Hacker News new | comments | show | ask | jobs | submit login
Reverse engineering the 76477 “Space Invaders” sound effect chip from die photos (righto.com)
207 points by krosaen 204 days ago | hide | past | web | 45 comments | favorite



Pretty amazing! Reminds the article from 2002 which had to be one of the biggest Slashdot moment for me, from somebody who wrote code to play music from a scanned image of an LP.

http://www.cs.huji.ac.il/~springer/DigitalNeedle/index.html


That's interesting, the guy says in that post the he assumes the depth modulation is one channel and the side-to-side is the other channel for a stereo recording. But actually they're both at 45 degrees[1]. It's a clever system because not only does it encode two channels with some of the "better" side-to-side movement (up/down is harder to get fidelity out of), it comes out that that the sum of the channels causes side-to-side movement while the difference causes up and down, so they play on old mono record players as well.

I wonder what his code actually did, and if maybe he could have got a better result.

[1] http://www.vinylrecorder.com/stereo.html


It's amazing that someone would go through all that trouble and get that detail wrong. There is also the RIAA correction curve to take care of (that was my first encounter with that acronym). The sound played back is pretty eerie, probably some day some alien somewhere will replay our planet earth gold plated recording like that and wonder why our sound encoding sucks if at the same time we can make spacecraft.

See also:

http://irene.lbl.gov/

There was also this:

https://en.wikipedia.org/wiki/Laser_turntable

They were about to go mainstream when the CD happened.


Good point.

For anyone who doesn't know about the EQ curve on records, it's basically a big bass cut and a big treble boost. Bass causes huge wobbles in the groove so it's cut, and treble is hard to pick up, so it's boosted. Then you just do the reverse on playback.

Also a good point that there's nothing on the Voyager record instructions about this...


Ah, apparently that work was re-invented a decade later:

Some of the world’s earliest disc recordings, dating from the late 1880’s, exist today only as pictures in books or magazines. The discs themselves were lost long ago, leaving little hope that their sounds could ever be heard again.

But sound media historian Patrick Feaster has developed a method for extracting sound from these prints, bringing to life rare audio content thought lost to history. Feaster, who works for the campus Media Preservation Initiative, discovered one such print in an 1890 German periodical housed in the stacks at Indiana University Bloomington’s Wells Library. It represents the oldest gramophone-type recording available anywhere for listening today — the earliest audible ancestor of all of the world’s vintage vinyl. By “playing” the inked spiral, we can again hear the voice of gramophone inventor Emile Berliner reciting the poem Der Handschuh by Friedrich Schiller.

https://mediapreservation.wordpress.com/2012/06/20/extractin...


Ironically, it is no longer possible to listen to the audio in that webpage.



Interesting article. AFAIK reverse-engineering mixed-signal or analog ICs is far less common and more difficult than digital ones, since the transistor sizes and shapes are more critical in analog parts as are the resistors and other passives; there isn't much in the way of standard cells (which can be easily reverse-engineered using something like http://www.degate.org/ ) and the layout is more critical so it is often done with less automation assistance.


I have the advantage that I'm just reverse engineering the circuit to understand it; I'm not trying to re-create it. So I can just ignore transistor size, layout, etc :-)


I wonder how difficult it would be to re-create it in software? It'd be cool to emulate it similar to tlb's XAnalogTV.

https://github.com/katahiromz/XScreenSaverWin/blob/master/no...

https://www.youtube.com/watch?v=_ODQ_lHRMXo



AFAIK MAME's accuracy leaves a lot to be desired with respect to anything involving analog signal paths. For example, the sound system used in the Sente SAC-1 hardware is based on the CEM3394 chip, also seen in several pro synths of the era. The emulation does play sound, but last I checked, there wasn't any filter emulation, so it poorly represents the audio of those games.

Edit: And I wouldn't expect the situation to change soon. Accurate analog emulation is something commercial VST plugin makers have been working on for years, and they've come "close enough for most people", but the time spent on algorithm development and optimizing CPU usage is quite high.


That was my first thought too. My second thought was that the most effective recreation would be to build a SPICE model [1], and whether that SPICE model could run in near real time on a modern CPU. A simple SPICE model should be straightforward based on the circuits in the article.

From memory, the SPICE transistor models take things such as transistor feature sizes as parameters, so it might be possible to get a surprisingly accurate model from the die photo?

[1] https://en.wikipedia.org/wiki/SPICE


Not easy, as would be even recreating it in hardware. This is the analog world where tolerances, stray capacitance and unpredictable small differences in gain or frequency response make every circuit behaviour slightly different even though it uses the same exact parts and layout. A good enough digital recreation of that circuit would be possible only if it could sample the imperfections of a real chip, and to be believable it should probably analyze a hundred chips to get what parameters are changed during production and how much.


Great writeup!

Is there any way to determine the values of the resistors and capacitors on the die based on their geometry, or would someone have to build up a standalone circuit and experiment until coming up with something that sounded similar? Can a person at least infer one value from another by the ratio of the geometries, like one resistor being 2x another if it were twice as long?

BTW, I built up a perfboard with this chip and a pile of resistors, capacitors, and potentiometers many moons ago. Just tore it down a short while ago. 76477 was also my Automated Teller Machine password for a lot of years.


The resistance is proportional to the length/width ratio as you suspect. You can find resistance numbers for doped silicon, but the value depends on the doping level. So you can get a rough idea.

Because resistances can vary 20% from chip to chip, analog circuits generally are designed so the ratio of two resistances controls things, rather than the absolute resistance. So you probably don't need to figure out the absolute resistance.


Well… you can't really ignore sizes, with mixed-signal ICs. Transistor sizes determine current flow, which will ultimately determine things like pitch, duty cycle, etc. You at least need to know in differential pairs and current mirrors the ratio between the involved transistors…


Did you happen to notice how many shift-register stages made up the PRNG for the white-noise output? I'm sure I've got one of the chips on hand, so (eventually) I can 'scope the output for a good guess, but it'd be good to have a more immediate eyewitness report.


I figured out the shift-register circuit, but decided to write up the digital logic separately since the blog post was already very long. It's a 32-stage nonlinear feedback shift register. The sequence repeats after 56883 steps, which is a lot less than 2^32, so it seems to me they aren't making good use of the stages. The output takes a while to get going: it is high for 30 clocks and low for 31 locks before oscillating. I don't like to criticize, but it doesn't really look like a good design to me. The digital mixer is also pointlessly complex.


> it is high for 30 clocks and low for 31 locks before oscillating.

That's bad if you want white noise, but maybe the transients were put there intentionally? They could have a musical purpose.

EDIT: This is assuming the white noise generator resets for every sound. Is that the case?


How is it non-linear? Is it basically addition of combinational logic at feedback inputs?


With a linear feedback shift register, the input is the XOR of some stage outputs. (XOR is linear when considered mathematically since it's basically bitwise addition.) If you use other logic functions, then it's nonlinear. The 76477 uses a combination of XOR and NAND, making it nonlinear. The disadvantage of a linear feedback shift register is it can get stuck at all zeros. But the 76477's shift register gets set by the inhibit line, so it couldn't get stuck. So I really don't know why they used a nonlinear circuit. As far as I can tell, it just makes the performance worse.


I see, that's pretty interesting. They could have gotten a much better period had they just used a standard primitive polynomial for a 32-bit LFSR.


They could have made the chip a lot smaller (= cheaper to produce). For the period they actually achieved, they could have gotten away with a 16-bit LFSR, requiring half the die area for that function (which looks like it was quite significant).


16 isn't a good size according to the Rosenberg paper (http://www.cs.miami.edu/~burt/learning/Csc609.022/random_num...) but 15 and 17 are sizes you could program an ATtiny45 to generate if you just wanted that quality of noise. I'm going to be real interested in trying out the actual noise-generator logic in the follow-up article to see if I can hear any useful tonal difference. Maybe they were just frustrated by hardware that kept drifting into the forbidden state and brute-forced it until it couldn't; I've had that happen with PRNGs I built with series-4000 CMOS logic and xgates. Stay tuned, I guess.


This isn't crypyography; probably the listener won't notice the difference.


What I'm talking about would need almost zero extra work.


Honestly, after reading the title I was hoping for an article describing a full reverse engineering :(. Still very interesting nonetheless, good work!


I played with that chip as a kid, probably still have it somewhere but not in good condition as I recall it becoming very hot during operation. One day I built the full demonstration circuit similar to the one in this pic.

https://upload.wikimedia.org/wikipedia/commons/4/42/76477_De...

It took forever to finish as I wasn't that skilled at the time and the number of switches and pots was simply beyond everything I had soldered before, but I managed to succeed it and spent some good evenings playing with its effects.


Hah! super cool I didn't catch the chip ID in the title right away but then I read your comment and I immediately knew what chip it was. I built the same reference circuit, and remember scrounging pots and switches from many tv's and radios hauled home from the garbage.


Fun, I used to build various things with the 76495 (http://robotics.mcmanis.com/resource/rs_sn76495.pdf) and I'm not sure what exactly is different between the two, apparently there were at least 3 'complex sound generators' in the TI family( '477, '488, '495 ). When RadioShack discontinued them I bought 6 or 7 of them from the discount table for 50 cents each.

Of course these days you'd use a microprocessor to generate all of the sounds these could do. But it would still be fun to build the sound effects kit that RS use to sell.


> I'm not sure what exactly is different between the two

The 76477 (http://www.vgmpf.com/Wiki/images/4/40/SN76477_-_Manual.pdf) has more pins and uses them to bring out more of the controls. The noise-clock in particular is controllable by anything that sinks its 'resistor' pin's current to ground, so a simple NPN sink driven by a slow sawtooth will smoothly vary the noise output from a 'tiktiktik' to a roar. The 76495 doesn't make that control available.


This chip was for sale on BG Micro as recently as 2008 -- I wonder who ordered a production run? http://www.popsci.com/diy/article/2008-12/complex-sound-gene...


I picked up a few during that run, as I remembered picking one up from Radio Shack in the 80s and having fun with it. A really delightful chip to explore, you can get so much out of it just messing around with RC circuits for the various timings. The original docs are quite opaque; just a few minutes with this new article is really revealing.


I've wondered that, too! Even considering the low complexity, that's a couple of 100k investment, at least.

Can anyone here approximate the cost to re-produce this chip ten years ago? I mean, it's not very complex, but it is analog and it couldn't have been cheap. Maybe someone had to find a use for an old machine that had nothing to do anymore? That could explain it.


They most likely found a source for NOS (new old stock) chips. I find it highly unlikely that they started another run.

Considering the age of the chip, the masks are probably not even available in a digital format and the fab that made it had been shut down a long time ago. Recreating these processes is a massive undertaking that takes a lot of manpower.


you can currently pick them up from aliexpress.


Nice article. Unbelievable how simple this chip is. Try reverse engineering an ARM Cortex, Intel i7 or a Geforce 10 GPU, you'll never understand how it works completely, even if if you have a billion dollars to spend.


Well, the ARM-1 is simple enough to understand [1], so the ARM Cortex might be comprehensible, depending on how much crazy stuff they added. But I suspect even at Intel nobody entirely understands the i7.

[1] http://www.righto.com/2015/12/reverse-engineering-arm1-ances...


Bear in mind that 'Cortex' covers every modern ARM chip right the way from a tiny (~12,000 gates) microcontroller like the Cortex-M0 up to high performance 64 bit designs like the Cortex-A73, so it isn't a label that tells you anything about complexity...


You're right, I just checked out the older ARM Cortex, like M0 and such, and they don't look very complex. It probably get's messy once you have more advanced features like a cache, branch prediction, power saving etc. I really don't want to see the internals of a modern Intel/AMD CPU, or even an IBM one. Nobody can ever fully understand how it works starting at the lowest level, there are just too many features in there.


Wow. I still have one of these chips on a board somewhere I built from a Radio Shack kit. Good times.


Every single time I feel smarter, Hacker News manages to show me something I can't fathom.


That's also age.


Completely over my head but still interesting.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: