Sanguino based PAL reader

Inspired by the interesting blog of Chuck Guzis on reading and analysing PALs and HALs, I created this shield for my Sanguino board and some software (sketches in Arduino speak) to read some PALs I have.

The goal is to create a sketch for each type of HAL/PAL that results in a file that can be analysed, manually or by some smart program. Currently only the first part is being developed.

As HAL and PAL devices vary wildly in their pinout, no shield with a socket is used. Instead I use an experimenters board and a flatcable terminated with compatible pins. This means that for every type of PAL the reader has to be rewired, but for low volumes this is acceptible. It is also allows easy rearrangement of the pins.

Created so far are these sketches. Each sketch contains a rudimentary description of how the pins should be wired and the signals interpreted. The output is in text-binary (0s & 1s) format.

An example:

GAL16V8 read v1.1
B0, B1,  B2, B3, B4, B5, B6, B7, A0, A1, C0,  C1,  C2,  C3,  C4, C5,     C6,   C7
1   2    3   4   5   6   7   8   9   11  12   13   14   15   16  17      18    19
IIN,IOUT,IA0,IA1,IA2,IA3,IA4,IA5,IA6,IA7,OACT,OC0R,OC1R,OC1W,OC2R,OC8FCS,ODBDR,O0

A0-A1,B0-B7  C0-C7
0000000000   1111111
0000000001   1111111
0000000010   1111111
0000000011   1111111
...

skipping some uninteresing stuff

...
1011111100   1111111
1011111101   1111111
1011111110   1111111
1011111111   1111111
1100000000   0111100
1100000001   1111111
1100000010   0111100
1100000011   1111111
1100000100   0110010
1100000101   1110110
1100000110   0111010
1100000111   1111111
1100001000   0101110
1100001001   1111111
1100001010   0101110
1100001011   1111111
1100001100   1111111
...

Tri-state detection

Quite a lot of PALs have tri-state capable pins. To detect this, two pins of the microcontroller are used, as shown on the diagram, one as output, one as input.

detecting tristate pins

By measuring the level at the PAL pin, both when pushing it high and pulling it low, a tri-state can be detected. If the pin follows the output, it is tri-state. If it remains stuck at one level it is an output. The PAL16R6 sketch has the tri-state detection. The current program does not try to detect the state itself, it just prints both levels. Note the difference between a tri-state output or 'buried' output pin and a input pin cannot be detected. Only if the analysis finds more terms are needed to describe the behaviour than would fit inside the PAL, some 'buried' outputs should be assumed.

Registered pins

Even some of the older PALs have pins that clocks a value in a register. For the PAL16R6 this happens on the transition from low to high. Every combination for the other input pins has to be checked in this order. Note it is not simple to find matching terms for registered PALs which also use 'buried' outputs.

Using this method to crack PAL based dongles is probably a waste of time.

Sketches completed

Source for reading the DMPAL16C1 Not tested yet, as I do not have a loose PAL yet. Planned soon.
Source for reading the GAL16V8 Just for testing, I programmed this one myself. It attempts to implement address decoding for the Tandy TRS-80 harddisk interface to a WD1002/HD0.
Source for reading the MMI PAL16R6 This PAL has six registered outputs and two pins that can be both input and output (tri-state). For both provisions have been made in the software and hardware.

Additional remarks:

No handshake on the serial line is implemented, hardware or software, so not all capture software works properly. The Arduino IDE monitor sometimes looses data. I find a specialised terminal program, like minicom (using Linux) is much more reliable. As all lines should have the same length, it is easy to spot if data has been lost.
Having now a workable version of the hardware and software, I am looking for the best way to present data. Binary looks ok and is relatively easy to check, but may not be 'compatible' with existing analysing software.

Back

Last update: 2012-09-17

e-mail fjkraan@xs4all.nl