136 replies to this topic

[huhn_m]

I think that the 04F22h could be some kind of jump code.
This might jump to the "real" starting location in the code. Also 04Fh is quite common if you highlight it in the code.

Also if you change the 22h into 00h then the calc exits the program upon reaching this location. This way I found out wich 04Fh s were associated with wich menu items in physium. I'll post the locations tomorrow

[kucalc]

I think that the 04F22h could be some kind of jump code.
This might jump to the "real" starting location in the code. Also 04Fh is quite common if you highlight it in the code.

Yes, I think you are correct, but more specifically 0x4F22h I think stores the return address. It's used prior to before a jump. The return address is then referenced by 0x000B, which I think acts like some return from subroutine. It's seems these add-ins don't have a stack.

[Menno]

Hey,

I just made this post to let you know i am really happy you guys are doing this. My knowledge is to little to be of any help but i appreciate your effort very much.

I think I can be of no help but only this: I have 27 fx-9860g sd machines (at my work, we use them and I manage them, software and hardware) for testing purposes I am willing to volunteer

Just a thanks anyhow

[huhn_m]

Wow!

Thanks verry much! (both of you)
I will update the analyzer to contain your new information kucalc.

Maybe we will figure this out before the SDK comes out

[huhn_m]

@kucalc:

It should be better to not strip the headder off.
Most references are relative to the add-in beginning and not the the beginning of the code. G1A dism does also show this quite well. I think the jumps could also be relative to the beginning. (just to not let you run in the wrong direction)

[kucalc]

Yes, you are correct huhn_m. Stripping the header off is not a good idea because it will mess up the addresses.

[kucalc]

Looking into the add-ins a bit more, I tried to see what would happen if I converted hex codes (PHYSIUM) into assembly:

0x0200	 sts.l pr, @-r15		; Store System Register Long
0x0202	 mov.l @(b'1100,pc), r3	; [0x0210] = h'300218; Move Immediate Long Data
0x0204	 jsr @r3			; Jump to Subroutine
0x0206	 nop			; No Operation
0x0208	 mov.l @(8,pc), r2		; [0x0214] = h'301DC0; Move Immediate Long Data
0x020A	 jmp @r2			; Jump
0x020C	 lds.l @r15+, pr		; Load to System Register Long

0x020E	 align h'10
0x0210	 dword_210:	 .data.l h'300218  ; DATA XREF: 0x0202
0x0214	 dword_214:	 .data.l h'301DC0 ; DATA XREF: 0x0208

Could this piece of disassembly prove our assumptions of the 0x4F22h at 0x0200 possibly being a jump? Also, could the add-ins be using machine code?

[kucalc]

OK, I'm back with more new info! I have gone on with my assumption and continued disassembling. (huhn_m, I'm still waiting for a response to what you think about my previous post). Through more disassembling, I have now found how to get the secret TEST MODE function for those who have been wondering.

To get into TEST MODE, go into PRGM (Programs). Press F3 for a new program file. When it asks for a name to give to the file, press the these keys in rapid succession: tan' /> EXE' />. It's takes practice to access the TEST MODE. I'm afraid that I can't directly tell the order of the sequence of keys to be pressed (Can't figure out the delays). Just press the buttons, and if it doesn't work,repeat the process and try again. If you do press them correctly you'll see a menu like this:

----- TEST MODE -----

[1]:Valiable Manager
[2]:Font/Lang Check
[3]:Kidou Protect
[4]:AddinMcsData

Through Valiable Manager, you can access every variable and see it's value. Font/Lang Check tests characters and fonts. The menu looks like:

--- TEST ---
[1]:Character Code
[2]:Mini Chara Code
[3]:Message Data
[4]:SETUP
[5]:Popup test

The SETUP function in Font/Lang Check, is similar to the SET UP function, but provides a lot more options like Date Mode, Answer Type, Auto Calc (don't know what that does), etc.

[_JR_]

Just a little question: do I do that with or without "ALPHA"?

[kucalc]

Hey _JR_, welcome to the forum! No, you don't need alpha. All you need to be is in PRGM, press F3 for new file, and where it asks you to type in Program Name and then press ONLY the keys I listed above.

[_JR_]

I've tried many times and I just can't reach there.

When you find the combination, tell us please

And, thanks for the welcome.

[kucalc]

I've tried many times and I just can't reach there.

When you find the combination, tell us please

And, thanks for the welcome.

Well I can't directly tell the combination, but I know that those are the keys to get into TEST mode. I'm able to get into TEST mode and have done it a couple of times. Are you pressing the keys at the same time? Don't do that, that won't work. When it's asking for Program Name, as I said earlier, press the keys in random order rapidly. If I get the time, I'll post a video demonstration of getting into TEST mode.

[kucalc]

LOL, another way!

[huhn_m]

sorry for the late resonse. I had much work to do during the last week.

how did you come to this key combo? by disassembling the OS? how did you guess the key codes?

As for the disassembley. It could be possible but I'm not sure. I got similar results but it seems quite "wild" to me ... I'll try on ...

[kucalc]

sorry for the late resonse. I had much work to do during the last week.

how did you come to this key combo? by disassembling the OS? how did you guess the key codes?

As for the disassembley. It could be possible but I'm not sure. I got similar results but it seems quite "wild" to me ... I'll try on ...

Yep, my post on the TEST mode predates everyone: http://www.casiocalc...c...ost&p=37957

I figured out the "somewhat initial" keys by disassembly of the OS.

Also, I have been talking with others about CASIO releasing the SDK soon, therefore I announce that I will stop by contributions to developing an SDK. You'll just have to wait for the official SDK.

Meanwhile, I'll go ahead with disassembly of the OS image I extracted from the OS Update.

[kucalc]

Yep, the SDK should be coming out pretty soon.

[Meithal]

The official SDK is here : casio download services (thanks to Kucalc who noticed us)

- Meithal from planetecasio staff