Continue to Site

Welcome to our site!

Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Register Log in
  • Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

80c535 disassembly

Status
Not open for further replies.
A

alfa166

New Member
Hello,

I'm trying to understand my radio, a Becker BE2560, as used in the alfa romeo 166.
The radio part uses an 80c535 from Siemens, which should be 8051 compatible.
I've dumped the eprom, and cannot make any sense of the program.

The first 17 bytes are:


Code: 
C0 D0 70 03 E9 80 08 50 03 29 80 03 C9 C3 99 C3 22


Code: 
//
                             // CODE
                             // CODE:0000-CODE:1fff
                             //
                             *************************************************************
                             *                            FUNCTION                        
                             *************************************************************
                             undefined  FUN_CODE_0000 ()
             undefined         ACC:1          <RETURN>
                             FUN_CODE_0000
       CODE:0000  c0  d0           PUSH       PSW
       CODE:0002  70  03           JNZ        LAB_CODE_0007
       CODE:0004  e9              MOV        A,R1
       CODE:0005  80  08           SJMP       LAB_CODE_000f
                             LAB_CODE_0007                                   XREF[1]:     CODE:0002 (j)  
       CODE:0007  50  03           JNC        LAB_CODE_000c
       CODE:0009  29              ADD        A,R1
       CODE:000a  80  03           SJMP       LAB_CODE_000f
                             LAB_CODE_000c                                   XREF[1]:     CODE:0007 (j)  
       CODE:000c  c9              XCH        A,R1
       CODE:000d  c3              CLR        CY
       CODE:000e  99              SUBB       A,R1
                             LAB_CODE_000f                                   XREF[2]:     CODE:0005 (j) ,  CODE:000a (j)  
       CODE:000f  c3              CLR        CY
       CODE:0010  13              RRC        A
       CODE:0011  93              MOVC       A,@A+DPTR
       CODE:0012  f5  f0           MOV        B,A
       CODE:0014  d0  d0           POP        PSW
                             *************************************************************
                             *                            FUNCTION                         
                             *************************************************************
                             undefined  FUN_CODE_0016 ()
             undefined         ACC:1          <RETURN>
                             FUN_CODE_0016
       CODE:0016  22              RET



Which makes no sense, especially not since the 17th byte is 0x22, i.e. "RET".

An 8051 (or derivative) starts its program at 0x0000, so where does it return to?
 
Sort by date Sort by votes
Mystery solved, more or less ...

The original dump used the wrong eprom type, instead of a 27512 as 2764 was used.
(autodetect failed?)

The new dump looks much more promising.

//
// CODE
// Generated by Intel Hex
// CODE:0000-CODE:ffff
//
*************************************************************
* THUNK FUNCTION
*************************************************************
thunk undefined __stdcall init (undefined * param_1 , b
Thunked-Function: init
undefined ACC:1 <RETURN>
undefined * R1:1 param_1
byte R2:1 param_2
byte R3:1 param_3
char R4:1 param_4
char R5:1 param_5
byte R6:1 param_6
char R7:1 param_7
init XREF[4]: FUN_CODE_9241:9280 (c) ,
FUN_CODE_9241:92a5 (c) ,
CODE:a7eb (c) ,
FUN_CODE_c57b:c5b8 (c)
CODE:0000 00 NOP
CODE:0001 80 1b SJMP init undefined init(undefined * param
-- Flow Override: CALL_RETURN (CALL_TERMINATOR)
CODE:0003 02 36 72 LJMP extinterrupt0
CODE:0006 00 ?? 00h
CODE:0007 05 ?? 05h
DAT_CODE_0008 XREF[1]: FUN_CODE_30fb:317c (R)
CODE:0008 13 undefine 13h
DAT_CODE_0009 XREF[1]: FUN_CODE_30fb:3178 (R)
CODE:0009 98 undefine 98h
DAT_CODE_000a XREF[1]: FUN_CODE_30fb:3174 (R)
CODE:000a f4 undefine F4h
CODE:000b 02 d7 fc LJMP timer0interrupt
DAT_CODE_000e XREF[2]: FUN_CODE_30fb:3197 (R) ,
FUN_CODE_6b9a:6ba9 (R)
CODE:000e 25 undefine 25h
DAT_CODE_000f XREF[1]: FUN_CODE_30fb:3193 (R)
CODE:000f 69 undefine 69h
CODE:0010 ff ?? FFh
CODE:0011 ff ?? FFh
CODE:0012 ff ?? FFh
CODE:0013 02 00 26 LJMP extinterrupt1
*************************************************************
* FUNCTION
*************************************************************
undefined __stdcall FUN_CODE_0016 (void )
undefined ACC:1 <RETURN>
FUN_CODE_0016 XREF[1]: FUN_CODE_c57b:c5b5 (c)
CODE:0016 af 4f MOV R7 ,DAT_INTMEM_4f = ??
CODE:0018 80 00 SJMP LAB_CODE_001a
LAB_CODE_001a XREF[1]: CODE:0018 (j)
CODE:001a 22 RET
CODE:001b 02 3f 8d LJMP timer1interrupt
*************************************************************
* THUNK FUNCTION
*************************************************************
thunk undefined __stdcall init (undefined * param_1 , b
Thunked-Function: init
undefined ACC:1 <RETURN>
undefined * R1:1 param_1
byte R2:1 param_2
byte R3:1 param_3
char R4:1 param_4
char R5:1 param_5
byte R6:1 param_6
char R7:1 param_7
init XREF[1]: init:0000 (T) , init:0001 (c)
CODE:001e 02 9e 1c LJMP init
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
New to electronics. Toaster Oven disassembly question
Replies
9
Views
3K
dknguyen
dknguyen

Latest threads

New Articles From Microcontroller Tips

Back
Top