EEVblog Electronics Community Forum
Electronics => Microcontrollers => Topic started by: Postal2 on November 30, 2024, 03:04:12 pm
-
CPU C164CI. It is known that the motor encoder is connected to P3.4 and P3.6. I can't find a function in the firmware that reads these pins. Does anyone understand C166 assembler?
-
Did you try c166-ghidra-module (https://github.com/keyhana/c166-ghidra-module)? Working in latest Ghidra v11.2.1.
Check the c164 User Manual (https://www.keil.com/dd/docs/datashts/infineon/c164ciclsisl_um.pdf) and Datasheet (https://www.mouser.es/datasheet/2/196/Infineon_C164CI-DS-v02_00--1168535.pdf), it's probably used in alternate function mode, connected to a timer in Incremental Interface Mode.
[attachimg=1 width=520]
Edit: I found FUN_01dc52 doing T3CON = 0x1b3 (0 1 1 0 110 011)
This effectively sets T3 into incremental interface mode. In this mode, the timer runs automatically from the encoder pulses.
If you want to know what uses the encoder, find what reads T3, but I wasn't able to find it out, neither anything setting T3 interrupts (T3IC reg) or anything else accessing T3, it might be using some sort of byte SFR addressing or indirect addressing that Ghidra isn't recognizing.
Attached the decompiled program.
[attachimg=2 width=520]
[attachimg=3 width=520]
-
.... This effectively sets T3 into incremental interface mode. In this mode, the timer runs automatically from the encoder pulses.
Oh, thank you! That thought never occurred to me! I was straining my eyes trying to find the port address. I'll check now!
Did you try c166-ghidra-module (https://github.com/keyhana/c166-ghidra-module)? Working in latest Ghidra v11.2.1.
No, I haven't tried it, but I liked your decompilation. I'll set up this tool too. I'm using Ida (screenshot).
I was looking for a port reference, because I suspected that the encoder was outputting some serial number at startup.
-
Great! Now everything is clear, thank you. This piece of iron managed to deceive me after all.