 movea.l #ap,a1 ; ap movea.l #T04883,a2 ; reg0[1] L00F28: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L00F28 ; ?? bsr multiply ; multiply ; copy n to reg0[1] clr.l d1 move.b #$77,d1 movea.l #n,a1 ; n movea.l #T04883,a2 ; reg0[1] L00F48: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L00F48 move.b offseta,sizea ; ?? bsr divide ; divide ; copy acc[?] to acc[1] clr.l d1 move.b #$77,offsetr movea.l #acc,a1 ; acc move.b starta,d1 adda.l d1,a1 clr.b d1 movea.l #T04783,a2 ; acc[1] L00F80: move.b $00(a1,d1),$00(a2,d1) addq.b #1,d1 cmp.b #$78,d1 bne.s L00F80 ; ?? move.l #reg3,addmod ; reg3 clr.l d0 move.b #$01,d0 bsr add ; add ; ?? move.l #n,T04772 ; n bsr simplmod ; simplmod ; copy acc[1] to reg1 ; copy acc[1] to reg0[1] clr.l d1 move.b #$77,d1 movea.l #T04783,a1 ; acc[1] movea.l #reg1,a2 ; reg1 movea.l #T04883,a3 ; reg0[1] L00FC8: move.b $00(a1,d1),$00(a2,d1) move.b $00(a1,d1),$00(a3,d1) subq #1,d1 bpl.s L00FC8 ; ?? dectest: bsr L010BE ; multiply , divide (n) ; compare reg11 to acc[?] clr.l d1 movea.l #acc,a1 ; acc move.b starta,d1 adda.l d1,a1 move.b #$77,d1 movea.l #reg11,a2 ; reg11 L00FF6: move.b $00(a2,d1),d3 cmp.b $00(a1,d1),d3 bne.s enbad subq #1,d1 bpl.s L00FF6 ; copy reg1 to $FF80-$FFF7 enout: moveq #$77,d1 movea.l #reg1,a1 ; reg1 movea.l #U11690,a2 ; $FF80 L01012: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L01012 move #$0000,T0477A rts enbad: addq #1,T0477A cmpi #$0100,T0477A beq.s L01040 addq.b #1,T04E06 bra encrypt L01040: rts ; ; divide , power L01042: ; copy reg11 to acc[1] clr.l d1 move.b #$77,d1 movea.l #reg11,a1 ; reg11 movea.l #T04783,a2 ; acc[1] L01054: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L01054 ; acc[0] = 0 clr.b acc ; acc ; copy reg7 to reg0[1] clr.l d1 move.b sizer3,d1 move.b d1,sizer0 movea.l #reg7,a1 ; reg7 movea.l #T04883,a2 ; reg0[1] L0107E: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L0107E ; ?? move.b #$78,sizea bsr divide ; divide ; copy acc[?] to reg3[?] movea.l #acc,a1 ; acc clr.l d1 move.b starta,d1 adda.l d1,a1 movea.l #reg3,a2 ; reg3 move.b sizer3,d1 L010B0: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L010B0 ; ?? bsr.s power ; power rts ; ; multiply , divide (n) L010BE: ; move.b #$77,sizer0 move.b #$77,sizer1 bsr multiply ; multiply ; copy n to reg0[1] clr.l d1 move.b #$77,d1 movea.l #n,a1 ; n movea.l #T04883,a2 ; reg0[1] L010E4: move.b $00(a1,d1),$00(a2,d1) subq #1,d1 bpl.s L010E4 ; ?? move.b offseta,sizea bsr divide ; divide rts
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: [stella] 7800 development, Chad Schell | Thread | Re: [stella] 7800 development, Keith Gerdes |
Re: [stella] Optimizing Qb (was: Ho, Thomas Jentzsch | Date | Re: [stella] Teleterm 2600, Joe Grand |
Month |