UniJoystiCle v0.2 coming soon

UniJoystiCle v0.2 coming soon.

Changes in v0.2:

  • [NEW] – ESP8266 device: supports 2 joysticks (uses three 4066 ICs instead of two
  • [NEW] – ESP8266 firmware uses AP mode by default. Uses SSID “unijosyticle” + last 2 bytes of mac address
  • [NEW] – iOS Client: Can be configured to use either joystick port
  • [NEW] – iOS Client: Auto-discover ESP8266 firmware using mDNS
  • [NEW] – iOS Client: UniJoystiCle mode also supports up, down and fire (jump)
  • [FIX] – Name: Renamed project from Uni-Joysti-Cle to UniJoystiCle (easier to search, shorter to type)
  • [FIX] – ESP8266 device: replaced NodeMCU LoLin with NodeMCU Amica
  • [FIX] – Sophisticated Glue Material: Uses gaffer tape, instead of duct tape

Continue reading “UniJoystiCle v0.2 coming soon”

Announcing the Uni-Joysti-Cle™

The Uni-Joysti-Cle™: The first and only solution to play Commodore 64 video games with your unicycle. Unique immersive experience, much better than VR.

It consists of five beautifully designed parts:

  • The Uni Games video game for the Commodore 64
  • The Uni-Joysti-Cle™ WiFi receiver, and its firmware
  • The Uni-Joysti-Cle™ smartphone application
  • A unicycle
  • Sophisticated glue material

Find all the information about this revolutionary device here: https://retro.moe/unijoysticle/

C64 Remote Controller: Prototype v0.1 works!…

…or How to use a 64-bit machine to control a Commodore 64.


No schematics or PCBs yet. But at least I have the materials that I’m using:

  • One Lolin NodeMCU (should work with any other ESP8266 that have at least five GPIOs)
  • Two 4066 ICs. I’m using this one.

…and this is the software that I’m using both for the NodeMCU firmware and the iOS client:

More info and upgrades coming soon.

Todo list:

  • Support two joysticks at the same time (for multiplayer games)
  • Support mouse
  • Support paddle
  • Save/Replay commands so that you can kind-of-replay your game
  • Service discovery so that you don’t have to hardcore the IP address

C64 Remote Controller: NodeMCU vs. Adafruit Huzzah vs. SparkFun Thing vs…

Requirements for the c64 controller

  • A micro-controller. I doesn’t need to be very powerful, just powerful enough to handle some UDP connections and configuring some GPIOs.
  • Flash-able firmware: If possible with support for Arduino IDE (or similar). C++ preferred. Micropython could be a nice backup plan.
  • WiFi
  • Some GPIOs

Which module to choose

There many alternatives, and these are the ones that I evaluated:

  • Arduino + WiFi shield or ESP8266: This is the first option that I evaluated thanks to different suggestions. But since the ESP8266 already comes with a flash-able firmware, there was no need to use the Arduino part. I discarded this option, but I liked the ESP8266 part.
  • Adafruit Huzzah breakout ($9.95) / Adafruit Feather Huzzah ($15.95): An ESP8266 based module. I like Adafruit products since they are very well tested, they give you support, have very good documentation. But they are usually on the pricy side. All ESP8266 boards are supported by the Arduino IDE which is a very good thing.  (I ordered one Feather Huzzah).
  • SparkFun ESP8266 Thing ($15.95): Similar to the Feather Huzzah.
  • NodeMCU (~$4.00): Very similar too Adafruit Huzzah and SparkFun ESP8266 Thing. I’m not sure who built the first module (Adafruit, SparkFun or NodeMCU), although I wouldn’t be surprised if NodeMCU was the first one. There is a lot of innovation in China in this area. NodeMCU comes with a firmware that supports Lua, which is nice for faster development. You should know that the Lua firmware could be installed in the other modules as well, and you can run C++ firmwares on NodeMCU as well. There are three different NodeMCU brands:
    • Amica: Which seems to be the official one, although I didn’t know this when I decided to buy the LoLin.
    • LoLin: It seems that it is no longer produced by WeMos. (I ordered one of this too).
    • DOIT: I know nothing about it.
  • Mini D1 (~$4.00): Another ESP8266-based module similar to the previous ones. It is produced by WeMos, the same as the NodeMCU LoLin. My theory is that WeMos realized that there was more money in trying to create their own ecosystem rather than just cloning NodeMCU. It has 11 GPIOs, instead of the 9 offered by Adafruit Huzzah, which is good (I ordered a few of this one too).
  • There were other alternatives, like the SparkFun Particle Photon ($19.00), based on non-ESP8266 micro-controllers. They were a bit more powerful, but also more expensive. And don’t support the Arduino IDE. So, for the moment I discarded them.

Continue reading “C64 Remote Controller: NodeMCU vs. Adafruit Huzzah vs. SparkFun Thing vs…”

The Uni Games – Part II. Reboot

A reboot was needed. I rewrote most of the code. The game is no longer called “The Muni Race”. Instead it is called “The Uni Games” since it will have more than one event (think of “Summer Games” but for unicycles. UNICON basically).

The game will have a more-retro look and feel than before. It will only use PETSCII chars, plus sprites. No redefined characters, no bitmaps. Pure PETSCII. Pure retro effects.

Continue reading “The Uni Games – Part II. Reboot”

VChar64 v0.0.12 released

New version, new features.



  • [NEW] Koala Import: supports importing subregions. Useful when 256 chars are not enough to import the whole bitmap
  • [NEW] Added unknown font. Ripped from here
  • [NEW] VICE snapshot import: Default charset address is the one that was used at the moment the snapshot was taken
  • [NEW] Save/Export: Plays one beep on success, two beeps on error
  • [NEW] Main Window: Status Bar shows the coordinates of the different widgets
  • [BUGFIX] Export: shows correct extension when browsing file
  • [BUGFIX] VICE/Koala Import: sets the name of the imported file in the tab
  • [BUGFIX] Koala Import: detects duplicates chars, making the conversion smaller

Disassembling 6502 code with Radare – Part II

Let’s crack a simple game. If you are not familiar with Radare, read Part I first.

Creating and opening a VICE Snapshot file

Let’s crack BC’s Quest For Tires since its copy-protection is easy to bypass.

Screen Shot 2015-12-09 at 3.03.39 PM
BC’s Quest For Tires copy protection
  • …the game has some kind of copy-protection. If we enter invalid codes, we won’t be able to play the game.

Since Radare supports VICE Snapshot File format, we can save an snapshot of the game, and analyze it with Radare.

  • In VICE, go to the menu, Snapshot -> Save Snapshot Image…
    • If we select “Save ROMs”, then the BASIC ROM and the KERNAL ROM will be saved inside the Snapshot file, and will be included as Radare sections.



Radare VICE Snapshot File (VSF) support lets us inspect:

  • The 64k RAM of the computer at the moment the snapshot was saved
  • The BASIC and KERNAL ROMs in case they were saved.

To open a VSF file, just pass the VSF file as the first argument:

$ r2 bc_copy_protection_screen.vsf

0x00005689 is the PC (program counter) at the moment the snapshot was saved.
Continue reading “Disassembling 6502 code with Radare – Part II”

Disassembling 6502 code with Radare – Part I

Radare is an open source portable reversing framework that can do many things, among those things it can disassemble 6502 code.

Download and install radare

  • First, download radare from github. You need a recent version in order to disassemble 6502 code.
  • And then install it by running sys/install.sh (or sys/user.sh for local installation):
$ git clone https://github.com/radare/radare2.git
$ cd radare2
$ ./sys/install.sh

Loading a c64 .prg

Radare has many command line options. But in order to load 6502 programs we need just two:

  • -a6502 to specify the 6502 architecture.
  • -mMemoryAddress to map the file to a certain memory address. Use 2047 for “normal” programs. Usually they start at $0801 (2049), but we have to subtract 2 from the .prg header.


$ r2 -a6502 -m2047 mygame.prg


Radare doesn’t have a GUI, like IDA. Instead is has a powerful command line interface (think of GDB). Example:

$ r2 -a6502 -m2047 musicplayer.prg

And 0x7ff (2047) is the seek address, meaning that all commands will use that address as the base address. Let’s print the first 32 bytes. (px = print hexa):

[0x000007ff]> px 32
offset   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x07ff  0108 0b08 3905 9e32 3036 3100 0000 78ad  ....9..2061...x.
0x080f  0ddc a212 a000 b9d4 1a99 f020 c8d0 f7ce  ........... ....

The “2061” that we see, is part of the BASIC “SYS 2061” command that usually appears in all C64 programs. So, let’s disassemble the first 12 instructions from 2061. (pd = print disassemble):

[0x000007ff]> pd 12 @ 2061
            0x0000080d    78             sei
            0x0000080e    ad0ddc         lda 0xdc0d
            0x00000811    a212           ldx #0x12
            0x00000813    a000           ldy #0x00
       ┌┌─> 0x00000815    b9d41a         lda 0x1ad4,y
       ││   0x00000818    99f020         sta 0x20f0,y
       ││   0x0000081b    c8             iny
       └──< 0x0000081c    d0f7           bne 0xf7
        │   0x0000081e    ce1708         dec 0x0817
        │   0x00000821    ce1a08         dec 0x081a
        │   0x00000824    ca             dex
        └─< 0x00000825    d0ee           bne 0xee

In case we don’t know the meaning of a certain opcode, we can print its description with ?d:

[0x00000815]> ?d sei
set interrupt disable status

Or if we want to print the description in every disassembled line, we can do:

e asm.describe=true

And then disassemble again:

[0x0000080e]> pd 12 @2061
    0x080d  78        sei           ; set interrupt disable status
    0x080e  ad0ddc    lda 0xdc0d    ; load accumulator with memory
    0x0811  a212      ldx #0x12     ; load index x with memory
    0x0813  a000      ldy #0x00     ; load index y with memory
┌─> 0x0815  b9d41a    lda 0x1ad4,y  ; load accumulator with memory
│   0x0818  99f020    sta 0x20f0,y  ; store accumulator in memory
│   0x081b  c8        iny           ; increment index y by one
└─< 0x081c  d0f7      bne 0xf7      ; branch on result not zero
    0x081e  ce1708    dec 0x0817    ; decrement memory by one
    0x0821  ce1a08    dec 0x081a    ; decrement memory by one
    0x0824  ca        dex           ; decrement index x by one
    0x0825  d0ee      bne 0xee      ; branch on result not zero

For more disassembling options just type p?
Continue reading “Disassembling 6502 code with Radare – Part I”