Skip to content
@DuPAL-PAL-DUmper

DuPAL - PAL Reversing Tools

Collection of tools I use to reverse engineer PAL devices. These tools are meant to satisfy my needs. I'm sharing them here in case someone finds them useful.

DuPAL

Here You'll find all the repositories related to my work on the various incarnations of the DuPAL devices, the tools I use to analyze and reverse old PLD devices.

DuPAL V3, aka "dupico"

The dupico is the new incarnation of the DuPAL, based on the Raspberry Pico. It's a much more flexible device in respect to the previous incarnation, and can act as a dumper for other types of devices.

Development is currently carried on on the dupico only, and the other incarnations are considered legacy.

Repositories

  • DuPAL_Board, here You'll find schematics and gerbers for the various incarnations of DuPAL boards and accessories
  • dupico_firmware, firmware for the dupico board
  • PAL_samples, repository with some PAL examples I use for experiments
  • dpdumper, tool to dump simple combinatorial devices (e.g. old PALs, but also ROMs)
  • dpdump2tab, tool to convert dumps from purely combinatorial devices made with dpdumper into truth tables compatible with espresso
  • dppeeper, tool for visual and interactive analysis of a PLD
  • dupicolib, library for hardware interfacing with the dupico board, required by the above projects
  • dpdumperlib, library with shared code used by the dpdumper and other projects
  • espresso-logic, port of espresso that can be built using msys2/mingw

Limitations

I plan to write a proper document on this, but keep in mind that analyzing PLD devices with registered outputs (based on flip-flops) and especially devices making use of feedbacks is an arduous task. DuPAL helps, but is no silver bullet.

Feedbacks are especially problematic because they generate intermediate states that cannot be detected by the dupico (and maybe can just be guessed by continuous sampling of the outputs of the PLD device) and thus cannot be recovered by automatic analysis.

An example is the following. Consider these logic equations:

/o18 = i1
/o17 = /i1 * /o18 + /o17 * i2

o17 and o18 act as feedbacks, so they are both outputs and inputs to the equations, and, as inputs, are not under direct user control.

The following is a partial truth table for these equations:

i2 i1 o18 o17 -> o18 o17
0 0 0 0 1 0
0 1 0 0 0 1
1 0 0 0 1 0
1 1 0 0 0 0
0 0 1 0 1 1
0 1 1 0 0 1
1 0 1 0 1 0
1 1 1 0 0 0
0 0 1 1 1 1
0 1 1 1 0 1
1 0 1 1 1 1
1 1 1 1 0 1

Imagine starting in state 00 (so both o18 and o17 at 0), and setting the two inputs i1 and i2 at 0. Following the truth table you will see that You'll immediately switch to state 10 (o18 high, and o17 low), but state 10 with input 00 is not stable: following the truth table again, we see that we will switch to state 11 immediately, and we will stop here.

State 10 is an intermediate state, and is not captured by sampling the outputs at a low frequency.

TODO

In no particular order:

  • Add flag to enable byte-swapping (Big-Endian -> Little Endian) in dpdumper in case the data bus width is > 1B
  • Extract IC loading code from dppeeper into a library, so it can be shared between other tools
  • Write a section of this document detailing various analysis paths dependant on the type of IC
  • Implement a way in firmware to have the client "describe" the structure of a combinatorial IC, and then transfer the content via e.g. XMODEM, to reduce the overhead
  • Implement a de-ambiguizer that takes a "peeper" toml defintion that has pins shared between I/O/Q/Clock and tries to understand their actual function, then outputs a non ambiguous TOML.
  • Implement an analyzer that uses a non-ambiguous TOML and tries to extract feedback states and registered states.
  • Implement a conversion from whatever the analyzer outputs to an espresso table.
  • Find a way to make espresso buildable under mingw

Pinned Loading

  1. DuPAL_Board DuPAL_Board Public

    This repository contains the KiCad files and the gerber files for the DuPAL boards.

    46 10

  2. dpdumper dpdumper Public

    Tool to dump basic combinatorial ICs with dupico

    Python 1 2

  3. dppeeper dppeeper Public

    Tool to visually analyze ICs inserted in the dupico

    Python 1 1

  4. dupico_firmware dupico_firmware Public

    Firmware for the DuPAL V3 "dupico" board

    C 2 2

  5. dpdump2tab dpdump2tab Public

    Tool to convert files generated by dpdumper to truth tables compatible with the expresso logic minimizer

    Python 1

Repositories

Showing 10 of 16 repositories
  • dpanalib Public

    Python library with shared code for projects based on dppeeper

    DuPAL-PAL-DUmper/dpanalib’s past year of commit activity
    Python 1 GPL-3.0 0 0 0 Updated Nov 23, 2024
  • dpdumper Public

    Tool to dump basic combinatorial ICs with dupico

    DuPAL-PAL-DUmper/dpdumper’s past year of commit activity
    Python 1 GPL-3.0 2 0 0 Updated Sep 28, 2024
  • .github Public
    DuPAL-PAL-DUmper/.github’s past year of commit activity
    0 0 0 0 Updated Sep 28, 2024
  • dpdumperlib Public

    Python library with shared code for projects based on dpdumper

    DuPAL-PAL-DUmper/dpdumperlib’s past year of commit activity
    Python 0 GPL-3.0 1 0 0 Updated Sep 28, 2024
  • dupico_firmware Public

    Firmware for the DuPAL V3 "dupico" board

    DuPAL-PAL-DUmper/dupico_firmware’s past year of commit activity
    C 2 GPL-3.0 2 0 0 Updated Sep 28, 2024
  • dppeeper Public

    Tool to visually analyze ICs inserted in the dupico

    DuPAL-PAL-DUmper/dppeeper’s past year of commit activity
    Python 1 GPL-3.0 1 0 0 Updated Sep 17, 2024
  • DuPAL_Board Public

    This repository contains the KiCad files and the gerber files for the DuPAL boards.

    DuPAL-PAL-DUmper/DuPAL_Board’s past year of commit activity
    46 CC-BY-SA-4.0 10 0 0 Updated Sep 12, 2024
  • espresso-logic Public Forked from classabbyamp/espresso-logic

    A modern (2017) compilable re-host of the Espresso heuristic logic minimizer.

    DuPAL-PAL-DUmper/espresso-logic’s past year of commit activity
    C 1 MIT 38 0 0 Updated Sep 8, 2024
  • dupicolib Public

    Python library to handle communication with the DuPAL V3 "dupico" board

    DuPAL-PAL-DUmper/dupicolib’s past year of commit activity
    Python 0 GPL-3.0 2 0 0 Updated Sep 8, 2024
  • dpdump2tab Public

    Tool to convert files generated by dpdumper to truth tables compatible with the expresso logic minimizer

    DuPAL-PAL-DUmper/dpdump2tab’s past year of commit activity
    Python 0 GPL-3.0 1 0 0 Updated Aug 24, 2024

Top languages

Loading…

Most used topics

Loading…