On trying to extract files from a Texas Instruments S1500

So this started out as a weird thing that killed a day for me. I thought it was a little fun to look at but, ultimately I proved that I could extract files, but not from the requested image.

So let’s get into some more details, my failure, and well it’s been raised into another chance for some luck/fast knowledgeable hacker to get a payout to extract a single file.

As mentioned above the computer is the Texas Instruments S1500, the disk image was dumped on bitsavers years ago as s1505_cp3540/s1505_cp3540.dd.gz. As you may guess it’s a raw ‘dd’ of a disk.

Now looking at a few sources namely unix-ag the OS in question is TI System V, an AT&T SVR3.2 derivate. Running strings does reveal ‘SysVr3TCPID’ And this appears to be the Unix Version Banner:

(c)Copyright 1993 Hewlett-Packard Company,  All Rights Reserved.
(c)Copyright 1986-1992 Texas Instruments Incorporated,  All Rights Reserved.
(c)Copyright 1984-1988 AT&T, All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1990 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Unix System Laboratories, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1989-1990 The Santa Cruz Operation. All Rights Reserved.
                         RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.
                         Hewlett-Packard Company
                         3000 Hanover Street
                         Palo Alto, CA 94304 U.S.A.
Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).

Along with further extraneous info like:

TI Sys V
V/68-1.0
3.3.2
MC680X0
Hewlett-Packard 9000 Series 1500

Fantastic. Well digging around you’ll eventually find that SYSV filesystems have a magic number, and it’s 0xfd187320

So a simple search through the raw filesystem reveals some:

[email protected]:/mnt/c/temp$ xxd s1505_cp3540.dd | grep 'fd18 7e20 0000 0002'
0035b7f0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....
00f5b7f0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....
02f5bff0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....
04cc0bf0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....
0505bff0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....
1f1267f0: 0000 0000 0000 0000 fd18 7e20 0000 0002  ..........~ ....

And this fits the bill, as the next 32bit ‘word’ is the version, in this case 2 to indicate 1024k blocks ,and improvement added to SYSVr2. One thing is that the struct to read a super block is 512bytes (or is it always?), and the magic number is near the end, so from the above offsets, subtract 496 (decimal!) and you can get the start and sizes of each filesystem. Fantastic!

Speaking of SYSVr2, Do you know what is another SYSVr2? A/UX.

Shoebill was panned for not emulating the full Macintosh, rather it reads the kernel directly from the filesystem, and boots into it. That means Shoebill can read UFS/SYSV. Great start?

So I took the filesystem code from Shoebill, hacked it enough to let me build on Visual Studio, and point it to a raw filesystem and take a look. I put it here: filesystem.c

Now I’m impatient so it still needs a legit Apple A/UX virtual disk. Granted we don’t need it, but it made it easier to let the existing code fiddle with apple partitions, but when it comes time to read SYSV blocks, I closed the file handle and swapped things around. And that lead to this:

As you can see there is a LOT of zeros. However the magic & type align.

Meanwhile here is what an A/UX SYSV filesystem looks like. Notice far less zeros.

Additionally I was able to get another 68k based SYSV Unix disk, and yeah not all zeros. Also yes, using the Shoebill code it extracted files just fine.

However using my approach on the filesytem I always only get a directory with 2 enteries the ‘. ..’. I modified the source to just count inodes and write them to disk. And use inode 2 is just a tiny file. No doubt with all the zeros the disk is either very corrupted (backup superblocks?! where?! how?!) or the kernel implicitly knows these things, or finds them somewhere else.

I’ve been authorized to give a bounty of $200 USD to be able to extract arbitrary files from the 1505 disk image. I thought I’d give it a shot, but I don’t get how the super block aligns but the data doesn’t. Unless there is some other insane padding thing for a 1k superblock? The more I think about it, it’s probably likely as I know at some point I was skipping 3 blocks from an offset to get to a superblock, and 3 is just a weird number. 1 block header, 2 block superblock makes more sense.

Additionally this table may prove useful, especially for the ‘skip 3’ or pad to 1k:

Tape and disk utility is in progress...

26 partitions, 12-longword descriptors:
     Name    Start    Length   User  Comments
1  * LABL vl 0        2        FFFF
2  * PTBL pt 2        3        FFFF
3    SAVE sb 5        3        FFFF
4    FMT  fp 8        9        FFFF
5    TZON tz 17       296      FFFF
6  * unx1 lb 313      1024     0002  TI Sys V 3.3.2
7  * unx1 lb 313      1024     000A  TI Sys V 3.3.2
8  * unx1 lb 313      1024     0013  TI Sys V 3.3.2
9  * unx1 lb 313      1024     0014  TI Sys V 3.3.2
10   unx2 lb 1337     1024     0002  TI Sys V 3.3.2
11   unx2 lb 1337     1024     000A  TI Sys V 3.3.2
12   unx2 lb 1337     1024     0013  TI Sys V 3.3.2
13   unx2 lb 1337     1024     0014  TI Sys V 3.3.2
14   unx3 lb 2361     1024     0002  TI Sys V 3.3.2
15   unx3 lb 2361     1024     000A  TI Sys V 3.3.2
16   unx3 lb 2361     1024     0013  TI Sys V 3.3.2
17   unx3 lb 2361     1024     0014  TI Sys V 3.3.2
18 * cfg1 cb 3385     17       FFFF  TI Sys V 3.3.2
19   cfg2 cb 3402     17       FFFF  TI Sys V 3.3.2
20   cfg3 cb 3419     17       FFFF  TI Sys V 3.3.2
21 * root fb 3436     12288    FC02  TI Sys V 3.3.2
22   usr  fb 15724    32768    FC02  TI Sys V 3.3.2
23   jdis an 48492    2        FFFF  multi-volume file system anchor
24   pipe fb 48494    1024     FC02  pipe file system partition
25 * swap pb 49518    32768    0002
26   prt1 fb 82286    448972   FC02  part of jdis multi-volume

Did you know there is almost nothing left to document that this poor machine even existed?

Seriously look for “TI System V”

Heck even on the UTZOO archives..

AltaVista UTZOO search (superglobalmegacorp.com)

It’s like 5 posts, 3 being the same, someone who couldn’t dial out, and someone on the old UUCP map! Save me!

Missing link for Basilisk I found

Actually I held onto this, as I wanted to do something crazy for that Marchintosh thing but life got in the way it fell by the wayside, and well now it’s September, and I already have a Qemu instance running A/UX so my ‘at best’ hope of Basilisk II with MMU emulation is all but moot.

Captain, oh Captain!

While it may look like 2 very old emulators, which they are, the interesting thing here is that this old version of Basilisk that only has Macintosh Classic emulation is using the 68000 emulation core from UAE 0.6.8. It took a lot of downloading stuff, a lot of other nonsense, but I eventually found it, and was able to diff around to find the changes made were rather inconsequential, there by letting me rebuild UAE back on top of Basilisk.

My plan had been to either use far newer UAE cpu core, say from Previous as it has working MMU support, or Musashi.

I was building hard coded for TDM GCC 5.1.0 on MinGW. It doesn’t matter anymore but I threw it up on github since that is where all the cool kids are.

https://github.com/neozeed/basilisk-uae-merge

It’s absolutely pointless I guess, but maybe someone will find it interesting.

Presenting MacFlim

This is beyond super cool! Video has always been something of the realm of ‘high end’ machines, back when QuickTime became a thing it was lauded at running in a postage stamp sized window with absolutely incredible artifacting. And that was running with a Quadra (68040) back in the day, the transition from 68000 to PowerPC really helped with video on the desktop with much faster clocks and better caching.

The idea of video on any of the compact black & white Macs, even the ultra high end SE/30 68030 based Mac seemed something out of fantasy. But thanks to modern processors, massive storage and the ability to front process the video, it is now possible to do playback on a B&W mac!

Enter MacFilm 1.0 by Fred!

This is some super cool ‘impossible’ tech for the low end macs!

This is nothing short of incredible!

Of course the ‘downside’ is there is no audio.. And it’s directly blitting to the 512×342 B&W display so if you are not running on a 1 bit original display it’s not going to work or just blast seemingly junk to the screen.

Maybe if big 80’s media wasn’t so slow, or massive SCSI disks didn’t cost as much as a car we could have been enjoying an almost Brazilian future of black and white movies on tiny CRT’s.

Cockatrice III 0.5a update

Here’s to US!

Well this is a ‘small’ update, but with a big change, the audio is for the most part working great now thanks to this fix from rakslice. Namely changing SDL to MSB:

desired.format = AUDIO_S16MSB;

And another MinGW tweak, and yeah it’s GREAT!

Even stuff like RealAudio work now! I’ll add some self hosted video later as it’d just get struck from anything public.

Also since the RealAudio player is timebombed for installing, I added some lazy offset to remove however many billions of ticks from the clock letting you jump in some random point in the past when it won’t care.

I guess the final if any justification for a bump would be rebuilding with GCC 8.1.0 on MinGW. I somehow butchered the slirp.h to make it too MinGW’ish so it won’t clean build on Linux or OS X, but I have re-butchered a private branch and it works.. I just need to merge and clean but I’m not in the mood at the moment.

I could be crazy but it “feels” faster.

At any rate, I found that System 7 is more agreeable to running Return to Zork, just use some toast image mounter from within MacOS, and it’ll run!

Also there is some ULONGLONG weirdness going on, so I had to backout Peter’s changes for larger disks. No doubt some standard type thing change in GCC 8.

You can download binaries/source from Sourceforge.

Download Cockatrice III
Download Cockatrice III

Thanks to shadyjesse Philpem’s FreeBee can now run the C compiler!

I call it Freebee with C!

Again super thanks to shadyjesse for finding and fixing the larger issues, and philpem for his great emulator, freebee!

So 1970’s

I have to say, having never played with an AT&T Unix PC, it’s kind neat with this windowing non X11 UI. Although even in emulation it’s incredibly slow. But such was the Unix microprocessor revolution of the era, it’s crazy to think the mighty SUN-2 is also on the same level of performance, although SUN would at least go the way of the 68020 before giving up on the 68k for SPARC.

Even though the 68000 lacked the ability to recover from bus faults, allowing a better path to UNIX with the 68010, OEM’s still brought their own MMU technology to flesh it out, leading to divergent systems. Not that it mattered all that much for AT&T as they started to establish themselves as the new defacto go to UNIX vendor they quickly abandoned the market leaving the Unix PC, and 3B2’s to die off. While so many like to think that the ‘Unix’ business is booming, it really only boomed once AT&T exited the market until Linux had started to gain enough mindshare post 1.0… Which also included 68000 support, although aimed for the the stronger 68030/68040’s.

Anyways I’m sure you didn’t come here for my ramblings about the 68000 instead you want an easy to run package to click and GO!

So here, you are, freebee based on build d3c9486 of freebee.

There are two executables, for normies, tourists, and people only wanting to witness the fun it doesn’t matter which one you use. For anyone wanting to install the 3B1 Unix, you’ll want “freebee-10sec-O2.exe”. Since the 3B1 uses a non standard format, if you want to use FAT 360kb disks from a PC emulator then you’ll need “freebee-9sec-O2.exe”. Isn’t compatibility great?

Re-visiting the SUN-2 emulator: Adding SLiRP!

While I’ve covered Brad Parker (lisper)’s ‘emulator-sun-2before, booting into SunOS isn’t anything that new.

However, with the latest updates, from github, adding in a prior botched attempt, and some messing around, and finally, I got it to ping at first, then it was a matter of where to place the ‘slirp tick’. I first though putting it on the interface poll was a good spot, but for some reason the machine causes a deadlock/stall on boot before the PROM can even initialize. I’m not sure why. Searching further I found a good timer portion and injected the code. And sure enough I was greeted with the login banner:

I’ve been able to paste in about 100kb of a uuencoded tar file, and it didn’t lock the VM, and I was able to uudecode it, and actually build the source (Infotaskforce ’87 if anyone cares). So I’m at the point I think it’s stable enough to shove into the world, although I guess until I revisit it again.

You can download it on sourceforge: sun2.zip

Philip Pemberton’s 3B1 emulator moved

It’s been a while since I played with Philip Pemberton’s excellent emulator, however the source code has been moved to github

As a nice bonus it’s been updated to build against the newer source drops of Karl Stenerud’s Musashi.

The Makefile is so nice it chains in c files from sub-directories to build, which unfortunately it doesn’t work so well with the latest Musashi. Like a bull charging into the China shop I just smashed together a build script, and got a working exe:

And it’s so nice to see it actually boot up.

Things like the C compiler still break, apparently the 6100 had an actual physical memory buffer for IPC? It’s all so confusing.

Not that mine is all that great but my crap fork is here:

freebee-master_17032020.zip

Thanks to LGR I just found out about SimCity for palm pilots was a thing!

I only owned one palm, the Palm VII which was the first taste of 2007 from back in ’99 or so.

Palm stumbled however delivering such a low powered low memory, low storage and amazingly out dated 68000 based machine, but what set it apart from all the rest was the integrated cellular modem. Raise the little antenna and you could send and receive emails, “browse” websites all from the palm of your hand. It really was fantastic, until I got the cellular bill. AT&T saw this as an ultra premium device and service, not something for normal people and priced it as an ultra niche thing. And it’s a shame as the future was right there, in the plam of your hand so to speak.

SimCity!

I looked on google play and picked up PHEM, and downloaded some ROMs. I started with the VII ROM out of nostalgia, but sadly the VII ROM I found is version 3.5

And naturally SimCity won’t work.

I kind of remember this being another issue with the VII, that it was basically a dead end evelotionary branch, not a vision or path forward. It was a fluke.

Version 4 devices were back to needing rs232 docks.

For me the future wouldn’t come back until 2002 with the first Windows CE phones, that features an ARM processor, expandability and a more robust OS.

I always thought there was no good full featured games back then, it’s amazing playing SimCity, even under emulation. Although if anyone wants to try, modern android phones run it far too quickly.

emulator-sun-2

Since I was playing with the 68000 based GCC ’87 I know it was going to be more geared to SUN workstations, certainly of the early 80’s vintage as they would be the most ‘affordable/cheap/donated’ to FSF (Or so I’d imagine).

Naturally the go to emulator is TME, however this time while searching around for the install scripts and stuff I found lisper‘s (heeltoe.com) emulator-sun-2, a greatly cut down and SUN-2 focused emulator that emphasizes ease of use.

Wait, what? SUN-2, and ease of use? Why yes, not only that, as it uses SDL 1.2 it also means it’s much easier to compile. After an hour of messing around with it, I had it running on Windows. After a few minutes I had it running on my ARM based Acer NovaGO.

At it’s core is the m68k 68010 emulation from Karl Stenerud‘s Musashi core which is a great choice for the SUN-2 as it’s a 68010 based machine. Some fun notes from web.cuzuco.com/~cuzuco/sun2/ include:

  • CPU is a Motorola 68010 running at 10MHz
  • Maximum physical memory is 4 Megabytes
  • Maximum virtual memory is 16 Megabytes
  • All I/O is via a Multibus (an Intel design)
  • Main disk is a SMD, the largest size is 380Mbyte
  • Has a SCSI adapter, but the disk is slow and small (42Mbyte)
  • Sun was just finishing NFS
  • alludes to future AT&T UNIX System VI and VII
  • Display supported dual heads and a resolution of 1152×900
  • List price as tested: $44,900
  • Sun was still private, had 400 employees and sold 1500 units

You can read about the debut of the SUN-2 in the UNIX/WORLD Magazine, VOlume 1, Number 5 dated October 1984 in archive.org. It starts on page 86.

I started to integrate sigurbjornl’s patches for networking but I think I need to work through SunOS 2.0’s weird VAX 4.2BSD arp issues (anyone have the source code to SunOS 2.0?!). I’ll probably update it with UDP or some fixed ARP thing to remove that or just let the SUN-2 talk to a VAX with 4.2BSD so they can be weird, together.

I’m also pretty sure my old Cockatrice III sort of debugged SLiRP thing broke the packed structs to let it work properly when compiled with Microsoft C, so I’ll have to break down and either try to fix that, or update and borrow the vastly updated SLiRP from SIMH.

For Windows users who want to play along the bundle is on the terribly named page “Ancient UNIX/BSD emulation on Windows” as SUN2.zip.

GCC from ’87 on the 68000

Years ago I found the ‘first’ released version of GCC, and had built it for the VAX. And things were… fun.

While digging around on bitsavers for new and interesting things, I saw some newer stuff from MIT, and stumbled into the GNU directory and rediscovered the early GNU software depot.

And I re-built the early GCC to target the 68000 which I’d imagine primarily was for the SUN target.

simple program

Using a simple program I can run it through the pre-processor, and the compiler to get the following assembly:

assembly from ’87 GCC

Then it’s a matter of running it through the cross assembler, uuencoding it, and sending it to the target.

I used the cross assembler from the AtariST cross ‘project’, to get an object file. I fired up MachTen, pasted my object file to the VM, and uudecoded the object.

And yeah, much to my surprise the object file linked fine, and I got my native EXE.

It’s not much of a cross toolkit, and honestly it’s kind of useless… but I thought it was maybe worth a bare paragraph to show the other available target available for the 1987 release of GCC.

Also on the MIT archive is TRIX, the MIT Unix work alike that almost became the GNU Kernel, until Mach stole their hearts, and basically lead them on a wild goosechase.

I haven’t bothered uploading binaries or patches or anything yet, I don’t know if people are interesting in such a fringe thing……