Josh Bensadon wrote:
-------------------------------
Good story about the special ALE latch, very clever indeed.

- - - - - - - - - - - - - - - -
The fake ALE Latch would have been more wisely implemented *IF* they had remapped the addresses more cleverly. They over-did the scrambling and when we disassembled the EProm, it was obvious from the apparent contents of address 0000 that something was wrong because the boot area was garbage. There had to be sensible code where the micro booted and if not, traces had to have been crossed.

Had they mapped 00=00 and 01=01 in the latch, we could have picked up the first jump vector and wasting more time in disassembly analysis. The best variation would have been to assign the mapping after the code was completed and tested mapping versions that seemed more sensible, because the objective is to consume time in the disassembler analysis.

There are lots of coding techniques that will unsync disassemblers (another topic) and if the remapping had been done wisely, more time would have been wasted looking in the code.

The best mapping would be the one that kept us busy and not looking back at the ALE-Latch-of-deception. :)

This is obviously a topic of engineering I find enjoyable. heheheh

-Jay C. Box