The Tektronix 2400-series analog oscilloscopes are arguably the best portable analog scopes ever built. I have two scopes from the series, a 2465 and a 2467, the latter of which is my favorite for general spelunking. The 2467 has the counter-timer (CTT) option, which is quite handy, as it provides a counter and all kinds of timing functions. Unfortunately there is a bug in the firmware, whereby the on-screen display brightness seems to go to max whenever I bring up the CTT menu.

At one point, I decided to try and disassemble the firmware ROMs. Perhaps I’d be able to find and fix the bug, as it seems Tektronix is no longer accepting bug reports or user complaints for these scopes.

This has turned into a bit of an odyssey, and this site exists to document some of my travails. Perhaps you will find it useful, or if not, at least amusing.

Posts

  • Jul 3, 2024

    Be vewy vewy quiet, I'm hunting stwings

    After I’d written the MC6800 language spec and the Ghidra Plugin, and after decoding the OSD alphabet, it was time to go hunting for OSD strings. Walking through the power-on-self-test (POST) routines is relatively straightforward and eventually leads to code that writes to the OSD.

  • Jun 24, 2024

    Banking, banking, do all your banking here

    The 2465 has a very simple memory map that allows for only 32k of ROM firmware code. However, from the 2465A/2467 forward, the memory map is banked to allow for more code. The 2465A allows 32k+3*24k or 104k of code, the 2465B early allows 32k+5*24k or 128k of code, while the 2465B late (with the SMD A5 board) allows 8k+8*16k, or 136k of code.

  • Jun 20, 2024

    MAME Emulator

    Around December 2021 I had Ghidra disassembling MC6800 object code. The language spec was however still broken in important ways and the disassembly would derail pretty quickly. I got to wonder if there might be an “easier way”; imagine if I could observe the firmware running, trace and debug it.

  • Jun 18, 2024

    MC6800 limitations

    When I first started reading the disassembled code from the 2465, I was surprised at how it was structured. I grew up on the Z80, which, while only a couple of years “younger” than the MC6800, has a lot of additional instruction set features that I didn’t know to miss until I started reading MC6800 code.

  • Jun 18, 2024

    Disassembling the 2465

    Ghidra was the obvious tool to use for reversing the 2465 firmware, as Ghidra is a powerful free reverse-engineering tool. I installed the latest version of Ghidra at the time, loaded up one of the 2465 ROM images and looked for an MC6800 disassembler.

  • Jun 17, 2024

    On Screen Display (OSD) Alphabet

    Strings can often provide solid clues or anchors when reversing code, as the strings referenced often give away the purpose of a piece of code in human-readable terms. The problem with the 2465 readout system, in this respect, is that the strings are all written in the readout system’s alphabet.

subscribe via RSS