6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Sat Nov 23, 2024 1:36 am

All times are UTC




Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sat Feb 11, 2017 8:26 am 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
Some little time ago I posted
Puzzle challenge: An unusual idea, but not a new one
with an idea and some half-baked code. It's time to get it out in the open ...spoilers ahead for anyone who wanted to tackle the puzzle...

...

...

...

The idea is that even on a device with no I/O devices, you can save data by putting out radio interference.

(Beware of local regulations and don't abuse this new power! Especially if you have a radio license to lose - perform all experiments within a Faraday cage.)

So, every micro has data lines and address lines bouncing up and down at megahertz rates - can we do anything to control that? It turns out we can! With a 2MHz 6502, as found in the BBC micro, a counted loop which crosses a major address boundary can toggle many of the address lines at 200kHz, which is nicely in the middle of the long wave band, and more or less on top of Radio 4 at 198kHz.

Here's my inner loop:
Code:
.loop5 SBC #1:JMP skip5
.skip5 NOP:BNE loop5:RTS

or, more conventionally:
Code:
loop5:
    SBC #1
    JMP skip5
skip5:
    NOP
    BNE loop5
    RTS

which is a ten-cycle loop. At 2MHz, that's 200kHz.

There'll be lots of other frequency components, but should be a strong contribution at 200kHz.

If we had a strong constant sine wave output at that frequency, a nearby radio tuning around the middle of the long wave should have a bit of a drop in the static it picks up as it passes that carrier. That's what I thought anyway.

As it turns out (and as I recall) I got a horrible buzz across quite a bit of the band, from a radio put right on top of the machine. Bear in mind that the UK computers of the 80s didn't really have shielding - one of several reasons why they struggled to export to the US.

My thinking was, if there's any modulation of the strength of our signal, at audio rates, we should get some kind of sound from the radio. Especially if we'd managed to get silence from our "carrier."

So, with my loop5 routine producing strong carrier, I wrote a loop15 like this:
Code:
.loop15 SEC:BCS skip15a
.skip15a SBC #1:JMP skip15b
.skip15b NOP:JMP skip15c
.skip15c NOP:JMP skip15d
.skip15d NOP:JMP skip15e
.skip15e NOP:BNE loop15

The idea here is to waste a lot more time and cross the major address boundary less often.
Code:
loop15:
  SEC
  BCS skip15a
skip15a:
  SBC #1
  JMP skip15b
skip15b:
  NOP
  JMP skip15c
skip15c:
  NOP
  JMP skip15d
skip15d:
  NOP
  JMP skip15e
skip15e:
  NOP
  BNE loop15

That's a 30-cycle loop. My thinking was, if my output is a square wave (of course it isn't) then the fundamental is now at 200/3 and the weaker first harmonic is at 200.

So, if I alternate between these routines, I can modulate my "carrier" at an audio rate. And that's what I was trying to do with my innerlo and innerhi routines:
Code:
LDX #48
.innerhi
LDA #42:JSR loop5
LDA #14:JSR loop15
DEX:BNE innerhi

Code:
LDX #24
.innerlo
LDA #42:JSR loop5
LDA #42:JSR loop5
LDA #14:JSR loop15
LDA #14:JSR loop15
DEX:BNE innerlo

(Thanks to Jeff for the bugfixes to those!)

My ideal result would be that I can get the radio to output one of two tones, and then it's a simple matter of programming to output data from the 6502 machine, over the radio, in a format which might even be compatible with cassette tape storage.

The actual result was some kind of horrible warbling - by no means alternating between two nice tones, but certainly an audio-modulated signal!

At that point I put the project down, and walked away...


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 1:49 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
(Just to note, the idea to do this was from this thread, which posted the challenge of getting ROM contents from a small machine.)


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 2:58 pm 
Offline
User avatar

Joined: Sat Dec 07, 2013 4:32 pm
Posts: 246
Location: The Kettle Moraine
Interesting! I don't think I've ever heard of anyone trying this method. I have heard of using a radio receiver to listen to a computer to see what it's doing, unmodulated. In fact, I've done this myself.

But by your way, you could reliably transmit data. I wonder if it wouldn't help to try to use a lower frequency. Also, for the purposes at hand, perhaps simple on/off keying works.


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 3:48 pm 
Offline
User avatar

Joined: Fri Dec 11, 2009 3:50 pm
Posts: 3367
Location: Ontario, Canada
Good stuff, Ed -- thanks for the intriguing topic!

KC9UDX wrote:
I wonder if it wouldn't help to try to use a lower frequency.
Choosing a frequency that's already occupied (by Radio 4 at 198kHz) wasn't a good decision, IMO. If it were Frequency Modulation (FM) the stronger signal would suppress the weaker one. In fact Dwight posted an amusing item about that here. But AIUI an AM (Amplitude Modulation) receiver will simply accept both inputs, and they'll both be audible. It's true that a stronger signal will be heard more loudly, but it doesn't mute the weaker signal.

It'd be better to avoid interference by transmitting on an otherwise unused frequency. I realize the selections are limited, since we're dealing with integer relations to the CPU clock.

KC9UDX wrote:
Also, for the purposes at hand, perhaps simple on/off keying works.
Interesting. Are you supposing a machine would read the signal, or would a human do it (as with Morse code)? If there's no modulation, don't you need a BFO to render the carrier audible? (I'm dusting off some long-unused vocabulary I learned as a kid from my older brother, the former VE3EWK :) )

_________________
In 1988 my 65C02 got six new registers and 44 new full-speed instructions!
https://laughtonelectronics.com/Arcana/ ... mmary.html


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 5:27 pm 
Offline
User avatar

Joined: Tue Nov 16, 2010 8:00 am
Posts: 2353
Location: Gouda, The Netherlands
Cool trick, but I'm wondering what kind of device has no I/O at all ? Would seem a bit useless.

Most of the old computers had a video output. Perhaps you could modulate that as well, by filling the screen with different color bars, and running the video output through a low pass filter to get a usable signal. Maybe even directly into a UART ?


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 5:51 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
In the case which kicked me off, the unknown computer was an SBC with a keypad. I figured it should be possible to figure out how to put bytes in memory, set the PC, and run, whereas trying to figure out where the PIA was mapped would be a little bit harder. Of course one might also pull the ROM and read it, which is I think what happened, but that supposes some technical knowledge and equipment too.

But imagine if a hacker can overflow a buffer in your computer and run some code... and is sitting outside with a long wave receiver and a cassette recorder!

Jeff, you're absolutely right, add a cycle and we can go down to about about 182kHz, next step is 166Hz, we might still be in band. Anything over 150kHz stands a chance. As I recall, the horrible noise I made was strong enough to render Radio 4 irrelevant!

(I did pick the constants in the outer loops to give me something close to the CUTS standards, or the Beeb's cassette standards, and they'd need tweaking, and we might not be so lucky with the even divisibility.)


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 5:52 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
You're right Arlet, you can do wonderful things with video output. Even broadcast digital radio, IIRC. Edit: nope, even more amazing, it was DVB-T - see http://bellard.org/dvbt/


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 6:06 pm 
Offline
User avatar

Joined: Tue Nov 16, 2010 8:00 am
Posts: 2353
Location: Gouda, The Netherlands
Can you increase the AM effect by switching more data/address lines at the same time ?


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 6:22 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
It's a good thought - I was aiming to place the code just below $0180 so the PC will flip from $017F to $0180 - but what we really want is a strong effect with the ON loop and a weaker effect with the OFF loop.

The other thing I did was attach a little dangly wire - I think that helped, although of course all the dimensions of the system are a great deal less than the 375m quarter-wavelength!


Last edited by BigEd on Sat Feb 11, 2017 9:00 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 8:52 pm 
Offline

Joined: Sun Jun 29, 2014 5:42 am
Posts: 352
Code:
loop5:
    SBC #1
    JMP skip5
skip5:
    NOP
    BNE loop5
    RTS

I'm not sure whether this has been overlooked or not, but if the loop crosses a page boundary, doesn't this become an 11 cycle loop?

Dave


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 8:59 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10986
Location: England
You'd be right! As I'd decided to sit near the middle of page 1, it wouldn't be a concern, but my original thought was to sit just below $4000, and that would indeed have been a wrinkle.


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 9:35 pm 
Offline

Joined: Sat Dec 13, 2003 3:37 pm
Posts: 1004
Well you always hear stories about listening in on machines (in various ways), notably those doing encryption with the hope of narrowing the keyspace to weaken it.

One of my favorite hacks, years ago, was a group that managed to break in to a stock Apple iPod. In the end, all they could get their code to do was make a beep.

But they leveraged this by uploading code to the device that compressed the iPod ROMS, and then simply beep-ed out the resulting bit stream.

They then stuck the iPod in to a box with a mic, and recorded the whole thing, then decoded it, thus getting a binary image of the iPod ROMS.


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 11, 2017 9:58 pm 
Offline
User avatar

Joined: Fri Aug 30, 2002 1:09 am
Posts: 8544
Location: Southern California
Don't forget bogax's sine-wave generator: viewtopic.php?f=2&t=2404

_________________
http://WilsonMinesCo.com/ lots of 6502 resources
The "second front page" is http://wilsonminesco.com/links.html .
What's an additional VIA among friends, anyhow?


Top
 Profile  
Reply with quote  
PostPosted: Fri Feb 17, 2017 4:38 am 
Offline
User avatar

Joined: Sat Dec 07, 2013 4:32 pm
Posts: 246
Location: The Kettle Moraine
Dr Jefyll wrote:
Good stuff, Ed -- thanks for the intriguing topic!

KC9UDX wrote:
Also, for the purposes at hand, perhaps simple on/off keying works.
Interesting. Are you supposing a machine would read the signal, or would a human do it (as with Morse code)? If there's no modulation, don't you need a BFO to render the carrier audible? (I'm dusting off some long-unused vocabulary I learned as a kid from my older brother, the former VE3EWK :) )


You don't need a BFO to copy morse or any other on/off keying. It does help if you are trying to hear it; but you can actually hear it without, it's just more difficult. Visually, if you have a signal strength meter, you can copy just fine without a BFO. A machine has the same advantage.

Strictly speaking, a computer by itself with no actual transmitting hardware could not (probably) output on/off keying. It would actually be FSK. But, you could make the shift far enough to seem on/off to a narrow enough receiver. Either way it should work.


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 18, 2017 11:42 am 
Offline
User avatar

Joined: Sun Nov 27, 2011 12:03 pm
Posts: 229
Location: Amsterdam, Netherlands
BigEd wrote:
(Just to note, the idea to do this was from this thread, which posted the challenge of getting ROM contents from a small machine.)

Intriguing. It's like an alien that has to 'phone home' with just a wire, a match, and a piece of lint.

Apropos : causing interference is one thing, getting data into and out of it is quite another, I expect.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: