The Oberheim Matrix 1000 is an MC6809-based synthesiser that is just begging to be reverse engineered.
DASMx is a disassembler for a range of common microprocessors.
This page have been made to give general information about Motorola's 6809 and Hitachi's 6309 mikroprosessors: instructions, emulators, tools, debuggers, disassemblers and assemblers.
Includes Arto's DASM09 disassembler
Based on Arto Salmi's C core that can be found somewhere on the 'net I built a complete 6800/6809/6309 disassembler that can handle input files in a variety of formats (Intel Hex / Motorola S09 / Flex9 Binary / Binary). Since disassembly without guidance produces measly results, it can load information files with quite a lot of directives, too.
Radare is a portable reversing framework
Gareth is working on a 6809 plugin for radare2 specifically for this project.
0x0000-0x1fff: I/O* U819: { 0x0000-0x03ff T1* 0x0400-0x07ff T2* 0x0800-0x0bff T3* 0x0c00-0x0fff T4* T1-T4 are 82C54 Programmable Timers 0x1000 DAC 0x1000 $ U712 - 74LS374 - DAC HI 7 b00000001 - DAC 5 b00000010 - DAC 6 b00000100 - DAC 7 b00001000 - DAC 8 b00010000 - DAC 9 b00100000 - DAC 10 b01000000 - DAC 11 b10000000 - FASTX 0x1010 $ U713 - 74HC138 - DAC LO 5 b00000100 - U715 - 74HC138 - S&H Enable b00001000 - DAC 0 b00010000 - DAC 1 b00100000 - DAC 2 b01000000 - DAC 3 b10000000 - DAC 4 0x1400-0x17ff UORV* { 0x1400-0x15ff - $ U809 - 68B50 - UART (if A9 = 0) { 0x1406 - Control/Status { Control (write-only) { Bit 0: Counter Divide Select 0 (CR0) Bit 1: Counter Divide Select 1 (CR1) Bit 2: Word Select 1 (CR2) Bit 3: Word Select 2 (CR3) Bit 4: Word Select 3 (CR4) Bit 5: Transmit Control 1 (CR5) Bit 6: Transmit Control 2 (CR6) Bit 7: Receive Interrupt Enable (CR7) } Status (read-only) { Bit 0: Receive Data Register Full (RDRF) Bit 1: Transmit Data Register Empty (TDRE) Bit 2: Data Carrier Detect (/DCD) active low Bit 3: Clear To Send (/CTS) active low Bit 4: Framing error (FE) Bit 5: Receiver Overrun (OVRN) Bit 6: Parity Error (PE) Bit 7: Interrupt Request (IRQ) } } 0x1407 - Transmit/Receive Data } 0x1600 - 82C54 Programmable Timer (if A9 = 1) { This timer is the source of /IRQ back to the 6809 0x1600 - Counter 0 Register 0x1601 - Counter 1 Register 0x1602 - Counter 2 Register 0x1603 - Control Word Register } } 0x1800-0x1bff SW* Front panel switches: { 0x1800: Read push buttons 0-7 0x1801: Read pushbuttons { Bit 7: n/c Bit 6: SEL Bit 5: BANK Bit 4: + Bit 3: - Bit 2: ENTER Bit 1: 9 Bit 0: 8 } } 0x1c00-0x1fff WRITE ONLY U820: { 0x1c00-0x1c7f L1* RA1-RA6, NOT 0x1c80-0x1cff L2* RB1-RB6 0x1d00-0x1d7f L3* - SYNC1/MUTE/SYNC2 0x1d80-0x1dff MISC* $ U818 - 74LS174 - 6bit latch, address bank register { b000001 - VA13 b000010 - VA14 b000100 - VA15 b001000 b010000 b100000 } 0x1e00-0x1e7f LED1* 0x1e80-0x1eff LED2* 0x1f00-0x1f7f LED3* (LED1 to 3 are 7-segment displays labelled DISP 1 to 3 respectively. Segment mapping tbd) 0x1f80-0x1fff LED4* 6 single LEDs { 0x01 - CHANNEL 0x02 - UNITS 0x04 - DATA D 0x08 - EXT. F 0x40 - FINE T 0x80 - PITCH (bits 4 and 5 not connected) } } } 0x2000 $ U803 - 27512 (Patches) { Bank Select - VA13, VA14, VA15 } The code rom is 0x4000 $ U802 - 27512 (Expansion) { Bank Select - VA13, VA14, VA15 } 0x6000 $ U8012B - 43256 { RAM Bank Select - VA13, VA14 0x7fff - Initial stack location (set at PC 0x800E) (Bank 0 only?) } 0x8000 $ U809 - 27256 { 0x8000 Rom Base (27256) 0x8003 Reset Handler 0x84b4 IRQ Handler (PIT IRQ) 0x85e3 FIRQ Handler (Serial IRQ) 0xFFF0 Vector Table }
To start radare2 on the image:
$ r2 -a mc6809 -m 0x8000 27256.bin