[CDG5] OF/HWInit blob in NewWorld ROM 1.x
Daniel B-J
danielbj314 at verizon.net
Tue Jun 4 03:42:56 AWST 2019
Very little specifics are known about the OF roms, just general stuff. Apparently the self-test code runs first, then it decompresses OF into ram and then runs it. The decompressed OF rom is usually at 0xFF800000. Some of the register assignments are known, but not where the OF image is in memory.
In theory, one could get the boot rom, start disassembling at offset 0x100 (the reset vector), and trace execution until it gets to OF. I tried that, but I am really not good at that kind of reverse-engineering. I am not sure if anyone else has done that. Maybe Max?
What would be really good would be an automated tool for finding the OF rom, decompressing it, and then decompiling the forth, fcode, and machine code. Compiled forth is probably way easier to decompile than compiled c.
Apologies for not quoting your message, Jd Lyons. I can't actually access it in mail. I am seeing what you type be looking at the mailing list logs.
More information about the cdg5
mailing list