Skip to main content
Topic: One Bus Pirate programs another (Read 1550 times) previous topic - next topic

One Bus Pirate programs another

Here is the programming spec for the 24fj64ga002: ... 39768d.pdf

We're using the normal ICSP mode (page 12 of the datasheet) because it doesn't require interrupt feedback (enhanced ICSP signals command done with a 15uS drop of the PGD line).

Basically we need to enter ICSP (page 15) mode
Then clock in PIC ASM instructions (page 13) to read chip ID, erase chip, write and read memory.
There are also detailed examples on page 17-19 and 23-26 of the datasheet.

Our initial app that puts the Bus Pirate in binary mode (raw2wire), puts a PIC24F in ICSP mode, and tries to erase the chip. That will hopefully be the proof of concept. After that I plan to work on reading and writing.

I think this stuff from page 13 of the programming reference is really important.

Coming out of Reset, the first 4-bit control code is
always forced to SIX and a forced NOP instruction is
executed by the CPU. Five additional PGCx clocks are
needed on start-up, resulting in a 9-bit SIX command
instead of the normal 4-bit SIX command.
After the forced SIX is clocked in, ICSP operation
resumes as normal. That is, the next 24 clock cycles
load the first instruction word to the CPU. Differences Between Execution of
SIX and Normal Instructions
There are some differences between executing instructions
normally and using the SIX ICSP command. As a
result, the code examples in this specification may not
match those for performing the same functions during
normal device operation.
The important differences are:
• Two-word instructions require two SIX operations
to clock in all the necessary data.
Examples of two-word instructions are GOTO and
• Two-cycle instructions require two SIX operations.
The first SIX operation shifts in the instruction and
begins to execute it. A second SIX operation – which
should shift in a NOP to avoid losing data – provides
the CPU clocks required to finish executing the
Examples of two-cycle instructions are table read
and table write instructions.
• The CPU does not automatically stall to account
for pipeline changes.
A CPU stall occurs when an instruction modifies a
register that is used for Indirect Addressing by the
following instruction.
During normal operation, the CPU automatically
will force a NOP while the new data is read. When
using ICSP, there is no automatic stall, so any
indirect references to a recently modified
register should be preceded by a NOP.
For example, the instructions, mov #0x0,W0 and
mov [W0],W1, must have a NOP inserted
between them.
If a two-cycle instruction modifies a register that is
used indirectly, it will require two following NOPs: one
to execute the second half of the instruction and a
second to stall the CPU to correct the pipeline.
Instructions such as tblwtl [W0++],[W1]
should be followed by two NOPs.
• The device Program Counter (PC) continues to
automatically increment during ICSP instruction
execution, even though the Flash memory is not
being used.
As a result, the PC may be incremented to point to
invalid memory locations. Invalid memory spaces
include unimplemented Flash addresses and the
vector space (locations 0x0 to 0x1FF).
If the PC points to these locations, the device will
reset, possibly interrupting the ICSP operation. To
prevent this, instructions should be periodically
executed to reset the PC to a safe space. The
optimal method to accomplish this is to perform a
GOTO 0x200.
Got a question? Please ask in the forum for the fastest answers.

Re: One Bus Pirate programs another

Reply #1
crospost from the blog:

Just by looking at the timing diagram (dunno the timingscale) but according to the specs you need to wait at least 26 (25+1 (p7+p19)). It looks like it is too short. Alternatively you could send blink a led code instead of the erase flash command. e.g.

goto 0×0200
bset portb, 1