|
reading "secure" GAL chips
I know they are almost a thing of the past but I wonder if there is
any way to extract the code from a protected GAL IC (example: GAL16V8A) that has had its security bit set. I repair mostly old Commodore 8 bit computers. There are a lot of users of an after-market device called a RAMLink originally made by Creative Micro Designs (CMD is now out of business) back in the 1980's, and I was asked to repair a few of them. Turns out each one has four or five GALs and they all are copy protected which makes repair of those orphan devices impossible unless I can find a way to extract the code from the chips in a working unit. Any hackers out there? Ray |
reading "secure" GAL chips
Ray Carlsen wrote:
I know they are almost a thing of the past but I wonder if there is any way to extract the code from a protected GAL IC (example: GAL16V8A) that has had its security bit set. I repair mostly old Commodore 8 bit computers. There are a lot of users of an after-market device called a RAMLink originally made by Creative Micro Designs (CMD is now out of business) back in the 1980's, and I was asked to repair a few of them. Turns out each one has four or five GALs and they all are copy protected which makes repair of those orphan devices impossible unless I can find a way to extract the code from the chips in a working unit. Any hackers out there? Ray There used to be a company in the US advertising in magazines and online (late 90s) that they could read GALs and PALs - they ran various algorithms to crack the code (for a fee). Lost sight of them ten or so years ago and haven't been able to track them down since. There are articles on reading GALs that cover this problem, the issue appears to be that some GALs are far more difficult than others to read. John :-#)# -- (Please post followups or tech enquiries to the newsgroup) John's Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9 Call (604)872-5757 or Fax 872-2010 (Pinballs, Jukes, Video Games) www.flippers.com "Old pinballers never die, they just flip out." |
reading "secure" GAL chips
Ray Carlsen wrote:
I know they are almost a thing of the past but I wonder if there is any way to extract the code from a protected GAL IC (example: GAL16V8A) that has had its security bit set. I repair mostly old Commodore 8 bit computers. There are a lot of users of an after-market device called a RAMLink originally made by Creative Micro Designs (CMD is now out of business) back in the 1980's, and I was asked to repair a few of them. Turns out each one has four or five GALs and they all are copy protected which makes repair of those orphan devices impossible unless I can find a way to extract the code from the chips in a working unit. Any hackers out there? Ray Good resource page: http://www.edaboard.com/thread220871.html John :-#)# -- (Please post followups or tech enquiries to the newsgroup) John's Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9 Call (604)872-5757 or Fax 872-2010 (Pinballs, Jukes, Video Games) www.flippers.com "Old pinballers never die, they just flip out." |
reading "secure" GAL chips
Ray Carlsen wrote:
I know they are almost a thing of the past but I wonder if there is any way to extract the code from a protected GAL IC (example: GAL16V8A) that has had its security bit set. I repair mostly old Commodore 8 bit computers. There are a lot of users of an after-market device called a RAMLink originally made by Creative Micro Designs (CMD is now out of business) back in the 1980's, and I was asked to repair a few of them. Turns out each one has four or five GALs and they all are copy protected which makes repair of those orphan devices impossible unless I can find a way to extract the code from the chips in a working unit. Any hackers out there? Ray The amount of logic in the typical GAL is not very great. After figuring out which pins are inputs and outputs, and the clock (I think that will be a fixed assignment for most parts) you could probably hook them to a computer parallel port and write a program to go through a bunch of patterns. In most cases for glue logic on a CPU board, there is NOT going to be a whole lot of feedback or state machines in them. Mostly it would be expected to be D FFs and decode trees, and the logic should become clear quickly. In other words, a brute-force attack on the logic function with no attempt to read back the program pattern. Jon |
reading "secure" GAL chips
"Ray Carlsen" schreef in bericht ... I know they are almost a thing of the past but I wonder if there is any way to extract the code from a protected GAL IC (example: GAL16V8A) that has had its security bit set. I repair mostly old Commodore 8 bit computers. There are a lot of users of an after-market device called a RAMLink originally made by Creative Micro Designs (CMD is now out of business) back in the 1980's, and I was asked to repair a few of them. Turns out each one has four or five GALs and they all are copy protected which makes repair of those orphan devices impossible unless I can find a way to extract the code from the chips in a working unit. Any hackers out there? Ray It was told to be software that presented series of input signals to the PAL/GAL that searched for the fuse pattern rather then the logic. But I never found it. Off course, combinatorial can be found easily. A pre NT/2000/XP machine with a parallel printerport - preferable EPP - , a little hardware and some old fashioned GWBASIC programming will do that job quite easily. But the moment there are state machines inside, you're out of luck. The only time I needed to reverse engineer a PAL like that, it was relatively easy to find out the function from the schematic. I suppose it is still the best thing to do. Off course, one can still go for the ultimate PAL cracker but is it worth the time and the effort? petrus bitbyter |
reading "secure" GAL chips
|
| All times are GMT +1. The time now is 07:18 PM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2014 DIYbanter