NMOS 6510 Unintended Opcodes No More Secrets (V0.95 - 24/12/20)

Total Page:16

File Type:pdf, Size:1020Kb

NMOS 6510 Unintended Opcodes No More Secrets (V0.95 - 24/12/20) NMOS 6510 Unintended Opcodes no more secrets (v0.95 - 24/12/20) (w) 2013-2020 groepaz/solution, all rights reversed Contents Preface...................................................................................................................................................I Scope of this Document....................................................................................................................I Intended Audience............................................................................................................................I License..............................................................................................................................................I What you get...................................................................................................................................II Naming Conventions.....................................................................................................................III Address-Mode Abbreviations...................................................................................................III Mnemonics................................................................................................................................III Processor Flags.........................................................................................................................IV Opcode Matrix......................................................................................................................................1 Unintended Opcodes............................................................................................................................3 Overview..........................................................................................................................................3 Types................................................................................................................................................5 Combinations of two operations with the same addressing mode..............................................5 Combinations of an immediate and an implied command..........................................................5 Combinations of STA/STX/STY................................................................................................6 Combinations of STA/TXS and LDA/TSX................................................................................6 No effect......................................................................................................................................6 Lock-up.......................................................................................................................................6 Stable Opcodes................................................................................................................................7 SLO (ASO).................................................................................................................................7 Example: Multibyte arithmetic left shift and load leftmost byte............................................8 RLA (RLN).................................................................................................................................9 Example: scroll over a background layer.............................................................................10 SRE (LSE).................................................................................................................................11 Example: 8bit 1-of-8 counter...............................................................................................12 RRA (RRD)...............................................................................................................................13 Example: noise LFSR...........................................................................................................14 SAX (AXS, AAX).....................................................................................................................15 Example: store values with mask.........................................................................................16 Example: update Sprite Pointers..........................................................................................16 LAX..........................................................................................................................................18 Example: load A and X with same value..............................................................................19 DCP (DCM)..............................................................................................................................20 Example: decrementing loop counter...................................................................................21 Example: decrementing 16bit counter..................................................................................21 ISC (ISB, INS)..........................................................................................................................22 Example: incrementing loop counter...................................................................................23 Example: increment indexed and load value........................................................................23 ANC (ANC2, ANA, ANB).......................................................................................................24 Example: implicit enforcement of carry flag state...............................................................25 Example: remembering a bit................................................................................................25 ALR (ASR)...............................................................................................................................26 Example: right shift and mask..............................................................................................26 Example: fetch 2 bits from a byte........................................................................................27 Example: add offset depending on LSB...............................................................................27 ARR..........................................................................................................................................28 Example: rotating 16 bit values............................................................................................29 Example: load register depending on carry..........................................................................30 Contents Example: shift zeros or ones into accumulator....................................................................30 SBX (AXS, SAX, XMA)..........................................................................................................31 Example: decrement X by more than 1................................................................................32 Example: decrement nibbles................................................................................................33 Example: apply a mask to an index......................................................................................34 SBC (USBC, USB)...................................................................................................................35 LAS (LAR)...............................................................................................................................36 Example: cycle an index within bounds...............................................................................37 NOP (NPO, UNP).....................................................................................................................38 NOP (DOP, SKB)......................................................................................................................38 NOP (DOP, SKB, IGN).............................................................................................................38 NOP (TOP, SKW, IGN).............................................................................................................39 Example: acknowledge IRQ.................................................................................................40 JAM (KIL, HLT, CIM, CRP)....................................................................................................41 Example: stop execution......................................................................................................41 Unstable Opcodes..........................................................................................................................42 'unstable address high byte' group.............................................................................................42 SHA (AXA, AHX, TEA)......................................................................................................44 Example: SAX abs, y.......................................................................................................45 Example: SAX (zp), y......................................................................................................45 SHX (A11, SXA, XAS, TEX)..............................................................................................46 Example: STX abs, y.......................................................................................................47 Example: Sync with raster beam (remove cycle variance)..............................................47 SHY (A11, SYA, SAY, TEY)...............................................................................................49
Recommended publications
  • Malware Detection Advances in Information Security
    Malware Detection Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: ja jodia @ smu.edu The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional titles in the series: ELECTRONIC POSTAGE SYSTEMS: Technology, Security, Economics by Gerrit Bleumer; ISBN: 978-0-387-29313-2 MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMS by Jintai Ding, Jason E. Gower and Dieter Schmidt; ISBN-13: 978-0-378-32229-2 UNDERSTANDING INTRUSION DETECTION THROUGH VISUALIZATION by Stefan Axelsson; ISBN-10: 0-387-27634-3 QUALITY OF PROTECTION: Security Measurements and Metrics by Dieter Gollmann, Fabio Massacci and Artsiom Yautsiukhin; ISBN-10; 0-387-29016-8 COMPUTER VIRUSES AND MALWARE by John Aycock; ISBN-10: 0-387-30236-0 HOP INTEGRITY IN THE INTERNET by Chin-Tser Huang and Mohamed G.
    [Show full text]
  • The RISC-V Instruction Set Manual, Volume II: Privileged Architecture, Version 1.10”, Editors Andrew Waterman and Krste Asanovi´C,RISC-V Foundation, May 2017
    The RISC-V Instruction Set Manual Volume II: Privileged Architecture Privileged Architecture Version 1.10 Document Version 1.10 Warning! This draft specification may change before being accepted as standard by the RISC-V Foundation. While the editors intend future changes to this specification to be forward compatible, it remains possible that implementations made to this draft specification will not conform to the future standard. Editors: Andrew Waterman1, Krste Asanovi´c1;2 1SiFive Inc., 2CS Division, EECS Department, University of California, Berkeley [email protected], [email protected] May 7, 2017 Contributors to all versions of the spec in alphabetical order (please contact editors to suggest corrections): Krste Asanovi´c,Rimas Aviˇzienis,Jacob Bachmeyer, Allen J. Baum, Paolo Bonzini, Ruslan Bukin, Christopher Celio, David Chisnall, Anthony Coulter, Palmer Dabbelt, Monte Dal- rymple, Dennis Ferguson, Mike Frysinger, John Hauser, David Horner, Olof Johansson, Yunsup Lee, Andrew Lutomirski, Jonathan Neusch¨afer,Rishiyur Nikhil, Stefan O'Rear, Albert Ou, John Ousterhout, David Patterson, Colin Schmidt, Wesley Terpstra, Matt Thomas, Tommy Thorn, Ray VanDeWalker, Megan Wachs, Andrew Waterman, and Reinoud Zandijk. This document is released under a Creative Commons Attribution 4.0 International License. This document is a derivative of the RISC-V privileged specification version 1.9.1 released under following license: c 2010{2017 Andrew Waterman, Yunsup Lee, Rimas Aviˇzienis,David Patterson, Krste Asanovi´c.Creative Commons Attribution 4.0 International License. Please cite as: \The RISC-V Instruction Set Manual, Volume II: Privileged Architecture, Version 1.10", Editors Andrew Waterman and Krste Asanovi´c,RISC-V Foundation, May 2017. Preface This is version 1.10 of the RISC-V privileged architecture proposal.
    [Show full text]
  • Vasm Assembler System
    vasm assembler system Volker Barthelmann, Frank Wille June 2021 i Table of Contents 1 General :::::::::::::::::::::::::::::::::::::::::: 1 1.1 Introduction ::::::::::::::::::::::::::::::::::::::::::::::::::: 1 1.2 Legal :::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 1.3 Installation :::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2 The Assembler :::::::::::::::::::::::::::::::::: 3 2.1 General Assembler Options ::::::::::::::::::::::::::::::::::::: 3 2.2 Expressions :::::::::::::::::::::::::::::::::::::::::::::::::::: 5 2.3 Symbols ::::::::::::::::::::::::::::::::::::::::::::::::::::::: 7 2.4 Predefined Symbols :::::::::::::::::::::::::::::::::::::::::::: 7 2.5 Include Files ::::::::::::::::::::::::::::::::::::::::::::::::::: 8 2.6 Macros::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 8 2.7 Structures:::::::::::::::::::::::::::::::::::::::::::::::::::::: 8 2.8 Conditional Assembly :::::::::::::::::::::::::::::::::::::::::: 8 2.9 Known Problems ::::::::::::::::::::::::::::::::::::::::::::::: 9 2.10 Credits ::::::::::::::::::::::::::::::::::::::::::::::::::::::: 9 2.11 Error Messages :::::::::::::::::::::::::::::::::::::::::::::: 10 3 Standard Syntax Module ::::::::::::::::::::: 13 3.1 Legal ::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 13 3.2 Additional options for this module :::::::::::::::::::::::::::: 13 3.3 General Syntax ::::::::::::::::::::::::::::::::::::::::::::::: 13 3.4 Directives ::::::::::::::::::::::::::::::::::::::::::::::::::::: 14 3.5 Known Problems::::::::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Triplicated Instruction Set Randomization in Parallel
    TRIPLICATED INSTRUCTION SET RANDOMIZATION IN PARALLEL HETEROGENOUS SOFT-CORE PROCESSORS by Trevor James Gahl A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering MONTANA STATE UNIVERSITY Bozeman, Montana April 2019 ©COPYRIGHT by Trevor James Gahl 2019 All Rights Reserved ii ACKNOWLEDGEMENTS I would like to acknowledge my friends and family for standing by me and helping me throughout my time in grad school. My friend and lab-mate Skylar Tamke for always letting me bounce ideas off of him and helping me blow off steam. My advisor Dr. Brock LaMeres for helping me refocus in a field I love. More than anybody though, I'd like to acknowledge my wife Kaitlyn for helping me with anything I needed, whether that was bringing me food late at night or listening to rants about compiler errors and code bugs, I couldn't have asked for a better support system. iii TABLE OF CONTENTS 1. INTRODUCTION ........................................................................................1 Introduction.................................................................................................1 2. BACKGROUND AND MOTIVATION...........................................................5 Monoculture Environment.............................................................................5 Opcodes and Instruction Sets ........................................................................7 Cybersecurity Threats................................................................................
    [Show full text]
  • Reference Manual
    MC9S08SF4 Reference Manual HCS08 Microcontrollers MC9S08SF4 Rev. 3 9/2011 freescale.com MC9S08SF4 Features • 8-Bit S08 Central Processor Unit (CPU) – PWT — Two 16-bit pulse width timers (PWT); – Up to 40 MHz CPU at 2.7 V to 5.5 V across temperature selectable driving clock, positive/negative/period range of –40 C to 125 C capture – HC08 instruction set with added BGND instruction – PRACMP — Two programmable reference analog – Support for up to 32 interrupt/reset sources comparators with eight optional inputs for both positive •On-Chip Memory and negative inputs; 32-level internal reference voltages – 4 KB flash read/program/erase over full operating scaled by selectable reference inputs voltage and temperature – IIC — Inter-integrated circuit bus module capable of – 128-byte random-access memory (RAM) operation up to 100 kbps with maximum bus loading; – Security circuitry to prevent unauthorized access to multi-master operation; programmable slave address; RAM and flash contents interrupt-driven byte-by-byte data transfer; broadcast • Power-Saving Modes mode; 10-bit addressing – Two low power stop modes; reduced power wait mode – KBI — 4-pin keyboard interrupt module with software – Allows clocks to remain enabled to specific peripherals selectable polarity on edge or edge/level modes in stop3 mode – FDS — Shut down output pin upon fault detection; the • Clock Source Options fault sources can be optional enabled separately; the – Internal Clock Source (ICS) — Internal clock source output pin can be configured as output 1,0 and high module
    [Show full text]
  • Intel® Architecture Instruction Set Extensions Programming Reference
    Intel® Architecture Instruction Set Extensions Programming Reference 319433-014 AUGUST 2012 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTIC- ULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "MISSION CRITICAL APPLICATION" IS ANY APPLICATION IN WHICH FAILURE OF THE INTEL PRODUCT COULD RESULT, DIRECTLY OR INDIRECT- LY, IN PERSONAL INJURY OR DEATH. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EM- PLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRIT- ICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or char- acteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no respon- sibility whatsoever for conflicts or incompatibilities arising from future changes to them.
    [Show full text]
  • NMOS 6510 Unintended Opcodes No More Secrets (Christmas Release, 24/12/14)
    NMOS 6510 Unintended Opcodes no more secrets (Christmas release, 24/12/14) (w) 2013-2014 groepaz/hitmen, all rights reversed Contents Preface...................................................................................................................................................I Scope of this Document....................................................................................................................I Intended Audience............................................................................................................................I What you get...................................................................................................................................II Naming Conventions.......................................................................................................................II Mnemonics.................................................................................................................................II Unintended Opcodes............................................................................................................................1 Overview..........................................................................................................................................1 Types................................................................................................................................................3 Combinations of two operations with the same addressing mode..............................................3 Combinations
    [Show full text]
  • Beta Documentation (PDF)
    M A S S A C H U S E T T S I N S T I T U T E O F T E C H N O L O G Y DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE 6.004 Computation Structures β Documentation 1. Introduction This handout is a reference guide for the β, the RISC processor design for 6.004. This is intended to be a complete and thorough specification of the programmer-visible state and instruction set. 2. Machine Model The β is a general-purpose 32-bit architecture: all registers are 32 bits wide and when loaded with an address can point to any location in the byte-addressed memory. When read, register 31 is always 0; when written, the new value is discarded. Program Counter Main Memory PC always a multiple of 4 0x00000000: 3 2 1 0 0x00000004: 32 bits … Registers SUB(R3,R4,R5) 232 bytes R0 ST(R5,1000) R1 … … R30 0xFFFFFFF8: R31 always 0 0xFFFFFFFC: 32 bits 32 bits 3. Instruction Encoding Each β instruction is 32 bits long. All integer manipulation is between registers, with up to two source operands (one may be a sign-extended 16-bit literal), and one destination register. Memory is referenced through load and store instructions that perform no other computation. Conditional branch instructions are separated from comparison instructions: branch instructions test the value of a register that can be the result of a previous compare instruction. 6.004 Computation Structures - 1 - β Documentation There are only two types of instruction encoding: Without Literal and With Literal.
    [Show full text]
  • Intel 64 and IA-32 Architectures Optimization Reference Manual [PDF]
    Intel® 64 and IA-32 Architectures Optimization Reference Manual Order Number: 248966-033 June 2016 Intel technologies features and benefits depend on system configuration and may require enabled hardware, software, or service ac- tivation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Intel does not assume any liability for lost or stolen data or systems or any damages resulting from such losses. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting http://www.intel.com/design/literature.htm.
    [Show full text]
  • Securing Systems by Vulnerability Mitigation and Adaptive Live Patching Yue Chen
    Florida State University Libraries Electronic Theses, Treatises and Dissertations The Graduate School 2018 Securing Systems by Vulnerability Mitigation and Adaptive Live Patching Yue Chen Follow this and additional works at the DigiNole: FSU's Digital Repository. For more information, please contact [email protected] FLORIDA STATE UNIVERSITY COLLEGE OF ARTS AND SCIENCES SECURING SYSTEMS BY VULNERABILITY MITIGATION AND ADAPTIVE LIVE PATCHING By YUE CHEN A Dissertation submitted to the Department of Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy 2018 Copyright © 2018 Yue Chen. All Rights Reserved. Yue Chen defended this dissertation on January 23, 2018. The members of the supervisory committee were: Zhi Wang Professor Directing Dissertation Ming Yu University Representative Xiuwen Liu Committee Member An-I Andy Wang Committee Member The Graduate School has verified and approved the above-named committee members, and certifies that the dissertation has been approved in accordance with university requirements. ii To my beloved ones. iii ACKNOWLEDGMENTS Pursuing a Ph.D. degree is a unique experience in my life. Here I would like to express my gratitude to a number of people. Without them, I cannot enjoy this wonderful journey. Foremost, I feel incredibly fortunate to have been under Prof. Zhi Wang’s guidance during my Ph.D. study at Florida State. His passion and dedication for research has highly influenced me and opened my eyes to the research world. His encouragement, guidance and support are invaluable power for me to explore the horizons. I have been very lucky to work with several excellent researchers.
    [Show full text]
  • Execution Unit ISA (Ivy Bridge)
    Intel® OpenSource HD Graphics Programmer’s Reference Manual (PRM) Volume 4 Part 3: Execution Unit ISA (Ivy Bridge) For the 2012 Intel® Core™ Processor Family May 2012 Revision 1.0 NOTICE: This document contains information on products in the design phase of development, and Intel reserves the right to add or remove product features at any time, with or without changes to this open source documentation. Doc Ref #: IHD-OS-V4 Pt 3 – 05 12 Creative Commons License You are free to Share — to copy, distribute, display, and perform the work Under the following conditions: Attribution. You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). No Derivative Works. You may not alter, transform, or build upon this work. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or
    [Show full text]
  • "Z80MU" Z80 and CP/M 2.2 Emulator User's Guide Or the Care And
    "Z80MU" Z80 and CP/M 2.2 Emulator User's Guide or The Care and Feeding of Your Imaginary Z80 or Fakeware For The Techie Masses! A Guide to the Complete Z80 Emulator COMPUTERWISE CONSULTING SERVICES, P.O. BOX 813, MCLEAN, VA 22101 Textformat angepasst an OpenOffice.org writer 25.11.2010 von Dr. Hehl Hans Z80EMU.PDF www.hehlhans.de/euroz80.htm Describing the first of a two-part series of 8080, Z80, and CP/M-emulators for the IBM PC. This document describes Z80MU (version 2.1, Z80MU dated 10/30/85), a software emulation of the Z80 and CP/M 2.2. The second product - if it ever gets out the door - includes hardware emulation of the 8080, using the NEC V20 8088-compatible processor chip. Program written by Joan Riff for Computerwise Consulting Services. Joan Riff Placed in the public domain. No copyright notice. No legal mumbo-jumbo. No request for a financial contribution. No warrantee. Just a bunch of marvelous software magic. COMPUTERWISE CONSULTING SERVICES, P.O. BOX 813, MCLEAN, VA 22101 "Z80MU" Z80 and CP/M 2.2 Emulator User's Guide INTRODUCTION what is it? Z80MU is a software emulator of the ZILOG Z80 processor, which runs on the IBM PC. It also provides an emulation of Digital Research's CP/M version 2.2 operating system. It includes the following facilities: Complete emulation of Z80 object code, including all six active bits within the Z80 Flags Register. Emulation of CP/M 2.2, with the exception of hardware-specific functions. Advanced commands for debugging Z80 software (eliminating the need for DDT.COM), including: Illegal Opcode control (treat 'em as FAULTs or NOPs).
    [Show full text]