Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
articles:iicplus_smartport_secrets [2018/06/12 16:51]
M.G. [Apple IIc Plus: SmartPort Secrets]
articles:iicplus_smartport_secrets [2018/07/05 15:17] (current)
M.G. [The 3.5 Floppy Format]
Line 1: Line 1:
 ====== Apple IIc Plus: SmartPort Secrets ====== ====== Apple IIc Plus: SmartPort Secrets ======
  
-Written on 2017/12/14.+Written on 2018/06/12.
  
  
-I've been actively working on disassembling the Apple IIc Plus firmware in order to find out how its 3.5" firmware works with the unique hardware of the machine to support the "​dumb"​ [[https://​archive.org/​details/​bitsavers_appledisksleSidedERSSep86_1465091|3.5"​ floppy drives]].+I've been actively working on disassembling the Apple IIc Plus firmware in order to find out how its 3.5%%"%% firmware works with the unique hardware of the machine to support the "​dumb"​ [[https://​archive.org/​details/​bitsavers_appledisksleSidedERSSep86_1465091|3.5"​ floppy drives]].
  
-A lot of it involves knowing how the 3.5 floppies are formatted at the low-level. ​ The Woz state machine is the basis for operations with both the 3.5 and 5.25 floppies, so there are bound to be similarities between the the low level formats, and there are.  In particular, the following are common to both:+A lot of it involves knowing how the 3.5%%"​%% ​floppies are formatted at the low-level. ​ The Woz state machine is the basis for operations with both the 3.5%%"​%% ​and 5.25%%"​%% ​floppies, so there are bound to be similarities between the the low level formats, and there are.  In particular, the following are common to both:
  
   * Address and data prologues   * Address and data prologues
Line 12: Line 12:
   * 6&2 disk bytes ("​nibbles"​)   * 6&2 disk bytes ("​nibbles"​)
  
-===== The 3.5 Floppy Format =====+===== The 3.5" ​Floppy Format =====
  
-The 3.5 floppy sectors are formatted as follows:+The 3.5%%"​%% ​floppy sectors are formatted as follows:
  
 | Address Field | Data Field | | Address Field | Data Field |
  
-The address field of the 3.5 floppy is as follows+The address field of the 3.5%%"​%% ​floppy is as follows
  
 | 5+ self-syncs | $D5 $AA $96 | TT SS DD FF KK | $DE $AA "​off"​ | | 5+ self-syncs | $D5 $AA $96 | TT SS DD FF KK | $DE $AA "​off"​ |
Line 26: Line 26:
 The data field is: The data field is:
  
-| 5 self-syncs | $D5 $AA $AD | 699 disk bytes | KK KK KK KK | $DE $AA "​off"​ |+| 5 self-syncs | $D5 $AA $AD | SS | 699 disk bytes | KK KK KK KK | $DE $AA "​off"​ |
  
-In this case, we can see the address and data prologues are the same between the 5.25 and 3.5 formats. The epilogues are defined differently. ​ In we are used to $DE $AA $EB, but instead of $EB we have "​off"​... this is defined in the official documentation as a "pad byte where the drive electronics were turned off." ​ Code that reads a 3.5" disk should not assume the byte contains anything useful. ​ In fact, ProDOS ignores this byte even when reading a 5.25 floppy.+In this case, we can see the address and data prologues are the same between the 5.25%%"​%% ​and 3.5%%"​%% ​formats. The epilogues are defined differently. ​ In we are used to $DE $AA $EB, but instead of $EB we have "​off"​... this is defined in the official documentation as a "pad byte where the drive electronics were turned off." ​ Code that reads a 3.5%%"%% disk should not assume the byte contains anything useful. ​ In fact, ProDOS ignores this byte even when reading a 5.25%%"​%% ​floppy.
  
-Unlike the 5.25 floppy address header, the 3.5 floppy address header is coded in 6&2 format and can be decoded from the standard nibble table.. ​ E.g. if SS contains $96, the address is for sector 0, if it contains $97, the address is for sector 1.+Unlike the 5.25%%"​%% ​floppy address header, the 3.5%%"​%% ​floppy address header is coded in 6&2 format and can be decoded from the standard nibble table.. ​ E.g. if SS contains $96, the address is for sector 0, if it contains $97, the address is for sector 1
 + 
 +The 699 disk bytes encode a 12-byte sector tag + 512 data bytes.
  
 ===== The 5.25 Floppy Format ===== ===== The 5.25 Floppy Format =====
  
-The disk format we are all used to with the 5 1/4 floppies is well-explained in __[[http://​www.classiccmp.org/​cini/​pdf/​Apple/​Beneath%20Apple%20DOS.pdf|Beneath Apple DOS]]__. ​ To summarize what a sector header looks like for one:+The disk format we are all used to with the 5.25%%"​%% ​floppies is well-explained in __[[http://​www.classiccmp.org/​cini/​pdf/​Apple/​Beneath%20Apple%20DOS.pdf|Beneath Apple DOS]]__. ​ To summarize what a sector header looks like for one:
  
 | self-syncs | $D5 $AA $96 | VV VV TT TT SS SS KK KK | $DE $AA $EB | | self-syncs | $D5 $AA $96 | VV VV TT TT SS SS KK KK | $DE $AA $EB |
  
-In the case of the 5.25 floppy, the volume, track, and sector are encoded in the 4&4 format - each byte is split into the odd and even bits, interleaved with ones and written to the disk.  Decoding involves reading the first byte, shifting it, and ANDing it with the second byte.+In the case of the 5.25%%"​%% ​floppy, the volume, track, and sector are encoded in the 4&4 format - each byte is split into the odd and even bits, interleaved with ones and written to the disk.  Decoding involves reading the first byte, shifting it, and ANDing it with the second byte.
  
 ===== What's in an Aux Firmware Bank, Anyway? ===== ===== What's in an Aux Firmware Bank, Anyway? =====
Line 78: Line 80:
 </​code>​ </​code>​
  
-Note my comments reflecting my surprise at finding this buried in the Apple IIc Plus firmware. ​ This is code that clearly reads the 4 values from the address field of a 5.25 floppy. ​ But why is it here?  I left that question in my head as I continued disassembly.+Note my comments reflecting my surprise at finding this buried in the Apple IIc Plus firmware. ​ This is code that clearly reads the 4 values from the address field of a 5.25%%"​%% ​floppy. ​ But why is it here?  I left that question in my head as I continued disassembly.
  
 ===== Things that Lurk in the ROM ===== ===== Things that Lurk in the ROM =====
Line 94: Line 96:
 </​code>​ </​code>​
  
-Okay, that's very interesting. ​ The SmartPort code clearly expects and special cases a reference to slot 6, which as we know is used for 5.25 floppies in the IIc Plus (and %%//%%c).+Okay, that's very interesting. ​ The SmartPort code clearly expects and special cases a reference to slot 6, which as we know is used for 5.25%%"​%% ​floppies in the IIc Plus (and %%//%%c).
  
 Well, time to go poking around. Well, time to go poking around.
Line 197: Line 199:
         jsr     ​LC64E ​                          ; call slot 6 ProDOS block device driver         jsr     ​LC64E ​                          ; call slot 6 ProDOS block device driver
         eor     #​$28 ​                           ; see if A=$28, the error code for no device connected         eor     #​$28 ​                           ; see if A=$28, the error code for no device connected
-        bne     ​LC775 ​                          ; if no error, don't exit yet+        bne     ​LC775 ​                          ; if not that error, don't exit yet
         rts                                     ; ​         rts                                     ; ​
 LC775: ​ bit     ​LC0E9 ​                          ; IWM - turn on drive motor of the unit we just accessed LC775: ​ bit     ​LC0E9 ​                          ; IWM - turn on drive motor of the unit we just accessed
Line 205: Line 207:
 </​code>​ </​code>​
  
-OK, so now we could look at $C58E, but I already know what's there, it's code that's been in every Apple %%//​%%c: ​ a routine to generate a denibbilizing ​routine ​that 5.25 boot sectors expect to be present.+OK, so now we could look at $C58E, but I already know what's there, it's code that's been in every Apple %%//​%%c: ​ a routine to generate a denibbilizing ​table in page 3 that 5.25%%"​%% ​boot sectors expect to be present.
  
 When that returns, we go back to the code in slot 6 that brought us here, that mostly looks like the original %%//%%c boot code. When that returns, we go back to the code in slot 6 that brought us here, that mostly looks like the original %%//%%c boot code.
Line 222: Line 224:
 ! STA 42,X ! STA 42,X
 ! DEX ! DEX
-BNE 302+BPL 302
 ! JSR C64E ! JSR C64E
 ! STA 330 ! STA 330
Line 328: Line 330:
 ===== Conclusion ===== ===== Conclusion =====
  
-That a secret device driver has been lurking in the Apple IIc Plus for decades without anything being written on it is... amazing. ​ I'd like to think I was the first person outside of Apple to discover ​it, but who knows?+That a secret device driver has been lurking in the Apple IIc Plus for decades without anything being written on it is... amazing. ​ I'd like to think I was the first person outside of Apple to know about it, but who knows?
  
 In any case, it's one hell of an Easter egg. In any case, it's one hell of an Easter egg.
 +
 +It also goes to show the twists and turns that reverse engineering old computers can take.  I was originally attempting to understand the 3.5%%"​%% floppy code in the Apple IIc Plus, and along that journey, I got to take a subquest and discover something completely unexpected.
  
 --- ---
  
 I'd like to thank [[http://​leon.bottou.org/​start|Léon Bottou]], whose additional work on understanding the MIG chip and subsequent development of a [[https://​github.com/​leonbottou/​kegs-universal|working Apple IIc Plus emulation]] gave me motivation to continue disassembling the Apple IIc Plus code and provided an easy testbed to work with before trying it out on real hardware. I'd like to thank [[http://​leon.bottou.org/​start|Léon Bottou]], whose additional work on understanding the MIG chip and subsequent development of a [[https://​github.com/​leonbottou/​kegs-universal|working Apple IIc Plus emulation]] gave me motivation to continue disassembling the Apple IIc Plus code and provided an easy testbed to work with before trying it out on real hardware.