This thread is about solving that problem. The target is to be able to mount a cloned key to emulator cartridge space, to be able to run original disk dumps under emulation.
My assumption is that we're dealing with an MMI PAL16R8 - and the connections are as follows:
Code: Select all
Top side: UDS 1 (CLK on R8, I0 on L8) ROM3 11 (OE on R8, I9 on L8) A5 9 (I8) A6 8 (I7) A7 7 (I6) A8 6 (I5) D8 16 (O5) D10 17 (O6) D12 18 (O7) D14 19 (O8 on R8/L8, could have been I on R6/R4) +5V 20 (VCC) Bottom side: GND 10 (GND) A1 2 (I1) A2 3 (I2) A3 4 (I3) A4 5 (I4) D9 12 (O1) D11 13 (O2) D13 14 (O3) D15 15 (O4)
1) Brute force
2) Decap and restore security fuse
3) Glitch-hack using under-voltage and clock-skew when trying to read out the contents
I know which method I will begin with. What would you?