I have a Behringer LC2412 lighting console, and was interested in understanding how it works. The circuit diagram is available, which showed that it is based around a Fujitsu F2MC-16L microcontroller. I wanted to disassemble the firmware, so I wrote a disassembler. While I do have an EPROM programmer which is quite capable of reading out the code, firmware images are available to download from the manufacturer’s website.
I can’t publish the disassembled firmware here for obvious reasons, but the disassembler itself is another matter. If you would like to have a go at reverse engineering the firmware yourself, this will help you get going.
The LC2412 is wired up to the EPROM with two of the data lines swapped round. This is a small little utility to perform that bit swap in every byte. It’s just a simple filter - stdin to stdout. You will need to run this on LC2412 firmware images before passing them into the disassembler.
This is the disassembler itself.
The image to be disassembled must be called input.bin.
An optional file called input.labels will be read if it exists. This file contains simple label: address pairs and will cause labels to be used instead of addresses where a defined label matches an address that the disassembler is processing. This allows you to assign symbolic names to addresses and have the disassembler apply them throughout.
A typical workflow would be to run the disassembler once without the optional file and then add to input.labels as the disassembly progresses, re-running the disassembler from time to time in order to take advantage of the better annotated output.
Addresses are in hexadecimal. Each line starts with a label and then immediately a colon and one space. The address then follows. Nothing else must exist on the line. There is no provision for adding comments or other extraneous information.