nukeykt @nukeykt Twitter profile

Pinned Tweet

nukeykt

@nukeykt

7 months

PCM chip emulation is complete now (chorus/reverb/filter) #sc55

21

190

758

Last Seen Profiles

@RGC_LadyCougars

@APatQuin

@CoachYKing

@BinorRaja

@ChronicThom_NL

@ZhenyaZlanski

@luthieno

@stw_pdg

@MxolisiHlwili

@AudieCuti

@BlackBalam11

@PB_RHAR

@Rich2Turf

@Detran_SP_

@GodilSaniya

@pia245491

@marn1emay

@stwmaniax

@miuu105588

@manley_tnt

@act_mascara

@nbwiggins

@me12092023

@ChassidyMa4421

@discoseoul

@jaysmit79

@RVDT_

@cassieloves1013

@LadyThomson

@cstallings34

@RubbinsRaceNews

@BBCYork

@justmenow181

@pakordelius

@ShrineBowlNCSC

@Ray_P45

nukeykt

@nukeykt

1 year

Released initial version of Nuked-MD-FPGA, cycle-accurate mega drive/genesis core based on reverse-engineering photos decapped MD chipset

13

85

365

nukeykt

@nukeykt

9 months

dumped SC-55mkII's secondary MCU (Mitsubishi m37409m2) firmware using voltage glitching. Injecting trojan to its ram and using glitch to corrupt PC counter to execute it did the trick

12

57

332

nukeykt

@nukeykt

1 year

Sega Master System core (FPGA & soft) using decapped VDP, Z80 and IO chips

GitHub - nukeykt/Nuked-SMS-FPGA: Sega Master System emulator written in Verilog

Sega Master System emulator written in Verilog. Contribute to nukeykt/Nuked-SMS-FPGA development by creating an account on GitHub.

github.com

2

61

272

nukeykt

@nukeykt

7 months

Uploaded SC-55 emulator code to github:

GitHub - nukeykt/Nuked-SC55: Roland SC-55 series emulation

Roland SC-55 series emulation. Contribute to nukeykt/Nuked-SC55 development by creating an account on GitHub.

github.com

4

61

219

nukeykt

@nukeykt

1 year

My cycle-accurate mega drive emulator now able to boot simple ROMs (TMSS ROM in this screenshot)

5

20

175

nukeykt

@nukeykt

2 years

Mega Drive VDP (YM7101) progress. Only half of sprite block, video mux, VRAM ctrl and PSG are left

2

30

180

nukeykt

@nukeykt

9 months

YM2608B, YM2610 and YM2612 emulator using decapped chips die shots.

GitHub - nukeykt/YM2608-LLE: very low-level YM2608B/YM2610/YM2612 emulator

very low-level YM2608B/YM2610/YM2612 emulator. Contribute to nukeykt/YM2608-LLE development by creating an account on GitHub.

github.com

5

36

173

nukeykt

@nukeykt

2 years

Working on YM7101 VDP core for cycle accurate Mega Drive emulator

2

32

131

nukeykt

@nukeykt

8 months

Roland SC-55 pcm chip tracing WIP

6

24

131

nukeykt

@nukeykt

5 months

shaping up nicely

5

22

142

nukeykt

@nukeykt

5 months

toying with dear imgui to add proper gui for Nuked SC-55

3

15

129

nukeykt

@nukeykt

6 years

NBlood released. NBlood is a open source and accurate port of Blood based on EDuke32(by @voidpnt ). Download: Thread:

10

33

103

nukeykt

@nukeykt

1 year

my cycle accurate mega drive emulator now boots some games, it's quite slow though: 0.1fps

3

14

107

nukeykt

@nukeykt

5 months

Tracing gravis ultrasound PCM chip

2

17

119

nukeykt

@nukeykt

11 months

OPL3 & OPL2

3

18

94

nukeykt

@nukeykt

11 months

fpga OPL3 over TPM header of motherboard. DOS games see it as real adlib sound card

4

17

88

nukeykt

@nukeykt

7 months

fixed envelopes, sounds much better now #sc55

2

12

89

nukeykt

@nukeykt

8 months

coming along nicely

4

14

84

nukeykt

@nukeykt

7 months

very rudimentary PCM chip emulation

5

16

67

nukeykt

@nukeykt

1 year

my Z80 verilog core passed zexall test

5

12

59

nukeykt

@nukeykt

2 years

My gate-level 68000 core now boots some sega games

2

4

56

nukeykt

@nukeykt

11 months

Hardware sound blaster emulation on 2014 mobo using TPM header, fpga devboard and minor soldering

2

11

47

nukeykt

@nukeykt

2 years

current progress with 68000 core

1

9

47

nukeykt

@nukeykt

1 year

ironed out majority of bugs in my verilog mega drive emulation

4

5

46

nukeykt

@nukeykt

1 year

Ported Nuked-MD's 68000 emulation to verilog and tested on real Mega Drive board. Still has some bugs that yet to be fixed

1

10

44

nukeykt

@nukeykt

1 year

Started porting Nuked MD(cycle accurate mega drive emulator) to verilog

GitHub - nukeykt/Nuked-MD-FPGA: Mega Drive/Genesis core written in Verilog

Mega Drive/Genesis core written in Verilog. Contribute to nukeykt/Nuked-MD-FPGA development by creating an account on GitHub.

github.com

2

7

44

nukeykt

@nukeykt

2 years

Mega Drive 2 bus arbiter (part of big Yamaha FC1004 ASIC)

1

4

44

nukeykt

@nukeykt

1 year

Verilog port of Nuked-MD is mostly functional now

2

6

34

nukeykt

@nukeykt

1 year

YM3438 verilog

GitHub - nukeykt/Nuked-OPN2-FPGA: YM3438 verilog

YM3438 verilog. Contribute to nukeykt/Nuked-OPN2-FPGA development by creating an account on GitHub.

github.com

1

8

31

nukeykt

@nukeykt

2 years

68000 progress

0

2

30

nukeykt

@nukeykt

1 year

mega drive ym7101 vdp verilog wip

0

3

26

nukeykt

@nukeykt

1 year

Mega Drive 2 IO chip (part of big Yamaha FC1004 chip)

0

4

27

nukeykt

@nukeykt

11 months

Sound Blaster over LPC bus experiments, this also includes OPL3 verilog code

GitHub - nukeykt/LPC-Sound-Blaster: FPGA Sound Blaster over LPC bus experiments

FPGA Sound Blaster over LPC bus experiments. Contribute to nukeykt/LPC-Sound-Blaster development by creating an account on GitHub.

github.com

1

5

26

nukeykt

@nukeykt

2 years

Mega Drive VDP (YM7101) emulation progress

1

0

23

nukeykt

@nukeykt

5 months

@furrtek it's custom tool made by ogamespec. Works quite well for standard cell CMOS designs. It also can export netlst to verilog file

GitHub - emu-russia/Deroute: Versatile tool to untangle wires. Made by chip researchers - for chip...

Versatile tool to untangle wires. Made by chip researchers - for chip researchers. This means that the utility is wildly custom and incomprehensible. - emu-russia/Deroute

github.com

1

5

19

nukeykt

@nukeykt

1 year

lol

0

16

nukeykt

@nukeykt

9 months

Special thanks for @RCAVictorCo , @johndmcmaster and HardWareMan for decapping YM2608B, YM2610 and YM2612 respectively

0

17

nukeykt

@nukeykt

7 months

SC-55mkII emulation WIP

www.youtube.com

2

5

17

nukeykt

@nukeykt

2 years

0

14

nukeykt

@nukeykt

2 years

Working on Z80 core for my cycle accurate mega drive emulator

0

2

14

nukeykt

@nukeykt

2 years

0

1

13

nukeykt

@nukeykt

4 years

Duke Nukem 64 PC port coming soon #dukenukem3d #dukenukem64 #eduke32

Duke Nukem 64 PC port teaser 2

Coming soon(tm)

www.youtube.com

1

2

12

nukeykt

@nukeykt

2 years

Working on 68000 core for Nuked MD

0

2

9

nukeykt

@nukeykt

8 months

@RCAVictorCo Yup, that's correct. A few MD games incorrectly read busy flag from illegal ports and thus reading whatever was on read bus. On YM2612 that value would decay relatively quickly and thus not super critical, but on YM3438 value will stay for 10-30 seconds, causing major freezes

1

0

7

nukeykt

@nukeykt

2 years

Subcycle accurate YM3438 core

GitHub - nukeykt/Nuked-MD: Cycle accurate Mega Drive emulator

Cycle accurate Mega Drive emulator. Contribute to nukeykt/Nuked-MD development by creating an account on GitHub.

github.com

1

0

7

nukeykt

@nukeykt

3 years

Doom and Strife source code restoration

Hi, As you know Doom source code as released in 1997 was not for original DOS version, but rather was Linux version cleaned up by Bernd Kreimeier. During clean up, code specific for DOS version was...

www.doomworld.com

0

1

6

nukeykt

@nukeykt

8 months

@johndmcmaster interesting, looks like made by Toshiba rather than their own semiconductor division, wonder why

0

6

nukeykt

@nukeykt

5 months

@RCAVictorCo @v9938 @goripon_tw early mega drive chipset also was YM6XXX chips, same cells as R800

SEGAChips/YM6_Cells/cells.md at main · emu-russia/SEGAChips

Reverse-engineering of SEGA chips. Contribute to emu-russia/SEGAChips development by creating an account on GitHub.

github.com

0

1

6

nukeykt

@nukeykt

1 year

@furrtek org/ogamespec recently decapped sega 315-5339 chip used in mega drive 1 va1, which turned out to be UPD65005 gate array as well 😆

1

2

6

nukeykt

@nukeykt

7 months

@giuliozausa It's some kind of DPCM, each byte is signed 8 bit step value plus every 16 bytes share same 4 bit step shift value stored in the beginning of ROM

1

0

5

nukeykt

@nukeykt

4 years

@madscient OPL3 does not use sine table for sawtooth wave, it sends bit shifted phase value to logtable

1

0

5

nukeykt

@nukeykt

1 year

@furrtek interesting, looks like they used same CMOS cell library as in Mega Drive bus arbiter (YM6045B/C) and IO chip (YM6046). We studied its cells a bit here

SEGAChips/YM6_Cells/cells.md at main · emu-russia/SEGAChips

Reverse-engineering of SEGA chips. Contribute to emu-russia/SEGAChips development by creating an account on GitHub.

github.com

1

0

5

nukeykt

@nukeykt

9 months

@giuliozausa If you can write data to its RAM then yeah, it is quite possible. Or if part of code is in external ROM (like with SC-55mkII's main MCU) it is possible to inject trojan in ROM chip instead

1

0

5

nukeykt

@nukeykt

8 months

@RCAVictorCo Teradrive was first MD system to use YM3438, and at the very end of its development sega noticed this issue and literally patched PCBs to fix by cutting traces to A0/A1 and adding AND gates between them and RD signal. Later they asked Yamaha to make this change in FC1004 asic

1

0

4

nukeykt

@nukeykt

8 months

@kurohouou @_daemons software emulation

0

5

nukeykt

@nukeykt

7 months

@giuliozausa yup, once I figure it out from die analysis

0

4

nukeykt

@nukeykt

1 year

@RCAVictorCo yes, sound chips and mega drive vdp (huge cmos chip) look like hand made. MD bus arbiter/IO chips (both standalone (2 layers m) and integrated (1 layer m)) are auto-traced and look like mess and quite inefficient. example:

nukeykt

@nukeykt

2 years

Mega Drive 2 bus arbiter (part of big Yamaha FC1004 ASIC)

1

4

44

0

3

nukeykt

@nukeykt

5 years

@illusorywall @RetroGameAudio @a_p_0_c @kr_burke @plgDavid @Lizzard VRC7 research was part of my OPLL emulation project, which i more or less finished recently and released cycle accurate emulation core called Nuked OPLL

0

1

4

nukeykt

@nukeykt

8 months

@RCAVictorCo Here's how FC1004's YM3438 was patched

1

0

4

nukeykt

@nukeykt

2 years

@RCAVictorCo Counter bit for timers, andor is used to load counter value from registers. Literally this thing from NMOS chips lol

1

3

nukeykt

@nukeykt

1 year

@leo__oliveira @plutiedev @birt_shannon I have schematic from its integration into FC1004 asic. It uses BGACK/WAIT to detect DMA start and add extra refresh pulse and switches OE0 to CAS0. Have no idea what does latter, OE0 and CAS0 are same during DMA. Maybe something at the end of dma, dunno

0

4

nukeykt

@nukeykt

8 months

@1Cy001 it fills ram with nop and writes dumper code. dumper flags specific byte to tell that hack worked and just copies 128 bytes from specified address to dual port ram, which I then read back

0

1

nukeykt

@nukeykt

5 months

@leo__oliveira @RCAVictorCo @v9938 @goripon_tw also it adds some bullshit circuit to make bus arbiter broken in PAL mode lol (TPAL pin). It was never used in consoles with discrete YM6045C (always tied to 5v) afaik, but was later used in integrated bus arbiter in FC1004 to prevent VA7 consoles selling in PAL regions lol

1

0

4

nukeykt

@nukeykt

9 months

@travisgoodspeed Thanks I used the latter approach, this MCU uses modified 6502 as its core and only have 8kb of address space, thus chances hitting needed RAM space was pretty high

0

3

nukeykt

@nukeykt

5 months

@v9938 @leo__oliveira @RCAVictorCo @goripon_tw MD's bus arbiter size actually was dictated by pin count heh. Also I never seen yamaha gate arrays, their chips always were full custom

2

0

3

nukeykt

@nukeykt

2 years

my Z80 core passed all but one tests in ZEXALL

1

3

nukeykt

@nukeykt

6 years

@plgDavid @MrMadbrain Hey. I've also dumped rhythm patches from VRC7, and i suspect these patches match 2413's set. Can you confirm this?

Add rhythm preset · nukeykt/VRC7dump@a6492fd

github.com

1

0

3

nukeykt

@nukeykt

5 months

@leo__oliveira @v9938 @RCAVictorCo @goripon_tw Hmm, isn't gate array a tech where only metal layer is custom to interconnect underlying polysilicon/diffussion array to form logic elements?

2

0

3

nukeykt

@nukeykt

9 months

@Dave_Maynor Disabling power of the chip will cause PC register corrupt to randomish value. Since this is really simple 8 bit MCU with very small memory footprint (only 8kb), there's very high chances to point PC to ram address and execute it after lots of retries

1

0

3

nukeykt

@nukeykt

1 year

@travisgoodspeed @RCAVictorCo Is there high res version of die photos? Would love to finally implement YM2413 mode correctly in my VRC7 schematics and software emulator. I had to approximate some bits that were removed in VRC7. Thanks

1

0

3

nukeykt

@nukeykt

2 years

YM3438 netlist WIP. Top half and 1/3 of bottom are done

0

1

3

nukeykt

@nukeykt

8 months

@leo__oliveira yea, toshiba 24201F002

1

0

3

nukeykt

@nukeykt

2 years

@RCAVictorCo You probably can check decaps of other Yamaha chips of the same era(e.g YMF262 or Mega Drive YM7101 VDP). Also this might be useful

1

0

3

nukeykt

@nukeykt

2 years

@furrtek @RCAVictorCo Looks kinda similar to YM3812(OPL2), too few pads for YM2612 (uses all 24 pins)

1

3

nukeykt

@nukeykt

6 months

@RCAVictorCo duty cycle of output is only 25%. So 75% of times it outputs the "fixed" value biased toward sign value. Also if you mute channel, it will output fixed value all the time, but you'll still hear some sound coming out of it (e.g. EWJ2 moonlight sonata)

2

0

3

nukeykt

@nukeykt

6 months

@RCAVictorCo here it is, on YM2610 it is much smaller because encoder code was removed

0

3

nukeykt

@nukeykt

1 year

@whybrow_joel Already 😉 In fact my verilog z80 is directly based on my C emulation

GitHub - nukeykt/Nuked-MD: Cycle accurate Mega Drive emulator

Cycle accurate Mega Drive emulator. Contribute to nukeykt/Nuked-MD development by creating an account on GitHub.

github.com

1

0

2

nukeykt

@nukeykt

2 years

@icculus Heh, doom uses similar trick to pack texture coordinates into one variable. Build engine was doing something similar in its asm routines, but it was packing 4 variables in 3 cpu registers IIRC

0

2

nukeykt

@nukeykt

5 months

@leo__oliveira @RCAVictorCo @v9938 @goripon_tw yea, it integrates 315-5345(EDCLK + PSRAM fix), also it adds couple TMSS related decoders

2

0

2

nukeykt

@nukeykt

8 months

@leo__oliveira it's TC24SC201AF-002 in service manual, 24201F002 seems is shorter variant of that

0

2

nukeykt

@nukeykt

6 months

@RCAVictorCo well, "fixed". Because matrix resistance is not infinite it will cause some offset. This error then gets accummulated and cause infamous "ladder effect"

1

0

2

nukeykt

@nukeykt

5 months

@giuliozausa using native renderer commands, currently only have opengl and sdl2 renderer

0

2

nukeykt

@nukeykt

5 years

@Grauw @ym2413 Interesting, looks like it using test bits 2 and 0. Bit 2 resets phase accumulator on each iteration and thus phase gen. unit effectively outputs phase increment value which could be controlled using r #16 . Bit 0 forces env. gen to output zero attenuation value (e.g max volume)

2

1

2

nukeykt

@nukeykt

1 year

@RCAVictorCo @travisgoodspeed doing from scratch is more fun :D, my current workflow is label cell in inkscape and directly write C code. we can then double check our results though I don't have source images

1

0

2

nukeykt

@nukeykt

2 years

Added preliminary YM2612 mode

0

2

nukeykt

@nukeykt

2 years

@leo__oliveira @kumokosi Both are CMOS actually, FC1001 is just die shrink

1

0

2

nukeykt

@nukeykt

8 months

@TheOpenRift seems it uses completely different approach than my effort. i.e. it tries to interpret instrument defiinitions from rom chips, but otherwise it is completely custom code (similar to Munt). My approach is similar to MAME, i.e. emulate CPUs and PCM chip and run SC-55 firmware as is

0

2

nukeykt

@nukeykt

1 year

@furrtek @turboxray @Stanislav_Prh calculations I used for nuked-md. I've measured resistance between GND and VCC pins of VDP and then calculated overall resistance to GND and VCC for each level. Results is pretty close to what others measured using scope

int rgb_val_m5[18] = { 0, 18, 36, 54, 72, 91, 109, 127, 145, 163, 1 - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

0

2

nukeykt

@nukeykt

1 year

@RCAVictorCo looks like you missed ENVCNT.D1 inversion

1

0

2

nukeykt

@nukeykt

9 months

@1Cy001 part of internal ram is dual port and can be accessed by external device. I put custom code there. I used this ram for dumping as well, copying firmware piece by piece (this type of ram is 192 bytes only, firmware itself is 4096 bytes)

0

1

nukeykt

@nukeykt

6 years

@cr1901 @plgDavid Not quite YM2612, but i've wrote cycle accurate YM3438 emulator last year:

GitHub - nukeykt/Nuked-OPN2: Cycle-accurate Yamaha YM3438(YM2612) emulator

Cycle-accurate Yamaha YM3438(YM2612) emulator. Contribute to nukeykt/Nuked-OPN2 development by creating an account on GitHub.

github.com

1

2

nukeykt

@nukeykt

1 year

@furrtek @turboxray @Stanislav_Prh non-linearity is caused by the external voltage divider

1

0

2

nukeykt

@nukeykt

5 months

@travisgoodspeed @RCAVictorCo YM2608/YM2610/YM2612 one might be useful as well, bits are arranged differently than in YM3438/YM2413.

SEGAChips/FM/ym2612_sinrom.txt at main · emu-russia/SEGAChips

Reverse-engineering of SEGA chips. Contribute to emu-russia/SEGAChips development by creating an account on GitHub.

github.com

0

2

nukeykt

@nukeykt

1 year

@RocketFry Yup, it works like a charm with a few games I tried

1

0

2

nukeykt

@nukeykt

7 months

@richard_eng windows app that will listen to midi in stream and produce sound

0

2

nukeykt

@nukeykt

2 years

@RCAVictorCo here's schematic I did for this cell

1

2

nukeykt

@nukeykt

6 years

@mikepavone @DustinOfcYT FYI. This was 'fixed' only in ASIC YM3438 variant. Like YM2612 both discrete YM3438 and later YMF276 output correct status only when A0 and A1 pin states are zero. Thus these games have issues with YM3438 modded MD1.

1

0

2

nukeykt

@nukeykt

6 months

@RCAVictorCo

Moonlight Sonata (Villi People)- Earthworm Jim 2 Genesis on YM2612...

The first movement of Moonlight Sonata as played in Earthworm Jim 2 for the Sega Genesis. Recorded using an unfiltered YM2612 MegaAmp on a VA3 Model 2 Genesis.

www.youtube.com

0

2

nukeykt

@nukeykt

8 months

@RCAVictorCo Earthworm Jim and Sonic Spinball probably are prime examples exhibiting this issue

2

0

2