Home » Forum » MSX Talk » Development » Routine to bypass a firmware

Routine to bypass a firmware

Page 1/10
| 2 | 3 | 4 | 5 | 6

By gdx

Enlighted (6437)

gdx's picture

23-12-2021, 12:04

Most firmware defines a key to prevent its execution at MSX startup. It's a bit annoying having to press this key on every boot, but it is even more annoying when this key is also being used by another cartridge.

While browsing through the wiki, I saw that the Hitachi MB-H1 and MB-H2 computers use another very practical method since no need to press any key, the firmware searches if a ROM cartridge is inserted in the slot 1 or 2, if no ROM cartridge is found, the firmware is executed. By cons, the secondary slots are not taken into account, so if you insert a disk interface with several functions (memory expansion, megaflash-ROM, etc.), it will not be detected and the firmware will start, which causes a conflict.

Used routine is:

	ld	hl,0FCD9h
	ld	b,020h
	xor	a
Loop:
	or	(hl)
	inc	hl
	djnz	Loop
	or	a
	ret	nz

It's short. I made a similaire routine that taken into account the secondary slots. So it seems works perfectly but its takes is 123 bytes. I'm putting it down here in case anyone is interested.

; Routine to search if a ROM cartridge is inserted in slot 1 or 2
; It must executed from slot 0-x or 3-x
;
; Output: Back with Z flag reseted if ROM cartridge is found

RDSLT	equ	0000Ch		; Read a byte in a Slot
Firmware	equ	0xxxxh		; Specify the firmware start address here

	org	0xxxxh			; Specify the routine location here

SrchROM:
	push	hl
	push	de
	push	bc

	ld	b,1		; Primary slot ID
	ld	hl,08000h	; Header address
	call	Rom_srch	; Return NZ if ROM cartridge is not found 
	jp	z,Back

	ld	b,1		; Primary slot ID
	ld	hl,04000h	; Header address
	call	Rom_srch	; Return NZ if ROM cartridge is not found 
	jp	z,Back

	ld	b,2		; Primary slot ID
	ld	hl,08000h	; Header address
	call	Rom_srch	; Return NZ if ROM cartridge is not found 
	jp	z,Back

	ld	b,2		; Primary slot ID
	ld	hl,04000h	; Header address
	call	Rom_srch	; Return NZ if ROM cartridge is not found 
;	jp	z,Back
Back:
	pop	bc
	pop	de
	pop	hl
	jp	nz,Firmware	; Run the firmware
	ret

Rom_srch:
	push	hl	

	ld	hl,EXPTBL
	ld	d,0
	ld	e,b
	add	hl,de
	ld	a,(hl)
	bit	7,a
	jr	nz,Sub_slt

Prim_slt:
	pop	hl	
	ld	a,b
	push	bc
	call	RDSLT
	pop	bc
	cp	041h
	ret	nz	; Back if ROM cartridge not found

	inc	hl
	ld	a,b
	call	RDSLT
	cp	042h
	ret		; Back
	
Sub_slt:
	set	7,b
	ld	c,0	; Secondary slot ID
	pop	hl	
Sub_slt_lp:
	ld	a,c
	rlca
	rlca
	or	b
	push	bc
	call	RDSLT
	pop	bc
	cp	041h
	jr	nz,NotFound	; Jump if ROM cartridge not found

	ld	a,c
	rlca
	rlca
	or	b
	inc	hl
	push	bc
	call	RDSLT
	pop	bc
	dec	hl
	cp	042h
	ret	z		; Back if ROM cartridge found

NotFound:
	inc	c
	ld	a,4
	cp	c
	jp	nz,Sub_slt_lp
	or	a		; Reset Z because ROM cartridge not found 
	ret			; Back if ROM cartridge found

I also made a patch for the MB-H1 firmware which will be available soon. :)

PS: I know MFR + SD is able to bypass firmwares but this method works for everything (if there is room for the routine of course).

Login or register to post comments

By gdx

Enlighted (6437)

gdx's picture

30-12-2021, 11:08

The patch to fix the MB-H1 and MB-H2 firmware is avalable.

https://www.msx.org/news/hardware/en/patch-to-fix-the-mb-h1-...

The Sony HB-55 and HB-75 have the same issue, so I'm thinking of patching them up too for next time.

By gdx

Enlighted (6437)

gdx's picture

31-12-2021, 14:14

Quote:

The Sony HB-55 and HB-75 have the same issue, so I'm thinking of patching them up too for next time.

It works fine, it was just a bug in BlueMSX.

By sdsnatcher73

Enlighted (4298)

sdsnatcher73's picture

31-12-2021, 14:37

Personally I prefer these firmwares to be disabled at normal boot and only activated on key press (e.g. DEL). Even without anything in the slots an MSX should just boot into BASIC. Well that’s my opinion Wink.

By meits

Scribe (6572)

meits's picture

31-12-2021, 16:11

That's what was done with the latest Philips Music module expanders. ESC is firmware on now. That means no more booting with ESC pressed to skip what's flashed to your MegaflashromSCC+SD.
Automatically running firmware should be banned as much as possible. Have it on a disk in stead.

By gdx

Enlighted (6437)

gdx's picture

31-12-2021, 16:31

Meits wrote:

That's what was done with the latest Philips Music module expanders. ESC is firmware on now. That means no more booting with ESC pressed to skip what's flashed to your MegaflashromSCC+SD.

The problem is there, several extensions use a key to bypass or run its internal software. There are even extensions that use multiple keys for multiple functions like Nextor. It is sometimes very annoying when the same key is used. Other disavantage, you always have to look for which key corresponds to which firmware or which extension or function.

Meits wrote:

Automatically running firmware should be banned as much as possible. Have it on a disk in stead.

This is what my patch does.

I did this for those who don't want to remove the firmware. Otherwise, it is better to remove it directly in general.

By meits

Scribe (6572)

meits's picture

01-01-2022, 11:50

You're right. It's a key-jungle out there. I like what you do Smile

By Guillian

Prophet (3529)

Guillian's picture

01-01-2022, 12:40

gdx wrote:
Meits wrote:

That's what was done with the latest Philips Music module expanders. ESC is firmware on now. That means no more booting with ESC pressed to skip what's flashed to your MegaflashromSCC+SD.

The problem is there, several extensions use a key to bypass or run its internal software. There are even extensions that use multiple keys for multiple functions like Nextor. It is sometimes very annoying when the same key is used. Other disavantage, you always have to look for which key corresponds to which firmware or which extension or function.

MegaFlashROM SCC+ SD automatically skips the internal firmware. No need to hold any key.
Also, you can configure which key do you want to hold to skip or launch the flashed game.

By gdx

Enlighted (6437)

gdx's picture

01-01-2022, 14:07

I wrote it in the first thread post, and also why it was better to patch the firmware anyway.

PS: I also indicate a method to bypass the HB-201p firmware here:
https://www.msx.org/forum/msx-talk/hardware/sd512-with-hb201...
This method can be adapted for several other interfaces.
I created these threads to try to find a solution for people having an issue with a firmware.

By meits

Scribe (6572)

meits's picture

01-01-2022, 14:31

Guillian wrote:

MegaFlashROM SCC+ SD automatically skips the internal firmware. No need to hold any key.
Also, you can configure which key do you want to hold to skip or launch the flashed game.

I used this example because I do have an MFR with which I use the ESC button to skip a flashed ROM. The ESC key is used to skip a lot of firmwares. Though the Music Module expansion uses it to run the firmware. That's where the clash is Wink

By gdx

Enlighted (6437)

gdx's picture

02-01-2022, 08:32

The issue also often occurs when you need to use two interfaces at the same time.

There is another method usable on several cartridges. I proposed it to Konamiman for Nextor but which unfortunately did not adopt. It is to display a message "Press ESC to show the options menu..." for 2 seconds max under the title and we could press a single key only during this time. This would also work for the Music Module if there was free area in the ROM. The only drawback is that it lengthens the initialization time.

Here is a program example:

;
; Method example to avoid key conflict with your ROM cartridge
;

LF:	equ	0Ah
CR:	equ	0Dh

CLS	equ	000C3h
CHPUT	equ	000A2h
SNSMAT	equ	00141h

GETPNT	equ	0F3FAh
INTCNT	equ	0FCA2h
PUTPNT	equ	0F3F8h

RomSize:	equ	2000h

	org	04000h

; File header

	db "AB"		; ID for auto-executable ROM (Upper casse)
	dw INIT		; Program code entry point
	dw 0		; STATEMENT
	dw 0		; DEVICE
	dw 0		; TEXT (Unused on this page)
	dw 0,0,0	; Reserved

INIT:
	bit	7,h
	ret	nz	; Back to the MSX initialisation if mirror

	xor	a	; Set the Z flag for CLS
	call	CLS

ESCtst:
	ld	a,7
	call	SNSMAT
	bit	2,a
	jr	z,ESCtst		; Jump if ESC is pressed

	ld	hl,TitleTXT
TitlePrint:
	ld	a,(hl)
	or	a
	jr	z,CounterSet	; Jump if text displayed
	call	CHPUT
	inc	hl
	jr	TitlePrint

CounterSet:
	ld	a,96
	ld	(INTCNT),a
	xor	a
	ld	(INTCNT+1),a	; Set the counter to 1.6 second (at 60Hz)
ESC_Loop:
	ld	a,(INTCNT)
	or	a
	ret	z		; Back to the MSX initialisation
	ld	a,7
	call	SNSMAT
	bit	2,a
	jr	nz, ESC_Loop	; Jump if ESC is not pressed

	xor	a		; set the Z flag
	call	CLS
MENU:
	ld	a,7
	call	SNSMAT
	bit	2,a
	jr	z,MENU		; Jump if ESC is pressed

	ld	hl,MenuTXT
MenuPrint:
	ld	a,(hl)
	or	a
	jr	z,MenuPRG	; Jump if text displayed
	call	CHPUT
	inc	hl
	jr	MenuPrint

MenuPRG:
	ld	a,7
	call	SNSMAT
	bit	7,a
	jr	z,BACK		; Jump if ESC is pressed

	; Options menu program must be here
	jp	MenuPRG

BACK:
	ld	a,7
	call	SNSMAT
	bit	7,a
	jr	z,BACK		; Jump if RET is not pressed
	
	ld hl,(PUTPNT)
	ld (GETPNT),hl		; Clear Keyboard buffeer
	ret			; Back to the MSX initialisation

TitleTXT:
	db	"Test Cartridge",CR,LF,LF
	db	"Press ESC to show the options",0
MenuTXT:
	db	"Options Menu",CR,LF,LF
	db	"Press Return to continue",0
PRG_END:
	ds	RomSize-(PRG_END-4000h),0FFh	; Fill with FFh to make a 8kB ROM

Download the compiled version:
https://www32.zippyshare.com/v/libLNWa7/file.html

PS: According the datapack the 3 pushes and pops are in previous program not necessary.

Page 1/10
| 2 | 3 | 4 | 5 | 6