VICE / Bugs / #1859 r37549 breaks "21 seconds backup"

Looks like it might be a DCP instruction under some specific circumstance. Here's the earliest I can find that the value in $1804 differs between Vice 3.4 (working) and Vice 3.5 (not working):

(8:$0543) pb"/home/crass/moncmd"
Changing to directory: '/home/crass'
Setting default device to `Disk8'
Loading 21s_decrypt.prg from 0300 to 07FF (0500 bytes)
UNTIL: 1  8:$0564  (Stop on exec)
#1 (Stop on  exec 0564) 
.8:0564  A0 03       LDY #$03       - A:41 X:AF Y:07 SP:20 ..-B.IZC     430699
Stopwatch reset to 0.
(8:$0564) z +11470
Stepping through the next 11470 instruction(s).
.8:0543  8D 05 18    STA $1805      - A:42 X:40 Y:E5 SP:20 ..-B.I..      39899
(8:$0543) z
.8:0546  04 60       NOOP $60       - A:42 X:40 Y:E5 SP:20 ..-B.I..      39903
(8:$0546) 
.8:0548  38          SEC            - A:42 X:40 Y:E5 SP:20 ..-B.I..      39906
(8:$0548) 
.8:0549  6D 0A 1C    ADC $1C0A      - A:42 X:40 Y:E5 SP:20 ..-B.I.C      39908
(8:$0549) 
.8:054c  8D 0A 1C    STA $1C0A      - A:56 X:40 Y:E5 SP:20 ..-B.I..      39912
(8:$054c) 
.8:054f  EE 36 04    INC $0436      - A:56 X:40 Y:E5 SP:20 ..-B.I..      39916
(8:$054f) 
.8:0552  F0 03       BEQ $0557      - A:56 X:40 Y:E5 SP:20 ..-B.I..      39922
(8:$0552) 
.8:0554  4C 35 04    JMP $0435      - A:56 X:40 Y:E5 SP:20 ..-B.I..      39924
(8:$0554) 
.8:0435  0D 5F 03    ORA $035F      - A:56 X:40 Y:E5 SP:20 ..-B.I..      39927
(8:$0435) 
.8:0438  0A          ASL A          - A:57 X:40 Y:E5 SP:20 ..-B.I..      39931
(8:$0438) 
.8:0439  D8          CLD            - A:AE X:40 Y:E5 SP:20 N.-B.I..      39933
(8:$0439) 
.8:043a  6D 0A 18    ADC $180A      - A:AE X:40 Y:E5 SP:20 N.-B.I..      39935
(8:$043a) 
.8:043d  8D 0A 18    STA $180A      - A:45 X:40 Y:E5 SP:20 .V-B.I.C      39939
(8:$043d) 
.8:0440  CF 0A 18    DCP $180A      - A:45 X:40 Y:E5 SP:20 .V-B.I.C      39943
(8:$0440) 
.8:0443  90 03       BCC $0448      - A:45 X:40 Y:E5 SP:20 .V-B.I.C      39949
(8:$0443) 
.8:0445  4D 08 18    EOR $1808      - A:45 X:40 Y:E5 SP:20 .V-B.I.C      39951
(8:$0445) 
.8:0448  6D 04 18    ADC $1804      - A:80 X:40 Y:E5 SP:20 NV-B.I.C      39955
(8:$0448) 
.8:044b  4D 0A 1C    EOR $1C0A      - A:56 X:40 Y:E5 SP:20 .V-B.I.C      39959
(8:$044b) m 1804 1804
>8:1804  d4                                                   .
(8:$1805) z
.8:044e  8D 05 18    STA $1805      - A:00 X:40 Y:E5 SP:20 .V-B.IZC      39963
(8:$044e) 
.8:0451  8D 0A 1C    STA $1C0A      - A:00 X:40 Y:E5 SP:20 .V-B.IZC      39967
(8:$0451) 
.8:0454  2E 04 18    ROL $1804      - A:00 X:40 Y:E5 SP:20 .V-B.IZC      39971
(8:$0454) 
.8:0457  6E 09 18    ROR $1809      - A:00 X:40 Y:E5 SP:20 .V-B.I..      39977
(8:$0457) m 1804 1804
>8:1804  02                                                   .
(8:$1805) z
.8:045a  4D 0A 1C    EOR $1C0A      - A:00 X:40 Y:E5 SP:20 .V-B.I..      39983
(8:$045a) 
.8:045d  AA          TAX            - A:00 X:40 Y:E5 SP:20 .V-B.IZ.      39987
(8:$045d) 
.8:045e  DD 99 43    CMP $4399,X    - A:00 X:00 Y:E5 SP:20 .V-B.IZ.      39989
(8:$045e) 
.8:0461  B0 3A       BCS $049D      - A:00 X:00 Y:E5 SP:20 NV-B.I..      39993
(8:$0461) 
.8:0463  AA          TAX            - A:00 X:00 Y:E5 SP:20 NV-B.I..      39995
(8:$0463) 
.8:0464  FD 75 64    SBC $6475,X    - A:00 X:00 Y:E5 SP:20 .V-B.IZ.      39997
(8:$0464) 
.8:0467  29 38       AND #$38       - A:90 X:00 Y:E5 SP:20 N.-B.I..      40001
(8:$0467) 
.8:0469  CF 04 18    DCP $1804      - A:10 X:00 Y:E5 SP:20 ..-B.I..      40003
(8:$0469) 
.8:046c  B0 02       BCS $0470      - A:10 X:00 Y:E5 SP:20 ..-B.I..      40009
(8:$046c) m 1804 1804
>8:1804  fd

$1804 should contain $09 at that point but it has $fd instead. Immediately prior to the instruction at $0469 the value in $1804/$1805 was the same ($02 $00) in both Vice 3.4 and 3.5. For reference, the timer start value at $1806/$1807 is $0b $00.

Here's what the working version on 3.4 looks like right at that point. Other than the stack pointer, registers/flags are identical:

.8:0457  6E 09 18    ROR $1809      - A:00 X:40 Y:E5 SP:22 .V-B.I..     470676
(8:$0457) m 1804 1804
>8:1804  02                                                   .
(8:$1805) z
.8:045a  4D 0A 1C    EOR $1C0A      - A:00 X:40 Y:E5 SP:22 .V-B.I..     470682
(8:$045a) 
.8:045d  AA          TAX            - A:00 X:40 Y:E5 SP:22 .V-B.IZ.     470686
(8:$045d) 
.8:045e  DD 99 43    CMP $4399,X    - A:00 X:00 Y:E5 SP:22 .V-B.IZ.     470688
(8:$045e) 
.8:0461  B0 3A       BCS $049D      - A:00 X:00 Y:E5 SP:22 NV-B.I..     470692
(8:$0461) 
.8:0463  AA          TAX            - A:00 X:00 Y:E5 SP:22 NV-B.I..     470694
(8:$0463) 
.8:0464  FD 75 64    SBC $6475,X    - A:00 X:00 Y:E5 SP:22 .V-B.IZ.     470696
(8:$0464) 
.8:0467  29 38       AND #$38       - A:90 X:00 Y:E5 SP:22 N.-B.I..     470700
(8:$0467) 
.8:0469  CF 04 18    DCP $1804      - A:10 X:00 Y:E5 SP:22 ..-B.I..     470702
(8:$0469) 
.8:046c  B0 02       BCS $0470      - A:10 X:00 Y:E5 SP:22 ..-B.I..     470708
(8:$046c) m 1804 1804
>8:1804  09                                                   .
(8:$1805)

Attached the 21s_decrypt.prg which is the drive contents between $300-$7ff and entry point at $400. You don't need any disk in the drive and it doesn't matter if you use PAL or NTSC as it takes place entirely in the drive. Make sure no extra drive RAM as mirror addresses are accessed. Monitor commands to get to the point at the start of the trace above are:

dev 8:
l"21s_decrypt.prg"0
r pc=$400
un 564
sw reset
z +11470

To test the entire key derivation loop, set a breakpoint at $5d5 and then look at the contents of $c0-$c4. The key there should be:

$16 $66 $d5 $98 $a5

Last edit: Lord Crass 2023-04-05

21s_decrypt.prg

r37549 breaks "21 seconds backup"

Versatile Commodore Emulator

Version

Searches

Help

#1859 r37549 breaks "21 seconds backup"

Discussion