tag:blogger.com,1999:blog-3024470480937744884.comments2024-03-18T04:40:58.042-07:00SecurityChris Evanshttp://www.blogger.com/profile/01004765479735675808noreply@blogger.comBlogger442125tag:blogger.com,1999:blog-3024470480937744884.post-16777038321347474032024-03-12T02:51:28.576-07:002024-03-12T02:51:28.576-07:00I remember being really pleased with myself when I...I remember being really pleased with myself when I cracked the disk protection on BBC Elite. I wanted a backup that worked, honest.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-42152182224126083282023-07-09T17:10:53.457-07:002023-07-09T17:10:53.457-07:00Hello 0010 all,
Let me first state I'm no exp...Hello 0010 all,<br /><br />Let me first state I'm no expert on all this !<br /><br />Having read several articles about the 8271 FDC on StarDot and elsewhere (like the above), as well as studied Intel's data sheets and Acorn's System, Atom, Beep and other diagrams, I have a few questions on the matter that hopefully someone will answer.<br /><br />The 8271 is used in the Acorn System, the Atom and the Beeb in a way that is "Not Allowed" according to Intel's datasheets. Both CS and DACK inputs of the 8271 are activated (low) at the same time when there is a data exchange between the 6502 µP and a disk via the 8271 FDC.<br /><br />According to the Acorn diagrams it seems that the addressing of the registers (by A0, A1 and CS) is disabled internally in the 8271 when DACK is active (low). If so, this likely allows to have the 8271 registers addressed by the A1 and A0 inputs being 00, 01, 10 (00=Command and Status, 01=Parameter and Result, 10=Reset) when CS is low and DACK is high and use the same two address output lines from the processor to feed to a NAND gate to activate DACK (low) for the data exchange. That way the FDC addressing would fit in a four Byte space !<br /><br />I think both CS and DACK being low simultaneously is no issue when working like I suggest above but I'm not sure on this.<br /><br />Has addressing the 8271 like that been tested or shed the reverse engineering any light on this all ?<br /><br />It would be so nice to have an 8271 FDC fit in a four Byte space in my Atom (like the 8522 PIA and 6821 "Big Benny" RTC already do) !<br /><br /><br />May your wires be long and your nerves be strong❗ <br />Greetings, LouisLouis.mnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-81657454387637371272023-07-08T05:23:35.393-07:002023-07-08T05:23:35.393-07:00Hello 0010 all,
Let me first state I'm no exp...Hello 0010 all,<br /><br />Let me first state I'm no expert on all this !<br /><br />But having read several articles about the 8271 FDC de-cap on StarDot and elsewhere (as well as studying Intel's data sheets and Acorn's System, Atom, Beep and other diagrams), I have a few questions on the matter.<br /><br />To me it seems possible to have the registers write/read at A1-A0 being 00, 01, 10 (Command and Status, Parameter and Result, Reset respectively) and use address 11 for the data exchange (must CS and DACK be activated separately ?).<br /><br />The 8271 is used in an odd way in the Acorn System, the Atom and the Beeb (and where else ?), both CS and DACK inputs are activated (low) at the same time when there is a data exchange between the 6502 µP and the 8271 FDC, in spite of this being "Not Allowed" according to Intel's data, I wonder if this will give any problems ?<br /><br />At first I thought both CS and DACK being low simultaneously was no issue here but some replies on StarDot rased some doubt on this.<br />Has this been tested or shed the reverse engineering any light on this all ?<br /><br />It would be so nice to have a 8271 FDC fit in a four Byte space in the Atom, similar to other I/O like the 8522 (PIA) and 6821 (Big Benny, RTC) !<br /><br />Gr����tings, Louis<br /><br />May your wires be long and your nerves be strong❗Louis.mnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-51230552567422451482023-06-06T16:01:49.527-07:002023-06-06T16:01:49.527-07:00Bey Enjoy…. Bey Enjoy…. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-55573316399194318102023-04-15T09:02:59.553-07:002023-04-15T09:02:59.553-07:00Is this still an issue with HSTS?Is this still an issue with HSTS?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-11726452715999625762023-03-10T10:22:36.515-08:002023-03-10T10:22:36.515-08:00While you're dipping into the analog domain, h...While you're dipping into the analog domain, how about microstepping the seek motor to hedge a little to either side of the track? 256x microstep drivers are cheap now, and multiple passes at multiple offsets might yield interesting data.<br /><br />I'm picturing a follow-on to the GW that has all the analog amplifier and high-rate ADCs previously discussed, plus a microstepping motor driver, and simply drops in place of the PCBA on a couple common floppy mechs. <br /><br />Actually this sounds like it might be fun to design...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-54207559857976373422023-01-15T13:09:38.980-08:002023-01-15T13:09:38.980-08:00Question from a software-only developer, so no dee...Question from a software-only developer, so no deep hardware/electronic background<br /><br />Why is there no remake of a floppy read header, or a complete floppy drive, only new fpga controllers? wouldnt it be possible to reach much better input signals or is such a read header a too complex thing to re-create or so simple that it is not technical improveable? <br /><br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-53080144981106629942022-12-16T08:46:15.400-08:002022-12-16T08:46:15.400-08:00Steve RogersSteve RogersAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-76234277867781064012022-08-29T12:06:06.353-07:002022-08-29T12:06:06.353-07:00I am a bit late in commenting. But for historical ...I am a bit late in commenting. But for historical purposes...<br /><br />Actually I used weak bits as one of many disk protection techniques on the atari 8 bit floppy version of Alternate Reality - The City. One of the engineers in Datasoft(Publisher of the game until we got the rights back) brought it to my intention.<br /><br /> What I did with it was I read the bits multiple times generating a statistical variance table to be read in a future loaded software fold(obscuring the check, but leaving my code vulnerable to TOCTOU exploits, but no one is perfect) If fuzzy bits were where they should not be or were not where they should be I would give the game character scurvy and they would die in the first few steps in the game. I did allow the fuzzy bits to be slight off <br /> by creating a guard band of bits that should not be fuzzy but could be. In case manufacturing messed up...ohh and they did by putting the fuzzy bits at the start of the guard band instead of after the guard band, causing a few false positives in production. <br />Lots of other checks, multistep encrypted booter, simple deleted sector to keep honest people honest, etc. <br /><br />Wrote the game in 1983-1984, but it was not published until 1985. https://en.wikipedia.org/wiki/Alternate_Reality_(series)<br /><br />Other techniques I used include asynchronous software folding to obscure code check on weak bits. Interrupt driven checks to launch a self relocating nop sliding memory wipe when modified roms were banked in to try to snapshot memory by hijack nmi/reset.<br /><br /> Disk Timing to determine incorrect sector skew if copied. Multiple forms of encryption in boot loaders and encryption of data at rest (simple encryption, simple).<br /><br />You always can have lots of fun being dirt poor and loving creating games and protection as I did back then. <br /><br />back then no one had virtual hardware and 3rd party floppy drives were not yet the norm, so some of these techniques could work and could provide some mitigation against piracy.<br /><br /><br />-Philip PriceAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-1883022768892596232022-08-04T01:38:14.875-07:002022-08-04T01:38:14.875-07:00I would like to ask some bloggers whether there is...I would like to ask some bloggers whether there is a demonstration video of operation and how to realize bit by bit offsetAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-32689354303725306882022-05-28T01:21:19.526-07:002022-05-28T01:21:19.526-07:00Amazing article.
About 30-35 years ago I worked i...Amazing article.<br /><br />About 30-35 years ago I worked in a company repairing and maintaining Floppy drives, 8" (the amazing Persci 299 and 277) and then 5 1/4" and just in to the 3" and 3 1/2" drives but they were too cheap to do anything to. It was interesting watching the move from high quality aluminium castings with precision machining to the latter pressed steel frames used by the latter 5 1/2" drives.<br /><br />I don't remember much detail but some thoughts/memories have been triggered by your floppy articles;<br /><br />* The scopes we had back then were not sensitive enough to show any signal direct from the heads of disks or tape drives - the head amps have a LOT of gain! But I like your idea for replacing one with a more modern one, hopefully quieter but variable gain for your data recovery efforts.<br /><br />* You mention the peak shifting of 0 and 1 bits - this also was an effect of the head/media physics - some drives offered pre-compensation - writing the bits early/late so that they read back in the right place. (I assume later controllers got better data recovery designs so it was no longer needed)<br /><br />* I'm astonished that you had a drive write to a read only disk in the 8271 - in the drives that we worked on the write current to the heads was gated with the write protect at the lowest level. Obviously something odd about that drive!<br />It was a saviour for many bench techs who accidentally tried a write test on a (VERY Expensive) Cat's Eye alignment disk.<br />I think the Persci drives even only enabled write (and tunnel erase through a delay) when the head position servo was in track hold mode so avoiding splatting over multiple tracks if something went wrong.<br /><br />* Yes the 8271 was a very difficult chip to get hold of at the time, even Acorn had trouble getting supplies - one company I worked for who had managed to buy a few 10s of then even asked Acorn to sell us upgrade kits without the 8271 that they couldn't get - they wouldn't.<br /><br />* You mention voltage level issues when driving an FDD from the BBC User Port and needing to remove the resistor pack. The FDD (named SA400 after the first Shugart drives) interface is designed to have one, and only one drive with the pull up (to 5V and I can't remember the resistor value) pack (at the far end of the cable) and the interface used open collector drivers - typically 7406/7407 TTL. These may still be easily available and will get you more reliable operation.<br /><br />I could ramble for a while longer - especially on the 'fun' of aligning heads - once assembled they generally only need radial alignment which is easy, but there's a lot of work in getting the two heads in the assembly properly aligned if you have to change the floating one.<br /><br />Thanks for all the fascinating Blog posts!<br />IanAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-42500431916709125252022-05-15T06:17:51.082-07:002022-05-15T06:17:51.082-07:00Good article. Thank YouGood article. Thank YouAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-71243907007262655402022-05-10T05:41:47.427-07:002022-05-10T05:41:47.427-07:00Fascinating post. I actually created my own way of...Fascinating post. I actually created my own way of creating weak bits in 1990. By 1990, some intelligent copying software tools could replicate weak bits using standard drives. I started making a small scratch on the floppy disk surface using any standard sharp paper cutter to protect my software from copying. This would remove the magnetic surface from that place, and I used to identify those tracks and then sector and embed them in my software for later verification. Since the intelligent copying software could replicate the weak bits, I would always write to those sectors before reading them back to ensure that these weak bits were not created by any software and that a physical scratch was there. This way, I protected my software till I stopped selling it.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-34841035693440584092022-04-22T10:53:43.385-07:002022-04-22T10:53:43.385-07:00I realize this is a 5 year old post, but commentin...I realize this is a 5 year old post, but commenting anyway. I'm not sure who the intended audience is for this post. It starts off seeming like it's going to walk thru so that anyone with a programming/exploit background can follow. Its not that I don't think you made an effort to make this approachable, but I've spent about 30 minutes on it and there are just too many jumps to really get my head around what you're doing.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-38840230723087365842022-03-02T17:52:02.011-08:002022-03-02T17:52:02.011-08:00What were the date codes on the D765 and 8272 you ...What were the date codes on the D765 and 8272 you compared? I realy confuseUnikhttps://nyang-unik.blogspot.com/noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-53049513738786694062021-10-20T08:53:55.355-07:002021-10-20T08:53:55.355-07:00I'm pretty sure that the uPD765 was cross-lice...I'm pretty sure that the uPD765 was cross-licensed as part of the Intel settlement for the unauthorized NEC uPD8086 and uPD8088 clones (c. 1982) I seem to recall that the 8237 DMA controller also came from NEC at the same time (looks different than the 8257 architecture)Tim Hawkshttps://www.blogger.com/profile/13682234523711769954noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-65827896496828033712021-08-03T09:43:42.639-07:002021-08-03T09:43:42.639-07:00I can only add I prefer sugarless cookies. I can only add I prefer sugarless cookies. Anonymoushttps://www.blogger.com/profile/10289191763921623965noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-70745471333056037722021-07-15T03:24:10.936-07:002021-07-15T03:24:10.936-07:00Thank you for sharing the article !
The processo...Thank you for sharing the article ! <br />The processor, also known as the CPU, provides the instructions and processing power the<br />computer needs to do its work. The more powerful and updated your processor, the faster your<br />computer can complete its tasks. By getting a more powerful processor, you can help your computer think and work faster, intel bx8070110900kf is amazing processor for gamersCia Alexnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-52278499468186405772021-05-27T14:12:16.964-07:002021-05-27T14:12:16.964-07:00Hi Julien,
I've re-checked while explicitly u...Hi Julien,<br /><br />I've re-checked while explicitly using a linear phase filter. It looks a bit better (easier to categorize peak distances in software, and less human intervention). However, it's apparent that many of the peaks in the original capture are already significantly shifted from their ideal positions.<br /><br />Thanks for mentioning linear phase filters. Definitely an improvement.<br />Chris Evanshttps://www.blogger.com/profile/01004765479735675808noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-67451499208410890092021-05-25T19:50:02.037-07:002021-05-25T19:50:02.037-07:00Hello Chris,
Outstanding work, reading your artic...Hello Chris,<br /><br />Outstanding work, reading your articles is always a joy.<br /><br />I have a question about the filtering. You state:<br /><br /><i>Applying aggressive filtering that is sufficient to eliminate "false" peaks also shifts the peaks' positions, exaggerating the jitter to the point that some peak timing deltas become indeterminate between 8us and 4us.</i><br /><br />Was this even with a linear phase filter? I am trying to determine if this is because "false peaks" are essentially contributing to the formation of a "new" peak with real peaks, or whether it was simply due to an unsuited low pass filter shifting some frequencies non-linearly.Julien Osterhttps://www.blogger.com/profile/08109834476806811382noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-21253962330752100792021-05-23T21:13:17.326-07:002021-05-23T21:13:17.326-07:00Could the unreadable sectors be intentional for an...Could the unreadable sectors be intentional for anti-copying?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-58199672384907563962021-05-22T09:26:50.776-07:002021-05-22T09:26:50.776-07:00Very interesting article, thank youVery interesting article, thank youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-17308416112419730202021-05-20T14:33:07.454-07:002021-05-20T14:33:07.454-07:00Great project! I recognize a lot of considerations...Great project! I recognize a lot of considerations and thoughts that went through my mind when working on FloppyControl project. Some of the disks had the magnetic material come loose from the surface, which not only made the signal weak, there were no magnetic particles left to carry the signal.<br />I've only managed to recover some data by using the oscilloscope, most of it I could recover using the normal (digital) read signal and processing it in different ways. <br />There are a few algorithms in FloppyControl to filter and extract sector data, have a look at the source code on github, if you're interested. I've also experimented with error correction by comparing the crc checksum with likely candidates of bit patterns. I've found that up to 4-6 flux reversals could be recovered. Any more and the false positives went up a lot.<br />The differences in level could be due to the level of the signal being available from the pre amp, at different stages. <br />I was considering building a board with 3 ADCs running at 6MHz each, producing about 18MB/s of data which would be enough to capture the differential flux signal and the digital read data at the same time. I didn't go through with it as the returns were minimal at best for my purposes.<br />Floppy controller are pretty amazing as far as handling low level signals, at least for 3.5" drives. There were not many cases I could read the flux reversals while the drive couldn't. Either the signal was gone or the signal was just strong enough.<br />I tried using some processing to adaptively boost the weaker signals. It did help in some cases, made it worse in others.<br />In the end, when you've got data spread across multiple disks, with duplicates etc, it's often more time efficient to piece them together than to hunt for the data in weak signals. Still, if it's really the only copy, that's all you can do.<br /><br />One avenue of possibility I haven't walked is to use AI and learning networks to do the detective work for you. It should be possible to train a network to recognize the flux reversals and make them guess what a weaker signal should be. <br /><br />As for error correction, I've found that MSDOS sectors have a start and end pattern that you can use to re-sync the flux reversals after a glitch. That way if a sector only has a few reversals that are wrong it's possible to get the data beyond the glitch too. Controllers often give up because there's a crc error and you don't even get a part of the data. I can imagine such a strategy could be really useful for source code. Missing 200 bytes can be a big deal compared to missing just a few bytes. On the Amiga disks this didn't work as there are no padding/sync bytes between the sectors. <br />On rare occasions the MSDOS header was damaged but the sector data was still in tact, which could then be recovered by looking at the sector number of a previous or next sector. <br /><br />It was a lot of fun working on the data, collecting, building filters and tools to get the most from the captures. <br />Anonymoushttps://www.blogger.com/profile/14985154669856731780noreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-1914615411928238202021-05-19T23:31:03.672-07:002021-05-19T23:31:03.672-07:00Great work.
If the problem is a weak signal / low...Great work.<br /><br />If the problem is a weak signal / low S/N ratio, did you consider doing many samples of the disk surface and combining them?<br /><br />There's good synchronisation in the data either side of the problem area, which should enable things to be mapped up pretty well from pass to pass. Any random noise (e.g. from the drive mechanism, amplifiers etc.) will cancel out on the multiple passes, although noise on the actual disk surface itself will be seen as signal and amplified accordingly.<br /><br />Combining multiple (resynchronised) captures from different drive mechanisms might be of some interest too.<br /><br />Would also be interesting to see the statistics on the noise distribution (how much is on the media vs. how much is on the drive). That probably changes based on the disk itself...?Dave Oldcornnoreply@blogger.comtag:blogger.com,1999:blog-3024470480937744884.post-16238550858365656882021-05-19T08:30:19.492-07:002021-05-19T08:30:19.492-07:00I believe the FM used for this data consists of ju...I believe the FM used for this data consists of just a few harmonics of the fundamental frequency. That could mean that a comb filter or FIR filter would allow just those frequencies through and block the vast majority of the noise.<br /><br />Could you make some of your raw data available? I can attempt to filter it that way.Sethhttps://www.blogger.com/profile/00601792418237672979noreply@blogger.com