Re: A83: Patching the Ti83+ ROM?

Re: A83: Patching the Ti83+ ROM?

• To: assembly-83@lists.ticalc.org
• Subject: Re: A83: Patching the Ti83+ ROM?
• From: Olle Hedman <oh@hem.passagen.se>
• Date: Sun, 28 Jan 2001 01:32:08 +0100
• In-Reply-To: <00f001c088a9$a07beaa0$0200a8c0@pc2>
• References: <F2521AA2smkdYHoc5GG00001cf9@hotmail.com> <5.0.2.1.0.20010127195127.0341ec88@mail.passagen.se> <5.0.2.1.0.20010127204916.034c1e78@mail.passagen.se>
• Reply-To: assembly-83@lists.ticalc.org

At 22:39 2001-01-27, you wrote:

>I actually did look for accidental code on the correct ROM pages that would
>unlock the flash.  As there's only 12K of code to look through (only three
>pages have "flash unlocking rights" AFAIK), the chances aren't very good.  I
>did find one port output to a port that should have functioned like the
>flash instruction port (14h), but it did not work correctly, so I have to
>assume that there's something more complicated in the unlock procedure (like
>all the superfluous nop's and the such in the unlock procedure being
>necessary).
>
>I don't know how successful lowering the protect line on the flash chip
>would be (there may be an intermediary device that will block writes unless
>it gets it's "OK" from the TIOS), but I think a possible way of unlocking
>via hardware would go something like this:
>1) Run a halt so that the interrupt cycle wont trigger in the next few
>instructions
>2) Set the cursor timer so the cursor will invert next interrupt cycle, and
>set the cursor on flag.
>3) Set a hook for the text display routines.
>4) Pull one of the link lines low, and then jump to a routine that unlocks
>the Flash.
>5) Have a simple device sitting on the link line, and when it goes low (you
>might have to wait a few milliseconds so that the flash will have been
>unlocked), generate a NMI pulse on the Z80 chip.
>6) The TIOS is not properly set up to handle NMIs, so it will jump to a
>bunch of junk, but will eventually end up in the regular interrupt routine.
>7) When the interrupt routine gets to the cursor display, it will be hooked
>by the text hook, and control will be passed to whatever code you want.
>
>
>Someone can have fun trying that, I'm sure not going to,
>-Dan Englender

I don't think all that should be nessesairy. you probably only have to pull 
that write enable low, as hyperbyte said.
In the ti89 it is just one pin you need to lift, and put a switch there. 
(it has to be connected at boot, or the boot will fail)
I find it unprobable that the designers att TI did it much more complicated 
on the 83+ then on the 89. (specially considering that the 83+ is older 
then the 89, isn't it? or maybe I remember wrong on this one...)
That port 14h, is it only for "unlocking" or is it used for controlling the 
flash further? has anyone checked what flash chip there is in the 83+, and 
found the specs for it?
Hm.. I feel that I really know nothing about the 83+...
if it is for controlling, probably you need some special cycles on the bus, 
similar to on the 89 before you are allowed to write to it. maybe with 
correct delays (the nops). that would be a real pain...
probably true if it is only for unlocking too actually.
Isn't there a page like mine (http://alh.dhs.org/ti89/) but about the 83+? 
that would rule :)
I really feel like I want to start fiddling with the 83+ now.. anyone has 
one to donate? :)

///Olle

• Re: A83: Patching the Ti83+ ROM?
• From: "Dan Englender" <dan@calc.org>

• Re: A83: Patching the Ti83+ ROM?
• From: "Emir Sakic" <saka@hotmail.com>
• Re: A83: Patching the Ti83+ ROM?
• From: Olle Hedman <oh@hem.passagen.se>
• Re: A83: Patching the Ti83+ ROM?
• From: Olle Hedman <oh@hem.passagen.se>
• Re: A83: Patching the Ti83+ ROM?
• From: "Dan Englender" <dan@calc.org>

• Prev: Re: A83: Flashing a VTI-83+
• Next: Re: A83: Flashing a VTI-83+
• Index(es):
  • Main
  • Thread