| Index | wersja polska |
Vague description of the NUM pin quoted from the datasheet:
This terminal is not for user application. In case of the HD6305Y1 (featuring an internal ROM), this terminal should be connected to Vcc through 10 kΩ resistance. In case of the HD6305Y2 (without an internal ROM), this terminal should be connected to Vss.
It turned out that the HD6305Y1 chip with the NUM pin connected to Vss behaves like the HD6305Y2, i.e. it starts to execute code from an external memory instead of the internal one. Unfortunately, the program cannot gain access to the internal ROM by switching the NUM pin state (because it is only sampled at reset and ignored later), but reading an undocumented register at address $001F or writing anything to it does the trick as well.
The only information about the $001F register found so far:
Never access the $13 to $1F areas since they are used for IC testing. Accessing these areas (reading/writing) causes the MCU to burst.
The program stored in the EPROM transmits the internal ROM contents (address range $0140 to $1FFF) through a serial port. The timing critical parts are marked by the number of clock cycles in the comments. Any modification of them should preserve the execution time.
Serial port settings:
6305y1.zip - EPROM image file
portc equ $02 ddrc equ $06 ram equ $40 ;RAM starting address ;