Glitching script for old conaxcards?

[bobi123]

well none of this scripts works at all.
been testing this on 4 diferent cards and nothing works

[torcida]

can anybody send to me scripts?please

[satfiles_dotcom]

torcida,
The download is on page 1 here


But could not find the conax 'date change' script yet. If anyone got, plse send pm.

[trofast]

www.westai.com changed the name to www.nordnyt.com som some weeks ago. Download is still online for registered members. Enjoy...

[dreni]

torcida,
The download is on page 1 here


But could not find the conax 'date change' script yet. If anyone got, plse send pm.

With old script you cant update date in card,aslo dont look for cas7 but for cas5 because in cas7 for the moment is not possible to MOSC card and for cas5 can be mosced only some version of cards not all.
If I remember in old script already exist date but need to be calculated in new date and conax have specific way to do that e.g today date in conax is 378B (I houp the date is calculated good because I not done that long time).

regards

[igors20]

Calculate Encrypted EMM (ECM & PPV) Dumps.
********************* ********************** ******

EMM with lenght 83 and 85, is the same as ECM and PPV.

EMM with lenght 83 or 85, first from right then from left.

EMM with lenght AA or A8 first from right, AA or A8 -136(decimal),
rest of this is overlapped in first right part, overlapped + rest to 64 bytes,
last packed from left, 56 bytes + always 8 bytes of 2 part.

EMM with lenght AA and A8 (keyupdate).
0xAA = 170 in decimal 0xA8 = 168 in decimal.

Example:
Now we take the EMM with lenght 170 :
170 -136 = 34. Now I know that the first RSA round decoded
from the last 64 bytes from 170, has 30 bytes decrypted and 34 bytes
overlaped with next round. I take the 34 bytes and fill it with the
next 30 bytes to get, 64 bytes for the secound round of RSA.

The result of this round has 56 bytes decrypted data and 8 bytes overlapped.
I take this 8 bytes and fill it with 56 bytes to get 64 bytes for the last round.
Now I have decoded the whole EMM string, 168 -136 = 32.
Now I know that the first RSA round decoded from the last 64 bytes from 168,
has 32 bytes decrypted and 32bytes overlapped etc........
The fix value 136 is taken from:
16 bytes of the EMM is plaintext SA, keyindex etc.....=
16 bytes + 64bytes + 56bytes as the last round is always 8 bytes overlapped.

********************* ********************** ******
*************** ********************** ************
Example of a log :

Begin logging
< 3B 24 00 30 42 30 30 ( = ATR )
> DD 26 00 00 03 ; < 26
> 10 01 01 < 98 0E
> DD CA 00 00 0E ; < CA < 20 01 01 28 02 0B 00 2F 02 01 66 30 01 08 < 90 00
> DD 82 00 00 14 ; < 82 > 11 12 01 F0 0F 7F FF E7 00 00 09 04 0B 00 E0 30 78 A8 9D ED < 98 1A
> DD CA 00 00 1A ; < CA < 22 18 09 04 0B 00 E0 30 23 07 00 00 00 11 22 33 44 23 07 00 00 00 00 11 22 33 < 90 00


< 3B 24 00 30 42 30 30
> DD A4 00 00 09 ; < A4 > 13 07 00 09 04 0B 00 E0 67 < 98 08
> DD CA 00 00 08 ; < CA < 21 06 09 04 0B 00 E0 67 < 90 00

> DD A2 00 00 4A ; < A2
> 14 48 00 80 F0 44 70 42 43 20
> B8 8F C2 98 18 8F 40 2F AC D1 E4 F6 4B 4A C1 F6
> 01 48 58 89 1E 08 F9 30 E2 67 62 1B 99 64 1D D8
> 3F AA FA 37 73 91 93 BD B9 A3 6B E6 73 27 81 58
> 15 F3 48 0C 6A EE D6 EE 25 DB BD 21 26 2C E1 3D < 98 0F

> DD CA 00 00 0F ; < CA < 25 0D 00 06 01 00 00 2A 8F BF 78 5C 8E D3 BD < 98 0F
> DD CA 00 00 0F ; < CA < 25 0D 00 06 00 00 00 48 5E 50 F6 DA 2C 91 97 < 90 00
> DD 82 00 00 14 ; < 82 > 11 12 01 F0 0F FF FF E7 00 00 09 04 0B 00 E0 30 78 A8 9D ED < 98 1A
> DD CA 00 00 1A ; < CA < 22 18 09 04 0B 00 E0 30 23 07 00 00 00 11 22 33 44 23 07 00 00 00 00 11 22 33 < 90 00

> DD A2 00 00 4A ; < A2
> 14 48 00 80 F0 44 70 42 43 20
> FA D8 8A E5 0E 4D E7 D7 E1 81 0E 44 3B 83 98 4E
> 9C 8D 21 00 2C B3 AE 74 97 78 60 B2 62 AC D6 0C
> 96 7D 6F 3F 09 69 6A E4 5E 88 CE BD A2 4C 44 02
> 19 6B 7D 9F F0 35 6D 5F CB 85 52 CB 10 D6 51 95 < 98 0F

> DD CA 00 00 0F ; < CA < 25 0D 00 06 01 00 00 2A 8F BF 78 5C 8E D3 BD < 98 0F
> DD CA 00 00 0F ; < CA < 25 0D 00 06 00 00 00 30 58 52 DA 03 AE 66 17 < 90 00

> DD 84 00 00 85 ; < 84
> 12 83 82 F0 80 00 00 00 00 11 22 33 70 77 63 10
> 04 10 02 0E 9A 9F EC F5 A5 7B FB 66 11 D8 37 38
> E8 34 73 0F E7 19 09 8B 07 A1 D1 9C B2 49 41 03
> 1D 53 45 24 69 10 40 21 B1 10 80 D3 3C 4A 48 6E
> 58 CB 7A A1 C9 78 03 47 94 3D 7E A6 49 6F 23 5A
> BB 6B 0C FA 34 01 34 55 C4 01 BB 87 06 D4 07 09
> 1E E3 F3 E5 22 DF 9A 9B ED B1 E7 39 D7 03 86 A0
> AB 16 4B 3A 2B 0A 53 A1 DA 39 07 E7 37 F9 D2 3E
> 7B 06 88 84 59 < 60 < 90 00

> DD A2 00 00 4A ; < A2
> 14 48 00 81 F0 44 70 42 43 20
> B4 F2 84 C5 7D 42 B6 CD 4B C4 90 E3 36 41 54 89
> 2B 6B E4 7E 83 95 5D 02 55 67 A4 95 2B 1B E7 DB
> 83 7D B8 4C 67 30 1A 50 66 27 67 FE 73 32 EA 0D
> 14 F1 28 B3 09 F2 19 AE A3 5C 0A A5 66 98 D4 7A < 98 0F

> DD CA 00 00 0F ; < CA < 25 0D 00 06 01 00 00 5D B7 3D 51 F1 A1 00 92 < 98 0F
> DD CA 00 00 0F ; < CA < 25 0D 00 06 00 00 00 30 58 52 DA 03 AE 66 17 < 90 00

Terminating...

**************************************** *********
**************************************** *********
Convert Date To Hex :
Example :
20.09.2004 - 19.12.2004
In Hex - (30 02) 34 49 (30 02) 33 4C

34 49 = 20.09.2004
xx x9 = 09 ( month - september )
2x 4x = 2004 ( year )
14 xx = 20 ( date of the month )

xx x9 + 2x 4x = 2x 49 ( month + year )
2x 49 + 14 xx = 34 49 ( (month + year) + date of the month )
---------------------------------------------------------------
33 4C = 19.12.2004
xx xC = 12( month - December)
2x 4x = 2004 ( year )
13 xx = 19( date of the month )

xx xC + 2x 4x = 2x 4C ( month + year )
2x 4C + 13 xx = 33 4C ( (month + year) + date of the month )
---------------------------------------------------------------------------
--------

NANO´s - In The Different Instructions :


Ins 26 :

20 01 xx - Card Version
28 02 xx xx - Card SystemID
2F 02 xx xx - Currency
--------------------- ---------------------- ---
Ins 82 :

09 04 xx xx xx xx - SystemID/RegionID
First 23 07 xx xx xx xx xx xx xx - CardNr(UA)
Sec 23 07 xx xx xx xx xx xx xx - GroupID(SA)
--------------------- ---------------------- ---
Encrypted Ins 84 ( EMM) :

Example: DD 84 00 00 A8 < 84
> 12 A6 82 70 A3 00 00 00 00 22 1F AA 70 9A 43 10 xx xx xx xx ...........

84 - Confirms the INS (84).
12 A6 xx xx ......- Nano 12 tells you how many bytes the whole message are (=A6).
82 - ???
70 A3 xx xx....... - First Nano 70 shows the length of the pakage inclusive UA or SA.
00 00 00 00 22 1F AA - This 7 bytes is either UA or SA.
70 9A xx xx...... - Second Nano 70 shows the length of the pakage without UA or SA.
43 10 - Nano 43 Tells you what M-Key that´s gonna decrypt the package.
The rest after 43 10 are the package that will be decrypt.
----------------------------------------------
Decrypted Ins 84 ( EMM) :

74 04 xx xx xx xx - ???
First 72 42 xx xx....... - OP-key Exponent
Second 72 42 xx xx...... - OP-Key Modulus
----------------------------------------------
Encrypted Ins A2 ( ECM) :

Example: DD A2 00 00 75 < A2
> 14 73 00 81 70 6F 70 6D 43 21 xx xx xx xx........

A2 - Confirms the INS (A2).
14 73 xx xx ......- Nano 14 tells you how many bytes the whole message are (=73).
00 81 - ???
70 6F xx xx...... - First Nano 70 shows the length of the pakage.
70 6D xx xx...... - Second Nano 70 shows the length of the pakage.
43 21 - Nano 43 Tells you what OP-Key that´s gonna decrypt the package.
The rest after 43 21 are the package that will be decrypt.
----------------------------------------------
Decrypted Ins A2 (ECM) :

20 15 xx xx xx xx....... - Label
21 03 xx xx xx - This Event ?
30 12 xx xx xx xx....... - Control Words
40 04 xx xx xx xx - Date/Time
42 08 xx xx xx xx xx xx xx xx - ???
43 14 xx xx xx xx....... - Country/Price
46 08 xx xx xx xx xx xx xx xx - First Nano 46 Provider/Date/Time
46 04 xx xx xx xx - Second Nano 46 EventID
---------------------------------------------------------------------------
-----------

' This script updates you OrgCD-card to 2004-12-31 on :
' Canal+
' Nordic 1
' Nordic 2
' Nordic 3
' TSS
' Nordic 4
' Nordic 5
' Write you UA there the (xx xx xx xx) are !
' Tested it up to S/N 011 3507 xxxx-x with success.
' Don't spread it out on the Internet, keep it to yourself...!
Sub Main()
Dim prefix
Dim endDate
Dim serial
Dim hexstr

' This is what you need to change, serialnumber and perhaps endDate
serial = "xx xx xx xx" ' Four last bytes of your serialnumber
'endDate = "3F 4C" ' 2004-12-31
endDate = "3F 5C" ' 2005-12-31

' DO NOT EDIT BELOW THIS LINE
'--------------------------------------------------------------------------
--------------------------

Finally this is the old script to get keys from
old d+ card.

Actually need to adopt for cas7


prefix = "12 81 82 F0 7E 00 00 00 " & serial & " 70 32 43 10 71 2E 05 00 05 20 20 20 20 20 81 24 60 "

hexstr = prefix & "10 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 43 61 6E 61 6C 2B 20 20 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "20 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 4E 6F 72 64 69 63 20 31 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "30 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 4E 6F 72 64 69 63 20 32 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "40 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 4E 6F 72 64 69 63 20 33 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "50 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 54 53 53 20 20 20 20 20 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "60 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 4E 6F 72 64 69 63 20 34 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
hexstr = prefix & "70 50 0E 3E 21 27 00 00 " & endDate & " 17 3B 0C 01 FF FF FF 20 10 00 4E 6F 72 64 69 63 20 35 20 20 20 20 20 20 20"
Sc.Write("DD 84 00 00 40")
Sc.Delay(100)
Sc.Read(1)
Sc.Write(hexstr)
Sc.Delay(100)
Sc.Read(2)
sc.write ("DD 26 00 00 03 ")
sc.read (1)
sc.write ("1C 00 00")
sc.read (2)
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
sc.write ("DD CA 00 00 31")
sc.read (50)
sc.read (2)
sc.print ("") &vbcr
End Sub

Ps old script,need to be implemented

[igors20]

;-----------------------------------------------------------------------------------------
;
; Commented Disassembly of SLE44C200 Chip/Resource Management System (CMS/RMS) v.61
; jan 17 2002
; Revision 1.34 (original version oct 10 2001)
; Extracted (via software) from a D+ original smart card on sept 21 2001
;
;-----------------------------------------------------------------------------------------

AUTHB equ 008h ; Authentication byte
ADRXH equ 0B3h ; MSB of the address used in EEPROM writes
EETIME equ 0BDh ; Timings for EEPROM writes
EECTRL equ 0D8h ; EEPROM control byte
INCTRL equ 0FDh ; Internal control byte

;-----------------------------------------------------------------------------------------
; HARDWARE CHARACTERISTICS
;
; Chip Instruction Set: 80C51/52 family core (+ A5 special purpose opcode)
;
; ROM (0000-43FF) 17 Kb
; 0000-03FF : CMS/RMS
; 0400-3FFF : User ROM
; 4000-43FF : CMS/RMS
;
; RAM (00-FF) 256 bytes
; 00-07 : r0-r7
; 20-2F : bit addressable bytes (bit 00-7F)
; 90.0 : I/O pin (P1.0)
; 90.6 : EEPROM pin (P1.6)
; 94.0 : Direction of I/O (0: receive, 1: send)
; 94.6 : Eeprom writable flag (0: read only, 1: writable)
;
; EEPROM (8000-8FFF) 4 Kb
; 8000-801F : PROM
; 8020-8FFF : EEPROM
;
; MICROCODE ROM 2.5 Kb
; 000-9FF : special addressable ROM (not ESAM)
;
; I/O modes
; 9.6k bps (asynchronous)
; 106k bps (synchronous)
;
; Clock
; 3.57 and 4.91 Mhz
;-----------------------------------------------------------------------------------------

org 0000

;-----------------------------------------------------------------------------------------
; Boot chip (on reset psw = 00 and sp = 07)
;-----------------------------------------------------------------------------------------
L0000: mov EECTRL,#080h ;0000 75 D8 80 ;set eeprom control byte
clr A ;0003 E4 ;clear accumulator
mov ADRXH,#080h ;0004 75 B3 80 ;set MSB for movx opcode
mov R1,A ;0007 F9 ;clear r1
mov EETIME,#031h ;0008 75 BD 31 ;set delay
mov INCTRL,#0DCh ;000B 75 FD DC ;set internal control byte
mov EECTRL,A ;000E F5 D8 ;clear eeprom control byte
acall L033E ;0010 71 3E ;wait according to psw.1
jb P1.0,L0045 ;0012 20 90 30 ;jump if I/O high
;-----------------------------------------------------------------------------------------
; I/O pin is low
;-----------------------------------------------------------------------------------------
movx A,@R1 ;0015 E3 ;load ext[8000]
mov R6,A ;0016 FE ;save byte
mov R2,#010h ;0017 7A 10 ;set counter
acall L033E ;0019 71 3E ;wait according to psw.1
L001B: movx A,@R1 ;001B E3 ;load ext[800x]
acall L03E2 ;001C 71 E2 ;send byte in a to I/O
inc R1 ;001E 09 ;increment
djnz R2,L001B ;001F DA FA ;loop 16 times
cjne R6,#033h,L0033 ;0021 BE 33 0F ;compare ext[8000] with #33
mov DPTR,#8003h ;0024 90 80 03 ;set data pointer
movx A,@DPTR ;0027 E0 ;load ext[8003]
cpl A ;0028 F4 ;complement
mov R0,#030h ;0029 78 30 ;source address
mov @R0,A ;002B F6 ;save byte to write in eeprom
acall L003C ;002C 11 3C ;write 1 byte in ext[8003]
mov TCON,#044h ;002E 75 88 44 ;set tcon
acall L03FC ;0031 71 FC ;send byte in a to I/O
L0033: acall L02A5 ;0033 51 A5 ;test if eeprom writable
L0035: jnc L0035 ;0035 50 FE ;if p1.6 can't be toggled wait forever
lcall L4200 ;0037 12 42 00 ;compute eeprom checksum
L003A: sjmp L003A ;003A 80 FE ;infinite loop
L003C: setb EECTRL.2 ;003C D2 DA ;set bit
push B ;003E C0 F0 ;save b
mov B,R2 ;0040 8A F0 ;clear b
inc R2 ;0042 0A ;write 1 byte
ajmp L011D ;0043 21 1D ;write in eeprom
;-----------------------------------------------------------------------------------------
; Test card and Jump to User ROM
;-----------------------------------------------------------------------------------------
L0045: acall L02A5 ;0045 51 A5 ;test if eeprom writable
movx A,@R1 ;0047 E3 ;load ext[8000]
cjne A,#033h,L0055 ;0048 B4 33 0A ;if ext[8000]<>33 then initialize card
mov R1,#004h ;004B 79 04 ;set r1
movx A,@R1 ;004D E3 ;load ext[8004]
cjne A,#0FFh,L003A ;004E B4 FF E9 ;if ext[8004]<>FF then infinite loop
acall L0081 ;0051 11 81 ;set default values
ajmp L0400 ;0053 81 00 ;jump to user rom
;-----------------------------------------------------------------------------------------
; Card not initialized
;-----------------------------------------------------------------------------------------
L0055: cjne A,#0A9h,L005F ;0055 B4 A9 07 ;jump if ext[8000]<>A9
acall L02B5 ;0058 51 B5 ;verify if card isn't initialized
acall L0081 ;005A 11 81 ;set default values
clr A ;005C E4 ;clear a
sjmp L0066 ;005D 80 07 ;jump
L005F: acall L02A5 ;005F 51 A5 ;test if eeprom writable
L0061: jnc L0061 ;0061 50 FE ;if p1.6 can't be toggled wait forever
lcall L43D5 ;0063 12 43 D5 ;write test in eeprom
L0066: mov R6,A ;0066 FE ;save test result in r6
mov R3,#008h ;0067 7B 08 ;set number of bytes
mov R1,#030 ;0069 79 30 ;set key address
acall L00C5h ;006B 11 C5 ;receive 8 bytes from I/O (key)
mov R3,#008h ;006D 7B 08 ;set number of bytes
mov R1,#038h ;006F 79 38 ;set destination address
L0071: mov A,@R0 ;0071 E6 ;load byte
mov @R1,A ;0072 F7 ;save byte
inc R0 ;0073 08 ;increment pointer
inc R1 ;0074 09 ;increment pointer
djnz R3,L0071 ;0075 DB FA ;loop 8 times
inc SP ;0077 05 81 ;increment stack pointer (save 08h)
mov R1,#030h ;0079 79 30 ;set key address
lcall L413D ;007B 12 41 3D ;verify if key matches
ljmp L403C ;007E 02 40 3C ;jump to command loop
;-----------------------------------------------------------------------------------------
; Set default values for eetime and inctrl
;-----------------------------------------------------------------------------------------
L0081: mov R1,#003 ;0081 79 03 ;set r1
movx A,@R1 ;0083 E3 ;load ext[8003]
mov EETIME,A ;0084 F5 BD ;set default eeprom programming time
mov R1,#007h ;0086 79 07 ;set r1
movx A,@R1 ;0088 E3 ;load ext[8007]
mov INCTRL,A ;0089 F5 FD ;set internal control byte
ret ;008B 22 ;return
;-----------------------------------------------------------------------------------------
; Write a byte in eeprom
; a : byte to write
; dptr : destination address
;-----------------------------------------------------------------------------------------
L008C: mov R3,A ;008C FB ;save data
mov R2,#004h ;008D 7A 04 ;load counter
mov ADRXH,DPH ;008F 85 83 B3 ;load address high
mov A,DPL ;0092 E5 82 ;load address low
anl A,#0FCh ;0094 54 FC ;clear bit 0 and 1
mov R1,A ;0096 F9 ;save address low modified
mov A,PSW ;0097 E5 D0 ;load program status word
anl A,#018h ;0099 54 18 ;only bit 3 and 4
orl A,R2 ;009B 4A ;add 4
mov R0,A ;009C F8 ;save ram address to store data
L009D: movx A,@R1 ;009D E3 ;load data to erase
mov @R0,A ;009E F6 ;store in ram
mov A,R1 ;009F E9 ;load address low modified
cjne A,DPL,L00A6 ;00A0 B5 82 03 ;compare to real address
mov A,R0 ;00A3 E8 ;load ram address
xch A,R3 ;00A4 CB ;exchange data and ram address
mov @R0,A ;00A5 F6 ;write data in ram address
L00A6: inc R0 ;00A6 08 ;increment ram address if not real
inc R1 ;00A7 09 ;increment eeprom address
djnz R2,L009D ;00A8 DA F3 ;loop 4 times
mov A,R3 ;00AA EB ;load ram address with data
mov R0,A ;00AB F8 ;save ram address in r0
inc R2 ;00AC 0A ;save number of bytes (1) in r2
mov A,#003h ;00AD 74 03 ;set flags for write procedure
sjmp L00EA ;00AF 80 39 ;write to eeprom
;-----------------------------------------------------------------------------------------
; Write 4 bytes in eeprom
; r0 : source address for data
; dptr : destination address
;-----------------------------------------------------------------------------------------
L00B1: mov R2,#004 ;00B1 74 04 ;set number of bytes
anl DPL,#0FCh ;00B3 53 82 FC ;clear bit o and 1
mov A,#002h ;00B6 74 02 ;set flags for write procedure
sjmp L00EA ;00B8 80 30 ;write to eeprom
;-----------------------------------------------------------------------------------------
; Erase n bytes in eeprom
; dptr : destination address
; r2 : length
;-----------------------------------------------------------------------------------------
L00BA: mov A,#044h ;00BA 74 44 ;set flags for write procedure
sjmp L00EA ;00BC 80 2C ;write to eeprom
;-----------------------------------------------------------------------------------------
; Receive bytes and set parameters for eeprom write
;-----------------------------------------------------------------------------------------
L00BE: mov R3,A ;00BE FB ;save number of bytes in r3
mov B,A ;00BF F5 F0 ;save number of bytes in b
acall L0278 ;00C1 51 78 ;receive 3 byte (dph, dpl, first data)
sjmp L00C8 ;00C3 80 03 ;receive remaining data bytes and set param
;-----------------------------------------------------------------------------------------
; Receive bytes (number in r3), save at address in r1
;-----------------------------------------------------------------------------------------
L00C5: lcall L41D0 ;00C5 12 41 D0 ;receive byte
L00C8: mov @R1,A ;00C8 F7 ;save byte
inc R1 ;00C9 09 ;increment pointer
djnz R3,L00C5 ;00CA DB F9 ;loop r3 times
mov R2,B ;00CC AA F0 ;save number of bytes
mov R0,#030h ;00CE 78 30 ;save pointer
ret ;00D0 22 ;return
;-----------------------------------------------------------------------------------------
; Command 06 : write n bytes anywhere in eeprom (1 minimum)
; input: byte 1 - number of bytes to write in eeprom
; byte 2 - dph
; byte 3 - dpl
; byte 4.. - data bytes
; output : eeprom write return code
;-----------------------------------------------------------------------------------------
L00D1: acall L03E5 ;00D1 71 E5 ;verify authentication and receive byte
acall L00BE ;00D3 11 BE ;receive bytes and set parameters
mov A,DPH ;00D5 E5 83 ;load dph
cjne A,#080h,L00E4 ;00D7 B4 80 0A ;jump if dph<>#80
mov A,DPL ;00DA E5 82 ;load dpl
jnz L00E4 ;00DC 70 06 ;jump if dpl<>#00
mov 037h,INCTRL ;00DE 85 FD 37 ;set ext[8007]
mov 038h,#061h ;00E1 75 38 61 ;set ext[8008]
L00E4: mov R1,AUTHB ;00E4 A9 08 ;verify authentication byte
L00E6: cjne R1,#041h,L00E6 ;00E6 B9 41 FD ;verify authentication
;-----------------------------------------------------------------------------------------
; Erase/Write bytes in eeprom
; r0 : source address for data
; dptr : destination address
; r2 : number of bytes
; a : flags (entry EAh)
;-----------------------------------------------------------------------------------------
L00E9: clr A ;00E9 E4 ;clear flags
L00EA: setb EECTRL.2 ;00EA D2 DA ;set bit 2
push B ;00EC C0 F0 ;save b
mov B,A ;00EE F5 F0 ;save flags
mov ADRXH,#080h ;00F0 75 B3 80 ;set adrxh
mov R1,#000h ;00F3 79 00 ;clear r1
movx A,@R1 ;00F5 E3 ;load ext[8000]
cjne A,#033h,L0118 ;00F6 B4 33 1F ;jump if card not initialized
mov R1,#007h ;00F9 79 07 ;set r1
movx A,@R1 ;00FB E3 ;load ext[8007]
mov INCTRL,A ;00FC F5 FD ;set internal control byte
mov A,DPH ;00FE E5 83 ;load dph
cjne A,#080h,L011D ;0100 B4 80 1A ;jump if <> #80h
mov A,DPL ;0103 E5 82 ;load dpl
cjne A,#020h,L0108 ;0105 B4 20 00 ;jump anyway
L0108: jnc L011D ;0108 50 13 ;jump if dpl >= #20h
jnb A.4,L0116 ;010A 30 E4 09 ;jump if dpl is 0x
setb B.2 ;010D D2 F2 ;set flag bit 2
anl A,#0FCh ;010F 54 FC ;clear bit 0 and 1
mov R1,A ;0111 F9 ;load eeprom address low in r1
movx A,@R1 ;0112 E3 ;load ext[801x]
jb A.7,L011F ;0113 20 E7 09 ;jump if data.bit7 is set
L0116: ajmp L01F6 ;0116 21 F6 ;jump (no write)
L0118: mov R1,AUTHB ;0118 A9 08 ;load authentication byte
L011A: cjne R1,#041h,L011A ;011A B9 41 FD ;verify authentication
L011D: mov C,B.6 ;011D A2 F6 ;load flag bit6 in carry
L011F: orl EECTRL,#081h ;011F 43 D8 81 ;set bit 0 and 7
mov A,R0 ;0122 E8 ;load source address
mov R1,A ;0123 F9 ;save source address in r1
mov A,R2 ;0124 EA ;load byte number
mov R3,A ;0125 FB ;save byte number in r3
L0126: movx A,@DPTR ;0126 E0 ;verify if data to write = data in eeprom
xrl A,@R1 ;0127 67 ;verify
anl A,@R1 ;0128 57 ;verify
addc A,#0FFh ;0129 34 FF ;verify
inc DPTR ;012B A3 ;verify
inc R1 ;012C 09 ;verify
djnz R3,L0126 ;012D DB F7 ;verify
clr A ;012F E4 ;clear a
mov A.5,C ;0130 92 E5 ;move result in a bit 5
anl C,B.2 ;0132 B0 F2 ;move result in b.2
mov B.2,C ;0134 92 F2 ;move result in b.2
add A,#020h ;0136 24 20 ;add
xch A,DPL ;0138 C5 82 ;restore dpl
subb A,R2 ;013A 9A ;restore dpl
xch A,DPL ;013B C5 82 ;restore dpl
jnc L0141 ;013D 50 02 ;restore dhp
dec DPH ;013F 15 83 ;restore dph
L0141: xrl A,#060h ;0141 64 60 ;xor
L0143: xch A,R0 ;0143 C8 ;save source address in r1
mov R1,A ;0144 F9 ;save source address in r1
xch A,R0 ;0145 C8 ;save source address in r1
L0146: jbc EECTRL.3,L0146 ;0146 10 DB FD ;clear eectrl.3
xch A,EECTRL ;0149 C5 D8 ;exchange
jnb A.2,L0116 ;014B 30 E2 C8 ;jump if write not allowed
movx A,@DPTR ;014E E0 ;load data
mov A,R2 ;014F EA ;load byte number
jz L016A ;0150 60 18 ;jump if zero
mov A,0FBh ;0152 E5 FB ;\
cpl A ;0154 F4 ; \
inc A ;0155 04 ; |
orl A,DPL ;0156 45 82 ; |compute if there is a page jump
cpl A ;0158 F4 ; |if it is:
inc A ;0159 04 ; | r3 = bytes until page end
mov R3,A ;015A FB ; | r2 = bytes to write later
cpl A ;015B F4 ; |if it isn't:
inc A ;015C 04 ; | r3 = bytes to write
add A,R2 ;015D 2A ; | r2 = 0
jc L0163 ;015E 40 03 ; |
mov A,R2 ;0160 EA ; |
mov R3,A ;0161 FB ; |
clr A ;0162 E4 ; /
L0163: mov R2,A ;0163 FA ;/
L0164: mov A,@R1 ;0164 E7 ;load data
movx @DPTR,A ;0165 F0 ;write data to eeprom
inc R1 ;0166 09 ;increment source address
inc DPTR ;0167 A3 ;increment data pointer
djnz R3,L0164 ;0168 DB FA ;loop r3 times
L016A: jnb EECTRL.4,L0179 ;016A 30 DC 0C ;jump if bit clear
jnb B.3,L0179 ;016D 30 F3 09 ;jump if bit clear
clr A ;0170 E4 ;clear a
xch A,R1 ;0171 C9 ;exchange
mov R3,A ;0172 FB ;save in r3
mov ADRXH,#080h ;0173 75 B3 80 ;set adrxh
movx A,@R1 ;0176 E3 ;load data
xch A,R3 ;0177 CB ;exchange
mov R1,A ;0178 F9 ;save
L0179: setb EECTRL.0 ;0179 D2 D8 ;set bit
mov A,EETIME ;017B E5 BD ;load eeprom timing
rrc A ;017D 13 ;rotate right
rrc A ;017E 13 ;rotate right
anl A,#03Fh ;017F 54 3F ;and
addc A,#0FCh ;0181 34 FC ;add
jc L0186 ;0183 40 01 ;jump if carry
clr A ;0185 E4 ;clear a
L0186: inc A ;0186 04 ;increment a
mov ADRXH,A ;0187 F5 B3 ;save adrxh
mov C,P1.2 ;0189 A2 92 ;set carry
mov PSW.2,C ;018B 92 D2 ;set pws.2
clr P1.2 ;018D C2 92 ;clear pin
setb EECTRL.1 ;018F D2 D9 ;set bit
mov A,INCTRL ;0191 E5 FD ;load internal control byte
jb EECTRL.6,L0198 ;0193 20 DE 02 ;jump if bit set
sjmp L0199 ;0196 80 01 ;jump
L0198: swap A ;0198 C4 ;swap
L0199: add A,#0FDh ;0199 24 FD ;add
anl A,#00Fh ;019B 54 0F ;and
jz L01A8 ;019D 60 09 ;jump if zero
L019F: dec A ;019F 14 ;decrement a
mov R3,ADRXH ;01A0 AB B3 ;set counter
L01A2: djnz R3,L01A2 ;01A2 DB FE ;loop
inc EECTRL ;01A4 05 D8 ;increment
jnz L019F ;01A6 70 F7 ;loop
L01A8: inc A ;01A8 04 ;increment a
jb B.4,L01B5 ;01A9 20 F4 09 ;jump if bit set
mov A,EETIME ;01AC E5 BD ;load eeprom timing
jb EECTRL.6,L01B5 ;01AE 20 DE 04 ;jump if bit set
clr C ;01B1 C3 ;clear carry
rrc A ;01B2 13 ;rotate right
mov ADRXH,A ;01B3 F5 B3 ;load adrxh
L01B5: mov R3,#020h ;01B5 7B 20 ;set counter
L01B7: djnz R3,L01B7 ;01B7 DB FE ;loop
dec A ;01B9 14 ;decrement
jnz L01B5 ;01BA 70 F9 ;loop
mov C,PSW.2 ;01BC A2 D2 ;set carry
mov P1.2,C ;01BE 92 92 ;set pin
mov A,#084h ;01C0 74 84 ;load
xch A,EECTRL ;01C2 C5 D8 ;exchange
anl A,#070h ;01C4 54 70 ;and
jz L01E0 ;01C6 60 18 ;jump if zero
jb A.4,L01E0 ;01C8 20 E4 15 ;jump if bit set
jb A.6,L01D8 ;01CB 20 E6 0A ;jump if bit set
jnb B.1,L01D8 ;01CE 30 F1 07 ;jump if bit clear
L01D1: mov R3,#020h ;01D1 7B 20 ;set counter
L01D3: djnz R3,L01D3 ;01D3 DB FE ;loop
djnz ADRXH,L01D1 ;01D5 D5 B3 F9 ;loop
L01D8: xch A,R2 ;01D8 CA ;exchange
jz L01E1 ;01D9 60 06 ;jump if zero
xch A,R2 ;01DB CA ;exchange
ajmp L0146 ;01DC 21 46 ;write last bytes in eeprom
L01DE: ajmp L0141 ;01DE 21 41 ;jump
L01E0: mov R2,A ;01E0 FA ;restore r1
L01E1: mov A,R0 ;01E1 E8 ;restore r1
xch A,R1 ;01E2 C9 ;restore r1
clr C ;01E3 C3 ;restore r2
subb A,R0 ;01E4 98 ;restore r2
xch A,R2 ;01E5 CA ;restore r2
L01E6: jbc EECTRL.3,L01E6 ;01E6 10 DB FD ;clear bit
xch A,DPL ;01E9 C5 82 ;restore dpl
clr C ;01EB C3 ;restore dpl
subb A,R2 ;01EC 9A ;restore dpl
xch A,DPL ;01ED C5 82 ;restore dpl
jnc L01F3 ;01EF 50 02 ;restore dph
dec DPH ;01F1 15 83 ;restore dph
L01F3: jbc B.2,L01DE ;01F3 10 F2 E8 ;jump if bit set
L01F6: mov A,#055h ;01F6 74 55 ;exit code (no write)
jb B.5,L022E ;01F8 20 F5 33 ;jump if bit set (no write)
jb B.6,L0208 ;01FB 20 F6 0A ;jump if bit set (erase only)
L01FE: movx A,@DPTR ;01FE E0 ;verify write
xrl A,@R1 ;01FF 67 ;verify write
jnz L021C ;0200 70 1A ;verify write
inc R1 ;0202 09 ;verify write
inc DPTR ;0203 A3 ;verify write
djnz R2,L01FE ;0204 DA F8 ;verify write
sjmp L0211 ;0206 80 09 ;jump
L0208: movx A,@DPTR ;0208 E0 ;verify erase
xrl A,#0FFh ;0209 64 FF ;verify erase
jnz L021C ;020B 70 0F ;verify erase
inc R1 ;020D 09 ;verify erase
inc DPTR ;020E A3 ;verify erase
djnz R2,L0208 ;020F DA F7 ;verify erase
L0211: cpl EECTRL.0 ;0211 B2 D8 ;complement
jnb EECTRL.0,L021C ;0213 30 D8 06 ;jump if bit clear
mov R2,EETIME ;0216 AA BD ;delay
L0218: djnz R2,L0218 ;0218 DA FE ;delay
sjmp L01E1 ;021A 80 C5 ;jump
L021C: xch A,R1 ;021C C9 ;exchange
jnb B.0,L022C ;021D 30 F0 0C ;jump if bit clear
inc DPTR ;0220 A3 ;increment
inc DPTR ;0221 A3 ;increment
inc DPTR ;0222 A3 ;increment
anl DPL,#0FCh ;0223 53 82 FC ;clear bit 0 and 1
mov A,PSW ;0226 E5 D0 ;restore r0
anl A,#018h ;0228 54 18 ;restore r0
add A,#008h ;022A 24 08 ;restore r0
L022C: mov R0,A ;022C F8 ;restore r0
mov A,R1 ;022D E9 ;exit code
L022E: mov EECTRL,#000h ;022E 75 D8 00 ;clear
pop B ;0231 D0 F0 ;restore b
ret ;0233 22 ;return
;-----------------------------------------------------------------------------------------

[igors20]

;-----------------------------------------------------------------------------------------
; Command 07 : Write a single byte n times in eeprom (n loaded in 0FBh)
; input : byte 1 - flags for eeprom write
; byte 2 - dph
; byte 3 - dpl
; byte 4 - data byte
; output : eeprom write return code
;-----------------------------------------------------------------------------------------
L0234: acall L0276 ;0234 51 76 ;receive flags, dph, dpl and data byte
L0236: mov R2,0FBh ;0236 AA FB ;set number of bytes
L0238: xch A,R2 ;0238 CA ;exchange data and byte number
mov R3,A ;0239 FB ;put byte number in r3
xch A,R2 ;023A CA ;exchange again
L023B: mov @R1,A ;023B F7 ;put data in ram (30h)
inc R1 ;023C 09 ;increment pointer
djnz R3,L023B ;023D DB FC ;loop r3 times
L023F: setb EECTRL.2 ;023F D2 DA ;set eectrl
push B ;0241 C0 F0 ;save b
mov B,#020h ;0243 75 F0 20 ;load value
mov C,02Fh.7 ;0246 A2 7F ;set b according with flags
mov B.2,C ;0248 92 F2 ;set b according with flags
mov ADRXH,#080h ;024A 75 B3 80 ;set adrxh
mov R0,#000h ;024D 78 00 ;set pointer
movx A,@R0 ;024F E2 ;load ext[8000]
cjne A,#0A9h,L0269 ;0250 B4 A9 16 ;compare value
setb B.3 ;0253 D2 F3 ;set b.3
L0255: mov R0,#030h ;0255 78 30 ;set source address
mov A,02Fh ;0257 E5 2F ;load flags
anl A,#070h ;0259 54 70 ;only 3 bits
cjne A,#070h,L0267 ;025B B4 70 09 ;compare and jump
clr A.5 ;025E C2 E5 ;clear
setb B.4 ;0260 D2 F4 ;set
mov R1,AUTHB ;0262 A9 08 ;verify authentication byte
L0264: cjne R1,#041h,L0264 ;0264 B9 41 FD ;verify authentication
L0267: ajmp L0143 ;0267 21 43 ;write bytes in eeprom
L0269: acall L02A5 ;0269 51 A5 ;test if eeprom writable
jc L0255 ;026B 40 E8 ;jump if ok
sjmp L022E ;026D 80 BF ;exit
;-----------------------------------------------------------------------------------------
; Command 08 : Write a single byte n times in eeprom
; input : byte 1 - flags for eeprom write
; byte 2 - dph
; byte 3 - dpl
; byte 4 - number of bytes to write
; byte 5 - data byte
; output : eeprom write return code
;-----------------------------------------------------------------------------------------
L026F: acall L0276 ;026F 51 76 ;receive flags, dph, dpl and another byte
mov R2,A ;0271 FA ;save number of bytes to write
acall L03E5 ;0272 71 E5 ;receive data byte
sjmp L0238 ;0274 80 C2 ;set flags and write eeprom
L0276: acall L0287 ;0276 51 87 ;receive flags for eeprom write
L0278: mov R1,#030h ;0278 79 30 ;source address in ram
acall L027E ;027A 51 7E ;receive dph and dpl
ajmp L03E5 ;027C 61 E5 ;receive another byte
L027E: acall L03E5 ;027E 71 E5 ;receive byte
mov DPH,A ;0280 F5 83 ;save dph
acall L03E5 ;0282 71 E5 ;receive byte
mov DPL,A ;0284 F5 82 ;save dpl
ret ;0286 22 ;return
L0287: acall L03E5 ;0287 71 E5 ;receive byte (flags for eeprom write)
L0289: rl A ;0289 23 ;rotate left
cjne A,#020h,L028D ;028A B4 20 00 ;compare
L028D: rr A ;028D 03 ;rotate right
jnc L02A2 ;028E 50 12 ;jump if byte >= #10h
mov EECTRL,#084h ;0290 75 D8 84 ;set eectrl
anl A,#083h ;0293 54 83 ;set eectrl
xch A,EECTRL ;0295 C5 D8 ;set eectrl
jb A.2,L029F ;0297 20 E2 05 ;set eectrl
L029A: mov EECTRL,#080h ;029A 75 D8 80 ;set eectrl
clr EECTRL.7 ;029D C2 DF ;set eectrl
L029F: ret ;029F 22 ;return
L02A0: setb EECTRL.4 ;02A0 D2 DC ;set eectrl
L02A2: mov 02Fh,A ;02A2 F5 2F ;save flag
ret ;02A4 22 ;return
;-----------------------------------------------------------------------------------------
; Test if eeprom is writable (c set = ok)
;-----------------------------------------------------------------------------------------
L02A5: orl 094h,#040h ;02A5 43 94 40 ;set flag (eeprom writable)
setb P1.6 ;02A8 D2 96 ;set pin
mov C,P1.6 ;02AA A2 96 ;set/clear c flag according to p1.6
clr P1.6 ;02AC C2 96 ;clear pin
anl C,/P1.6 ;02AE B0 96 ;put in c result of test
ret ;02B0 22 ;return
;-----------------------------------------------------------------------------------------
; Command 14 : Test if eeprom writable
; output : a.0 - 1 = ok 0 = error
;-----------------------------------------------------------------------------------------
L02B1: acall L02A5 ;02B1 51 A5 ;test if eeprom writable
rlc A ;02B3 33 ;rotate left with carry
ret ;02B4 22 ;return
;-----------------------------------------------------------------------------------------
; Verify if card isn't initialized (8000: A9 xx xx xx 99 60 19)
;-----------------------------------------------------------------------------------------
L02B5: mov DPTR,#8000 ;02B5 90 80 00 ;set data pointer
movx A,@DPTR ;02B8 E0 ;load
L02B9: cjne A,#0A9h,L02B9 ;02B9 B4 A9 FD ;compare
mov DPTR,#8004 ;02BC 90 80 04 ;set data pointer
movx A,@DPTR ;02BF E0 ;load
L02C0: cjne A,#099h,L02C0 ;02C0 B4 99 FD ;compare
inc DPTR ;02C3 A3 ;increment pointer
movx A,@DPTR ;02C4 E0 ;load
L02C5: cjne A,#060h,L02C5 ;02C5 B4 60 FD ;compare
inc DPTR ;02C8 A3 ;increment pointer
movx A,@DPTR ;02C9 E0 ;load
L02CA: cjne A,#019h,L02CA ;02CA B4 19 FD ;compare
ret ;02CD 22 ;return
;-----------------------------------------------------------------------------------------
; Command 03 : Jump to user rom
;-----------------------------------------------------------------------------------------
L02CE: mov P1,#001h ;02CE 75 90 01 ;set p1.0
mov 094h,#040h ;02D1 75 94 40 ;set eeprom writable
ajmp L0400 ;02D4 81 00 ;jump to user rom
;-----------------------------------------------------------------------------------------
; Wait for byte and write into a
;-----------------------------------------------------------------------------------------
L02D6: jb P1.0,L02D6 ;02D6 20 90 FD ;wait for I/O low
acall L035C ;02D9 71 5C ;delay
acall L035C ;02DB 71 5C ;delay
nop ;02DD 00 ;delay
ajmp L02E2 ;02DE 41 E2 ;jump
;-----------------------------------------------------------------------------------------
; Receive byte from I/O (p1.0) and put in a; set c if there was an error
; entry 2E0 : 9600 bps 4.91 Mhz
; entry 2E2 : 9600 bps 3.57 Mhz
;-----------------------------------------------------------------------------------------
L02E0: setb PSW.1 ;02E0 D2 D1 ;set psw.1
L02E2: clr PSW.5 ;02E2 C2 D5 ;clear psw.5 (f0)
mov R0,#009h ;02E4 78 09 ;set counter
acall L0324 ;02E6 71 24 ;read bit (start bit)
jnc L02EC ;02E8 50 02 ;jump if carry not set
setb PSW.5 ;02EA D2 D5 ;set psw.5 if error
L02EC: rrc A ;02EC 13 ;rotate right with carry
acall L0346 ;02ED 71 46 ;wait dependant on psw.1
acall L0324 ;02EF 71 24 ;read bit (data and parity)
djnz R0,L02EC ;02F1 D8 F9 ;loop 9 times
jc L02F9 ;02F3 40 04 ;jump if carry set (error)
orl C,P ;02F5 72 D0 ;verify parity
sjmp L02FD ;02F7 80 04 ;jump
L02F9: anl C,/P ;02F9 B0 D0 ;verify parity
nop ;02FB 00 ;delay
nop ;02FC 00 ;delay
L02FD: orl C,PSW.5 ;02FD 72 D5 ;verify startbit error
anl PWS,#0DDh ;02FF 53 D0 DD ;clear psw.5 and psw.1
ret ;0302 22 ;return
;-----------------------------------------------------------------------------------------
; Send byte in a to I/O (p1.0)
; entry 303 : 9600 bps 4.91 Mhz
; entry 305 : 9600 bps 3.57 Mhz
;-----------------------------------------------------------------------------------------
L0303: setb PSW.1 ;0303 D2 D1 ;set psw.1
L0305: orl 094h,#001h ;0305 43 94 01 ;set 94.0 (send)
mov R0,#009h ;0308 78 09 ;set counter
mov C,P ;030A A2 D0 ;set parity
clr P1.0 ;030C C2 90 ;clear pin (start bit)
mov R7,#000h ;030E 7F 00 ;delay
nop ;0310 00 ;delay
L0311: acall L033B ;0311 71 3B ;waitloop according to psw.1
rrc A ;0313 13 ;rotate right with carry
mov P1.0,C ;0314 92 90 ;send bit (data and parity)
djnz R0,L0311 ;0316 D8 F9 ;loop 9 times
acall L033B ;0318 71 3B ;waitloop according to psw.1
nop ;031A 00 ;delay
nop ;031B 00 ;delay
setb P1.0 ;031C D2 90 ;set p1.0
anl 094h,#0FEh ;031E 53 94 FE ;clear 94.0
clr PSW.1 ;0321 C2 D1 ;clear psw.1
ret ;0323 22 ;return
;-----------------------------------------------------------------------------------------
; Read bit on I/O pin
;-----------------------------------------------------------------------------------------
L0324: mov R7,#003h ;0324 7F 03 ;set counter
mov R2,A ;0326 FA ;save a
clr A ;0327 E4 ;clear a
L0328: mov C,P1.0 ;0328 A2 90 ;read I/O pin
addc A,#000h ;032A 34 00 ;store result
jnb PSW.1,L0333 ;032C 30 D1 04 ;delay according with psw.1
acall L035C ;032F 71 5C ;delay
sjmp L0335 ;0331 80 02 ;jump
L0333: xch A,R0 ;0333 C8 ;delay
xch A,R0 ;0334 C8 ;delay
L0335: djnz R7,L0328 ;0335 DF F1 ;loop 3 times
mov C,A.1 ;0337 A2 E1 ;set carry if at least 2 (error)
mov A,R2 ;0339 EA ;restore a
ret ;033A 22 ;return
;-----------------------------------------------------------------------------------------
; Wait 3 times according to psw.1
;-----------------------------------------------------------------------------------------
L033B: jnb PSW.1,L0342 ;033B 30 D1 04 ;jump if not set
L033E: mov R7,#01Ah ;033E 7F 1A ;load delay
sjmp L0344 ;0340 80 02 ;jump
L0342: mov R7,#013h ;0342 7F 13 ;load delay
L0344: djnz R7,L0344 ;0344 DF FE ;waitloop
L0346: jnb PSW.1,L034D ;0346 30 D1 04 ;jump if not set
mov R7,#003h ;0349 7F 03 ;load delay
sjmp L034F ;034B 80 02 ;jump
L034D: mov R7,#004h ;034D 7F 04 ;load delay
L034F: djnz R7,L034F ;034F DF FE ;waitloop
jnb PSW.1,L0358 ;0351 30 D1 04 ;jump if not set
mov R7,#00Eh ;0354 7F 0E ;load delay
sjmp L035A ;0356 80 02 ;jump
L0358: mov R7,#006h ;0358 7F 06 ;load delay
L035A: djnz R7,L035A ;035A DF FE ;waitloop
L035C: nop ;035C 00 ;no operation
L035D: ret ;035D 22 ;return
;-----------------------------------------------------------------------------------------
; Receive byte from I/O and put in a; set c if error (9600 bps 4.91 Mhz)
;-----------------------------------------------------------------------------------------
L035E: mov R0,#009h ;035E 78 09 ;set counter
L0360: rrc A ;0360 13 ;rotate right with carry
mov R7,A ;0361 FF ;save a
clr A ;0362 E4 ;clear a
mov C,P1.0 ;0363 A2 90 ;read state
addc A,#000h ;0365 34 00 ;save
mov C,P1.0 ;0367 A2 90 ;read state
addc A,#000h ;0369 34 00 ;save
mov C,P1.0 ;036B A2 90 ;read state
addc A,#000h ;036D 34 00 ;save
mov C,A.1 ;036F A2 E1 ;set carry if bit = 1
mov A,R7 ;0371 EF ;restore
inc R7 ;0372 0F ;delay
djnz R0,L0360 ;0373 D8 EB ;loop 9 times
sjmp L03B9 ;0375 80 42 ;verify error and exit
;-----------------------------------------------------------------------------------------
; Send byte in a to I/O (9600 bps 4.91 Mhz)
;-----------------------------------------------------------------------------------------
L0377: orl 094h,#001h ;0377 43 94 01 ;set send flag
mov R0,#009h ;037A 78 09 ;set counter
mov C,P ;037C A2 D0 ;set parity
clr P1.0 ;037E C2 90 ;I/O low
mov R7,A ;0380 AF E0 ;delay
L0382: acall L0393 ;0382 71 93 ;delay
rrc A ;0384 13 ;rotate right with carry
mov P1.0,C ;0385 92 90 ;send bit
djnz R0,L0382 ;0387 D8 F9 ;loop 9 times
acall L0393 ;0389 71 93 ;delay
mov R7,#000h ;038B 7F 00 ;delay
L038D: setb P1.0 ;038D D2 90 ;stop bit
anl 094h,#0FEh ;038F 53 94 FE ;clear flag
ret ;0392 22 ;return
L0393: mov R7,#004h ;0393 7F 04 ;set counter
L0395: djnz R7,L0395 ;0395 DF FE ;delay loop
ret ;0397 22 ;return
;-----------------------------------------------------------------------------------------
; Receive byte from I/O and put in a; set c if error (106k bps 3.57 Mhz)
;-----------------------------------------------------------------------------------------
L0398: mov R0,#009h ;0398 78 09 ;set counter
L039A: rrc A ;039A 13 ;rotate right with carry
jb P1.0,L03A5 ;039B 20 90 07 ;verify state
jb P1.0,L03AC ;039E 20 90 0B ;verify state
nop ;03A1 00 ;delay
nop ;03A2 00 ;delay
sjmp L03B2 ;03A3 80 0D ;jump
L03A5: jnb P1.0,L03AC ;03A5 30 90 04 ;verify state
nop ;03A8 00 ;delay
nop ;03A9 00 ;delay
sjmp L03AF ;03AA 80 03 ;jump
L03AC: jnb P1.0,L03B2 ;03AC 30 90 03 ;verify state
L03AF: setb C ;03AF D3 ;set carry (bit = 1)
sjmp L03B5 ;03B0 80 03 ;jump
L03B2: nop ;03B2 00 ;delay
nop ;03B3 00 ;delay
clr C ;03B4 C3 ;clear carry (bit = 0)
L03B5: mov R7,#000h ;03B5 7F 00 ;delay
djnz R0,L039A ;03B7 D8 E1 ;loop 9 times
L03B9: jc L03BF ;03B9 40 04 ;jump if error
orl C,P ;03BB 72 D0 ;verify parity error
sjmp L03C3 ;03BD 80 04 ;jump
L03BF: anl C,/P ;03BF B0 D0 ;verify parity error
nop ;03C1 00 ;delay
nop ;03C2 00 ;delay
L03C3: ret ;03C3 22 ;return
;-----------------------------------------------------------------------------------------
; Send byte in a to I/O (106k bps 3.57 Mhz)
;-----------------------------------------------------------------------------------------
L03C4: orl 094h,#001h ;03C4 43 94 01 ;send flag
mov R0,#009h ;03C7 78 09 ;set counter
mov C,P ;03C9 A2 D0 ;set parity
clr P1.0 ;03CB C2 90 ;I/O low
mov R7,A ;03CD AF E0 ;save byte
L03CF: acall L035C ;03CF 71 5C ;delay
rrc A ;03D1 13 ;rotate right with carry
mov P1.0,C ;03D2 92 90 ;send bit
ajmp L03D6 ;03D4 61 D6 ;delay
L03D6: djnz R0,L03CF ;03D6 D8 F7 ;loop 9 times
acall L035D ;03D8 71 5D ;delay
ljmp L038D ;03DA 02 03 8D ;stop bit and exit
;-----------------------------------------------------------------------------------------
; Command 05 : Erase n bytes in eeprom
; input: byte 1 - dph
; byte 2 - dpl
; byte 3 - number of bytes to erase
; output: eeprom write return code
;-----------------------------------------------------------------------------------------
L03DD: acall L0278 ;03DD 51 78 ;receive dph, dpl and byte number
mov R2,A ;03DF FA ;save byte number in r2
ajmp L00BA ;03E0 01 BA ;erase r2 bytes from dptr
;-----------------------------------------------------------------------------------------
; Resource management vectors
;-----------------------------------------------------------------------------------------
L03E2: ljmp L4199 ;03E2 02 41 99 ;send byte to I/O in different modes
L03E5: ljmp L41CB ;03E5 02 41 CB ;receive byte from I/O in different modes
L03E8: ajmp L0398 ;03E8 61 98 ;receive byte from I/O 106k bps 3.57 Mhz
L03EA: ajmp L03C4 ;03EA 61 C4 ;send byte in a to I/O 106k bps 3.57 Mhz
L03EC: ajmp L035E ;03EC 61 5E ;receive byte from I/O 9600 bps 4.91 Mhz
L03EE: ajmp L0377 ;03EE 61 77 ;send byte in a to I/O 9600 bps 4.91 Mhz
L03F0: ajmp L00E9 ;03F0 01 E9 ;erase/write eeprom
L03F2: ajmp L02D6 ;03F2 41 D6 ;wait and receive byte 9600 bps 3.57 Mhz
L03F4: ajmp L00B1 ;03F4 01 B1 ;write 4 bytes in eeprom
L03F6: ajmp L008C ;03F6 01 8C ;write a byte in eeprom
L03F8: ajmp L02E2 ;03F8 41 E2 ;receive byte from I/O 9600 bps 3.57 Mhz
L03FA: ajmp L02E0 ;03FA 41 E0 ;receive byte from I/O 9600 bps 4.91 Mhz
L03FC: ajmp L0305 ;03FC 61 05 ;send byte in a to I/O 9600 bps 3.57 Mhz
L03FE: ajmp L0303 ;03FE 61 03 ;send byte in a to I/O 9600 bps 4.91 Mhz
;-----------------------------------------------------------------------------------------
; Address table for main commands
;-----------------------------------------------------------------------------------------
L4000: db 43 17 ;4000 43 17 ;command 00 - Test inctrl modes
db 40 62 ;4002 40 62 ;command 01 - Set tcon
db 40 6C ;4004 40 6C ;command 02 - Set program status word
db 02 CE ;4006 02 CE ;command 03 - Jump to user rom
db 43 B1 ;4008 43 B1 ;command 04 - Format eeprom (n pages)
db 03 DD ;400A 03 DD ;command 05 - Erase n bytes in eeprom
db 00 D1 ;400C 00 D1 ;command 06 - Write n bytes in eeprom
db 02 34 ;400E 02 34 ;command 07 - Write byte in eeprom n times
db 02 6F ;4010 02 6F ;command 08 - Write byte in eeprom n times
db 43 4C ;4012 43 4C ;command 09 - Test eeprom write
db 42 49 ;4014 42 49 ;command 0A - Read and output microcode rom
db 43 5C ;4016 43 5C ;command 0B - Test eeprom write
db 43 7B ;4018 43 7B ;command 0C - Test eeprom format/erase
db 41 24 ;401A 41 24 ;command 0D - Write n bytes m times in eeprom
db 43 A5 ;401C 43 A5 ;command 0E - Test if eeprom formatted
db 42 DD ;401E 42 DD ;command 0F - Search eeprom for byte<>xx
db 42 0B ;4020 42 0B ;command 10 - Compute checksum rom 0000-43FF
db 42 00 ;4022 42 00 ;command 11 - Compute checksum eeprom
db 42 11 ;4024 42 11 ;command 12 - Compute checksum microcode rom
db 42 5C ;4026 42 5C ;command 13 - Test all ram
db 02 B1 ;4028 02 B1 ;command 14 - Test if eeprom writable
db 42 92 ;402A 42 92 ;command 15 - Test ram (n bytes)
db 42 B8 ;402C 42 B8 ;command 16 - Read and output ram contents
db 42 C4 ;402E 42 C4 ;command 17 - Read and output rom/eeprom
db 42 D7 ;4030 42 D7 ;command 18 - Execute code in dptr
db 40 78 ;4032 40 78 ;command 19 - Set inctrl, eetime, flags
db 40 AF ;4034 40 AF ;command 1A - Output bit number loc.<>xx
db 40 D8 ;4036 40 D8 ;command 1B - Output eeprom loc.<>00 or FF
db 43 F3 ;4038 43 F3 ;command 1C - Set flags and eectrl
db 40 73 ;403A 40 73 ;command 1D - Execute code in eeprom
;-----------------------------------------------------------------------------------------
; Main command loop
;-----------------------------------------------------------------------------------------
L403C: acall L4199 ;403C 31 99 ;output content of a (command result)
acall L41EF ;403E 31 EF ;delay
acall L41CB ;4040 31 CB ;wait for command, receive byte in a
mov R3,A ;4042 FB ;save command
cjne A,#01Eh,L4046 ;4043 B4 1E 00 ;test command
L4046: jnc L403C ;4046 50 F4 ;jump if command not in range
lcall L02A5 ;4048 12 02 A5 ;test if eeprom writable
jc L4050 ;404B 40 03 ;jump if ok
lcall L02B5 ;404D 12 02 B5 ;verify if card isn't initialized
L4050: mov A,R3 ;4050 EB ;load command
mov DPTR,#4000 ;4051 90 40 00 ;set data pointer
rl A ;4054 23 ;double command
movc A,@A+DPTR ;4055 93 ;load address high
mov R0,A ;4056 F8 ;save address high
mov A,R3 ;4057 EB ;load command
rl A ;4058 23 ;double command
inc A ;4059 04 ;increment offset
movc A,@A+DPTR ;405A 93 ;load address low
mov DPH,R0 ;405B 88 83 ;set address high
acall L4061 ;405D 11 61 ;call command routine
sjmp L403C ;405F 80 DB ;loop to begin
L4061: jmp @A+DPTR ;4061 73 ;jump to command routine
;-----------------------------------------------------------------------------------------
; Command 01 : Set tcon
; input : new setting
; output : same setting
;-----------------------------------------------------------------------------------------
L4062: acall L41CB ;4062 31 CB ;verify authentication and receive byte
setb P1.0 ;4064 D2 90 ;set I/O
mov 094h,#040h ;4066 75 94 40 ;set eeprom writable
mov TCON,A ;4069 F5 88 ;set tcon
ret ;406B 22 ;return
;-----------------------------------------------------------------------------------------
; Command 02 : Set program status word
; input : a - new psw
: output : return code #61
;-----------------------------------------------------------------------------------------
L406C: acall L41CB ;406C 31 CB ;verify authentication and receive byte
mov PSW,A ;406E F5 D0 ;set psw
mov A,#061h ;4070 74 61 ;return code
ret ;4072 22 ;return
;-----------------------------------------------------------------------------------------
; Command 1D : Execute code in eeprom (after key verification)
; input : byte 1-8 - authentication key
;-----------------------------------------------------------------------------------------
L4073: acall L408E ;4073 11 8E ;ask 8 byte key and verify it
ljmp 08005h ;4075 02 80 05 ;execute code in ext[8005]
;-----------------------------------------------------------------------------------------
; Command 19 : Set inctrl, eetime or flags for eeprom write
; input : byte 1-8 - authentication key
; byte 9 - data for setting
; byte A - command (0 = set eetime, 1 = set flags, >1 = set inctrl)
;-----------------------------------------------------------------------------------------

[igors20]

;-----------------------------------------------------------------------------------------
L4078: acall L408E ;4078 11 8E ;ask 8 bytes key and verify it
acall L41CB ;407A 31 CB ;receive data
mov R3,A ;407C FB ;save data
acall L41CB ;407D 31 CB ;receive command
jz L4087 ;407F 60 06 ;jump if 0
dec A ;4081 14 ;decrement command
jz L408A ;4082 60 06 ;jump if 0
mov INCTRL,R3 ;4084 8B FD ;set internal control byte
ret ;4086 22 ;return
L4087: mov EETIME,R3 ;4087 8B BD ;set eetime
ret ;4089 22 ;return
L408A: mov A,R3 ;408A EB ;load
L408B: ljmp L0289 ;408B 02 02 89 ;set flags for eeprom write
L408E: push DPH ;408E C0 83 ;save dph
push DPL ;4090 C0 82 ;save dpl
mov DPTR,#41F8 ;4092 90 41 F8 ;set pointer
mov R3,#008h ;4095 7B 08 ;set counter
clr C ;4097 C3 ;clear carry
L4098: push PSW ;4098 C0 D0 ;save psw
acall L41CB ;409A 31 CB ;receive byte
mov R0,A ;409C F8 ;save byte
pop PSW ;409D D0 D0 ;restore psw
clr A ;409F E4 ;clear a
movc A,@A+DPTR ;40A0 93 ;load key byte
xrl A,R0 ;40A1 68 ;verify if key matches
addc A,#0FFh ;40A2 34 FF ;verify if key matches
inc DPTR ;40A4 A3 ;increment pointer
djnz R3,L4098 ;40A5 DB F1 ;loop 8 times
L40A7: jc L40A7 ;40A7 40 FE ;infinite loop if key not matches
pop DPL ;40A9 D0 82 ;restore dpl
pop DPH ;40AB D0 83 ;restore dph
clr A ;40AD E4 ;clear a
ret ;40AE 22 ;return
;-----------------------------------------------------------------------------------------
; Command 1A : Output number of bits for eeprom locations with data different from xx
; input: byte 1 - eeprom flags
; byte 2 - byte to compare (xx)
; output: number of bits (3 bytes)
;-----------------------------------------------------------------------------------------
L40AF: acall L40FD ;40AF 11 FD ;receive input, set parameters
acall L411D ;40B1 31 1D ;set dpl
mov R3,A ;40B3 FB ;clear
mov R4,A ;40B4 FC ;clear
mov R5,A ;40B5 FD ;clear
L40B6: movx A,@DPTR ;40B6 E0 ;load eeprom data
xrl A,R6 ;40B7 6E ;compare with byte
jz L40CA ;40B8 60 10 ;jump if equal
mov R7,#008h ;40BA 7F 08 ;set bit counter
L40BC: rrc A ;40BC 13 ;rotate right with carry
jnc L40C8 ;40BD 50 09 ;jump if carry clear
inc R5 ;40BF 0D ;increment
cjne R5,#000h,L40C8 ;40C0 BD 00 05 ;compare
inc R4 ;40C3 0C ;increment
cjne R4,#000h,L40C8 ;40C4 BC 00 01 ;compare
inc R3 ;40C7 0B ;increment
L40C8: djnz R7,L40BC ;40C8 DF F2 ;loop 8 times (bit)
L40CA: inc DPTR ;40CA A3 ;increment pointer
djnz R1,L40B6 ;40CB D9 E9 ;byte loop
djnz R2,L40B6 ;40CD DA E7 ;page loop
mov A,R3 ;40CF EB ;load bit counter
acall L4199 ;40D0 31 99 ;send to I/O
mov A,R4 ;40D2 EC ;load bit counter
acall L4199 ;40D3 31 99 ;send to I/O
mov A,R5 ;40D5 ED ;load bit counter
ajmp L40FA ;40D6 01 FA ;exit
;-----------------------------------------------------------------------------------------
; Command 1B : Output eeprom locations with data different from 00 (or FF)
; input: byte 1 - eeprom flags
; byte 2 - 00 or FF
; output: eeprom addresses (max 80h)
;-----------------------------------------------------------------------------------------
L40D8: acall L40FD ;40D8 11 FD ;receive input, set parameters
acall L411D ;40DA 31 1D ;set dpl
mov R3,#080h ;40DC 7B 80 ;set max output
mov A,R6 ;40DE EE ;load byte to compare
jz L40E3 ;40DF 60 02 ;jump if zero
mov R6,#0FFh ;40E1 7E FF ;set byte to compare
L40E3: movx A,@DPTR ;40E3 E0 ;load eeprom data
xrl A,R6 ;40E4 6E ;compare with byte
jz L40F3 ;40E5 60 0C ;jump if equal
mov A,DPH ;40E7 E5 83 ;load dph
acall L4199 ;40E9 31 99 ;send to I/O
mov A,DPL ;40EB E5 82 ;load dpl
acall L4199 ;40ED 31 99 ;send to I/O
djnz R3,L40F3 ;40EF DB 02 ;output max 80h times
sjmp L40F8 ;40F1 80 05 ;exit
L40F3: inc DPTR ;40F3 A3 ;increment pointer
djnz R1,L40E3 ;40F4 D9 ED ;byte loop
djnz R2,L40E3 ;40F6 DA EB ;page loop
L40F8: mov A,#055h ;40F8 74 55 ;end code (no write)
L40FA: ljmp L029A ;40FA 02 02 9A ;exit
L40FD: acall L41CB ;40FD 31 CB ;receive flags
mov R5,A ;40FF FD ;save in r5
acall L41CB ;4100 31 CB ;receive byte to compare (00 or FF)
mov R6,A ;4102 FE ;save in r6
L4103: mov DPTR,#8000 ;4103 90 80 00 ;set data pointer
movx A,@DPTR ;4106 E0 ;load ext[8000]
mov R2,A ;4107 FA ;save in r2
mov A,R6 ;4108 EE ;transfer
xch A,R5 ;4109 CD ;load flags in a
acall L408B ;410A 11 8B ;set eectrl
mov A,R2 ;410C EA ;load ext[8000]
mov R1,#0E0h ;410D 79 E0 ;set bytes first page
mov R2,0FAh ;410F AA FA ;set number of pages
xrl A,#0A9h ;4111 64 A9 ;xor
jnz L4123 ;4113 70 0E ;jump if ext[8000]<>#A9
mov A,R2 ;4115 EA ;load number of pages
cjne A,#040h,L4119 ;4116 B4 40 00 ;compare
L4119: jc L411D ;4119 40 02 ;jump if >= #40
mov R1,#0C0h ;411B 79 C0 ;set bytes first page
L411D: mov A,R1 ;411D E9 ;load bytes first page
dec A ;411E 14 ;decrement
cpl A ;411F F4 ;complement
mov DPL,A ;4120 F5 82 ;set dpl
clr A ;4122 E4 ;clear a
L4123: ret ;4123 22 ;return
;-----------------------------------------------------------------------------------------
; Command 0D : Write n bytes m times in eeprom
; input: byte 1 - flags for eeprom write
; byte 2-3 - m high byte, m low byte
; byte 4 - n (number of bytes)
; byte 5-6 - dph, dpl
; byte 7.. - data (n bytes)
;-----------------------------------------------------------------------------------------
L4124: lcall L0287 ;4124 12 02 87 ;receive flags for eeprom write
acall L41CB ;4127 31 CB ;receive m high
mov R6,A ;4129 FE ;save in r6
acall L41CB ;412A 31 CB ;receive m low
mov R5,A ;412C FD ;save in r5
jz L4130 ;412D 60 01 ;jump if 0
inc R6 ;412F 0E ;increment r6
L4130: acall L41CB ;4130 31 CB ;receive number of bytes to input (n)
lcall L00BE ;4132 12 00 BE ;input dptr, data (n bytes), set param
L4135: lcall L023F ;4135 12 02 3F ;write n bytes in eeprom
djnz R5,L4135 ;4138 DD FB ;loop r5 times
djnz R6,L4135 ;413A DE F9 ;loop r6 times
ret ;413C 22 ;return
;-----------------------------------------------------------------------------------------
; Verify if key in 30-37h (and 38-3Fh) matches with authentication key
;-----------------------------------------------------------------------------------------
L413D: mov DPTR,#0000 ;413D 90 00 00 ;set data pointer
mov ADRXH,#080h ;4140 75 B3 80 ;set adrxh
mov R3,#008h ;4143 7B 08 ;set counter
mov B,@R1 ;4145 87 F0 ;load first byte of key in b
setb EECTRL.7 ;4147 D2 DF ;set bit
L4149: mov R2,#040h ;4149 7A 40 ;set counter
mov A,R6 ;414B EE ;load test result
jz L4150 ;414C 60 02 ;jump if zero
movx A,@R0 ;414E E2 ;read eeprom
cpl A ;414F F4 ;complement
L4150: add A,@R0 ;4150 26 ;add
mov @R0,#0FFh ;4151 76 FF ;load value
xch A,R3 ;4153 CB ;exchange
jb A.0,L4159 ;4154 20 E0 02 ;jump if bit set
inc ADRXH ;4157 05 B3 ;increment adrxh
L4159: xch A,R3 ;4159 CB ;exchange
inc R0 ;415A 08 ;increment r0
L415B: mul AB ;415B A4 ;multiply
xrl A,@R1 ;415C 67 ;xor
mov @R1,A ;415D F7 ;transfer
inc R1 ;415E 09 ;increment r1
cjne R1,#038h,L4164 ;415F B9 38 02 ;compare and jump if <> #38
mov R1,#030h ;4162 79 30 ;load value
L4164: mov A,B ;4164 E5 F0 ;transfer
mov B,@R1 ;4166 87 F0 ;transfer
xrl A,@R1 ;4168 67 ;xor
mov @R1,A ;4169 F7 ;transfer
jnb A.5,L416F ;416A 30 E5 02 ;jump if bit not set
inc DPTR ;416D A3 ;increment pointer
clr A ;416E E4 ;clear a
L416F: movc A,@A+DPTR ;416F 93 ;read eeprom
djnz R2,L415B ;4170 DA E9 ;loop 40h times
djnz R3,L4149 ;4172 DB D5 ;loop 8 times
clr EECTRL.7 ;4174 C2 DF ;clear bit
mov R2,#008h ;4176 7A 08 ;set counter
mov DPTR,#41F8 ;4178 90 41 F8 ;set dptr with auth.key address
mov AUTHB,DPH ;417B 85 83 08 ;save authentication byte
L417E: clr A ;417E E4 ;clear
movc A,@A+DPTR ;417F 93 ;load auth. key byte
inc DPTR ;4180 A3 ;increment pointer
xrl A,@R1 ;4181 67 ;xor
inc R1 ;4182 09 ;increment pointer
addc A,#0FFh ;4183 34 FF ;add
xrl 003h,A ;4185 62 03 ;xor with r3
djnz R2,L417E ;4187 DA F5 ;loop 8 times
cpl C ;4189 B3 ;complement carry
jbc PSW.7,L4190 ;418A 10 D7 03 ;jump if carry set (ok)
L418D: ljmp L0000 ;418D 02 00 00 ;error, so try again
L4190: jc L418D ;4190 40 FB ;jump if carry set (error)
mov A,R3 ;4192 EB ;load r3
jnz L418D ;4193 70 F8 ;jump if not zero (error)
inc A ;4195 04 ;increment a
jz L418D ;4196 60 F5 ;jump if zero (error)
ret ;4198 22 ;return
;-----------------------------------------------------------------------------------------
; Send byte to I/O in different modes according to psw.1 psw.5
; if psw.5 clear --> 9600 bps 3.57 Mhz
; if psw.5 set AND psw.1 clear --> 9600 bps 4.91 Mhz
; if psw.5 set AND psw.1 set --> 106k bps 3.57 Mhz
;-----------------------------------------------------------------------------------------
L4199: anl 094h,#0FEh ;4199 53 94 FE ;clear flag
L419C: jnb P1.0,L419C ;419C 30 90 FD ;wait for I/O high
setb P1.0 ;419F D2 90 ;set pin
orl 094h,#001h ;41A1 43 94 01 ;set send flag
mov R0,#00Ah ;41A4 78 0A ;set counter
clr C ;41A6 C3 ;clear carry
nop ;41A7 00 ;delay
jnb PSW.5,L41C5 ;41A8 30 D5 1A ;jump according to psw.5
jnb PSW.1,L41B7 ;41AB 30 D1 09 ;jump according to psw.1
L41AE: mov P1.0,C ;41AE 92 90 ;send bit
rrc A ;41B0 13 ;rotate right with carry
nop ;41B1 00 ;delay
nop ;41B2 00 ;delay
nop ;41B3 00 ;delay
djnz R0,L41AE ;41B4 D8 F8 ;loop A times
ret ;41B6 22 ;return
L41B7: acall L41EF ;41B7 31 EF ;delay
acall L41EE ;41B9 31 EE ;delay
L41BB: mov P1.0,C ;41BB 92 90 ;send bit
rrc A ;41BD 13 ;rotate right with carry
acall L41EE ;41BE 31 EE ;delay
xch A,@R0 ;41C0 C6 ;delay
xch A,@R0 ;41C1 C6 ;delay
djnz R0,L41BB ;41C2 D8 F7 ;loop A times
ret ;41C4 22 ;return
L41C5: lcall L0305 ;41C5 12 03 05 ;send byte to I/O (9600 bps 3.57 Mhz)
ljmp L033E ;41C8 02 03 3E ;delay
;-----------------------------------------------------------------------------------------
; Receive byte from I/O in different modes according to psw.1 psw.5
; authentication flag (08h) must be #41h
; if psw.5 clear --> 9600 bps 3.57 Mhz (wait and receive)
; if psw.5 set AND psw.1 clear --> 9600 bps 4.91 Mhz
; if psw.5 set AND psw.1 set --> 106k bps 3.57 Mhz
;-----------------------------------------------------------------------------------------
L41CB: mov A,AUTHB ;41CB E5 08 ;load authentication byte
L41CD: cjne A,#041h,L41CD ;41CD B4 41 FD ;verify flag
L41D0: anl 094h,#0FEh ;41D0 53 94 FE ;clear flag
jb PSW.5,L41D9 ;41D3 20 D5 03 ;jump according to psw.5
ljmp L02D6 ;41D6 02 02 D6 ;wait and receive byte (9600 bps 3.57 Mhz)
L41D9: jnb P1.0,L41D9 ;41D9 30 90 FD ;wait for pin high
L41DC: jb P1.0,L41DC ;41DC 20 90 FD ;wait for pin low
mov R0,#009h ;41DF 78 09 ;set counter
L41E1: mov C,P1.0 ;41E1 A2 90 ;receive bit
rrc A ;41E3 13 ;rotate right with carry
jnb PWS.1,L41F1 ;41E4 30 D1 0A ;jump according to psw.1
L41E7: djnz R0,L41E1 ;41E7 D8 F8 ;loop 9 times
orl 094h,#001h ;41E9 43 94 01 ;set flag
clr P1.0 ;41EC C2 90 ;clear pin
L41EE: nop ;41EE 00 ;delay
L41EF: nop ;41EF 00 ;delay
L41F0: ret ;41F0 22 ;return
L41F1: lcall L41F0 ;41F1 12 41 F0 ;delay
ljmp L41E7 ;41F4 02 41 E7 ;jump
db 61 ;41F7 61 ;crap
;-----------------------------------------------------------------------------------------
; Authentication key
;-----------------------------------------------------------------------------------------
L41F8: db C7 1C C5 51 ;41F8 C71CC551 ;authentication key
db 56 8A 8B 99 ;41FC 568A8B99 ;authentication key
;-----------------------------------------------------------------------------------------
; Command 11 : Compute checksum over eeprom (from 8010)
; 0FAh must be set with page number
; output: 4 bytes checksum
;-----------------------------------------------------------------------------------------
L4200: clr B.0 ;4200 C2 F0 ;clear flag (eeprom)
mov R7,0FAh ;4202 AF FA ;load number of pages
mov DPTR,#8010 ;4204 90 80 10 ;set data pointer
mov R0,#0F0h ;4207 78 F0 ;set byte counter
sjmp L421A ;4209 80 0F ;compute checksum
;-----------------------------------------------------------------------------------------
; Command 10 : Compute checksum over rom 0000-43FF
; 0FEh must be set with page number
; output: 4 bytes checksum
;-----------------------------------------------------------------------------------------
L420B: clr B.0 ;420B C2 F0 ;clear flag (rom 0000-43FF)
mov R7,0FEh ;420D AF FE ;load number of pages
sjmp L4215 ;420F 80 04 ;compute checksum
;-----------------------------------------------------------------------------------------
; Command 12 : Compute checksum over microcode rom 000-9FF
; output : 4 bytes checksum
;-----------------------------------------------------------------------------------------
L4211: setb B.0 ;4211 D2 F0 ;set flag (microcode 000-9FF)
mov R7,#00Ah ;4213 7F 0A ;set page counter
L4215: mov DPTR,#0000 ;4215 90 00 00 ;set dptr
mov R0,#000h ;4218 78 00 ;set byte counter
L421A: clr A ;421A E4 ;clear
mov R3,A ;421B FB ;clear
mov R4,A ;421C FC ;clear
mov R5,A ;421D FD ;clear
mov R6,#05Ah ;421E 7E 5A ;set checksum
L4220: jnb B.0,L4227 ;4220 30 F0 04 ;look for rom type
movs A,@DPTR ;4223 A5 ;load microcode
nop ;4224 00 ;no operation
sjmp L4229 ;4225 80 02 ;jump
L4227: clr A ;4227 E4 ;clear
movc A,@A+DPTR ;4228 93 ;load rom/eeprom
L4229: xch A,R6 ;4229 CE ;compute checksum
xrl A,R6 ;422A 6E ;compute checksum
rr A ;422B 03 ;compute checksum
xch A,R6 ;422C CE ;compute checksum
add A,R5 ;422D 2D ;compute checksum
mov R5,A ;422E FD ;compute checksum
jnc L4236 ;422F 50 05 ;compute checksum
inc R4 ;4231 0C ;compute checksum
mov A,R4 ;4232 EC ;compute checksum
jnz L4236 ;4233 70 01 ;compute checksum
inc R3 ;4235 0B ;compute checksum
L4236: inc DPTR ;4236 A3 ;increment data pointer
djnz R0,L4220 ;4237 D8 E7 ;byte loop
djnz R7,L4220 ;4239 DF E5 ;page loop
mov R2,#004h ;423B 7A 04 ;set number of bytes
mov R1,#003h ;423D 79 03 ;set address
L423F: mov A,@R1 ;423F E7 ;load checksum
cjne R2,#001h,L4244 ;4240 BA 01 01 ;compare counter
ret ;4243 22 ;return
L4244: acall L4199 ;4244 31 99 ;send checksum to I/O
inc R1 ;4246 09 ;increment pointer
djnz R2,L423F ;4247 DA F6 ;loop 4 times
;-----------------------------------------------------------------------------------------
; Command 0A : Read and output microcode rom 000-9FF
; input: page number
; output: 256 bytes of code
;-----------------------------------------------------------------------------------------
L4249: mov DPTR,#0000 ;4249 90 00 00 ;set data pointer
acall L41CB ;424C 31 CB ;receive page number (0-9)
orl DPH,A ;424E 42 83 ;set data pointer
mov R6,#0FFh ;4250 7E FF ;set byte counter
L4252: movs A,@DPTR ;4252 A5 ;load data
nop ;4253 00 ;no operation
inc DPTR ;4254 A3 ;increment pointer
acall L4199 ;4255 31 99 ;send data to I/O
djnz R6,L4252 ;4257 DE F9 ;loop ff times
movs A,@DPTR ;4259 A5 ;load last byte
nop ;425A 00 ;no operation
ret ;425B 22 ;return
;-----------------------------------------------------------------------------------------
; Command 13 : Test all ram
; output: 0 (all ok) or ram address (error)
;-----------------------------------------------------------------------------------------
L425C: mov DPH,AUTHB ;425C 85 08 83 ;save authentication byte
setb C ;425F D3 ;set carry
L4260: mov R0,#0FFh ;4260 78 FF ;set ram address
L4262: mov A,R0 ;4262 E8 ;set data to write
jc L4266 ;4263 40 01 ;jump if carry set
cpl A ;4265 F4 ;complement
L4266: mov @R0,A ;4266 F6 ;write data in ram
djnz R0,L4262 ;4267 D8 F9 ;loop ff times
mov R0,#0FFh ;4269 78 FF ;set ram address
L426B: mov A,@R0 ;426B E6 ;read data in ram
jc L426F ;426C 40 01 ;jump if carry set
cpl A ;426E F4 ;complement
L426F: xrl A,R0 ;426F 68 ;xor
jnz L428A ;4270 70 18 ;jump if error
djnz R0,L426B ;4272 D8 F7 ;loop ff times
cpl C ;4274 B3 ;complement carry
jnc L4260 ;4275 50 E9 ;jump if carry clear
L4277: cpl A ;4277 F4 ;complement (00 or ff)
mov DPL,A ;4278 F5 82 ;set data to write
mov R0,#0FFh ;427A 78 FF ;set pointer
L427C: mov @R0,DPL ;427C A6 82 ;write data in ram
djnz R0,L427C ;427E D8 FC ;loop ff times
mov R0,#0FFh ;4280 78 FF ;set pointer
L4282: mov A,@R0 ;4282 E6 ;read data in ram
cjne A,DPL,L428A ;4283 B5 82 04 ;compare and jump if error
djnz R0,L4282 ;4286 D8 FA ;loop ff times
jnz L4277 ;4288 70 ED ;jump if a<>0
L428A: mov A,R0 ;428A E8 ;put in a error address or 0 (all ok)
L428B: mov SP,#007h ;428B 75 81 07 ;set stack pointer
push DPH ;428E C0 83 ;set authentication
ajmp L403C ;4290 01 3C ;exit to main loop
;-----------------------------------------------------------------------------------------
; Command 15 : Test ram (write and verify n bytes)
; input: byte 1 - ram address
; byte 2 - number of bytes
; byte 3-A - authentication key
; byte B.. - data to write (must be >= #05)
; output: 0 all ok, ram address if error
;-----------------------------------------------------------------------------------------
L4292: acall L41CB ;4292 31 CB ;receive ram address
mov R1,A ;4294 F9 ;save in r1
acall L41CB ;4295 31 CB ;receive number of bytes
mov R4,A ;4297 FC ;save in r4
acall L408E ;4298 11 8E ;verify authentication key
clr B.1 ;429A C2 F1 ;clear bit (verify after write)
mov R3,A ;429C FB ;clear r3
mov DPH,AUTHB ;429D 85 08 83 ;save authentication byte
L42A0: acall L41CB ;42A0 31 CB ;receive data to write in ram
cjne R1,#005h,L42A5 ;42A2 B9 05 00 ;data must be >= #05
L42A5: jc L42B2 ;42A5 40 0B ;data must be >= #05
mov @R1,A ;42A7 F7 ;write data
jb B.1,L42B2 ;42A8 20 F1 07 ;jump if no verify
xrl A,@R1 ;42AB 67 ;xor
jz L42B2 ;42AC 60 04 ;jump if verify ok
mov A,R1 ;42AE E9 ;save error address
mov R3,A ;42AF FB ;save in r3
setb B.1 ;42B0 D2 F1 ;not verify after that
L42B2: inc R1 ;42B2 09 ;increment address
djnz R4,L42A0 ;42B3 DC EB ;loop r4 times
mov A,R3 ;42B5 EB ;write 0 or error address in a
ajmp L428B ;42B6 41 8B ;set stack pointer, authentication, exit
;-----------------------------------------------------------------------------------------
; Command 16 : Read and output ram contents
; input : byte 1 - ram address
; byte 2 - number of bytes to output
; byte 3-A - authentication key
;-----------------------------------------------------------------------------------------
L42B8: acall L41CB ;42B8 31 CB ;receive ram address
mov R1,A ;42BA F9 ;save in r1
acall L41CB ;42BB 31 CB ;receive number of bytes
mov R4,A ;42BD FC ;save in r4
acall L408E ;42BE 11 8E ;verify authentication key
mov A,R4 ;42C0 EC ;put r4 in r2
mov R2,A ;42C1 FA ;put r4 in r2
ajmp L423F ;42C2 41 3F ;output r2 byte from r1 ram address
;-----------------------------------------------------------------------------------------

[igors20]

;-----------------------------------------------------------------------------------------
; Command 17 : Read and output rom/eeprom contents
; input : byte 1-2 - dph, dpl
; byte 3 -number of bytes to output
; byte 4-B - authentication key
;-----------------------------------------------------------------------------------------
L42C4: lcall L027E ;42C4 12 02 7E ;receive dph and dpl
acall L41CB ;42C7 31 CB ;receive number of bytes
mov R5,A ;42C9 FD ;save in r5
acall L408E ;42CA 11 8E ;verify authentication key
L42CC: clr A ;42CC E4 ;clear a
movc A,@A+DPTR ;42CD 93 ;load code
cjne R5,#001h,L42D2 ;42CE BD 01 01 ;compare byte number
ret ;42D1 22 ;return
L42D2: acall L4199 ;42D2 31 99 ;send code to I/O
inc DPTR ;42D4 A3 ;increment pointer
djnz R5,L42CC ;42D5 DD F5 ;loop r5-1 times
;-----------------------------------------------------------------------------------------
; Command 18 : Execute code in dptr (after key verification)
; input : byte 1 - dph
; byte 2 - dpl
; byte 3-A - authentication key
;-----------------------------------------------------------------------------------------
L42D7: lcall L027E ;42D7 12 02 7E ;receive dph and dpl
acall L408E ;42DA 11 8E ;verify authentication key
jmp @A+DPTR ;42DC 73 ;jump to @dptr (a = 0)
;-----------------------------------------------------------------------------------------
; Command 0F : Search in eeprom byte different from xx
; input: byte 1 - eeprom flags
; byte 2 - data byte (xx)
; output: first location with content different than xx
; 5555 if none
;-----------------------------------------------------------------------------------------
L42DD: acall L40FD ;42DD 11 FD ;receive input, set parameters
acall L42E3 ;42DF 51 E3 ;search routine
ajmp L436E ;42E1 61 6E ;output dptr
L42E3: mov R4,A ;42E3 FC ;transfer
jz L42F7 ;42E4 60 11 ;jump if ext[8000]=#A9
mov R4,#020h ;42E6 7C 20 ;set counter (first 20h bytes)
L42E8: movx A,@DPTR ;42E8 E0 ;load eeprom data
xrl A,R5 ;42E9 6D ;xor r5 (byte to compare)
jnz L4300 ;42EA 70 14 ;jump if not equal
inc DPTR ;42EC A3 ;increment pointer
dec R4 ;42ED 1C ;decrement counter
cjne R4,#010h,L42F4 ;42EE BC 10 03 ;jump for first 10h bytes
xrl 005h,#0FFh ;42F1 63 05 FF ;xor with r5
L42F4: cjne R4,#000h,L42E8 ;42F4 BC 00 F1 ;jump for bytes 10-20h
L42F7: movx A,@DPTR ;42F7 E0 ;load eeprom data
xrl A,R6 ;42F8 6E ;xor r6 (byte to compare)
jnz L4300 ;42F9 70 05 ;jump if not equal
inc DPTR ;42FB A3 ;increment pointer
djnz R1,L42F7 ;42FC D9 F9 ;byte loop
djnz R2,L42F7 ;42FE DA F7 ;page loop
L4300: ret ;4300 22 ;return
L4301: mov A,#081h ;4301 74 81 ;load eeprom flags
L4303: mov R5,A ;4303 FD ;save
mov R6,#0FFh ;4304 7E FF ;load data to search
sjmp L4310 ;4306 80 08 ;jump
L4308: mov R5,#080h ;4308 7D 80 ;load eeprom flags
mov R6,#000h ;430A 7E 00 ;load data to search
sjmp L4310 ;430C 80 02 ;jump
L430E: mov R5,#000h ;430E 7D 00 ;load eeprom flags
L4310: acall L4103 ;4310 31 03 ;set parameters
acall L42E3 ;4312 51 E3 ;search byte different than data
L4314: ljmp L029A ;4314 02 02 9A ;exit
;-----------------------------------------------------------------------------------------
; Command 00 : Test inctrl modes
; input: none
; output: inctrl mode defective (55 xx) - 55 EC = all ok
;-----------------------------------------------------------------------------------------
L4317: mov INCTRL,#0ACh ;4317 75 FD AC ;set inctrl
acall L43E8 ;431A 71 E8 ;format eeprom page
mov INCTRL,#0C9h ;431C 75 FD C9 ;set inctrl
acall L4308 ;431F 71 08 ;search byte different than 00
jz L432D ;4321 60 0A ;jump if not found
mov INCTRL,#0D9h ;4323 75 FD D9 ;set inctrl
acall L42F4 ;4326 51 F4 ;search byte different than 00
jz L432D ;4328 60 03 ;jump if not found
mov INCTRL,#0E9h ;432A 75 FD E9 ;set inctrl
L432D: mov A,#0D0h ;432D 74 D0 ;set flags
acall L43D7 ;432F 71 D7 ;erase eeprom page
inc INCTRL ;4331 05 FD ;increment
clr A ;4333 E4 ;clear
acall L4303 ;4334 71 03 ;search byte different than FF
jz L4344 ;4336 60 0C ;jump if not found
inc INCTRL ;4338 05 FD ;increment
mov A,#080h ;433A 74 80 ;load flags
acall L408B ;433C 11 8B ;set flags
acall L42F4 ;433E 51 F4 ;search byte different than FF
jz L4344 ;4340 60 02 ;jump if not found
inc INCTRL ;4342 05 FD ;increment
L4344: mov DPH,#055h ;4344 75 83 55 ;set output
mov DPL,INCTRL ;4347 85 FD 82 ;set output
ajmp L4373 ;434A 61 73 ;output and exit
;-----------------------------------------------------------------------------------------
; Command 09 : Test eeprom write (make 2 test write)
; input: none
; output: first location address not written
;-----------------------------------------------------------------------------------------
L434C: mov R6,#04Dh ;434C 7E 4D ;load data to write
acall L43EA ;434E 71 EA ;write in eeprom a page of #4D
acall L430E ;4350 71 0E ;search byte different than #4D
jnz L4373 ;4352 70 1F ;output location address
mov R6,#0B2h ;4354 7E B2 ;load data to write
acall L43EA ;4356 71 EA ;write in eeprom a page of #B2
acall L430E ;4358 71 0E ;search byte different than #B2
ajmp L436E ;435A 61 6E ;output location address
;-----------------------------------------------------------------------------------------
; Command 0B : Test eeprom write (make 2 test write)
; input: none
; output: first location address not written
;-----------------------------------------------------------------------------------------
L435C: acall L43E2 ;435C 71 E2 ;format eeprom page
mov 02Fh,#0B0h ;435E 75 2F B0 ;set flags
acall L43EE ;4361 71 EE ;write 1 byte 00 in eeprom
acall L4308 ;4363 71 08 ;search byte different than 00
jnz L4373 ;4365 70 0C ;jump if found
mov DPTR,#8047 ;4367 90 80 47 ;set data pointer
acall L43EE ;436A 71 EE ;write 1 byte 00 in eeprom
acall L4308 ;436C 71 08 ;search byte different than 00
L436E: jnz L4373 ;436E 70 03 ;jump if found
mov DPTR,#5555 ;4370 90 55 55 ;set code "not found"
L4373: mov A,DPH ;4373 E5 83 ;load dph
acall L4199 ;4375 31 99 ;send to I/O
mov A,DPL ;4377 E5 82 ;load dpl
ajmp L4314 ;4379 61 14 ;exit
;-----------------------------------------------------------------------------------------
; Command 0C : Test eeprom format/erase
; input: flags for eeprom write
; output: first location with content different tran 00/FF
;-----------------------------------------------------------------------------------------
L437B: acall L41CB ;437B 31 CB ;receive flags for eeprom write
push INCTRL ;437D C0 FD ;save inctrl
mov 02Fh,A ;437F F5 2F ;set flags
mov R0,#0F0h ;4381 78 F0 ;set inctrl
jb 02Fh.6,L4389 ;4383 20 7E 03 ;set inctrl
mov R0,#00Fh ;4386 78 0F ;set inctrl
swap A ;4388 C4 ;set inctrl
L4389: orl A,R0 ;4389 48 ;set inctrl
mov C,02Fh.7 ;438A A2 7F ;set inctrl
jc L4392 ;438C 40 04 ;set inctrl
xrl A,R0 ;438E 68 ;set inctrl
xch A,INCTRL ;438F C5 FD ;set inctrl
anl A,R0 ;4391 58 ;set inctrl
L4392: addc A,INCTRL ;4392 35 FD ;set inctrl
mov INCTRL,A ;4394 F5 FD ;set inctrl
setb 02Fh.7 ;4396 D2 7F ;set bit
clr A ;4398 E4 ;clear a
acall L43E4 ;4399 71 E4 ;format/erase eeprom page
pop INCTRL ;439B D0 FD ;restore inctrl
jb 02Fh.6,L43A1 ;439D 20 7E 01 ;jump if bit set
dec R6 ;43A0 1E ;decrement r6 (FF)
L43A1: acall L430E ;43A1 71 0E ;search byte different than 00/FF
ajmp L436E ;43A3 61 6E ;output location address
;-----------------------------------------------------------------------------------------
; Command 0E : Test if eeprom formatted
; input: none
; output: first location with content different than 00
; or first location with content different than FF
;-----------------------------------------------------------------------------------------
L43A5: acall L43E2 ;43A5 71 E2 ;erase a page of eeprom
acall L4308 ;43A7 71 08 ;search byte different than 00
jnz L4373 ;43A9 70 C8 ;output location with byte <> 00
acall L43D5 ;43AB 71 D5 ;format (write 00) a page of eeprom
acall L4301 ;43AD 71 01 ;search byte different than FF
ajmp L436E ;43AF 61 6E ;output location with byte <> FF
;-----------------------------------------------------------------------------------------
; Command 04 : Format eeprom (n pages)
; input: byte 1-2 - dptr
; byte 3 - number of pages to format
; byte 4 - internal control byte
;-----------------------------------------------------------------------------------------
L43B1: lcall L0278 ;43B1 12 02 78 ;receive dph, dpl, number of pages
mov R5,A ;43B4 FD ;save pages in r5
acall L41CB ;43B5 31 CB ;receive inctrl
push INCTRL ;43B7 C0 FD ;save internal control byte
cjne A,#010h,L43BC ;43B9 B4 10 00 ;compare
L43BC: jnc L43C0 ;43BC 50 02 ;jump if >= #10
add A,INCTRL ;43BE 25 FD ;add
L43C0: mov INCTRL,A ;43C0 F5 FD ;set inctrl
mov A,#040h ;43C2 74 40 ;load eeprom flags
mov R6,#000h ;43C4 7E 00 ;load data to write
acall L43DA ;43C6 71 DA ;write first page of 00 in eeprom
mov 02Fh,#020h ;43C8 75 2F 20 ;load flags
mov R2,#000h ;43CB 7A 00 ;load number of bytes (a page)
L43CD: acall L43F0 ;43CD 71 F0 ;write a page of 00 in eeprom
djnz R5,L43CD ;43CF DD FC ;page loop
pop INCTRL ;43D1 D0 FD ;restore inctrl
sjmp L43DF ;43D3 80 0A ;write last page
L43D5: mov A,#030h ;43D5 74 30 ;load flags
L43D7: mov DPTR,#8080 ;43D7 90 80 80 ;set data pointer
L43DA: acall L408B ;43DA 11 8B ;set flags for eeprom write
mov R1,#030h ;43DC 79 30 ;set buffer address
mov A,R6 ;43DE EE ;set data to write
L43DF: ljmp L0236 ;43DF 02 02 36 ;write content of a n times in eeprom
L43E2: mov A,#050h ;43E2 74 50 ;load flags
L43E4: mov R6,#000h ;43E4 7E 00 ;set data to write
sjmp L43D7 ;43E6 80 EF ;jump
L43E8: mov R6,#000h ;43E8 7E 00 ;set data to write
L43EA: mov A,#0B0h ;43EA 74 B0 ;load flags
sjmp L43D7 ;43EC 80 E9 ;jump
L43EE: mov R2,#001h ;43EE 7A 01 ;write 1 byte
L43F0: ljmp L023F ;43F0 02 02 3F ;write in eeprom
;-----------------------------------------------------------------------------------------
; Command 1C : Set flags and eectrl for eeprom write
; input: byte 1 - flags
; output: return code according with flags
;-----------------------------------------------------------------------------------------
L43F3: acall L41CB ;43F3 31 CB ;receive byte (flags for eeprom write)
mov DPL,A ;43F5 F5 82 ;set dpl
mov DPH,#080h ;43F7 75 83 80 ;set dph
lcall L02A0 ;43FA 12 02 A0 ;set flags for eeprom write
movx A,@DPTR ;43FD E0 ;load byte (for return code)
ajmp L4314 ;43FE 61 14 ;set eectrl and exit

end