This page is a mirror of Tepples' nesdev forum mirror (URL TBD).
Last updated on Oct-18-2019 Download

Free eBook: No More Secrets - NMOS 6510 Unintended Opcodes

Free eBook: No More Secrets - NMOS 6510 Unintended Opcodes
by on (#167994)


'Back in the days' so called 'illegal' opcodes were researched independently by different parties, and detail knowledge about them was considered 'black magic' for many conventional programmers. They first appeared in the context of copy protection schemes, so keeping the knowledge secret was crucial.

When some time later some of these opcodes were documented by various book authors and magazines, a lot of misinformation was spread and a number of weird myths were born. It took another few years until some brave souls started to systematically investigate each and every opcode, and until the mid 90s that Wolfgang Lorenz came up with his test suite that finally contained elaborated test programs for them.

Still, a few opcodes were considered witchcraft for a while (the so called 'unstable' ones), until other people finally de-capped an actual CPU and solved the remaining riddles.

This document tries to present the current state of the art in a readable form, and is in large parts the result of pasting existing documents together and editing them (see References)
Re: Free eBook: No More Secrets - NMOS 6510 Unintended Opcod
by on (#167996)
Is the 6510 identical to the 6502/2A03 in this respect?

It seems like any revision that adds something to the CPU would likely alter some of the out-of-gamut opcodes, unless maybe there are no changes to the instruction set?
Re: Free eBook: No More Secrets - NMOS 6510 Unintended Opcod
by on (#167997)
WARNING: I have not read the document linked therein.

WARNING #2: Below, I am speaking of 6502, and I am speaking generically about the architecture/CPU, not exclusively about the NES.

The biggest complexity with the "undocumented opcodes" nonsense on 6502 is that not all 6502s are the same. It's been well-established (i.e. no reverse-engineering, but actually comparing different 6502 chips from different manufacturers, ditto with their documentation) that some 6502 CPUs do in fact have opcodes that are considered official (I keep thinking Rockwell but I'm probably mistaken) -- in other words, and as this page's "some background" section explains, they don't all behave the same way. This plays a role if trying to do emulation of multiple systems or trying to develop software on a specific hardware that may have had different "brands" of 6502s used throughout its production lifetime.

Now back to the 6510: I too wonder the same thing rainwarrior does, re: if the 6510 has the same general complexities in this regard. There are many manufacturing types of 6510 too, hence the question (ex. MOS 6510 vs. MOS 8500 vs. MOS 7501/8501 vs. MOS 8502 vs. MOS 6510T).
Re: Free eBook: No More Secrets - NMOS 6510 Unintended Opcod
by on (#168003)
I imagine that so long as the manufacturing process remains NMOS (that is, not a 65C02), and the decode ROM is not materially changed, the unofficial opcodes most likely to break would be these:

The rest (described at Programming with unofficial opcodes) should be stable, as they don't rely on problematic special bus behavior other than than the AND behavior of bus conflicts in NMOS. Nor have there been any reports of breakage of these instructions in the decades since the discontinuation of mainstream products using the 6502 core. If there were a problem, we'd already have seen reports of Puzznic, Super Cars, and Dynowarz breaking on famiclones.
Re: Free eBook: No More Secrets - NMOS 6510 Unintended Opcod
by on (#168016)
I believe the 6510 (and 8500) is just a 6502 with the following additional features:

* Five to eight pins that are general purpose I/O; two registers internal to the 6510 are mapped to addresses 0 and 1, specifying what each of the six pins are doing.
* An external control that will disable the 6510's address bus drivers
* Some other external pins from the 6502 possibly not available.

It's still a fully-NMOS IC; it never made the jump to CMOS.

tepples wrote:
AHX (dd),Y ($93), TAS aaaa,Y ($9B), SHY aaaa,X ($9C), SHX aaaa,Y ($9E), AHX aaaa,Y ($9F), and LAS aaaa,Y ($BB) rely on H, a value left (or not left) on the special bus by the page wrapping circuit
I'm pretty certain that these instructions are stable, just of dubious utility.
EDIT: having now read the article, they're stable ... unless something toggles RDY, like DPCM DMA.