Page 2 of 7

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 10:19 pm
by AriX
tin wrote:
AriX wrote:Looks like it's a string, so I presume it inserts some listings or something :O

If so, major congrats/props. However, I was not able to get it to work. What exactly do you mean by $3800? I put in the address 3800, added what you said, and set 00c8 to 13, but nothing seemed to change. Any advice?
mmmmmm, interesting. suppose it depends on your emulator. I have atari800win plus. I run the atari emulation, and press F8 to get into the monitor.

i then type

c 3800 55 AA 41 2A 00 94 55 AA 4B 01 04 09 0A 16 27 1E 01 01 9D <return>
m 3800 <return> (to check I have typed it in correctly)
c 00c8 13 <return>
m 00c8 <return> (again to check)
cont

I know in alterra, the monitor commands are e to edit memory instead of c, and db to display rather than m.

Note there's good error checking in the code, presumably because theres a real danger of invalid information coming in because of the way it's broadcast. The code will throw away any data where the checksums aren't right.

The data above changes the internal date and time of the system to mon may 10th 10:39:30pm ;)

I must admit I have tried this several times myself and make a typo at least half of the time.

here's another one (need to cold reset before you do, btw)

c 3800 55 AA 41 2A 00 94 55 AA 54 20 20 20 20 20 20 20 20 20 20 20 20 4D 59 20 43 41 42 4C 45 20 47 55 49 44 45 00 AC
c 00c8 25
Great, thanks! I'm using the Atari800MacX emulator, and since it's just a port, the commands are equivalent to the ones you posted. To be honest, it worked the first time, but I just didn't notice the date had changed. Awesome work though, congratulations. The cable guide string one worked as well.

Wanna shed some light on the data format used? :)
How are the checksums put together?

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 10:19 pm
by AriX
tin wrote:BTW the data recieving cursor stays flashing, I take it that I have not done something quite right, like there's an end-of-data message missing or something..... I am sure I will learn more in the next few days :)
Ah, makes sense. I noticed that as well.

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 10:46 pm
by tin
I'm not massively clear on the data format as yet...but here are some things I do know.

First bit is
55 AA (some training)
41 (come code that means start I think)
2A (a * which means all EPGS perform this command - all or part of the serial number can go here for individual addressing of each or groups of EPG boxes)
00 (a zero)
94 (a checksum - note if you change the serial number the checksum needs to be worked out again).

Then.....
55 AA (more training)
54 (ASCII letter "T" in this example, for changing the title mode. The clock one is mode "K". There's some function for sending adverts by mode "C")
(no checksum for this bit)

Then....

the data bit, this bit depends and changes depending on the mode selected.

For mode "K" (clock), the data is 9 bytes:-
1: day of week (0 = sun)
2: month (0 = jan)
3: day (0 = 1st, 1 = 2nd)
4: year (presume in hex)
5: hours (in hex)
6: mins (hex)
7: secs (hex)
8: (don't know)
9: (don't know)

For mode "C" (adverts) it's a number starting at 01 for the advert, then a string, I think of up to nearly 512 chars in ASCII with a $00 as the last char.

For mode "T" it's a string of up to 40 chars in ASCII with $00 as the last char.

Then.....

A checksum for all the data part.

The checksum is an XOR of all the bytes in a row - the code XORs each byte as it's processed. The calculation starts with a byte that depends on the mode. For mode T it's $AB, for mode C it's $B3, for mode K it's B4.

The simplest way I found to work out the checksum is to put all the bytes you know in the emulator and set 00c8 to the next empty byte position, then run the code, go back into the monitor, and look at memory location 047c which will contain the checksum the code is expecting to see next. Set your next empty byte position to that checksum and 00c8 to the new next empty position.....

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 10:50 pm
by tin
Example 1:

I will change the date and time via the K command. I therefore need to insert these bytes into the buffer:-

55 AA 41 2A 00 94 (training, start marker, asterisk, zero, checksum)
55 AA 4B (training, command 4B "K")
01 04 09 0A 16 27 1E 01 01 9D (monday may 10th 2010 22 hours 39 mins 30 secs (dunno) (dunno) checksum)


I will then need to change the pointer to 3813 to let the code know there's serial data waiting (and how much)

In Atari800Win the monitor syntax is

c 3800 55 AA 41 2A 00 94 55 AA 4B 01 04 09 0A 16 27 1E 01 01 9D
c 00C8 13
cont




Example 2

I will change the cable guide provider to "MY CABLE GUIDE" I therefore need to insert these bytes into the buffer:-

55 AA 41 2A 00 94 (training, start marker, asterisk, zero, checksum)
55 AA 54 (training, command 54"T")
20 20 20 20 20 20 20 20 20 20 20 20 4D 59 20 43 41 42 4C 45 20 47 55 49 44 45 00 AC (some spaces, "MY CABLE GUIDE" in ASCII, a $00, checksum)

and set the next byte read position of the buffer to 3825

syntax

c 3800 55 AA 41 2A 00 94 55 AA 54 20 20 20 20 20 20 20 20 20 20 20 20 4D 59 20 43 41 42 4C 45 20 47 55 49 44 45 00 AC
c 00c8 25
cont

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 11:21 pm
by AriX
tin wrote:I'm not massively clear on the data format as yet...but here are some things I do know.
...
AWESOME, thanks!

tin just helped me debug my message string, here it is for someone who wants to try another one (I didn't center it, sorry) :p
c 3800 55 AA 41 2A 00 94 55 AA 54 45 4C 45 43 54 52 4F 4E 49 43 20 50 52 4F 47 52 41 4D 20 47 55 49 44 45 20 4A 55 4E 49 4F 52 00 82
c 00C8 2A

Re: Atari EPG jr reverse engineer

Posted: Fri May 14, 2010 11:24 pm
by tin
BTW new youtube video is called for surely! :)

Re: Atari EPG jr reverse engineer

Posted: Sat May 15, 2010 8:34 am
by AriX
tin wrote:BTW new youtube video is called for surely! :)
Of course :)

I'll record it tonight.

cgi scripts for calculating checksums

Posted: Sat May 15, 2010 2:06 pm
by tin
Here's a bunch of cgi scripts written in perl to generate the content for the 3x modes I currently know about. I've just installed Apache and Activeperl and dumped the scripts in C:/program files/apache software foundation/apache2.2/cgi-bin and they work without further modification - of course mileage on mac may vary!!

The scripts generate the bytes needed and the checksum to paste into the monitor in whichever emulator (at the moment atari800 and altirra format supported) this makes it much less painless to enter data. It also of course forms the basis of the eventual program that will transmit data to the EPG - if I can find an emulator that works with the serial port!!!!

There's a couple of problems with the atari800win plus monitor, in that it doesn't like long strings and you can't cut n paste (!!) hence the altirra support - but altirra has a problem in that it doesn't recognise the escape key :(

Re: cgi scripts for calculating checksums

Posted: Sat May 15, 2010 3:07 pm
by AriX
tin wrote:Here's a bunch of cgi scripts written in perl to generate the content for the 3x modes I currently know about. I've just installed Apache and Activeperl and dumped the scripts in C:/program files/apache software foundation/apache2.2/cgi-bin and they work without further modification - of course mileage on mac may vary!!

The scripts generate the bytes needed and the checksum to paste into the monitor in whichever emulator (at the moment atari800 and altirra format supported) this makes it much less painless to enter data. It also of course forms the basis of the eventual program that will transmit data to the EPG - if I can find an emulator that works with the serial port!!!!

There's a couple of problems with the atari800win plus monitor, in that it doesn't like long strings and you can't cut n paste (!!) hence the altirra support - but altirra has a problem in that it doesn't recognise the escape key :(
Hey tin,

You beat me to the punch! I was about to write some scripts to generate this code too :)
Is it OK if I put these up on my server for general consumption? :)

Thanks!

Re: Atari EPG jr reverse engineer

Posted: Sat May 15, 2010 3:39 pm
by tin
of course :) no problems.....