Bc2000 (for the BCF2000 & BCR2000)

Hi !

Has anybody here ever tried to decompile the firmware syx file to study it ?
Is it at least possible ?

There are so many things that could be added to the emulation modes (among
other things) that it would be smashing if someone could do that.

Obviously, I cannot program, so I might not well realise how difficult this
might be........

Cheers.
Jay.

Hi Jay
> Has anybody here ever tried to decompile the firmware syx file to
study it ?
> Is it at least possible ?
Yes, but...
1.  sysex works by having an 8bit header byte $F0 and ending with $F7
and everything else in between is 7 bits (0 to $7F)
So to send, say, 8 bit opcodes (programs) you need to pack the 8 bit
into the 7 bits. There are a couple of ways to do this .
You can divide the 8 bits into 2 4bit parts and send each of those as a
7 bit number. The 4 lower bits would usually be in the 4 lower bits of
the sent byte but the upper nibble (4bits) could be placed anywhere in
the 7 bits.
Which comes first the lower nibble or the upper nibble?
The micro controller could also be a 16bit chip which would make it even
more interesting.

A favorite of Emu systems is to have 7    8bit bytes lined up (imagine
the bytes joined end to end so the binary ones and zeros are in a long
line) and cut the binary number up into 7 bit bytes to send. This means
you can send 7bytes of program in 8 bytes of MIDI, the quickest
transmission possible.

You need to find out the micro controller for the unit (strangely the
BCR is one device I am yet to pull apart) and get the op code reference.
Easy to do off the web. Then either take the code byte by byte and
disassemble it or find a program to do this.

Xavier took many hours to do this for the FCB1010, but the result was a
much better coded unit with lots of extra functions.
He was kind enough to give me a very early copy of his dissembled code
so I could add the little bit of new functionality that I was interested
in.

>
> There are so many things that could be added to the emulation modes
(among
> other things) that it would be smashing if someone could do that.
Absolutely, but it requires a very skilled person to donate a hell of a
lot of time.

>
> Obviously, I cannot program, so I might not well realise how difficult
this
> might be........
>
The difficulty really lies in the time involved.
The was some chat a while ago about someone trying to do it, but I'm not
sure what has happened.
It might have been Mark, but he has been so busy with the graphic editor
that I haven't heard from him for a while.

Feel free to dive in. Perhaps you could find out what the micro
controller is and/or persuade Behringer to give you a copy of the
circuit diagram. (Someone managed to do this with the FCB1010 and it
made the re-coding much easier)

All the best
Royce

Hi Royce !

Well, this is......erm.....interesting.....but, unfortunately, far away from 
what I can do ;o)

When I got my BCF (some time before it was released offically, actually), I 
opened the presets in an hex editor and managed to modify them by hand. I 
thought modifying the firmware was roughly the same, but it surely is not.

Nevermind, we'll just have to wait (and wait and wait and wait, I'm afraid) 
for Behringer to implement new things.

I would somehow almost bet the microcontroller is a PIC18F, the kind we use 
in midiBoxes (www.ucapps.de) but I do not want to open my unit. If I screw 
it, I can't buy another one for the moment (buying a house, basically ;op).

Cheers.
Jay.

rpcfender <rpcfender@...> a \ufffdcrit:

> Hi Jay
>> Has anybody here ever tried to decompile the firmware syx file to
>> study it ? Is it at least possible ?
> Yes, but...
> 1.  sysex works by having an 8bit header byte $F0 and ending with $F7
> and everything else in between is 7 bits (0 to $7F)
> So to send, say, 8 bit opcodes (programs) you need to pack the 8 bit
> into the 7 bits. There are a couple of ways to do this .
> You can divide the 8 bits into 2 4bit parts and send each of those as
> a 7 bit number. The 4 lower bits would usually be in the 4 lower bits
> of the sent byte but the upper nibble (4bits) could be placed
> anywhere in the 7 bits.
> Which comes first the lower nibble or the upper nibble?
> The micro controller could also be a 16bit chip which would make it
> even more interesting.
>
> A favorite of Emu systems is to have 7    8bit bytes lined up (imagine
> the bytes joined end to end so the binary ones and zeros are in a long
> line) and cut the binary number up into 7 bit bytes to send. This
> means you can send 7bytes of program in 8 bytes of MIDI, the quickest
> transmission possible.
>
> You need to find out the micro controller for the unit (strangely the
> BCR is one device I am yet to pull apart) and get the op code
> reference. Easy to do off the web. Then either take the code byte by
> byte and disassemble it or find a program to do this.
>
> Xavier took many hours to do this for the FCB1010, but the result was
> a much better coded unit with lots of extra functions.
> He was kind enough to give me a very early copy of his dissembled code
> so I could add the little bit of new functionality that I was
> interested in.
>
>>
>> There are so many things that could be added to the emulation modes
>> (among other things) that it would be smashing if someone could do
>> that.
> Absolutely, but it requires a very skilled person to donate a hell of
> a lot of time.
>
>>
>> Obviously, I cannot program, so I might not well realise how
>> difficult this might be........
>>
> The difficulty really lies in the time involved.
> The was some chat a while ago about someone trying to do it, but I'm
> not sure what has happened.
> It might have been Mark, but he has been so busy with the graphic
> editor that I haven't heard from him for a while.
>
> Feel free to dive in. Perhaps you could find out what the micro
> controller is and/or persuade Behringer to give you a copy of the
> circuit diagram. (Someone managed to do this with the FCB1010 and it
> made the re-coding much easier)
>
> All the best
> Royce

Hi !

>> I would somehow almost bet the microcontroller is a PIC18F, the kind
>> we use in midiBoxes (www.ucapps.de) but I do not want to open my
>> unit. If I screw it, I can't buy another one for the moment (buying
>> a house, basically ;op). 
> 
> You loose  [:)]
> I opened my BCR up and it has an OKI L671000 MPU in it.
> It's a 32bit RISC controller with a built in UART controller.
> Oki's info page on the micro controller
> <http://www2.okisemi.com/site/productscatalog/armsolutions/mcumpu/availa\
> bledocs/Intro-5205.html>
> 
> It uses 1M DRAM  chip 4C1M16C3D
> Link to DRAM datasheet
> <http://download.micron.com/pdf/datasheets/dram/D51_5V_B.pdf>
> 
> There is a 32pin chip in an ic socket that is glued in (as is
> Behringer's excellent policy)
> This is marked "BCR2000 Ver1.04"
> Removing this label reveals that it is a 39SF040 (Flash memory 512k x
> 8bit)
> You can get the datasheet here
> <http://pdf1.alldatasheet.com/datasheet-pdf/view/191664/SST/SST39SF040-7\
> 0-4C-PH.html>
> 
> All we need now is for someone to whip out the chip and read the data.
> (I don't have anything that will read this flash.)

Sounds interesting but.......for me this is Chinese ;o)

Nevermind......

Cheers.
Jay.

That is the easy part. Dissassembling it and making some changes ot the OS which won t kill the BCR is the time consuming part

Thanks anyway Jay.

Tony,

are you able to read the flash from the controller?
Do you have a BCR or BCF?
Do you have the latest version (1.10) of the firmware in your flash?
I would love a copy if you can read it.

All the best

Royce

--- In bc2000@yahoogroups.com, "Tony Cappellini" <cappy2112@...> wrote:
>
> That is the easy part. Dissassembling it and making some changes ot
the OS
> which won't kill the BCR is the time consuming part
>
>
> > > All we need now is for someone to whip out the chip and read the
data.

> > > (I don't have anything that will read this flash.)
> >
>

1. I haven t tried it 2. BCR2000 3. Yes I have 1.10 4. I dont plan on trying to remove the flash at this point. ... Do you have a BCR or BCF?

OK.
Thanks anyway Tony.
I hope you didn't mind me asking

All the best
Royce


--- In bc2000@yahoogroups.com, "Tony Cappellini" <cappy2112@...> wrote:

>
> 1. I haven't tried it
> 2. BCR2000
> 3. Yes I have 1.10
> 4. I dont plan on trying to remove the flash at this point.
>
> >>are you able to read the flash from the controller?
> >
>
>
>
> Do you have a BCR or BCF?
> > Do you have the latest version (1.10) of the firmware in your flash?
> > I would love a copy if you can read it.
> >
> > A
> >
>

... All the best

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Hi Steve

--- In bc2000@yahoogroups.com, Steve Meiers <tekrytor@...> wrote:
>
> is it a dual in line package or smd or ??? I can read the DIL package
version, if that's what's used. I have a BCF however.

Socketed DIL . It does have the hot glue on the ends that you'll have to
scrape off.

If you can give me the binary I'll try to decode the MIDI version  of
the BCF OPSYS
I assume that the encoding will be the same for the BCR.
Thanks

Royce

>
>  __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Steve,

are you sure your EPROM programmer can read these flash chips?
I have a

--- In bc2000@yahoogroups.com, Steve Meiers <tekrytor@...> wrote:
>
> ok, I'll see what I can do. I got the EPROM programmer to program my
FCB1010 EPROM, but I never even considered that the FCB might use the
same ROMs, but it sure makes sense. The FCBs have the same hot glue
"solution". More soon.

>
> Steve M
>
>  __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

Get easy, one-click access to your favorites. Make Yahoo! your homepage.

Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now.