We have a ham radio repeater club and 1 of the members is a silent key this past month.
Here is the info we need, We have a repeater when keyed or activated it will give its call sign in morse code. It will stayed keyed until the morse code is finished.
The member who was taking car of this passed away silent key. The interface he used small pc board with the Tiny AT85 chip. We need to get this file for future repeater upgrade.
The members wife got rid of his equipment before we had a chance to where he might of kept the hex file he used to program the AT85 chip.
We have some paper work on what he was doing but no actual file.
Is there a way to read/extract the file from the at85 with blown fuses?
we have blank chips and some info but no file to program the chips
As long as the lock bits haven’t been programed, it should be possible to read the program flash off of the chip. Depending on which fuses have been programed, you may be able to use the serial interface to read the flash. The high voltage programming should be available regardless of the chip fuse state.
I think the trickier question will be what hardware/ software you’ll need. The datasheet describes the interfaces and signaling, so you could brute force it with say an Arduino to bit bang the signals and a power supply to provide the appropriate voltages. A simpler strategy would be an AVR programmer with avrdude. I’m not as familiar with the programmers and if they support the high voltage interface (should you need to use it), but avrdude should allow you dump the flash contents to a hex file.
I mentioned the program flash above, but you’d also want to get the contents of the EEPROM and fuses to make sure you have any supporting data that might be there and are able to properly configure the new chips the same as the old.
I would recommend loading a dummy program on a blank chip just to make sure you can get the contents before you try it on the chip in question. Anyway, I hope this has helped out. Good luck!
Hi Mike l have an aduino just ordered a power supply to make a hvp programmer. Is there any place to show how this is done. What voltage to use. What file to use and how to extract the hex file. Thanks
The thing to remember with the lock bits and fuses is that they are active low, so reading them as 1 means they are unprogrammed and you should be able to read the flash.
I would ask, however, how did you read these bits? If you were able to read them through some interface, then you would be able to use that same interface to read the flash. You shouldn’t need to order any additional equipment.
Do a Google search for the attiny85 datasheet and it will give all the information for how to program (and read the program from) these chips. Section 20, Memory Programming, is where you’ll want to start. The AVR programmers and avrdude are essentially doing what is described in this section, within their firmware, when they program a chip.
Well I read the working chip and all I got was ffffffffffffffffffffs in the flash dump area and the fuse area showed what fuse were set and the lock bits are set
Well, unfortunately, based on the image you sent, I believe I have bad news for you. It looks like you are using a TL866II Plus programmer which appears to implement the high voltage programming interface already. From the fuse configuration it looks like RSTDISBL is programed (actual value is 0 in the chip; checkmark in the software let’s you know it is active) which makes high voltage programming the only option.
The bad news is that the lock bits are also programed. The actual value of the lock byte is 0xFC meaning the lock bits are 0, i.e. programed or active hence the checkmark in the programmer’s software. Because these are active, it means the person who programed the chip didn’t want people to do precisely why we’re trying to do. The code on the chip is protected (locked), so any attempt to read the code will just return all 1s. This is why the flash dump is nothing but 0xFFFFFFFF. Unfortunately you will not be able to pull the code from that chip.
You’re welcome and sorry it didn’t turn out how you hoped. It would be interesting to know how they do it, and I’d bet that companies who rely on these code protection mechanisms to keep their intellectual property private would also like to know! I would guess it involves some sort of destructive testing and practices of questionable legality.
Before spending that kind of money to reverse engineer the code, it would be a lot easier to recreate it. You would need to trace out the board a bit to figure out which pin is the audio source, and which pin turns on the transmitter. A quick Google search finds a number of examples of programming an Arduino or ATtiny to generate Morse code and it would be easy to modify that code to add the ID timer
Thanks for the input we have been using the sd card module for 5 years now and no problems just that the member who had written the code and stored on his computer has passed away.
We have about 10 different thing on the sd card and all we have to do is write a new card and replace the one being used now. Takes less than 5 minutes to replace and then back up and running.
Some members also use these in their mobiel and base ham radios so we need the file if we can extract from the working chip we are using now. We have 3 good working chips so we have to be careful.
Im looking into info if the chip can have the lockbits re-set so the chip can be read using a high voltage programmer.
