Button Reading

From ST2205u wiki

Something I think would be very useful to figure out more about these devices is to add a command that would get/set arbitrary memory locations.
Not update the flash, but to be able to peek inside the RAM of the running device.

Examples:
peek(0x0087)   or   peek(offset, length)   to get several contiguous bytes
poke(0x0087,0x21)   -- put value 0x21 into memory location 0x0087

I'd like to use it to be able to dump the early portions of RAM to see about capturing the button presses. The button interrupt service routine (starts at $458e in the Coby) appears to make a call to $07d4 which is not being loaded from our firmware image. --Pete

  • I'd like to, but if we want feedback from the st2205, we need to hack the usb read routines as well... something which is doable, but it'd mean opening up a different can of worms: e.g. the Cobys patch up till now is 219 bytes. The free space the device has is 230 bytes. If we add anything to it, it won't fit anymore. Aside from that: the routine at $07d4 sounds like a long call routine. Look at the 4 bytes following the call: are they 0x 00 ab cd? If so, the routine called does a jump to bank x, location cdab.
    • Reading buttons is quite easy, take the lower 3 bits from memory location $0. The bits that are 0 correspond to buttons being pushed. The interrupts are a bit more tricky to use since they are normally stored in flash and cannot be moved without changing the flash (or the mapped bank). --Jorik
    • If your goal is to read the keypresses from your pc, then you don't even have to modify the firmware, you can just use the normal memory read commands, on my tomtec it works like this: --Jorik

while True:
    f = file("/dev/sdd","rb")
    f.seek(4075)
    byte = f.read(1)
    print hex(ord(byte))
    f.close()

    • The ST2205U manual says that the ISR vector for Port A (which has the hardware keyboard debounce built in) interrupts is at $7fef,$7fee. In the Coby, this reads:

$7fee: 8e
$7fef: 45

$458e: 48               PHA
$458f: da               PHX
$4590: 5a               PHY
$4591: a5 34            LDA $34
$4593: 48               PHA
$4594: a5 35            LDA $35
$4596: 48               PHA
$4597: a5 96            LDA $96
$4599: 48               PHA
$459a: a5 97            LDA $97
$459c: 48               PHA
$459d: a7 8f            SMB2 $8f
$459f: 2f 93 05         BBR2 $93,$45a7
$45a2: 27 8f            RMB2 $8f
$45a4: 20 38 46         JSR $4638
$45a7: 7f 8f 03         BBR7 $8f,$45ad
$45aa: 20 d4 07         JSR $07d4
$45ad: 68               PLA
$45ae: 85 97            STA $97
$45b0: 68               PLA
$45b1: 85 96            STA $96
$45b3: 68               PLA
$45b4: 85 35            STA $35
$45b6: 68               PLA
$45b7: 85 34            STA $34
$45b9: 7a               PLY
$45ba: fa               PLX
$45bb: 68               PLA
$45bc: 40               RTI

What does the Tom-Tec one look like?
The data from Port A should end up in $00, but I don't see anything in segment 0 that reads $00.

My "ebuyer" model is very similar (chrisf):

        pha
        phx
        phy
        lda     $34
        pha
        lda     $35
        pha
        lda     $96
        pha
        lda     $97
        pha
        smb2    $8F
        bbs0    $2F,LC69E
        ora     $27
        bbs0    $20,LC6B2
        rmb4    $7F
        bbr7    $8F,LC717
        jsr     L07D4
LC717:  pla
        sta     $97
        pla
        sta     $96
        pla
        sta     $35
        pla
        sta     $34
        ply
        plx
        pla
        rti