5

The first episode of the TV series "Halt and Catch Fire" (inspired by the early days of Compaq) has two characters starting to clone the IBM PC BIOS in 1983 by creating a circuit that would display the binary contents of an address with lights, one guy reading off the contents of each of the 65,536 addresses as hex values, and the other guy writing them down. A later scene implies that they then entered the data in some other system and printed it out on a line printer.

Would it really have been a significant technical challenge at that time to read the contents of the chip and write it to diskette?

The BIOS was documented in the "IBM PC Technical Reference Manual" so there was no need to do that anyway, but I'm still curious about how realistic the scene was otherwise.

PC Magazine 1982 article The Key to the PC from Google Books

Ricardo
  • 6,164
  • 20
  • 53
  • 89
Robert Lauriston
  • 151
  • 1
  • 2
  • 1
    Maybe I am missing something, but IIRC the BIOS was readable by the CPU, so why not write a 10-line basic program that spits out the ROM content in any desired format ? – Wouter van Ooijen Jun 02 '14 at 20:08
  • The original IBM PC contained five 8KB ROM chips; one contained the BIOS, while the other four contained the 32KB "ROM BASIC" interpreter. There was a sixth socket on the motherboard for a custom ROM. Software was a lot smaller in those days. Heck, even the operating system fit into less than 16KB of RAM. – Dave Tweed Jun 02 '14 at 20:31
  • 3
    The original IBM-AT BIOS source code was published in their Technical Reference Manual, but to clone it without copyright infringement required a "Chinese Wall" reverse engineering of the functions. http://en.wikipedia.org/wiki/Phoenix_Technologies#Cloning_the_IBM_PC_BIOS – Spehro Pefhany Jun 02 '14 at 21:11
  • People should remember this show, as bad as it is, is a dramatic play and not a documentary. – Rob Jun 23 '14 at 13:56
  • @Rob: Indeed, but the same plot situation could have been created using a scenario with realistic details rather than unrealistic ones. This is the sort of thing that erodes the credibility of a storyteller. – Dave Tweed Jun 23 '14 at 14:47
  • What I think is laughable is the idea that having copied something that is easily copied, would have brought down IBM's wrath the way it does in the show. The Hardware manual would have been much more useful as it provided assembler with comments. –  Jun 23 '14 at 13:25
  • 1
    The idea is to put the character in a situation and not necessarily to show a real event. A lot of people forget this is not a documentary. I do recall a lot of fights about BIOS code though. – Rob Jun 23 '14 at 13:53
  • @DaveTweed You don't need credibility in fiction and the story is fiction, though the storyteller needs to be believable which is something else. – Rob Jun 23 '14 at 19:07
  • At that time,HP had a few logic analyzers (HP 1610 state only, HP 1615 state and timing) that would have brought the way they did it from weeks to seconds,. One of the many unrealistic technical details in this show, which is pretty good anyway –  Jul 13 '14 at 19:32

6 Answers6

3

Yes it is reasonable. Been there, done that, on a smaller scale. Also duplicating ROMs by writing each address and data with switches. At the time, equipment to do this was all very expensive often part specific development systems from parts manufacturers or DataI/O or HP.

However, in '83 I would have used an AIM-65 running Forth and a little wire-wrap work, or an Apple II and BASIC or Forth and automated the process in a day. AIM-65 would also allow printing a listing and was 1/10 the cost of the Apple - and printers were also expensive.

AIM and Apple had audio tape mass storage and disk drives were again, very expensive. $3000 to $5000 was a lot of money then (about $400 for the AIM-65). Note that IMSAI 8080 owners hand entered the bios every time they powered up - until ROM boards came along with better bootstrap loaders.

Is the ROM soldered in and they didn't want to remove it? See the front panel of an IMSAI-8080 for an example of manual data and code entry.

C. Towne Springer
  • 2,196
  • 12
  • 14
2

The actual reverse-engineering of the PC BIOS involved looking at the behavior of the BIOS (not the code) and writing code to duplicate it's behavior. For this reason, the methodology shown in Halt and Catch Fire is not what really happened. Dumping the ROM leads to serious legal issues. Duplicating the behavior as observed (or read about in a manual) also does, but I'll let a lawyer explain the difference and why it is what needed to be done.

As others have said, assuming the goal was to dump the ROM, this would have been done by reading it electronically, not address-by-address with a bunch of breadboarded LEDs. Back in 1983, this could be done by off-the-shelf devices with ease. If IBM had engineered some non-standard ROM to make reading it harder (which it did not do), it would have taken some work to get it right, but the actual reading of the 64KB ROM electronically would be the same once the special-case ROM packaging was reverse engineered.

Reading the 64KB ROM electronically in 1983 would have taken on the order of tens of seconds. Disassembling the code and printing it would have taken another 10 minutes (on a fast printer).

Ricardo
  • 6,164
  • 20
  • 53
  • 89
Todd B.
  • 21
  • 2
1

Thinking back to those days, I surprise myself remembering what I used to do and find it hard to believe I had the time or bothered to take the time. Burning EPROMs using jumper wires for each address so I could hardwire an interface between a computer and a printer. Entering hundreds of instructions using switches on a minicomputer. Things that seem unfathomable now but I recall considering doing something similar to the 65K of data you are mentioning.

Rob
  • 344
  • 1
  • 2
  • 14
0

It depends on your level of hardware expertise. I haven't seen the show, so I can't address the in-show backgrounds of the characters. However, for reading out 65,536 locations, I certainly would have automated it. It would have taken a couple of days to make an ISA adapter to read out the ROM into a file, and this has to be less than the time required to do it manually. Likewise, there were programming units available which would do the job, although the acquisition time and cost might well have been a problem for a garage-level effort.

So, the answer is: it's not clear, but I doubt it's real. Much depends on the hardware sophistication of the characters. A long-term average of 5 seconds per reading will do the job in 91 hours, with lots of errors and a really large volume of paper records (which then have to transcribed), so I doubt the scene is real. But you never know about nerds, do you?

WhatRoughBeast
  • 60,521
  • 2
  • 37
  • 97
0

Every IBM PC came with the program debug, which could be used to read and display the BIOS directly. However, it's easy to believe people who didn't know this doing it another way.

gbarry
  • 8,745
  • 22
  • 32
0

If all you have is the chip and no access to a PC you'd have to breadboard the address bus and read off the data bit by bit.

If you do have access to a PC you give a few commands to DEBUG for full disassembly, and can even dump that disassembly directly to a printer. Would take about 5 minutes.

Old School Assembler
  • 1