DEFCON19 lanyard and PDP-8 assembly, part 1

2011-08-15

So. Apparently the ones and zeroes on the DC19 lanyard constitute valid PDP-8 code.

Hmm.

I first thought (not sure if I heard this or inferred it) that only the part unnecessary to that incredible puzzle was PDP-8 code.

Here’s the text on the lanyard, with linebreaks instead of colons and asterisks instead of DEFCON logos (the entries with the logos are what’s required to complete the puzzle):

1110110000*01
0*11010010100
0110*10010011
1111000*00100
11*1101101000
*101010010000
111*000100001
01101001010*1
001010010*011
0010100*10100
011010*010011
11100*0000101
001010010100*
111010010*100
01001001*0101
1010100010001
111010000000o
0010100100115
1111000000107
000000000000
000000000000
000000000000

That leaves us with the following instructions to translate to PDP-8. The “o”, “5”, and “7” don’t obviously fit here, and if you also strip the trailing “1” at the end of the first entry, we get “1o57” - the creator of the puzzle. OK. But that’s still just 7 instructions (3 of which are just zeroes):

1010100010001
111010000000o
0010100100115
1111000000107
000000000000
000000000000
000000000000

However, if we take the first set of numbers and strip out the DEFCON logos, we get 15 more 12 bit entries, which yields a more interesting 22 instructions (again, 3 of which are zeroes):

111011000001
011010010100
011010010011
111100000100
111101101000
101010010000
111000100001
011010010101
001010010011
001010010100
011010010011
111000000101
001010010100
111010010100
010010010101
101010001000
111010000000
001010010011
111100000010
000000000000
000000000000
000000000000

To go further than that, I had to read more about the PDP-8. Brian Shelburne’s PDP-8 emulator not only is an emulator, but contains some really great and easy to read PDFs (only 85KB of the download is emulator; the rest is documentation).

Instructions with annotation

To understand what was going on, I went through and annotated these binary numbers with their octal equivalents and what Shelburne’s PDFs say their instructions mean. Some opening notes:

Below I have the instructions in monospace font in both binary and octal, followed by their assembly names. My notes are in bullet points beneath each one.

111011000001=7301o   cla, cll, iac
011010010100=3224o   dca, direct, current, 0010100=0024o
011010010011=3223o   dca, direct, current, 0010011=0023o
111100000100=7404o   osr
111101101000=7550o   sma, sza, 0/1
101010010000=5220o   jmp, direct, current, 0010000=0020o
111000100001=7041o   cma, iac
011010010101=3225o   dca, direct, current, 0010101=0025o
001010010011=1223o   tad, direct, current, 0010011=0023o
001010010100=1224o   tad, direct, current, 0010100=0024o
011010010011=3223o   dca, direct, current, 0010011=0023o
111000000101=7005o   ral, iac
001010010100=1224o   tad, direct, current, 0010100=0024o
111010010100=7224o   cla, cml, ral
010010010101=2225o   isz, direct, current, 0010101=0025o
101010001000=5210o   jmp, direct, current, 0001000=0010o
111010000000=7200o   cla
001010010011=1223o   tad, direct, current, 0010011=0023o
111100000010=7402o   hlt
000000000000=0000o
000000000000=0000o
000000000000=0000o

Running the code

So now you’ve got a list of instructions, some of which reference memory addresses (the ones with the 7 digit binary numbers that i converted into 4 digit octal numbers are memory addresses). What belongs at those addresses, though? On the PDP-8 you are responsible for deciding the address of each instruction, and I have no idea what 1o57 had in mind when he wrote this. I started out just putting all these instructions in to memory one after another starting with address 0000 and ending on 0025, and that has worked OK so far.

You can load the code like so:

When you step through the code like that, you see that there’s a JMP instruction, which I entered as 0005/5220, that just jumps over most of the code to memory address 0220, and nothing much interesting happens after that.

At first, I wasn’t sure if the code is doing all it is designed to do (“be valid PDP-8 code and also be part of the DEFCON19 puzzle”) or if there’s a way I was supposed to arrange it in memory so that running it does something more obviously interesting.

SR - the Switch Register

Also at first, I didn’t understand the osr instruction (0003/7404). Its description is “Or Switch Register with ACC”, but I didn’t realize that there is an actual register called the switch register (SR), which is a 12-bit (1-word) wide bank of physical switches on the PDP-8’s front panel. On the original device you programmed it by flipping 12 physical binary switches. In the emulator, you can program it in octal. It’s to the left of the main memory area on the debug screen, below the ACC. When we ran the code the first time, the SR was all zeroes.

This is where I’m at now. I haven’t really had time to work on this for a couple of days so hopefully tomorrow I can do something with it.

Music: Jóhann Jóhannsson - IBM 1401, A User’s Manual

Update: I’ve got a part 2 over here, where I finish the program but still have unanswered questions.