WCH340_ROM-Extractor
WCH340_ROM-Extractor copied to clipboard
ryancor
ideas about internal architecture
your work interested me very much and I tried to analyze the dump I think the MCU has an PIC-like architecture then pieces of code take on a reasonable form
6F8: 10 12 retlw 12 ; desc_len
10 01 retlw 01 ; type - device
10 10 retlw 10 ; 1.10 - bcdUSB
10 01 retlw 01
700: 33 D8 goto 7B0 ; devClass
10 00 retlw 00 ; devSubClass
10 00 retlw 00 ; devProto
10 08 retlw 08 ; ep0_size = 8
10 86 retlw 86 ; 86 1A
33 DB goto 7B6
33 DE goto 7BC ; 23 75
10 75 retlw 75
710: 10 54 retlw 54
10 02 retlw 02
10 00 retlw 00
33 E1 goto 7C2
10 00 retlw 00
10 01 retlw 01
...
7B0: 2F A4 some bit-test-and-skip
10 00 retlw 00
10 FF retlw FF
7B6: 28 88 some bit-test-and-skip
10 1A retlw 1A
10 99 retlw 99
7BC: 2B A4 some bit-test-and-skip
10 84 retlw 84
7C0: 10 23 retlw 23
I assume this is a subroutine call instruction
6DA: 3B 4C call 698
addresses on the left at the byte level, but the controller works at the word level
Hey this is cool! We had briefly considered if it was PIC-derived but didn't think it through as well I guess. Thanks for sharing your observations, got me interested!
however, I, unfortunately, could not find any correlations between the instruction sets :(
10 1xxx xxxx xxxx goto pic
11 0xxx xxxx xxxx goto ch340
10 0xxx xxxx xxxx call pic
11 1xxx xxxx xxxx call ch340
11 0100 xxxx xxxx retlw pic
01 0000 xxxx xxxx retlw ch340
it looks like the developers just created their own commands
another interesting piece of code
060: 0C 82 addwf pcl,f
30 6A goto 0d4
30 43 goto 086
30 3D goto 07a
30 3D goto 07a
30 3D goto 07a
30 5D goto 0ba
30 6F goto 0de
070: 30 3D goto 07a
30 5E goto 0bc
30 62 goto 0c4
30 6C goto 0d8
30 40 goto 080