Microcontroller reverse engineer
Microcontroller reverse engineer
Everything they make, We can break! 
  HOME COMPANY PCB COPY MCU CRACK FAQ CONTACT US
Disassembler Software   
WHY US ?
World first mcu hack company
In business since 1998
Reversed tens of thousands of chips
Copied thousands of pcbs
Foreseen all pertential problems
Integrity with payments
crack ic
 
 
Architecture and programming of 8051 MCU's for reverse engineering

Chapter 3 : The 8051 Instruction Set

Introduction

The process of writing program for the microcontroller mainly consists of giving instructions (commands) in the specific order in which they should be executed in order to carry out a specific task. As electronics cannot “understand” what for example an instruction “if the push button is pressed- turn the light on” means, then a certain number of simpler and precisely defined orders that decoder can recognise must be used. All commands are known as INSTRUCTION SET. All microcontrollers compatibile with the 8051 have in total of 255 instructions, i.e. 255 different words available for program writing.

At first sight, it is imposing number of odd signs that must be known by heart. However, It is not so complicated as it looks like. Many instructions are considered to be “different”, even though they perform the same operation, so there are only 111 truly different commands. For example: ADD A,R0, ADD A,R1, ... ADD A,R7 are instructions that perform the same operation (additon of the accumulator and register). Since there are 8 such registers, each instruction is counted separately. Taking into account that all instructions perform only 53 operations (addition, subtraction, copy etc.) and most of them are rarely used in practice, there are actually 20-30 abbreviations to be learned, which is acceptable.

3.1 Types of instructions

Depending on operation they perform, all instructions are divided in several groups:

  • Arithmetic Instructions
  • Branch Instructions
  • Data Transfer Instructions
  • Logic Instructions
  • Bit-oriented Instructions

The first part of each instruction, called MNEMONIC refers to the operation an instruction performs (copy, addition, logic operation etc.). Mnemonics are abbreviations of the name of operation being executed. For example:

  • INC R1 - Means: Increment register R1 (increment register R1);
  • LJMP LAB5 - Means: Long Jump LAB5 (long jump to the address marked as LAB5);
  • JNZ LOOP - Means: Jump if Not Zero LOOP (if the number in the accumulator is not 0, jump to the address marked as LOOP);

The other part of instruction, called OPERAND is separated from mnemonic by at least one whitespace and defines data being processed by instructions. Some of the instructions have no operand, while some of them have one, two or three. If there is more than one operand in an instruction, they are separated by a comma. For example:

  • RET - return from a subroutine;
  • JZ TEMP - if the number in the accumulator is not 0, jump to the address marked as TEMP;
  • ADD A,R3 - add R3 and accumulator;
  • CJNE A,#20,LOOP - compare accumulator with 20. If they are not equal, jump to the address marked as LOOP;

Arithmetic instructions

Arithmetic instructions perform several basic operations such as addition, subtraction, division, multiplication etc. After execution, the result is stored in the first operand. For example:

ADD A,R1 - The result of addition (A+R1) will be stored in the accumulator.

Arithmetic Instructions
Mnemonic Description Byte Cycle
ADD A,Rn Adds the register to the accumulator 1 1
ADD A,direct Adds the direct byte to the accumulator 2 2
ADD A,@Ri Adds the indirect RAM to the accumulator 1 2
ADD A,#data Adds the immediate data to the accumulator 2 2
ADDC A,Rn Adds the register to the accumulator with a carry flag 1 1
ADDC A,direct Adds the direct byte to the accumulator with a carry flag 2 2
ADDC A,@Ri Adds the indirect RAM to the accumulator with a carry flag 1 2
ADDC A,#data Adds the immediate data to the accumulator with a carry flag 2 2
SUBB A,Rn Subtracts the register from the accumulator with a borrow 1 1
SUBB A,direct Subtracts the direct byte from the accumulator with a borrow 2 2
SUBB A,@Ri Subtracts the indirect RAM from the accumulator with a borrow 1 2
SUBB A,#data Subtracts the immediate data from the accumulator with a borrow 2 2
INC A Increments the accumulator by 1 1 1
INC Rn Increments the register by 1 1 2
INC Rx Increments the direct byte by 1 2 3
INC @Ri Increments the indirect RAM by 1 1 3
DEC A Decrements the accumulator by 1 1 1
DEC Rn Decrements the register by 1 1 1
DEC Rx Decrements the direct byte by 1 1 2
DEC @Ri Decrements the indirect RAM by 1 2 3
INC DPTR Increments the Data Pointer by 1 1 3
MUL AB Multiplies A and B 1 5
DIV AB Divides A by B 1 5
DA A Decimal adjustment of the accumulator according to BCD code 1 1

Branch Instructions

There are two kinds of branch instructions:

Unconditional jump instructions: upon their execution a jump to a new location from where the program continues execution is executed.

Conditional jump instructions: a jump to a new program location is executed only if a specified condition is met. Otherwise, the program normally proceeds with the next instruction.

Branch Instructions
Mnemonic Description Byte Cycle
ACALL addr11 Absolute subroutine call 2 6
LCALL addr16 Long subroutine call 3 6
RET Returns from subroutine 1 4
RETI Returns from interrupt subroutine 1 4
AJMP addr11 Absolute jump 2 3
LJMP addr16 Long jump 3 4
SJMP rel Short jump (from –128 to +127 locations relative to the following instruction) 2 3
JC rel Jump if carry flag is set. Short jump. 2 3
JNC rel Jump if carry flag is not set. Short jump. 2 3
JB bit,rel Jump if direct bit is set. Short jump. 3 4
JBC bit,rel Jump if direct bit is set and clears bit. Short jump. 3 4
JMP @A+DPTR Jump indirect relative to the DPTR 1 2
JZ rel Jump if the accumulator is zero. Short jump. 2 3
JNZ rel Jump if the accumulator is not zero. Short jump. 2 3
CJNE A,direct,rel Compares direct byte to the accumulator and jumps if not equal. Short jump. 3 4
CJNE A,#data,rel Compares immediate data to the accumulator and jumps if not equal. Short jump. 3 4
CJNE Rn,#data,rel Compares immediate data to the register and jumps if not equal. Short jump. 3 4
CJNE @Ri,#data,rel Compares immediate data to indirect register and jumps if not equal. Short jump. 3 4
DJNZ Rn,rel Decrements register and jumps if not 0. Short jump. 2 3
DJNZ Rx,rel Decrements direct byte and jump if not 0. Short jump. 3 4
NOP No operation 1 1

Data Transfer Instructions

Data transfer instructions move the content of one register to another. The register the content of which is moved remains unchanged. If they have the suffix “X” (MOVX), the data is exchanged with external memory.

Data Transfer Instructions
Mnemonic Description Byte Cycle
MOV A,Rn Moves the register to the accumulator 1 1
MOV A,direct Moves the direct byte to the accumulator 2 2
MOV A,@Ri Moves the indirect RAM to the accumulator 1 2
MOV A,#data Moves the immediate data to the accumulator 2 2
MOV Rn,A Moves the accumulator to the register 1 2
MOV Rn,direct Moves the direct byte to the register 2 4
MOV Rn,#data Moves the immediate data to the register 2 2
MOV direct,A Moves the accumulator to the direct byte 2 3
MOV direct,Rn Moves the register to the direct byte 2 3
MOV direct,direct Moves the direct byte to the direct byte 3 4
MOV direct,@Ri Moves the indirect RAM to the direct byte 2 4
MOV direct,#data Moves the immediate data to the direct byte 3 3
MOV @Ri,A Moves the accumulator to the indirect RAM 1 3
MOV @Ri,direct Moves the direct byte to the indirect RAM 2 5
MOV @Ri,#data Moves the immediate data to the indirect RAM 2 3
MOV DPTR,#data Moves a 16-bit data to the data pointer 3 3
MOVC A,@A+DPTR Moves the code byte relative to the DPTR to the accumulator (address=A+DPTR) 1 3
MOVC A,@A+PC Moves the code byte relative to the PC to the accumulator (address=A+PC) 1 3
MOVX A,@Ri Moves the external RAM (8-bit address) to the accumulator 1 3-10
MOVX A,@DPTR Moves the external RAM (16-bit address) to the accumulator 1 3-10
MOVX @Ri,A Moves the accumulator to the external RAM (8-bit address) 1 4-11
MOVX @DPTR,A Moves the accumulator to the external RAM (16-bit address) 1 4-11
PUSH direct Pushes the direct byte onto the stack 2 4
POP direct Pops the direct byte from the stack/td> 2 3
XCH A,Rn Exchanges the register with the accumulator 1 2
XCH A,direct Exchanges the direct byte with the accumulator 2 3
XCH A,@Ri Exchanges the indirect RAM with the accumulator 1 3
XCHD A,@Ri Exchanges the low-order nibble indirect RAM with the accumulator 1 3

Logic Instructions

Logic instructions perform logic operations upon corresponding bits of two registers. After execution, the result is stored in the first operand.

Logic Instructions
Mnemonic Description Byte Cycle
ANL A,Rn AND register to accumulator 1 1
ANL A,direct AND direct byte to accumulator 2 2
ANL A,@Ri AND indirect RAM to accumulator 1 2
ANL A,#data AND immediate data to accumulator 2 2
ANL direct,A AND accumulator to direct byte 2 3
ANL direct,#data AND immediae data to direct register 3 4
ORL A,Rn OR register to accumulator 1 1
ORL A,direct OR direct byte to accumulator 2 2
ORL A,@Ri OR indirect RAM to accumulator 1 2
ORL direct,A OR accumulator to direct byte 2 3
ORL direct,#data OR immediate data to direct byte 3 4
XRL A,Rn Exclusive OR register to accumulator 1 1
XRL A,direct Exclusive OR direct byte to accumulator 2 2
XRL A,@Ri Exclusive OR indirect RAM to accumulator 1 2
XRL A,#data Exclusive OR immediate data to accumulator 2 2
XRL direct,A Exclusive OR accumulator to direct byte 2 3
XORL direct,#data Exclusive OR immediate data to direct byte 3 4
CLR A Clears the accumulator 1 1
CPL A Complements the accumulator (1=0, 0=1) 1 1
SWAP A Swaps nibbles within the accumulator 1 1
RL A Rotates bits in the accumulator left 1 1
RLC A Rotates bits in the accumulator left through carry 1 1
RR A Rotates bits in the accumulator right 1 1
RRC A Rotates bits in the accumulator right through carry 1 1

Bit-oriented Instructions

Similar to logic instructions, bit-oriented instructions perform logic operations. The difference is that these are performed upon single bits.

Bit-oriented Instructions
Mnemonic Description Byte Cycle
CLR C Clears the carry flag 1 1
CLR bit Clears the direct bit 2 3
SETB C Sets the carry flag 1 1
SETB bit Sets the direct bit 2 3
CPL C Complements the carry flag 1 1
CPL bit Complements the direct bit 2 3
ANL C,bit AND direct bit to the carry flag 2 2
ANL C,/bit AND complements of direct bit to the carry flag 2 2
ORL C,bit OR direct bit to the carry flag 2 2
ORL C,/bit OR complements of direct bit to the carry flag 2 2
MOV C,bit Moves the direct bit to the carry flag 2 2
MOV bit,C Moves the carry flag to the direct bit 2 3

3.2 Description of all 8051 instructions

Here is a list of the operands and their meanings:

  • A - accumulator;
    Rn - is one of working registers (R0-R7) in the currently active RAM memory bank;
  • Direct - is any 8-bit address register of RAM. It can be any general-purpose register or a SFR (I/O port, control register etc.);
  • @Ri - is indirect internal or external RAM location addressed by register R0 or R1;
  • #data - is an 8-bit constant included in instruction (0-255);
  • #data16 - is a 16-bit constant included as bytes 2 and 3 in instruction (0-65535);
  • addr16 - is a 16-bit address. May be anywhere within 64KB of program memory;
  • addr11 - is an 11-bit address. May be within the same 2KB page of program memory as the first byte of the following instruction;
  • rel - is the address of a close memory location (from -128 to +127 relative to the first byte of the following instruction). On the basis of it, assembler computes the value to add or subtract from the number currently stored in the program counter;
  • bit - is any bit-addressable I/O pin, control or status bit; and
  • C - is carry flag of the status register (register PSW).

ACALL addr11 - Absolute subroutine call

addr11: Subroutine address

Description: Instruction unconditionally calls a subroutine located at the specified code address. Therefore, the current address and the address of called subroutine must be within the same 2K byte block of the program memory, starting from the first byte of the instruction following ACALL.

Syntax: ACALL [subroutine name];
Bytes: 2 (instruction code, subroutine address);
STATUS register flags: No flags are affected.

EXAMPLE:

ACALL

Before execution: PC=0123h
After execution: PC=0345h

ADD A,Rn - Adds the register Rn to the accumulator

A: accumulator
 Rn: any R register (R0-R7)

Description: Instruction adds the register Rn (R0-R7) to the accumulator. After addition, the result is stored in the accumulator.

Syntax: ADD A,Rn;
Byte: 1 (instruction code);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADD A,Rn

Before execution: A=2Eh (46 dec.) R4=12h (18 dec.)
After execution: A=40h (64 dec.) R4=12h

ADD A,@Ri - Adds the indirect RAM to the accumulator

A: accumulator
 Ri: Register R0 or R1

Description: Instruction adds the indirect RAM to the accumulator. Address of indirect RAM is stored in the Ri register (R0 or R1). After addition, the result is stored in the accumulator.

Syntax: ADD A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADD A,@Ri

Register address: SUM = 4Fh R0=4Fh
Before execution: A= 16h (22 dec.) SUM= 33h (51 dec.)
After execution : A= 49h (73 dec.)

ADD A,direct - Adds the direct byte to the accumulator

A: accumulator
 Direct: Arbitrary register with address 0 - 255 (0 - FFh)

Description: Instruction adds the direct byte to the accumulator. As it is direct addressing, the direct can be any SFR or general-purpose register with address 0-7 Fh. The result is stored in the accumulator.

Syntax: ADD A, register name;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADD A,Rx

Before execution: SUM= 33h (51 dec.) A= 16h (22 dec.)
After execution: SUM= 33h (73 dec.) A= 49h (73 dec.)

ADDC A,Rn - Adds the register to the accumulator with a carry flag

A: accumulator
 Rn: any R register (R0-R7)

Description: Instruction adds the accumulator with a carry flag and Rn register (R0-R7). After addition, the result is stored in the accumulator.

Syntax: ADDC A,Rn;
Byte: 1 (instruction code);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADD A,direct

Before execution: A= C3h (195 dec.) R0= AAh (170 dec.) C=1
After execution: A= 6Eh (110 dec.) AC=0, C=1, OV=1

ADD A,#data - Adds the immediate data to the accumulator

A: accumulator
 Data: constant within 0-255 (0-FFh)

Description: Instruction adds data (0-255) to the accumulator. After addition, the result is stored in the accumulator.

Syntax: ADD A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADD A,#X

Before execution: A= 16h (22 dec.)
After execution: A= 49h (73 dec.)

ADDC A,direct - Adds the direct byte to the acumulator with a carry flag

A: accumulator
 Direct: arbitrary register with address 0-255 (0-FFh)

Description: Instruction adds the direct byte to the accumulator with a carry flag. As it is direct addressing, the register can be any SFRs or general purpose register with address 0-7Fh (0-127dec.). The result is stored in the accumulator.

Syntax: ADDC A, register address;
Bytes: 2 (instruction code, direct);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADDC A,Rx

Before execution: A= C3h (195 dec.) TEMP = AAh (170 dec.) C=1
After execution: A= 6Eh (110 dec.) AC=0, C=1, OV=1

ADDC A,@Ri - Adds the indirect RAM to the accumulator with a carry flag

A: accumulator
 Ri: Register R0 or R1

Description: Instruction adds the indirect RAM to the accumulator with a carry flag. RAM address is stored in the Ri register (R0 or R1). After addition, the result is stored in the accumulator.

Syntax: ADDC A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADDC A,@Ri

Register address: SUM = 4Fh R0=4Fh
Before execution: A= C3h (195 dec.) SUM = AAh (170 dec.) C=1
After execution: A= 6Eh (110 dec.) AC=0, C=1, OV=1

ADDC A,#data - Adds the immediate data to the accumulator with a carry flag

A: accumulator
 Data: constant with address 0-255 (0-FFh)

Description: Instruction adds data (0-255) to the accumulator with a carry flag. After addition, the result is stored in the accumulator.

Syntax: ADDC A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: C, OV and AC;

EXAMPLE:

ADDC A,#X

Before execution: A= C3h (195 dec.) C=1
After execution: A= 6Dh (109 dec.) AC=0, C=1, OV=1

AJMP addr11 - Absoulte jump

addr11: Jump address

Description: Program continues execution after executing a jump to the specified address. Similar to the ACALL instruction, the jump must be executed within the same 2K byte block of program memory starting from the first byte of the instruction following AJMP.

Syntax: AJMP address (label);
Bytes: 2 (instruction code, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

AJMP address

Before execution: PC=0345h SP=07h
After execution: PC=0123h SP=09h

ANL A,Rn - AND register to the accumulator

A: accumulator
 Rn: any R register (R0-R7)

Description: Instruction performs logic AND operation between the accumulator and Rn register. The result is stored in the accumulator.

Syntax: ANL A,Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL A,Rn

Before execution: A= C3h (11000011 Bin.)
R5= 55h (01010101 Bin.)
After execution: A= 41h (01000001 Bin.)

ANL A,direct - AND direct byte to the accumulator

A: accumulator
 Direct: arbitrary register with address 0 - 255 (0 - FFh)

Description: Instruction performs logic AND operation between the accumulator and drect register. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (o-127 dec.). The result is stored in the accumulator.

Syntax: ANL A,direct;
Byte: 2 (instruction code, direct);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL A,Rx

Before execution: A= C3h (11000011 Bin.)
MASK= 55h (01010101 Bin.)
After execution: A= 41h (01000001 Bin.)

ANL A,@Ri - AND indirect RAM to the accumulator

A: accumulator
 Ri: Register R0 or R1

Description: Instruction performs logic AND operation between the accumulator and register. As it is indirect addressing, the register address is stored in the Ri register (R0 or R1). The result is stored in the accumulator.

Syntax: ANL A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL A,@Ri

Register address SUM = 4Fh R0=4Fh
Before execution: A= C3h (11000011 Bin.)
R0= 55h (01010101 Bin.)
After execution: A= 41h (01000001 Bin.)

ANL A,#data - AND immediate data to the accumulator

A: accumulator
 Data: constant in the range of 0-255 (0-FFh)

Description: Instruction performs logic AND operation between the accumulator and data. The result is stored in the accumulator.

Syntax: ANL A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL A,#X

Before execution: A= C3h (11000011 Bin.)
After execution: A= 41h (01000001 Bin.)

ANL direct,A - AND accumulator to direct byte

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs logic AND operation between direct byte and accumulator. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the direct byte.

Syntax: ANL register address,A;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected.

EXAMPLE:

ANL Rx,A

Before execution: A= C3h (11000011 Bin.)
MASK= 55h (01010101 Bin.)
After execution: MASK= 41h (01000001 Bin.)

ANL direct,#data - AND immediate data to direct byte

Direct: Arbitrary register with address 0 - 255 (0 - FFh)
 Data: constant in the range between 0-255 (0-FFh)

Description: Instruction performs logic AND operation between direct byte and data. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the direct byte.

Syntax: ANL register address ,#data;
Bytes: 3 (instruction code, direct byte address, data);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL Rx,#X

Before execution: X= C3h (11000011 Bin.) MASK= 55h (01010101 Bin.) After execution: MASK= 41h (01000001 Bin.)

ANL C,bit - AND direct bit to the carry flag

C: Carry flag
 Bit: any bit of RAM

Description: Instruction performs logic AND operation between the direct bit and the carry flag.

bit C C AND bit
0 0 0
0 1 0
1 0 0
1 1 1

Syntax: ANL C, bit address;
Bytes: 2 (instruction code, bit address);
STATUS register flags: C;

EXAMPLE:

ANL C,bit

Before execution: ACC= 43h (01000011 Bin.)
C=1
After execution: ACC= 43h (01000011 Bin.)
C=0

ANL C,/bit - AND complements of direct bit to the carry flag

C: carry flag
 Bit: any bit of RAM

Description: Instruction performs logic AND operation between inverted addressed bit and the carry flag. The result is stored in the carry flag.

bit bit C C AND bit
0 1 0 0
0 1 1 1
1 0 0 0
1 0 1 0

Syntax: ANL C,/[bit address];
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags are affected;

EXAMPLE:

ANL C,/bit

Before execution: ACC= 43h (01000011 Bin.)
C=1
After execution: ACC= 43h (01000011 Bin.)
C=1

CJNE A,direct,rel - Compares direct byte to the accumulator and jumps if not equal

A: accumulator
 Direct: arbitrary register with address 0-255 (0-FFh)
 addr: jump address

Description: Instruction first compares the number in the accumulator with the directly addressed byte. If they are equal, the program proceeds with execution. Otherwise, a jump to the specified address will be executed. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to +127 locations relative to the first following instruction).

Syntax: CJNE A,direct,[jump address];
Bytes: 3 (instruction code, direct byte address, jump address);
STATUS register flags: C;

EXAMPLE:

CJNE A,Rx,rel

Before execution: PC=0145h A=27h
After execution: if MAX≠27: PC=0123h
If MAX=27: PC=0146h

CJNE A,#data,rel - Compares immediate data to the accumulator and jumps if not equal

A: accumulator
 Data: constant in the range of 0-255 (0-FFh)

Description: Instruction first compares the number in the accumulator with the immediate data. If they are equal, the program proceeds with execution. Otherwise, a jump to the specified address will be executed. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to +127 locations relative to the first following instruction).

Syntax: CJNE A,X,[jump address];
Bytes: 3 (instruction code, data, jump address);
STATUS register flags: C;

EXAMPLE:

CJNE A,Rx,rel

Before execution: PC=0445h
After execution: If A≠33: PC=0423h
If A=33: PC=0446h

CJNE Rn,#data,rel - Compares immediate data to the register Rn and jumps if not equal

Rn: Any R register (R0-R7)
 Data: Constant in the range of 0 - 255 (0-FFh)
 addr: Jump address

Description: Instruction first compares immediate data to the register Rn. If they are equal, the program proceeds with execution. Otherwise, a jump to the specified address will be executed. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to + 127 locations relative to the first following instruction).

Syntax: CJNE Rn,data,[jump address];
Bytes: 3 (instruction code, data, jump address);
STATUS register flags: C;

EXAMPLE:

CJNE Rn,#X,rel

Before execution: PC=0345h
After execution: If R5≠44h: PC=0323h
If R5=44h: PC=0346h

CJNE @Ri,#data,rel - Compares immediate data to indirectly addressed register and jumps if not equal

Ri: Register R0 or R1
 Data: Constant in the range of 0 - 255 (0-FFh)

Description: This instruction first compares immediate data to indirectly addressed register. If they are equal, the program proceeds with execution. Otherwise, a jump to the specified address in the program will be executed. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to +127 locations relative to the next instruction).

Syntax: CJNE @Ri,data,[jump address];
Bytes: 3 (instruction code, data, jump address);
STATUS register flags: C;

EXAMPLE:

CJNE @Ri,#X,rel

Before execution: Register Address SUM=F3h
PC=0345h R0=F3h
After execution: If SUM≠44h: PC=0323h
If SUM=44h: PC=0346h

CLR A - Clears the accumulator

A: accumulator

Description: Instruction clears the accumulator.

Syntax: CLR A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected.

EXAMPLE:

CLR A

After execution: A=0

CLR C - clears the carry flag

C: Carry flag

Description: Instruction clears the carry flag.

Syntax: CLR C;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

CLR C

After execution: C=0

CLR bit - clears the direct bit

Bit: any bit of RAM

Description: Instruction clears the specified bit.

Syntax: CLR [bit address];
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags are affected.

EXAMPLE:

CLR bit

Before execution: P0.3=1 (input pin)
After execution: P0.3=0 (output pin)

CPL A - Complements the accumulator

A: accumulator

Description: Instruction complements all the bits in the accumulator (1==>0, 0==>1).

Syntax: CPL A;
Bytes: 1 (instruction code);
STATUS register flags: No flags are affected.

EXAMPLE:

CPL A

Before execution: A= (00110110)
After execution: A= (11001001)

CPL bit - Complements the direct bit

Bit: any bit of RAM

Description: Instruction coplements the specified bit of RAM (0==>1, 1==>0).

Syntax: CPL [bit address];
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags are affected;

EXAMPLE:

CPL bit

Before execution: P0.3=1 (input pin)
After execution: P0.3=0 (output pin)

CPL C - Complements the carry flag

C: Carry flag

Description: Instruction complements the carry flag (0==>1, 1==>0).

Syntax: CPL C;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

CPL C

Before execution: C=1
After execution: C=0

DA A - Decimal adjust accumulator

A: accumulator

Description: Instruction adjusts the contents of the accumulator to correspond to a BCD number after two BCD numbers have been added by the ADD and ADDC instructions. The result in form of two 4-digit BCD numbers is stored in the accumulator.

Syntax: DA A;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

DA A

Before execution: A=56h (01010110) 56 BCD
B=67h (01100111) 67BCD
After execution: A=BDh (10111101)
After BCD conversion: A=23h (00100011), C=1 (Overflow)
(C+23=123) = 56+67

DEC A - Decrements the accumulator by 1

A: accumulator

Description: Instruction decrements the value in the accumulator by 1. If there is a 0 in the accumulator, the result of the operation is FFh. (255 dec.)

Syntax: DEC A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

DEC A

Before execution: A=E4h
After execution: A=E3h

DEC Rn - Decrements the register Rn by 1

Rn: any R register (R0-R7)

Description: Instruction decrements the value in the Rn register by 1. If there is a 0 in the register, the result of the operation will be FFh. (255 dec.)

Syntax: DEC Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

DEC Rn

Before execution: R3=B0h
After execution: R3=AFh

DEC direct - Decrements the direct byte by 1

Direct: arbitrary register with address 0-255 (0-FFh)

Description: Instruction decrements the value of directly addressed register by 1. As it is direct addressing, the register must be within the first 255 locations of RAM. If there is a 0 in the register, the result will be FFh.

Syntax: DEC [register address];
Byte: 2 (instruction code, direct);
STATUS register flags: No flags are affected;

EXAMPLE:

DEC Rx

Before execution: CNT=0
After execution: CNT=FFh

DIV AB - Divides the accumulator by the register B

A: accumulator
 B: Register B

Description: Instruction divides the value in the accumulator by the value in the B register. After division the integer part of result is stored in the accumulator while the register contains the remainder. In case of dividing by 1, the flag OV is set and the result of division is unpredictable. The 8-bit quotient is stored in the accumulator and the 8-bit remainder is stored in the B register.

Syntax: DIV AB;
Byte: 1 (instruction code);
STATUS register flags: C, OV;

EXAMPLE:

DIV AB

Before execution: A=FBh (251dec.) B=12h (18 dec.)
After execution: A=0Dh (13dec.) B=11h (17dec.)
13·18 + 17 =251

DEC @Ri - Decrements the indirect RAM by 1

Ri: Register R0 or R1

Description: This instruction decrements the value in the indirectly addressed register of RAM by 1. The register address is stored in the Ri register (R0 or R1). If there is a 0 in the register, the result will be FFh.

Syntax: DEC @Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

DEC @Ri

Register Address CNT = 4Fh R0=4Fh
Before execution: CNT=35h
After execution: CNT= 34h

DJNZ direct,rel - Decrements direct byte by 1 and jumps if not 0

Direct: arbitrary register with address 0-255 (0-FFh)
 addr: Jump address

Description: This instruction first decrements value in the register. If the result is 0, the program proceeds with execution. Otherwise, a jump to the specified address in the program will be executed. As it is direct addressing, the register must be within the first 255 locations of RAM. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to +127 locations relative to the first following instruction).

Syntax: DJNZ direct,[jump address];
Bytes: 3 (instruction code, direct, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

DJNZ Rx,rel

Before execution: PC=0445h
After execution: If CNT≠0: PC=0423h
If CNT=0: PC=0446h

DJNZ Rn,rel - Decrements the Rn register by 1 and jumps if not 0

Rn: any R register (R0-R7)
 addr: jump address

Description: This instruction first decrements the value in the Rn register. If the result is 0, the program proceeds with execution. Otherwise, a jump to the specified address in the program will be executed. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (- 128 to +127 locations relative to the first following instruction).

Syntax: DJNZ Rn, [jump address];
Bytes: 2 (instruction code, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

DJNZ Rn,rel

Before execution: PC=0445h
After execution: If R1≠0: PC=0423h
If R1=0: PC=0446h

INC Rn - Increments the Rn register by 1

Rn: any R register (R0-R7)

Description: Instruction increments the value in the Rn register by 1. If the register includes the number 255, the result of the operation will be 0.

Syntax: INC Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

INC Rn

Before execution: R4=18h
After execution: R4=19h

INC A - Increments the accumulator by 1

A: accumulator

Description: This instruction increments the value in the accumulator by 1. If the accumulator includes the number 255, the result of the operation will be 0.

Syntax: INC A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

INC A

Before execution: A=E4h
After execution: A=E5h

INC @Ri - Increments the value of indirectly addressed register of RAM by 1

Ri: Register R0 or R1

Description: This instruction increments the value in the directly addressed register of RAM by 1. The register address is stored in the Ri Register (R0 or R1). If the register includes the number 255, the result of the operation will be 0.

Syntax: INC @Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

INC @Ri

Register Address CNT = 4Fh
Before execution: CNT=35h R1=4Fh
After execution: CNT=36h

INC direct - Increments the direct byte by 1

Direct: arbitrary register with address 0-255 (0-FFh)

Description: Instruction increments the direct byte by 1. If the register includes the number 255, the result of the operation will be 0. As it is direct addressing, the register must be within the first 255 RAM locations.

Syntax: INC direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

INC Rx

Before execution: CNT=33h
After execution: CNT=34h

JB bit,rel - Jump if direct bit is set

addr: Jump address
 Bit: any bit of RAM

Description: If the bit is set, a jump to the specified address will be executed. Otherwise, if the value of bit is 0, the program proceeds with the next instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-128 to + 127 locations relative to the first following instruction).

Syntax: JB bit, [jump address];
Bytes: 3 (instruction code, bit address, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

JB bit,rel

Before execution: PC=0323h
After execution: If P0.5=0: PC=0324h
If P0.5=1: PC=0345h

INC DPTR - Increments the Data Pointer by 1

DPTR: Data Pointer

Description: Instruction increments the value of the 16-bit data pointer by 1. This is the only 16-bit register upon which this operation can be performed.

Syntax: INC DPTR;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

INC DPTR

Before execution: DPTR = 13FF (DPH = 13h DPL = FFh )
After execution: DPTR = 1400 (DPH = 14h DPL = 0)

JC rel - Jump if carry flag is set

addr: Jump address

Description: Instruction first checks if the carry flag is set. If set, a jump to the specified address is executed. Otherwise, the program proceeds with the next instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JC [jump address];
Bytes: 2 (instruction code, jump value);
STATUS register flags: No flags are affected;

EXAMPLE:

JC [jump address]

Before instruction: PC=0323h
After instruction: If C=0: PC=0324h
If C=1: PC=0345h

JBC bit,rel - Jump if direct bit is set

Bit: any bit of RAM
 addr: Jump Address

Description: This instruction first checks if the bit is set. If set, a jump to the specified address is executed and the bit is cleared. Otherwise, the program proceeds with the first following instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JBC bit, [jump address];
Bytes: 3 (instruction code, bit address, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

JBC bit,rel

Before execution: PC=0323h
After execution: If TEST0.4=1: PC=0345h, TEST0.4=0
If TEST0.4=0: PC=0324h, TEST0,4=0

JNB bit,rel - Jump if direct bit is not set

addr: Jump address
 Bit: any bit of RAM

Description: If the bit is cleared, a jump to the specified address will be executed. Otherwise, if the bit value is 1, the program proceeds with the first following instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JNB bit,[jump address];
Bytes: 3 (instruction code, bit address, jump address);
STATUS register flags: No flags are affected;

EXAMPLE:

JNB bit,rel

Before execution: PC=0323h
After execution: If P0.5=1: PC=0324h
If P0.5=0: PC=0345h

JMP @A+DPTR - Jump indirect relative to the DPTR

A: accumulator
 DPTR: Data Pointer

Description: This instruction causes a jump to the address calculated by adding value stored in the accumulator to the 16-bit number in the DPTR Register. It is used with complex program branching where the accumulator affects jump address, for example when reading a table. Neither accumulator nor DPTR register are affected.

Syntax: JMP @A+DPTR;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

JMP @A+DPTR

Before execution: PC=223 DPTR=1400h
After execution: PC = 1402h if A=2
PC = 1404h if A=4
PC = 1406h if A=6

Note:
As instructions AJMP LABELS occupy two locations each, the values in the accumulator specifying them must be different from each other by 2.

JNZ rel - Jump if accumulator is not zero

addr: Jump Address

Description: This instruction checks if the value stored in the accumulator is 0. If not, a jump to the specified address will be executed. Otherwise, the program proceeds with the first following instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JNZ [jump address]:
Bytes: 2 (instruction code, jump value);
STATUS register flags: No flags are affected;

EXAMPLE:

JNZ rel

Before execution: PC=0323h
After execution: If A=0: PC=324h
If A≠0: PC=283h

JNC rel - Jump if carry flag is not set

addr: Jump Address

Description: This instruction first checks whether the carry flag is set. If not, a jump to the specified address will be executed. Otherwise, the program proceeds with the first following instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JNC [jump address];
Bytes: 2 (instruction code, jump value);
STATUS register flags: No flags are affected;

EXAMPLE:

JNC rel

Before execution: PC=0323h
After execution: If C=0: PC=360h
If C=1: PC=324h

LCALL addr16 - Long subroutine call

addr16: Subroutine Address

Description: This instruction unconditionally calls a subroutine located at the specified address. The current address and the start of the subroutine called can be located anywhere within the memory space of 64K.

Syntax: LCALL [subroutine name];
Bytes: 3 (instruction code, address (15-8), address (7-0));
STATUS register flags: No flags are affected;

EXAMPLE:

LCALL adr16

Before execution: PC=0123h
After execution: PC=1234h

JZ rel - Jump if accumulator is zero

addr: Jump Address

Description: The instruction checks whether the value stored in the accumulator is 0. If yes, a jump to the specified address will be executed. Otherwise, the program proceeds with the following instruction. This is a short jump instruction, which means that the address of a new location must be relatively near the current one (-129 to + 127 locations relative to the first following instruction).

Syntax: JZ [jump address];
Bytes: 2 (instruction code, jump value);
STATUS register flags: No flags are affected;

EXAMPLE:

JZ [jump address]

Before execution: PC=0323h
After execution: If A0: PC=324h
If A=0: PC=283h

MOV A,Rn - Moves the Rn register to the accumulator

Rn: any R register (R0-R7)
 A: accumulator

Description: The instruction moves the Rn register to the accumulator. The Rn register is not affected.

Syntax: MOV A,Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV A,Rn

Before execution: R3=58h
After execution: R3=58h A=58h

LJMP addr16 - Long jump

addr16: jump address

Description: Instruction causes a jump to the specified 16-bit address.

Syntax: LJMP [jump address];
Bytes: 3 (instruction code, address (15-8), address (7-0));
STATUS register flags: No flags are affected;

EXAMPLE:

LJMP adr16

Before execution: PC=0123h
After execution: PC=1234h

MOV A,@Ri - Moves the indirect RAM to the accumulator

Ri: Register R0 or R1
 A: accumulator

Description: Instruction moves the indirectly addressed register of RAM to the accumulator. The register address is stored in the Ri register (R0 or R1). The result is stored in the accumulator. The register is not affected.

Syntax: MOV A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV A,@Ri

Register Address SUM=F2h R0=F2h
Before execution: SUM=58h
After execution: A=58h SUM=58h

MOV A,direct - Moves the direct byte to the accumulator

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction moves the direct byte to the accumulator. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.). After executing the instruction, the register is not affected.

Syntax: MOV A,direct;
Byte: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV A,Rx

Before execution: Rx=68h
After execution: Rx=68h A=68h

MOV Rn,A - Moves the accumulator to the Rn register

Rn: any R register (R0-R7)
 A: accumulator

Desription: Instruction moves the accumulator to the Rn register. The accumulator is not affected.

Syntax: MOV Rn,A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rn,A

Before execution: A=58h
After execution: R3=58h A=58h

MOV A,#data - Moves the immediate data to the accumulator

A: accumulator
 Data: Constant in the range of 0-255 (0-FFh)

Desription: Instruction moves the immediate data to the accumulator.

Syntax: MOV A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV A,#X

After execution: A=28h

MOV Rn,#data - Moves the immediate data to the Rn register

Rn: any R register (R0-R7) Data: Constant in the range of 0-255 (0-FFh)

Description: Instruction moves the immediate data to the Rn register.

Syntax: MOV Rn,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rn,#X

After execution: R5=32h

MOV Rn,direct - Moves the direct byte to the Rn register

Rn: Any R registar (R0-R7)
 Direct: arbitrary register with address 0-255 (0-FFh)

Description: Instruction moves the direct byte to the Rn register. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.). After executing the instruction, the register is not affected.

Syntax: MOV Rn,direct;
Bytes: 2 (instruction code, direct);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rn,Rx

Before execution: SUM=58h
After execution: SUM=58h R3=58h

MOV direct,Rn - Moves the Rn register to the direct byte

Rn: any R register (R0-R7)
 Direct: arbitrary register with address 0-255 (0 - FFh)

Description: Instruction moves the Rn register to the direct byte. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.). After executing the instruction, the register is not affected.

Syntax: MOV direct,Rn;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rx,Rn

Before execution: R3=18h
After execution: R3=18h CIF=18h

MOV direct,A - Moves the accumulator to the direct byte

Direct: arbitrary register with address 0-255 (0 - FFh)
 A: accumulator

Description: Instruction moves the accumulator to the direct byte. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.). After executing the instruction, the register is not affected.

Syntax: MOV direct,A;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rx,A

Before execution: A=98h
After execution: A=98h REG=98h

MOV direct,@Ri - Moves the indirect RAM to the direct byte

Direct: arbitrary register with address 0-255 (0 - FFh)
 Ri: Register R0 or R1

Description: Instruction moves the indirectly adressed register of RAM to the direct byte. The register is not affected.

Syntax: MOV direct,@Ri;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rx,@Ri

Register Address SUM=F3
Before execution: SUM=58h R1=F3
After execution: SUM=58h TEMP=58h

MOV direct1,direct2 - Moves the direct byte to the direct byte

Direct: Arbitrary register with address 0-255 (0-FFh)
 Direct: Arbitrary register with address 0-255 (0-FFh)

Description: Instruction moves the direct byte to another direct byte. As it is direct addressing, both registers can be any SFRs or general-purpose registers with address 0-7Fh. (0-127 dec.). The direct1 is not affected.

Syntax: MOV direct1,direct2;
Bytes: 3 (instruction code, direct1 address, direct2 address);
STATUS register flags: No flags are affected.

EXAMPLE:

MOV Rx,Ry

Before execution: TEMP=58h
After execution: TEMP=58h SUM=58h

MOV @Ri,A - Moves the accumulator to the indirect RAM

A: accumulator
 Ri: register R0 or R1

Description: Instruction moves the accumulator to the indirectly addressed register of RAM. The register address is stored in the Ri register (R0 or R1). After executing the instruction, the accumulator is not affected.

Syntax: MOV @Ri,A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV @Ri,A

Register Address SUM=F2h
Before execution: R0=F2h A=58h
After execution: SUM=58h A=58h

MOV direct,#data - Moves the immediate data to the direct byte

Direct: Arbitrary register with address 0-255 (0-FFh)
 Data: Constant in the range of 0-255 (0-FFh)

Description: Instruction moves the immediate data to the direct byte. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.).

Syntax: MOV direct,#data;
Bytes: 3 (instruction code, direct byte address, data);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV Rx,#X

After execution: TEMP=22h

MOV @Ri,#data - Moves the immediate data to the indirect RAM

Ri: Register R0 or R1
 Data: Constant in the range of 0-255 (0-FFh)

Description: Instruction moves the immediate data to the idirectly addressed register of RAM. The register address is stored in the Ri register (R0 or R1).

Syntax: MOV @Ri,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV @Ri,#X

Register address TEMP=E2h
Before execution: R1=E2h
After execution: TEMP=44h

MOV @Ri,direct - Moves the direct byte to the indirect RAM

Direct: Arbitrary register with address 0-255 (0-FFh)
 Ri: Register R0 or R1

Description: Instruction moves the direct byte to a register the address of which is stored in the Ri register (R0 or R1). After executing the instruction, the direct byte is not affected.

Syntax: MOV @Ri,direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV @Ri,Rx

Register address TEMP=E2h
Before execution: SUM=58h R1=E2h
After execution: SUM=58h TEMP=58h

MOV bit,C - Moves the carry flag to the direct bit

C: Carry flag
 Bit: any bit of RAM

Description: Instruction moves the carry flag to the direct bit. After executing the instruction, the carry flag is not affected.

Syntax: MOV bit,C;
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags are affected;

EXAMPLE:

MOV bit,C

After execution: If C=0 P1.2=0
If C=1 P1.2=1

MOV C,bit - Moves the direct bit to the carry flag

C: Carry flag
 Bit: any bit of RAM

Description: Instruction moves the direct bit to the carry flag. After executing the instruction, the bit is not affected.

Syntax: MOV C,bit;
Bytes: 2 (instruction code, bit address);
STATUS register flags: C;

EXAMPLE:

MOV C,bit

After execution: If P1.4=0 C=0
If P1.4=1 C=1

MOVC A,@A+DPTR - Moves the code byte relative to the DPTR to the accumulator

A: accumulator
 DPTR: Data Pointer

Description: Instruction first adds the 16-bit DPTR register to the accumulator. The result of addition is then used as a memory address from which the 8-bit data is moved to the accumulator.

Syntax: MOVC A,@A+DPTR;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVC A,@A+DPTR

Before execution:
DPTR=1000:
A=0
A=1
A=2
A=3

After execution:
A=66h
A=77h
A=88h
A=99h

Note: DB (Define Byte) is a directive in assembly language used to define constant.

MOV DPTR,#data16 - Loads the data pointer with a 16-bit constant

Data: constant in the range of 0-65535 (0-FFFFh)
 DPTR: Data Pointer

Description: Instruction stores a 16-bit constant to the DPTR register. The 8 high bits of the constant are stored in the DPH register, while the 8 low bits are stored in the DPL register.

Syntax: MOV DPTR,#data;
Bytes: 3 (instruction code, constant (15-8), constant (7-0));
STATUS register flags: No flags affected;

EXAMPLE:

MOV DPTR,#X16

After execution: DPH=12h DPL=34h

MOVX A,@Ri - Moves the external RAM (8-bit address) to the accumulator

Ri: register R0 or R1
 A: accumulator

Description: Instruction reads the content of a register in external RAM and moves it to the accumulator. The register address is stored in the Ri register (R0 or R1).

Syntax: MOVX A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVX A,@Ri

Register Address: SUM=12h
Before execution: SUM=58h R0=12h
After execution: A=58h

Note:
SUM Register is stored in external RAM which is 256 bytes in size.

MOVC A,@A+PC - Moves the code byte relative to the PC to the accumulator

A: accumulator
 PC: Program Counter

Description: Instruction first adds the 16-bit PC register to the accumulator (the current program address is stored in the PC register). The result of addition is then used as a memory address from which the 8-bit data is moved to the accumulator.

Syntax: MOVC A,@A+PC;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVC A,@A+PC

After the subroutine "Table" has been executed, one of four values is stored in the accumulator:

Before execution:
A=0
A=1
A=2
A=3

After execution:
A=66h
A=77h
A=88h
A=99h

Note: DB (Define Byte) is a directive in assembly language used to define constant.

MOVX @Ri,A - Moves the accumulator to the external RAM (8-bit address)

Ri: register R0 or R1
 A: accumulator

Description: Instruction moves the accumulator to a register stored in external RAM. Its address is stored in the Ri register.

Syntax: MOVX @Ri,A;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVX @Ri,A

Register address: SUM=34h
Before execution: A=58 R1=34h
After execution: SUM=58h

NOTE:
Register SUM is located in external RAM which is 256 bytes in size.

MOVX A,@DPTR - Moves the external memory (16-bit address) to the accumulator

A: accumulator
 DPRTR: Data Pointer

Description: Instruction moves the content of a register in external memory to the accumulator. The 16-bit address of the register is stored in the DPTR register (DPH and DPL).

Syntax: MOVX A,@DPTR;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVX A,@DPTR

Register address: SUM=1234h
Before execution: DPTR=1234h SUM=58
After execution: A=58h

Note:
Register SUM is located in external RAM which is up to 64K in size.

MUL AB - Multiplies A and B

A: accumulator
 B: Register B

Description: Instruction multiplies the value in the accumulator with the value in the B register. The low-order byte of the 16-bit result is stored in the accumulator, while the high byte remains in the B register. If the result is larger than 255, the overflow flag is set. The carry flag is not affected.

Syntax: MUL AB;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MUL AB

Before execution: A=80 (50h) B=160 (A0h)
After execution: A=0 B=32h
A·B=80·160=12800 (3200h)

MOVX @DPTR,A - Moves the accumulator to the external RAM (16-bit address)

A: accumulator
 DPTR: Data Pointer

Description: Instruction moves the accumulator to a register stored in external RAM. The 16-bit address of the register is stored in the DPTR register (DPH and DPL).

Syntax: MOVX @DPTR,A;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

MOVX @DPTR,A

Register address: SUM=1234h
Before execution: A=58 DPTR=1234h
After execution: SUM=58h

Note:
Register SUM is located in RAM which is up to 64K in size.

ORL A,Rn - OR register to the accumulator

Rn: any R register (R0-R7)
 A: accumulator

Description: Instruction performs logic OR operation between the accumulator and Rn register. The result is stored in the accumulator.

Syntax: ORL A,Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

ORL A,Rn

Before execution: A= C3h (11000011 Bin.)
R5= 55h (01010101 Bin.)
After execution: A= D7h (11010111 Bin.)

NOP - No operation

Description: Instruction doesn’t perform any operation and is used when additional time delays are needed.

Syntax: NOP;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

NOP

Such a sequence provides a negative pulse which lasts exactly 5 machine cycles on the P2.3. If a 12 MHz quartz crystal is used then 1 cycle lasts 1uS, which means that this output will be a low-going output pulse for 5 uS.

ORL A,@Ri - OR indirect RAM to the accumulator

Ri: register R0 or R1
 A: accumulator

Description: Instruction performs logic OR operation between the accumulator and a register. As it is indirect addressing, the register address is stored in the Ri register (R0 or R1). The result is stored in the accumulator.

Syntax: ANL A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

ANL A,@Ri

Register address: TEMP=FAh
Before execution: R1=FAh
TEMP= C2h (11000010 Bin.)
A= 54h (01010100 Bin.)
After execution: A= D6h (11010110 Bin.)

ORL A,direct - OR direct byte to the accumulator

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs logic OR operation between the accumulator and a register. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the accumulator.

Syntax: ORL A,direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags affected;

EXAMPLE:

ORL A,Rx

Before execution: A= C2h (11000010 Bin.)
LOG= 54h (01010100 Bin.)
After execution: A= D6h (11010110 Bin.)

ORL direct,A - OR accumulator to the direct byte

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs logic OR operation between a register and accumulator. As it is direct addressing, the register can be any SFRs or general- purpose register with address 0-7Fh (0-127 dec.). The result is stored in the register.

Syntax: ORL [register address], A;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags affected;

EXAMPLE:

ORL Rx,A

Before execution: TEMP= C2h (11000010 Bin.)
A= 54h (01010100 Bin.)
After execution: A= D6h (11010110 Bin.)

ORL A,#data - OR immediate data to the accumulator

Data: constant in the range of 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs logic OR operation between the accumulator and the immediate data. The result is stored in the accumulator.

Syntax: ORL A, #data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags affected;

EXAMPLE:

ORL A, #X

Before execution: A= C2h (11000010 Bin.)
After execution: A= C3h (11000011 Bin.)

ORL C,bit - OR direct bit to the carry flag

C: Carry flag
 Bit: any bit of RAM

Description: Instruction performs logic OR operation between the direct bit and the carry flag. The result is stored in the carry flag.

Syntax: ORL C,bit;
Bytes: 2 (instruction code, direct bit address);
STATUS register flags: No flags affected;

EXAMPLE:

ORL C,bit

Before execution: ACC= C6h (11001010 Bin.)
C=0
After execution: C=1

ORL direct,#data - OR immediate data to direct byte

Direct: arbitrary register with address 0-255 (0-FFh)
 Data: constant in the range of 0-255 (0-FFh)

Description: Instruction performs logic OR operation between the immediate data and the direct byte. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the direct byte.

Syntax: ORL [register address],#data;
Bytes: 3 (instruction code, direct byte address, data);
STATUS register flags: No flags affected;

EXAMPLE:

ORL Rx,#X

Before execution: TEMP= C2h (11000010 Bin.)
After execution: A= D2h (11010010 Bin.)

POP direct - Pop the direct byte from the stack

Direct: arbitrary register with address 0-255 (0-FFh)

Description: Instruction first reads data from the location being pointed to by the Stack. The data is then copied to the direct byte and the value of the Stack Pointer is decremented by 1. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.).

Syntax: POP direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags affected;

EXAMPLE:

POP Rx

Before execution: Address Value
030h 20h
031h 23h
SP==> 032h 01h
DPTR=0123h (DPH=01, DPL=23h)

After execution: Address Value
SP==> 030h 20h
031h 23h
032h 01h

ORL C,/bit - OR complements of direct bit to the carry flag

C: carry flag
 Bit: any bit of RAM

Description: Instruction performs logic OR operation between the addressed inverted bit and the carry flag. The result is stored in the carry flag.

bit bit C C AND bit
0 1 0 0
0 1 1 1
1 0 0 0
1 0 1 0

Syntax: ORL C,/bit;
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags affected;

EXAMPLE:

ORL C,/bit

Before execution: ACC= C6h (11001010 Bin.)
C=0
After execution: C=0

RET - Return from subroutine

Description: This instruction ends every subroutine. After execution, the program proceeds with the instruction following an ACALL or LCALL.

Syntax: RET;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

RET

PUSH direct - Pushes the direct byte onto the stack

Data: Arbitrary register with address 0-255 (0-FFh)

Description: Address currently pointed to by the Stack Pointer is first incremented by 1 and afterwards the data from the register Rx is copied to it. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.)

Syntax: PUSH direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags affected;

EXAMPLE:

PUSH Rx

Before execution: Address Value
SP==> 030h 20h
DPTR=0123h (DPH=01, DPL=23h)

After execution: Address Value
030h 20h
031h 23h
SP==> 032h 01h

RL A - Rotates the accumulator one bit left

A: accumulator

Description: Eight bits in the accumulator are rotated one bit left, so that the bit 7 is rotated into the bit 0 position.

Syntax: RL A;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

RL A

Before execution: A= C2h (11000010 Bin.)
After execution: A=85h (10000101 Bin.)

RL A

RETI - Return from interrupt

Description: This instruction ends every interrupt routine and informs processor about it. After executing the instruction, the program proceeds from where it left off. The PSW is not automatically returned its pre-interrupt status.

Syntax: RETI;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

RR A - Rotates the accumulator one bit right

A: accumulator

Description: All eight bits in the accumulator are rotated one bit right so that the bit 0 is rotated into the bit 7 position.

Syntax: RR A;
Byte: 1 (instruction code);
STATUS register flags: No flags affected;

EXAMPLE:

RR A

Before execution: A= C2h (11000010 Bin.)
After execution: A= 61h (01100001 Bin.)

Rotate Right

RLC A - Rotates the accumulator one bit left through the carry flag

A: accumulator

Description: All eight bits in the accumulator and carry flag are rotated one bit left. After this operation, the bit 7 is rotated into the carry flag position and the carry flag is rotated into the bit 0 position.

Syntax: RLC A;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

RLC A

Before execution: A= C2h (11000010 Bin.)
C=0
After execution: A= 85h (10000100 Bin.)
C=1

Rotate Left Through Carry Bit

SETB C - Sets the carry flag

C: Carry flag

Description: Instruction sets the carry flag.

Syntax: SETB C;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

SETB C

After execution: C=1

RRC A - Rotates the accumulator one bit right through the carry flag

A: accumulator

Description: All eight bits in the accumulator and carry flag are rotated one bit right. After this operation, the carry flag is rotated into the bit 7 position and the bit 0 is rotated into the carry flag position.

Syntax: RRC A;
Byte: 1 (instruction code);
STATUS register flags: C;

EXAMPLE:

RRC A

Before execution: A= C2h (11000010 Bin.)
C=0
After execution: A= 61h (01100001 Bin.)
C=0

Rotate Right Through Carry Bit

SJMP rel - Short Jump (relative address)

addr: Jump Address

Description: Instruction enables jump to the new address which should be in the range of -128 to +127 locations relative to the first following instruction.

Syntax: SJMP [jump address];
Bytes: 2 (instruction code, jump value);
STATUS register flags: No flags are affected;

EXAMPLE:

SJMP rel

Before execution: PC=323
After execution: PC=345

SETB bit - Sets the direct bit

Bit: any bit of RAM

Description: Instruction sets the specified bit. The register containing that bit must belong to the group of the so called bit addressable registers.

Syntax: SETB [bit address];
Bytes: 2 (instruction code, bit address);
STATUS register flags: No flags affected;

EXAMPLE:

SETB bit

Before execution: P0.1 = 34h (00110100)
pin 1 is configured as an output
After execution: P0.1 = 35h (00110101)
pin 1 is configured as an input

SUBB A,direct - Subtracts the direct byte from the accumulator with a borrow

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction subtracts the direct byte from the accumulator with a borrow. If the higher bit is subtracted from the lower bit then the carry flag is set. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh. (0-127 dec.). The result is stored in the accumulator.

Syntax: SUBB A,direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: C, OV, AC;

EXAMPLE:

SUBB A,Rx

Before execution: A=C9h, DIF=53h, C=0
After execution: A=76h, C=0

SUBB A,Rn - Subtracts the Rn register from the accumulator with a borrow

Rn: any R register (R0-R7)
 A: accumulator

Description: Instruction subtracts the Rn register from the accumulator with a borrow. If the higher bit is subtracted from the lower bit then the carry flag is set. The result is stored in the accumulator.

Syntax: SUBB A,Rn;
Byte: 1 (instruction code);
STATUS register flags: C, OV, AC;

EXAMPLE:

SUBB A,Rn

Before execution: A=C9h, R4=54h, C=1
After execution: A=74h, C=0

Note:
The result is different (C9 - 54=75) because the carry flag is set (C=1) before the instruction starts execution.

SUBB A,#data - Subtracts the immediate data from the accumulator with a borrow

A: accumulator
 Data: constant in the range of 0-255 (0-FFh)

Description: Instruction subtracts the immediate data from the accumulator with a borrow. If the higher bit is subtracted from the lower bit then the carry flag is set. The result is stored in the accumulator.

Syntax: SUBB A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: C, OV, AC;

EXAMPLE:

SUBB A,#X

Before execution: A=C9h, C=0
After execution: A=A7h, C=0

SUBB A,@Ri - Subtracts the indirect RAM from the accumulator with a borrow

Ri: register R0 or R1
 A: accumulator

Description: Instruction subtracts the indirectly addressed register of RAM from the accumulator with a borrow. If the higher bit is subtracted from the lower bit then the carry flag is set. As it is indirect addressing, the register address is stored in the Ri register (R0 or R1). The result is stored in the accumulator.

Syntax: SUBB A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: C, OV, AC;

EXAMPLE:

SUBB A,@Ri

Register address: MIN=F4
Before execution: A=C9h, R1=F4h, MIN=04, C=0
After execution: A=C5h, C=0

XCH A,Rn - Exchanges the Rn register with the accumulator

Rn: any R register (R0-R7)
 A: accumulator

Description: Instruction causes the accumulator and Rn register to exchange data. The content of the accumulator is moved to the Rn register and vice versa.

Syntax: XCH A,Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

XCH A,Rn

Before execution: A=C6h, R3=29h
After execution: R3=C6h, A=29h

SWAP A - Swaps nibbles within the accumulator

A: accumulator

Description: A nibble refers to a group of 4 bits within one register (bit0-bit3 and bit4-bit7). This instruction interchanges high and low nibbles of the accumulator.

Syntax: SWAP A;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

SWAP A

Before execution: A=E1h (11100001)bin.
After execution: A=1Eh (00011110)bin.

Swap nibbles within accumulator

XCH A,@Ri - Exchanges the indirect RAM with the accumulator

Ri: register R0 or R1
 A: accumulator

Description: Instruction moves the contents of accumulator to the indirectly addressed register of RAM and vice versa. As it is indirect addressing, the register address is stored in the register Ri (R0 or R1).

Syntax: XCH A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

XCH A,@Ri

Register address: SUM=E3
Before execution: R0=E3, SUM=29h, A=98h
After execution: A=29h, SUM=98h

XCH A,direct - Exchanges the direct byte with the accumulator

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction moves the contents of the accumulator into the direct byte and vice versa. As it is direct addressing, the direct byte can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.).

Syntax: XCH A,direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

XCH A,Rx

Before execution: A=FFh, SUM=29h
After execution: SUM=FFh A=29h

XRL A,Rn - Exclusive OR register to accumulator

Rn: any R register (R0-R7)
 A: accumulator

Description: Instruction performs exclusive OR operation between the accumulator and the Rn register. The result is stored in the accumulator.

Syntax: XRL A,Rn;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

XRL A,Rn

Before execution: A= C3h (11000011 Bin.)
R3= 55h (01010101 Bin.)
After execution: A= 96h (10010110 Bin.)

XCHD A,@Ri - Exchanges the low-order nibble indirect RAM with the accumulator

Ri: register R0 or R1
 A: accumulator

Description: This instruction interchanges the low-order nibbles (bits 0-3) of the accumulator with the low-order nibbles of the indirectly addressed register of RAM. High-order nibbles of the accumulator and register are not affected. This instruction is mainly used when operating with BCD values. As it is indirect addressing, the register address is stored in the register Ri (R0 or R1).

Syntax: XCHD A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

XCHD A,@Ri

Register address: SUM=E3
Before execution: R0=E3 SUM=29h A=A8h,
After execution: A=A9h, SUM=28h

Exchange the content of low nibbles accumulator with indirectly addressed register Rx

XRL A,@Ri - Exclusive OR indirect RAM to the accumulator

Ri: Register R0 or R1
 A: accumulator

Description: Instruction performs exclusive OR operation between the accumulator and the indirectly addressed register. As it is indirect addressing, the register address is stored in the Ri register (R0 or R1). The result is stored in the accumulator.

Syntax: XRL A,@Ri;
Byte: 1 (instruction code);
STATUS register flags: No flags are affected;

EXAMPLE:

XRL A,@Ri

Register address: TEMP=FAh, R1=FAh
Before execution: TEMP= C2h (11000010 Bin.)
A= 54h (01010100 Bin.)
After execution: A= 96h (10010110 Bin.)

XRL A,direct - Exclusive OR direct byte to the accumulator

Direct: Arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs exclusive OR operation between the accumulator and the direct byte. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the accumulator.

Syntax: XRL A,direct;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags are affected;

EXAMPLE:

XRL A,Rx

Before execution: A= C2h (11000010 Bin.)
LOG= 54h (01010100 Bin.)
After execution: A= 96h (10010110 Bin.)

XRL direct,A - Exclusive OR accumulator to the direct byte

Direct: arbitrary register with address 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs exclusive OR operation between the direct byte and the accumulator. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the register.

Syntax: XRL direct,A;
Bytes: 2 (instruction code, direct byte address);
STATUS register flags: No flags affected;

EXAMPLE:

XRL Rx,A

Before execution: TEMP= C2h (11000010 Bin.)
A= 54h (01010100 Bin.)
After execution: A= 96h (10010110 Bin.)

XRL A,#data - Exclusive OR immediate data to the accumulator

Data: constant in the range of 0-255 (0-FFh)
 A: accumulator

Description: Instruction performs exclusive OR operation between the accumulator and the immediate data. The result is stored in the accumulator.

Syntax: XRL A,#data;
Bytes: 2 (instruction code, data);
STATUS register flags: No flags are affected;

EXAMPLE:

XRL A,#X

Before execution: A= C2h (11000010 Bin.)
X= 11h (00010001 Bin.)
After execution: A= D3h (11010011 Bin.)

XRL direct,#data - Exclusive OR immediate data to direct byte

Direct: arbitrary register with address 0-255 (0-FFh)
 Data: constant in the range of 0-255 (0-FFh)

Description: Instruction performs exclusive OR operation between the immediate data and the direct byte. As it is direct addressing, the register can be any SFRs or general-purpose register with address 0-7Fh (0-127 dec.). The result is stored in the register.

Syntax: XRL direct,#data;
Bytes: 3 (instruction code, direct byte address, data);
STATUS register flags: No flags affected;

EXAMPLE:

XRL Rx,#X

Before execution: TEMP= C2h (11000010 Bin.)
X=12h (00010010 Bin.)
After execution: A= D0h (11010000 Bin.)

 


  • Mikatech NXP/Philips 8051 MCU reverse engineer list:
  • P87C5xx Series flash memory attack: P87C51 P87C52 P87C54 P87C58 P87C51X2BA P87C52X2BN P87C52X2BN P87C52UBAA P87C54UBAA P87C51FA P87C51FB P87C51FC P87C51MB2 P87C51RA+ P87C51RA2 P87C51RB+ P87C51RB2 P87C51RC+ P87C51RC2 P87C51RD+ P87C51RD2 P87C51X2 P87C52X2 P87C54X2 P87C552 P87C554 P87C557E8 P87C58X2 P87C591 87C592 ...

    P87Cxx Series microcontroller crack: P87C654X2 P87C660X2 P87C661X2 87C451 87C453 87C748 87C749 87C750 87C751 87C752 ...

    P89Cxx Series microcontroller firmware attack: P89C138 P89C238 P89C60X2BA P89C60X2 P89C61X2 P89C660H P89C662H P89C664H P89C668H P89C669 P89C738 P89C739 ...

    P89Vxx Series microcontroller source code retreive: P89LV51RB2 P89LV51RC2 P89LV51RD2 P89V51RB2 P89V51RB2 P89V51RC2 P89V51RC2 P89V51RD2 P89V660 P89V662 P89V664 ...

    P89C5xx Series microcontroller hack: P89C51 P89C52 P89C54 P89C58 P89C51B P89C52B P89C54B P89C58B P89C54X2BA P89C58X2FN P89C51RA+ P89C51RA2 P89C51RB+ P89C51RB2 P89C51RB2H P89C51RC+ P89C51RC2 P89C51RC2H P89C51RD+ P89C51RD2 P89C51RD2H P89C51U P89C51X2 P89C52B P89C52U P89C52X2 P89C54B P89C54U P89C51RD2 P89C51RC P89C51RB P89C51RA2BN P89C51RD2B P89C51RD2F P89C51RD2H P89C51RA2BN P89C51X2 P89C52X2 P89C54X2 P89C58B P89C58U P89C58X2 P89C138 P89C238 P89C60X2BA P89C60X2 P89C61X2 P89C660H P89C662H P89C664H P89C668H P89C669 P89C738 P89C739 ...

    P87LPCxx Series microcontroller source code attack: P87LPC76X P87LPC759 P87LPC760 P87LPC761 P87LPC762 P87LPC764 P87LPC767 P87LPC768 P87LPC769 P87LPC778 P87LPC779 ...

    P89LPCxx Series flash memory crack

    LPCxx Series microcontroller hack: LPC1769 LPC1768 LPC1767 LPC1766 LPC1765 LPC1764 LPC1759 LPC1758 LPC1756 LPC1754 LPC1752 LPC1751 LPC1343 LPC1342 LPC1313 LPC1311 LPC1114 LPC1113 LPC1112 LPC1111 LPC2106 LPC2109 LPC2114 LPC2119 LPC2124 LPC2129 LPC2131 LPC2132 LPC2134 LPC2136 LPC2138 LPC2141 LPC2142 LPC2144 LPC2146 LPC2148 LPC2194 LPC2212 LPC2214 LPC2292 LPC2294 LPC2364 LPC2366 LPC2368 LPC2378 LPC1102 LPC1104 LPC1110 LPC1111/002 LPC1111/101 LPC1111/102 LPC1111/103 LPC1111/201 LPC1111/202 LPC1111/203 LPC1112/101 LPC1112/102 LPC1112/103 LPC1112/201 LPC1112/202 LPC1112/203 LPC1113/201 LPC1113/202 LPC1113/203 LPC1113/301 LPC1113/302 LPC1113/303 LPC1114/102 LPC1114/201 LPC1114/202 LPC1114/203 LPC1114/301 LPC1114/302 LPC1114/303 LPC1114/323 LPC1114/333 LPC1115/303 LPC11A02 LPC11A04 LPC11A11/001 LPC11A12/101 LPC11A13/201 LPC11A14/301 LPC11C12/301 LPC11C14/301 LPC11C22/301 LPC11C24/301 LPC11D14/302 LPC11E11/101 LPC11E12/201 LPC11E13/301 LPC11E14/401 LPC11E36/501 LPC11E37/501 LPC11U12/201 LPC11U13/201 LPC11U14/201 LPC11U23/301 LPC11U24/301 LPC11U24/401 LPC11U34/311 LPC11U34/421 LPC11U35/401 LPC11U35/501 LPC11U36/401 LPC11U37/401 LPC11U37/501 LPC1224 LPC1225 LPC1226 LPC1227 LPC12D27 LPC1311 LPC1313 LPC1315 LPC1316 LPC1317 LPC1342 LPC1343 LPC1345 LPC1346 LPC1347 LPC1751 LPC1752 LPC1754 LPC1756 LPC1758 LPC1759 LPC1763 LPC1764 LPC1765 LPC1766 LPC1767 LPC1768 LPC1769 LPC1772 LPC1774 LPC1776 LPC1777 LPC1778 LPC1785 LPC1786 LPC1787 LPC1788 LPC4072 LPC4074 LPC4076 LPC4078 LPC4088 LPC810 LPC811 LPC812 LPC1800 LPC1810 LPC1820 LPC1830 LPC1850 LPC1853 LPC1857 LPC2000 LPC2101 LPC2102 LPC2103 LPC2104 LPC2105 LPC2106 LPC2109 LPC2114 LPC2119 LPC2124 LPC2129 LPC2131 LPC2132 LPC2134 LPC2136 LPC2138 LPC2141 LPC2142 LPC2144 LPC2146 LPC2148 LPC2157 LPC2158 LPC2194 LPC2210 LPC2212 LPC2214 LPC2220 LPC2290 LPC2292 LPC2294 LPC2361 LPC2362 LPC2364 LPC2365 LPC2366 LPC2367 LPC2368 LPC2377 LPC2378 LPC2387 LPC2388 LPC2420 LPC2458 LPC2460 LPC2468 LPC2470 LPC2478 LPC288x LPC2880 LPC2888 LPC3100 LPC3130 LPC3131 LPC3141 LPC3143 LPC3152 LPC3154 LPC3200 LPC3180 LPC3220 LPC3230 LPC3240 LPC3250 LPC4300 LPC4310 LPC4320 LPC4330 LPC4350 LPC4353 LPC4357...

 

 

 

Chapter 4 : AT89S8253 Microcontroller

Introduction

It has been more than 20 years since the first version of the 8051 microcontroller was launched. During that time it has undergone various upgrades and improvements. Today, the 8051 microcontroller is being manufactured across the globe by many manufacturers and under different names. Of course, the latest versions are by far more advanced than the original one. Many of them has the label “8051 compatible”, “8051 compliant”or “8051 family” in order to emphasize their “noble heritage”. These tags imply that microcontrollers have similar architecture and are programmed in a similar way using the same instruction set. Practically, if you know how to handle one microcontroller belonging to this family, you will be able to handle any of them. In other words, several hundreds of different models are at your disposal.

This book covers one of them called the AT89S8253, manufactured by Atmel. Why this particular one? Because it is widely used, cheap and uses Flash memory for storing programs. The last feature mentioned makes it ideal for experimentation due to the fact that program can be loaded and erased from it for many times. Besides, thanks to the built-in SPI System (Serial Programing Interface), the program can be loaded to the microcontroller even after embedding the chip in the target device.

4.1 The AT89S8253 microcontroller ID

  • Compatible with 8051 family.
  • 12Kb of Flash Memory for storing programs.
    • Program is loaded via SPI System (Serial Peripheral Interface).
    • Program may be loaded/erased up to 1000 times.
  • 2Kb of EEPROM Memory.
  • Power supply voltage: 4-6V.
  • Operating clock frequency: 0-24MHz.
  • 256 bytes of internal RAM for storing variables.
  • 32 input/output pins.
  • Three 16-bit timers/counters.
  • 9 interrupt sources.
  • 2 additional power saving modes (low-power idle and power-down mode).
  • Programmable UART serial communication.
  • Programmable watchdog timer.
  • Three-level program memory lock
AT89S8253 Microcontroller Overview

The AT89S53 comes in the following packages:

DIP Package TQFP Package PLCC Package

4.2 Pinout Description

VCC Power supply voltage (4-6V)

GND Ground ( Negative supply pole)

Port 0 (P0.0-P0.7) If configured as outputs, each of these pins can be connected to up to 8 TTL inputs. If configured as inputs, the pins can be used as high-impedance inputs as their potential is not defined relative to ground, i.e. they are floating. If additional (external) memory is used, these pins are used for accessing it. Signal on the ALE pin determines what and when will be transferred to this port.

Port 1 (P1.0-P1.7) If configured as outputs, each of these pins can be connected to up to 4 TTL inputs. When configured as inputs, these pins act as standard TTL inputs, that is, each of them is internally connected to the positive supply voltage via a resistor of relatively high impedance. Power supply voltage provided on these inputs is 5V. Also, the Port 1 pins have alternate functions as shown in the table below:

Port Pin Alternate Function
P1.0 T2 (Timer 2 input)
P1.1 T2EX (Timer 2 control input)
P1.4 SS (SPI system control input)
P1.5 MOSI (SPI system I/O)
P1.6 MISO (SPI system I/O)
P1.7 SCK (SPI system clock signal)

Port 2 (P2.0-P2.7) Whether configured as an input or an output, this port acts the same as Port 1. If external memory is used, the high byte of the address (A8-A15) comes out on the Port 2 which is thus used for addressing it.

Port 3 (P3.0-P3.7) Similar to P1, Port 3 pins can be used as general inputs or outputs. They also have additional functions to be explained later in the chapter.

Port Pin Alternate Function
P3.0 RXD (serial input)
P3.1 TXD (serial output)
P3.2 INT0 (external interrupt 0)
P3.3 INT1 (external interrupt 1)
P3.4 T0 (Timer 0 external input)
P3.5 T1 (Timer 1 external input)
P3.6 WR (External data memory write signal)
P3.7 RD (External data memory read signal)

RST Logic one (1) on this pin causes the microcontroller to be reset.

ALE/PROG In normal operation, the ALE pin is activated at a constant rate of 1/16 the oscillator frequency and can be used for external clocking and timing purposes. When external memory is used, a signal from this pin is used to latch the low byte of an address (A0-A7) from P0. During the process of writing a program to the microcontroller, this pin also serves as a control input.

PSEN This pin provides a signal used for accessing external program memory (ROM).

EA/VPP When this pin is connected to ground, the microcontroller reads program instructions from external program memory. If internal program memory is used, which is the common case, this pin should be connected to the positive power supply voltage (VCC). During the process of programming internal Flash mamory, this pin is supplied with +12V.

XTAL 1 This is internal oscillator input. It is used for the purpose of synchronizing the operation of the microcontroller with some other circuit or for connecting external oscillator when used.

XTAL 2 This pin is connected to internal oscillator output. Therefore, it is out of use when using external oscillator.

4.3 The AT89S8253 Microcontroller Memory Organization

Program Memory (ROM)

Program memory (ROM) with a capacity of 12Kb is designed in FLASH technology, which enables programs to be loaded and erased a large number of times. It is programmed via embedded SPI module (Serial Peripheral Interface). If necessary, it is possible to add external ROM memory chip, although 12Kb of ROM is usually more than enough.

Random Access Memory (RAM)

RAM memory consists of 3 blocks containing 128 registers each. Its structure falls into the 8051 standard:

  • 128 general-purpose registers;
  • 128 memory locations reserved for SFRs. Even though only some of them are trully used, free locations shouldn’t be used for storing variables; and
  • 128 additional registers available for use (have no special purpose). Since they have the same addresses as SFRs, they are accessed by indirect addressing.
RAM Memory

EEPROM Memory

EEPROM is a special type of memory having features of both RAM and ROM. The contents of the EEPROM may be changed during operation, but remains permanently saved even after the loss of power. The AT89S8253 microcontroller has in total of 2K of EEPROM, that is 2048 locations.

Memory Expansion

All mentioned above about ROM and RAM memory expansion remains in force when it comes to the AT89S8253 microcontroller as it is based on the 8051 core. In other words, both memories can be added as external chips with the capacity of up to 64Kb. The process of addressing is also the same as in the 8051 standard.

Types of addressing

Similar to all microcontrollers compatible with the 8051, there are two ways of addressing:

  • Direct addressing (for example: MOV A,30h); and
  • Indirect addressing (for example: MOV A,@R0).

4.4 Special Function Registers (SFRs)

The AT89S8253 microcontroller has in total of 40 Special Function Registers. For the sake of the compatibility with the previous 8051 models, the core registers (22 in total) are the same for all of them, while the others were added later for the purpose of controlling upgraded functions of the microcontroller.

SFRs (Special Function Registers)

As shown in the table above, each of these registers has its name and specific address in RAM. Unoccupied locations are intended for the future upgraded versions of the microcontroller and shouldn’t be used. As their name suggests, these registers are mostly in control of one specific circuit within the microcontroller such as timers or SPI etc. and they will be discussed later in the book. This chapter covers only those SFRs controlling more than one circuit within the microcontroller.

Accumulator (ACC)

The accumulator, otherwise marked as ACC or A, belongs to the core registers of the 8051 microcontroller. Its contents is not modified.

ACC (Accumulator)

B register

The B register also belongs to the core registers of the 8051 microcontroller. Bits of this register are not modified. It is used during multiply and divide operations (MUL and DIV instructions) to store the operands upon which these operations are performed.

B register

PSW register (Program Status Word Register)

The PSW register belongs to the core registers of the 8051 microcontroller. Bits of this register are not modified.

PSW registar (Program Status Word)

SP registar (Stack Pointer Register)

The SP register belongs to the core registers of the 8051 microcontroller. Bits of this register are not modified.

SP registar (Stack Pointer)

Registers P0, P1, P2, P3

Each bit of these registers corresponds to one of the port pins having the same name. These registers are therefore used for comminication with peripheral environment which is carried out by sending data from registers to the corresponding pins and vice versa. They belong to the core registers of the 8051 microcontroller and their bits are not modified.

Registers P0, P1, P2, P3

R registers (R0 - R7)

They belong to the core registers of the 8051 microcontroller. Their bits are not modified.

R registers (R0 - R7)

AUXR register (Auxiliary register)

The AUXR register contains only two active bits:

AUXR register (Auxiliary register)
  • DISALE
    • 0 - ALE is activated at a constant rate of 1/6 the oscillator frequency.
    • 1 - ALE is active only during execution of MOVX or MOVC instructions.
  • Intel_Pwd_Exit
    • 0 - When the microcontroller is in Power Down mode, the program proceeds with execution on high-to-low transition (1-0).
    • 1 - When the microcontroller is in Power Down mode, the program proceeds with execution on low-to-high transition (0-1).

CLKREG register (Clock Register) X2

CLKREG register (Clock Register) X2
  • 0 - The oscillator frequency (the XTAL1 pin) is divided by 2 before used as a clock (machine cycle lasts for 6 such periods).
  • 1 - Quartz oscillator is used as a clock generator. This enables the quartz crystal of two times lower frequency (for example 6MHz instead of 12MHz) to be used for the same operating rate of the microcontroller.

Data Pointers

Data Pointers are not true registers as they don’t physically exist. They consist of two separate registers: DPH (Data Pointer High) and DPL (Data Pointer Low). All 16 bits are used for addressing external and internal EEPROM memory. The DPS bit of the EECON register determines the registers to be used as data pointers:

DPS=0 -> Data pointer consists of DP0L and DP0H registers and is marked as DPTR0.

Data Pointers 0

DPS=1 -> Data pointer consists of DP1L and DP1H registers and is marked as DPTR1.

Data Pointers 1

Handling EEPROM memory

2 Kb of on-chip EEPROM memory enables this microcontroller to store data created during operation which must be permanently saved. In other words, all data stored in this memory remains permanently saved even after the loss of power. Minimum 100 000 writing cycles can be executed. This memory is easily used since there are only a few control bits enabling it.

EEPROM write and read is under control of the EECON special function register. Since the process of programming EEPROM is relatively slow (write to one register takes approximately 4mS), a small hardware trick is done in order to speed it up. When the EELD bit of the EECON register is set, the data is not directly written to the EEPROM registers, but loaded in a small buffer (temporary memory) with a capacity of 32 bytes. When this bit is cleared, the first data following it will be normally written to the EEPROM (takes 4 mS) along with all registers currently loaded in the buffer. Thus, it takes only 4mS to write all 32 bytes instead of 128mS otherwise required in a single byte writing.

EEPROM memory is handled in the same way as external memory. For this reason, a special instruction for additional memory chip (MOVX) is also used for EEPROM write and read. The EEMEN bit of the EECON register determines whether the data is to be written/read from additional memory chip or on-chip EEPROM memory.

Handling EEPROM memory

EECON register

Bits of the EECON register controls the operation of EEPROM memory:

EECON register

WRTINH

The WRTINH bit is read-only. When the power supply voltage is too low for programming EEPROM, hardware automatically clears this bit, which means that write to EEPROM cannot be completed or is aborted if in progress.

RDY/BSY

The RDY/BSY bit is read-only.

  • 0 - Write in progress (takes approximately 4mS).
  • 1 - Write complete (data is written to EEPROM).

DPS

  • 0 - Address for EEPROM write/read is stored in the DP0H and DP0L registers.
  • 1 - Address for EEPROM write/read is stored in the DP1H and DP1L registers.

EEMEN

  • 0 - Instruction MOVX is used for accessing external memory chip.
  • 1 - Instruction MOVX is used for accessing internal EEPROM memory. If the register address is larger than 2K, the microcontroller will access external memory chip.

EEMWE

When set, the EEMWE bit enables write to EEPROM using the MOVX instruction. After completing EEPROM write, the bit must be cleared from within the program.

EELD

When set, the EELD bit enables up to 32 bytes to be written simultaneously. The bit is set and the MOVX instruction writes data to EEPROM (buffer is loaded). The bit is cleared before writing the last data. When the last MOVX is executed, the entire buffer is automatically loaded to EEPROM for 4mS.

4.5 Watchdog Timer (WDT)

The watchdog timer uses pulses generated by the quartz oscillator for its operation. It is disabled after reset and during Power Down Mode, thus having no effect on the program execution. If enabled, every time it counts up to the program end, the microcontroller reset occurs and program execution starts from the first instruction. Reset condition indicates that the program doesn’t work properly for some reason. The point is to prevent this from happening by setting instruction to reset the watchdog timer at the appropriate program location. Practically, the whole this process is in control of several bits of the WDTCON register.

Three bits (PS2, PS1 and PS0), which are in control of the prescaler, determine the most important feature of the watchdog timer- nominal time, i.e. time required to count up a full cycle.

The values contained in the table below are applied only when the 12MHz quartz oscillator is used.

Prescaler Bits Nominal Time
PS2 PS1 PS0
0 0 0 16ms
0 0 1 32ms
0 1 0 64ms
0 1 1 128ms
1 0 0 256ms
1 0 1 512ms
1 1 0 1024ms
1 1 1 2048ms

WDTCON Register (Watchdog Control Register)

WDTCON (Watchdog Control Register)

PS2,PS1,PS0

These three bits are in control of the prescaler and determine the nominal time of the watchdog timer. If the program doesn’t clear the WSWRST bit during that time, the watchdog timer will reset the microcontroller. When all three bits are cleared to 0, the watchdog timer has a nominal period of 16K machine cycles. When all three bits are set to 1, the nominal period is 2048K machine cycles.

WDIDLE

The WDIDLE bit enables/disables the watchdog timer in Idle mode:

  • 0 - Watchdog timer is enabled in Idle mode (low-consumption mode).
  • 1 - Watchdog timer is disabled in Idle mode.

DISRTO

The DISRTO bit enables/disables reset of peripheral circuits connected to the RST pin:

  • 0 - Watchdog controls the state of the input reset pin. At the moment of reset, this pin acts for a moment as an output and generates a logic one (1). It causes the microcontroller and all other circuits connected to the RST pin to be reset.
  • 1 - Reset triggered by the watchdog timer doesn’t affect the state of the reset pin. At the moment the watchdog timer resets the microcontroller, the reset pin remains configured as an input.

HWDT

The HWDT bit selects hardware or software mode for the watchdog timer:

  • 0 - Watchdog is in software mode and can be enabled or disabled by the WDTEN bit.
  • 1 - Watchdog is in hardware mode. To enable it, the sequence 1E/E1(hex) should be written to the WDTRST register. Only reset condition can disable the watchdog timer. In order to prevent the WCDT from resetting the microcontroller when the nominal time expires, the same sequence 1E/E1hex must be constantly repeated.

WSWRST

When set, this bit resets the watchdog timer in software mode (bit HWDT=0). In order to enable the microcontroller to operate without being interrupted, this bit must regularly be cleared from within the program. After being set, the watchdog timer is cleared by hardware, counting starts from zero and the bit is automatically cleared.

If the watchdog timer is in hardware mode, setting this bit has no effect on the watchdog timer operation.

WDTEN

The WDTEN bit enables/disables the watchdog timer in software mode (HWDT=0):

  • 0 - Watchdog disabled.
  • 1 - Watchdog enabled.

When the watchdog timer is in hardware mode (HWDT=1), this bit is read-only and reflects the status of the watchdog timer (whether it is enabled or disabled).

Note

The WDTEN bit doesn’t clear the watchdog timer, it only enables/disables it. This means that the current state of the counter remains unchanged as long as WDTEN=0.

4.6 Interrupts

The AT89S8253 has in total of six interrupt sources, which means that it can recognize up to 6 different events that can interrupt regular program execution. Each of these interrupts can be individually enabled or disabled by setting bits of the IE register, whereas the whole interrupt system can be disabled by clearing the EA bit of the same register.

Since this microcontroller has embedded Timer T2 and SPI (they don't fall under the “8051 Standard”) which can generate an interrupt, it was necessary to make some changes in registers controlling interrupt system. Besides, there is a new interrupt vector (address 2B), i.e. program memory address from which the program proceeds with execution when the Timer T2 generates an interrupt. All these changes are made on the previously unused bits. This enables all programs written for the previous versions of the microcontrollers to be used in this one too without being modified. This is why the 8051-based microcontrollers are so popular.

Interrupts

IE register (Interrupt Enable Register)

IE register (Interrupt Enable)

EA bit enables or disables all interrupt sources (globally):

  • 0 - disables all interrupts (even enabled).
  • 1 - enables specific interrupts.

ET2 bit enables or disables Timer T2 interrupt:

  • 0 - Timer T2 interrupt disabled.
  • 1 - Timera T2 interrupt enabled.

ES bit enables or disables serial communication (UART and SPI) interrupts:

  • 0 - UART and SPI interrupt disabled.
  • 1 - UART and SPI interrupts enabled.

ET1 bit enables or disables Timer T1 interrupt:

  • 0 - Timer T1 interrupt disabled.
  • 1 - Timer T1 interrupt enabled.

EX1 bit enables or disables external interrupt through the INT0 pin:

  • 0 - Interrupt on the INT0 pin disabled.
  • 1 - Interrupt on the INT0 pin enabled.

ET0 bit enables or disables Timer T0 interrupt:

  • 0 - Timer T0 interrupt disabled.
  • 1 - Timer T0 interrupt enabled.

EX0 bit enables or disables external interrupt through the INT1 pin:

  • 0 - Interrupt on the INT1 pin disabled.
  • 1 - Interrupt on the INT1 pin enabled.

Interrupt Priorities

When several interrupts are enabled, it may happen that while one of them is in progress, another one is requested. In such situations, the microcontroller needs to know whether to proceed with the execution of current interrupt routine or to meet a new interrupt request. For this reason, there is a priority list on the basis of which the microcontroller knows what to do. The previous versions of the microcontrollers differentiate between two priority levels defined in the IP register.

As for the AT89S8253 microcontroller, there is an additional SFR register IPH which enables all the interrupts to be assigned 1 out of 4 priorities (excluding reset). Here is a list of priorities:

  1. Reset. If a reset request arrives, all processes are stopped and the microcontroller restarts.
  2. The high priority interrupt (3) can be disabled by reset only.
  3. The low priority interrupt (2, 1 or 0) can be disabled by any high priority interrupt and reset.

It is usually defined at the beginning of the program which one of the existing interrupt sources have high and which one has low priority level. According to this, the following occurs:

  • If two interrupt requests, at different priority levels, arrive at the same time then the higher priority interrupt is always serviced first.
  • If the both interrupt requests, at the same priority level, occur one after another, the one which came later has to wait until routine being in progress ends.
  • If two interrupt requests of equal priority arrive at the same time then the interrupt to be serviced is selected according to the following priority list :
  1. External interrupt INT0
  2. Timer T0 interrupt
  3. External interrupt INT1
  4. Timer T1 interrupt
  5. Serial communication interrupt
  6. Timer T2 Interrupt

IP register (Interrupt Priority Register)

IP register (Interrupt Priority)

Bits of this register determine the interrupt source priority.

PT2 Timer T2 interrupt priority:

  • 0 - Priority 0
  • 1 - Priority 1

PS Serial port interrupt priority:

  • 0 - Priority 0
  • 1 - Priority 1

PT1 Timer T1 interrupt priority:

  • 0 - Priority 0
  • 1 - Priority 1

PX1 External interrupt INT1 priority:

  • 0 - Priority 0
  • 1 - Priority 1

PT0 Timer T0 interrupt priority:

  • 0 - Priority 0
  • 1 - Priority 1

PX0 External interrupt INT0 priority:

  • 0 - Priority 0
  • 1 - Priority 1

IPH Register (Interrupt Priority High)

IPH register (Interrupt Priority High)

PT2H Timer T2 interrupt priority

PSH Serial port interrupt priority

PT1H Timer T1interrupt priority

PX1H External interrupt INT1 priority

PT0H Timer T0 interrupt priority

PX0H External interrupt INT0 Priority

Bits of this register can be combined with appropriate bits of the IP register. This is how a new priority list with 4 interrupt priority levels (5 including reset) is obtained.

IP bit IPH bit Interrupts
0 0 Priority 0 (lowest)
0 1 Priority 1 (low)
1 0 Priority 2 (high)
1 1 Priority 3 (highest)

Processing interrupt

When an interrupt request arrives, the microcontroller automatically detects the interrupt source and the following occurs:

  1. Instruction in progress is ended;
  2. The address of the next instruction to execute is pushed onto the stack;
  3. Depending on which interrupt is requested, one of five vectors (addresses) is written to the program counter according to the table below:
Interrupt Source Jump Address
IE0 3h
TF0 Bh
IE1 13h
TF1 1Bh
RI, TI, SPIF 23h
TF2, EXF2 2Bh
All addresses are in hex format

Appropriate subroutines processing interrupts are stored at these addresses. Instead of them, there are usually jump instructions specifying locations at which these subroutines reside.

4. When an interrupt routine is executed, the address of the next instruction to be executed is popped from the stack to the program counter and the program proceeds from where it left off.

4.7 Counters and Timers

Timers T0 and T1

The AT89S8253 has three timers/counters marked as T0, T1 and T2. Timers T0 and T1 completely fall under the 8051 Standard. There are no changes in their operation.

Timer T2

Timer 2 is a 16-bit timer/counter installed only in new versions of the 8051 family. Unlike timers T0 and T1, this timer consists of 4 registers. Two of them, TH2 and TL2, are connected serially in order to form a larger 16-bit timer register. Like timers 0 and 1, it can operate either as a timer or as an event counter. Another two registers, RCAP2H and RCAP2L, are also serially connected and operate as capture registers. They are used to temporarily store the contents of the counter register.

The main adventage of this timer compared to timers 0 and 1 is that all read and swap operations are easily performed using one instruction. Similar to T0 and T1, it has four different modes of operation to be described later in this chapter.

Counter and Timer Registers

T2CON (Timer/Counter 2 Control Register)

T2CON (Timer/Counter 2 Control Register)

This register contains bits controlling the operation of timer 2.

TF2 bit is automatically set on timer 2 overflow. In order to detect the next overflow, this bit must be cleared from within the program. If bits RCLK and TCLK are set, overflow has no effect on the TF2 bit.

EXF2 bit is automatically set when a capture or a reload is caused by a negative transition on the T2EX pin. It generates an interrupt (if enabled), unless the DCEN bit of the T2CON register is set. The EXF2 bit must be cleared from within the program.

RCLK is receive clock bit which determines which timer is to be used as receive clock for serial port:

  • 1 - T2 is used as receive clock for serial port.
  • 0 - T1 is used as receive clock for serial port.

TCLK is transmit clock bit which determines which timer is to be used as transmit clock for serial port:

  • 1 - T2 is used as transmit clock for serial port.
  • 0 - T1 is used as transmit clock for serial port.

EXEN2 is timer 2 external enable bit used to include the T2EX pin in timer 2 operation:

  • 1 - Signal on the T2EX pin affects timer 2 operation.
  • 0 - Signal on the T2EX pin is ignored.

TR2 is timer 2 run control bit used to enable/disable timer 2:

  • 1 - Timer 2 enabled.
  • 0 - Timer 2 disabled.

C/T2 is timer/counter 2 select bit used to select pulses to be counted by counter/timer 2:

  • 1 - 16-bit register (T2H and T2L) counts pulses on the C/T2 pin (counter).
  • 0 - 16-bit register (T2H and T2L) counts pulses from the oscillator (timer).

CP/RL2 is timer 2 capture/reload bit used to define transfer direction:

  • 1 - If EXEN=1, pulse on the T2EX pin will cause a number to be transferred from counter to capture register.
  • 0 - Under the same condition, signal on the T2EX pin will cause a number to be transferred from capture to counter register.

Timer T2 in Capture mode

If the CP/RL2 bit of the T2CON register is set, timer 2 operates according to the figure below. This is so called Capture mode in which the value of the counter register (consisting of RCAP2H and RCAP2L) can be “captured” and copied to the capture register (consisting of RCAP2H and RCAP2L), thus not affecting the counting process. This is how it operates:

Timer T2 in Capture mode
  1. First, it is necessary to write a number from which the counting starts to a 16-bit register (TH2+TL2).
  2. Timer 2 is enabled by setting the TR2 bit of the TCON register. Each coming pulse increments the number stored in the 16-bit register by 1. When both registers are loaded (decimal number 65536), the first next pulse causes an overflow, reset occurs and counting starts from zero.

Settings:

Timer T2 in Capture mode Settings

Timer T2 in auto-reload mode

The auto-reload mode configures timer 2 as a 16-bit timer or event counter with automatic reload. It is controlled by the DCEN bit of the T2MOD register. Setting the DCEN bit enables timer 2 to count up or down from the specified value. The T2EX pin controls the counting direction:

Timer T2 in Auto-reload mode

T2OE - Enables timer 2 to operate as independent clock generator.

DCEN - When set, it enables counting in either direction- "up" and "down".

Timer T2 in Auto-reload mode

As seen in figure above, unlike Capture mode, the contents of the capture register (RCAP2H, RCAP2L) is now copied in the opposite direction upon an overflow occurs, from capture (RCAP2H, RCAP2L) to counter register (TH2, TL2).

Settings of Auto Reload mode are shown in the table below:

Timer T2 in Auto-reload mode Settings

All previously mentioned about timer 2 is in force only if the T2MOD register hasn't been changed, i.e. if DCEN = 0. Otherwise, timer/counter is enabled to count in either direction, which depends on the T2EX pin:

T2EX = 0 Timer 2 counts down
T2EX = 1 Timer 2 counts up

Timer T2 in Auto-reload mode (DCEN=1)

On counting up, the whole procedure is similar to the previous mode with one exception referring to the function of the EXF2 bit.

On counting down, an overflow occurs when values stored in the counter and capture registers match. It causes the TF2 bit as well as all bits of registers T2H and T2L to be set while the counter keeps on counting down: 65535, 65534,65533...

In either case, the EXF2 bit is assigned a new function. When an overflow occurs, this bit inverts the signal and cannot be used for generating an interrupt anymore. Instead, it serves as supplementary bit (the 17th bit) of the counter register, making this counter virtually a 17-bit register.

Timer T2 as a baud rate generator

The Timer T2 can be used as a baud rate generator and a clock generator simultaneously. If the RCLK or TCLK bit of the register TCON is set, timer T2 turns into a clock generator, so called Baud Rate generator). This mode is very similar to auto-reload mode. The baud rate is computed using the following formula:

Baud Rate formula

There are a few details to be aware of:

  1. This formula works only if the internal oscillator is used as a clock generator (in this mode, clock is divided by 2, instead of 12)
  2. Overflow has no effect on the TF2 bit and does not generate an interrupt.
  3. Whether the EXEN2 bit is set or not, the T2EX pin logic state has no effect on the timer. It means that the T2EX pin can be used as an external interrupt source in this mode.
  4. Timer should be disabled (TR2=0) prior to writing or reading from registers TH2 and TL2. Otherwise, an error in serial communication might occur.

Timer T2 as a clock generator

As previously mentioned, timer T2 can also be used as a clock generator. In all previous examples, the P1.0 pin (marked as T2 in figures) is used as an alternative clock generator for this timer, i.e. it acts as an input. Besides, it can also output pulses. By using a 16MHz quartz crystal, the frequency of pulses it generates ranges from 61Hz to 4MHz with a 50% duty-cycle.

To configure this pin as an output, the C/T2 bit of the T2CON register must be cleared, whereas the T2OE bit of the T2MOD register must be set. The TR2 bit enables the timer and the pin outputs rectangular waves the frequency of which ca be calculated using the formula below:

Frequency formula

4.8 Universal Asynchronous Receiver Transmitter (UART)

The Universal Asynchronous Receiver Transmitter (UART) has the same features as that of the standard 8051 microcontrollers. It means that it can operate in 1 out of 4 different modes, which is controlled by bits SM0 and SM1 of the SCON register.

SCON Register

Multiprocessor Communication

Multiprocessor communication (the SM2 bit of the SCON register is set) enables automatic address recognition by allowing the serial port to examine the adress of each incoming command. The process of writing a program is much easier therefore as the microcontrollers sharing the same interface don't have to check each address received via the serial port. Let's make it clear.

Two special function registers, SADDR and SADEN, enable multiprocessor communication. Each device has an individual address that is specified in the SADDR register, while the so called mask address is written to the SADEN register. The mask address contains don't care bits which provide the flexibility to address one or more slaves at a time. In other words, it defines which bits of the SADDR register are to be used and which are to be ignored.

SADDR and SADEN Register

When the master wants to transmit data to one of several slaves, it first sends out an address byte which identifies the target device. An address byte differs from a data byte in that the 9th bit is 1 in an address byte and 0 in a data byte. After receiving the address byte, all slaves check whether it matches their address. The adressed slave clears its SM2 bit and prepares to receive the data bytes to come. The slaves that weren't addressed leave their SM2 bits set and ignores the coming data bytes.

The most simple example is a “mini-network” comprising only 3 microcontrollers:

Microcontroller A is the master and communicates with devices “B” and “C”.

Microcontroller B: SADDR = 1100 0000
                   SADEN = 1111 1101
                 Address = 1100 00X0
                        
Microcontroller C: SADDR = 1100 0000
                   SADEN = 1111 1110
                 Address = 1100 000X
Multiprocessor Communication

Although both microcontrollers B and C are assigned the same address (1100 0000), the mask in register SADEN is used to differentiate between them. It enables the master to communicate with both of them separately or at the same time:

If transmit address is 1100 0010, the data will be sent to slave device B.
If transmit address is 1100 0001 the data will be sent to slave device C.
If transmit address is 1100 0000 the data will be sent to both slave devices.

4.9 SPI System (Serial Peripheral Interface)

In addition to UART system, the AT89S8253 has also another system for serial communication which doesn’t fall into the 8051 Standard. It is SPI system which provides a high-speed synchronous data transfer between the microcontroller and one or more peripheral devices or between multiple microcontrollers. Here, one microcontroller is always considered main and is called master therefore. It defines rate, transfer direction (whether data is to be transferred or received) and data format. The other is slave device which is in subordinated position, which further means that it cannot start data transfer, but has to adjust to conditions set by the master device.

The data are transferred via full duplex connection using 3 conductors connected to pins MISO (P1.6), MOSI (P1.5) and SCK (P1.7). The forth pin-control pin SS- is not used on the master side and may be used as a general-purpose input/output therefore, while on the slave side it must have voltage level 0. When the SS pin on the slave side is set, its SPI system is deactivated and the MOSI pin can be used as a general-purpose input.

SPI System (Serial Peripheral Interface)

As shown on the schematic, pins MISO and MOSI are configured differently in the master and slave device (as inputs or outputs), which is determined by the MSTR bit of the SPCR register.

Note

Knowing abbraviations makes connection easier:
MISO - master in, slave out; MOSI - master out, slave in; SCK - serial clock; SS - slave select;

Similar to many other circuits within the microcontroller, the SPI system can also be configured to operate in several modes.

Normal SPI mode (buffer out of use)

Data written to the SPI data register SPDR is automatically transferred to an 8- bit shift register. SPI clock generator is enabled and serial data appears on the MOSI pin. An initial delay may occur for the sake of synchronization with the main oscillator.

Normal SPI mode (buffer out of use)

After sending one byte, the SPI clock generator stops, the SPIF bit (flag) is set, the received byte is transferred to the SPDR register and, if enabled, an interrupt is generated.

Any attempt to write another byte to the SPDR register while byte transmit is in progress will cause the WCOL bit to be set. It indicates that an error has occured. However, the byte will be succesfully transmitted, while the new byte will be ignored, i.e. it will not be transmitted.

Enhanced SPI mode (buffer in use)

Enhanced mode is similar to normal except that this time data goes through one more register while being transmitted. It makes no sense at first sight, but communication is really faster. Look at the figure below...

Data written to the SPI data register SPDR is automatically transferred to the capture register (buffer), which causes the WCOL bit to be set. It means that the buffer is full and any further write will cause an overflow. Control electronics (hardware) cleares this bit after transmitting data from buffer to the shift register and after commencing serial data transmit. If the byte sent is the first, the data is immediately transmitted to the shift register (still empty), thus clearing the WCOL bit (buffer is empty).

Enhanced SPI mode (buffer in use)

While one byte transmit is in progress, the next byte to transmit may be written to the SPDR register. It will be immediately moved to buffer. In order to check whether data transmit is in progress, it is sufficient to check the logic state of the LDEN bit of the SPSR register. If this bit is set (Load Enable) and the WCOL bit is cleared, data transmit is in progress and buffer is empty so the next byte can be written to the SPDR register.

How to select the right mode? If individual bytes are sent occasionally then there is no need to complicate- the best solution is the normal mode. If it is necessary to send a great amounts of data, it is better to use enhanced mode in which the clock oscillator is enabled as far as buffer is regularly loaded and the WCOL bit is set. In addition, no time is needed for synchronization and data is easily and efficiently transferred.

The SPI system is under control of 3 special function registers. These are SPDR, SPSR and SPCR.

SPDR (SPI Data Register)

The SPDR register is used for storing data to be transferred via SPI (in serial format). It is also used for storing received data.

SPDR (SPI Data Register)

SPSR (SPI Status Register)

SPSR (SPI Status Register)

SPIF Interrupt flag. Upon data transfer, this bit is automatically set and an interrupt is generated if SPIE=1 and ES=1. The SPIF bit is cleared by reading SPSR followed by reading/writing SPDR register.

WCOL This bit is set in normal mode (ENH=0) if the SPDR register is written during data transfer is in progress. The write is premature and has no effect. It is called Write Collision. This bit is cleared in the same manner as the SPIF bit.
The bit is set in enhanced mode (ENH=1) when buffer is full. It is indication that a new data is ready to be transmitted to the shift register.

  In enhanced mode, a new data can be written to buffer when the WCOL bit is set. In addition, the WCOL bit must be cleared.

DISSO When set, this bit causes the MISO pin to float, thus enabling several slave microcontrollers to share the same interface. Normally, the first byte, called address byte, is received by all of them, but only one should clear its DISSO bit.

ENH
0 SPI system operates in normal mode (without buffer).
1 SPI system operates in enhanced mode.

SPCR (SPI Control Register)

SPCR (SPI Control Register)

SPIE When this bit is set, the SPI system can generate an interrupt.

SPE This bit enables SPI communication. When set, pins SS, MOSI, MISO and SCK are connected to the microcontroller pins P1.4, P1.5, P1.6 and P1.7.

DORD Bit determines which bytes in serial communication are to be sent first:

  • 0 - MSB bit is sent first.
  • 1 - LSB bit is sent first.

MSTR Bit determines whether the microcontroller is to operate as master or slave:

  • 0 - Operate as slave.
  • 1 - Operate as master.

CPOL Bit controls the SCK pin logic state when the SPI communication is not in progress:

  • 0 - Pin SCK is cleared.
  • 1 - Pin SCK is set.

CPHA This bit along with the CPOL bit controls relation between clock and data in serial format. Refer to the figure below.

SPR1,SPR0 When SPI system operates as master, these two bits determine boud rate, i.e. clock signal frequency of the master device. When operates as slave, these bits have no effect and SPI system operates at a rate imposed by the master device.

SPR1 SPR0 SCK
0 0 Fosc/4
0 1 Fosc/16
1 0 Fosc/64
1 1 Fosc/128

Serial data format if CPHA=0

Data format in case CPHA=0

* not defined. It is usually MSB of previously received byte.

Serial data format if CPHA=1

Data format in case CPHA=1

* not defined. It is usually LSB of previously received byte.

Two things are important to remember when configuring SPI system:

  • Master should be configured before slave.
  • When writing bits to the SPCR register, the SPE bit enabling SPI should be set last, i.e. after setting all other parameters.

4.10 Power Consumption Control

Like all models belonging to the 8051 series, this microcontroller can operate in 1 out of 3 modes: normal (consumption ca. 25 mA), Idle (consumption ca. 6.5 mA) and Power Down (consumption ca. 40 uA). The mode of operation is selected by bits of the PCON register (Power Control Register). Three bits are changed compared to the basic model:

PCON register

PCON register

The purpose of the bits of the PCON register:

SMOD1 When set, this bit makes boud rate twice as high.

SMOD0 Bit determines the purpose of the 7th bit of the SCON register:

  • 0 Seventh bit of the SCON register has the function of SM0, i.e. selects mode of operation.
  • 1 Seventh bit has the function of FE, i.e. detects errors. It is rarely used.

POF Bit is automatically set when the voltage level reaches maximum (must be higher than 3V) after powering on. It is used for detecting cause for reset (power on or restart condition after exiting Power Down mode).

GF1 General purpose bit (available for use).

GF0 General purpose bit (available for use).

PD By setting this bit, the microcontroller is set in Power Down mode.

IDL By setting this bit, the microcontroller is set in Idle mode.

When something goes wrong...

If something unexpected happens during the operation of the microcontroller, what most bothers is the fact that it’s never the microcontroller's fault. Although it’s not self-evident, the microcontroller always obediently follows program instructions. For this reason, it is necessary to pay special attention to several “critical points” when writing a program. The first one is RAM memory.

Even though it is designed to meet needs of the majority of users and has all required, a memory space intended for RAM is still only a single entity. It means that there are no phisically separated registers R0-R7, general purpose registers, stack etc. Instead, these are differently designated parts of the same “memory shelf”. Refer to the figure below.

Common mistakes 01

If we neglect this “detail”, there is a risk that the program suddenly starts to perform unpredictably. In order to prevent it, it is necessary to take care of the following:

If only registers R0-R7 from bank 0 are in use, everything is easily kept under control and program memory locations from 08h to 1Fh are available for use. If registers, otherwise having the same names, from some other bank are in use, you should be careful when using locations whose addresses are less than 20h because it can cause “R” registers to be erased.

If bit-variables are not used in the program, program memory locations 20h-2Fh are available for use. If the program contains bit-variables, you should be careful when using these location in order not to change them accidentaly.

By default, the data pushed onto stack occupy program memory locations starting from 08h. If the banks 1, 2 or 3 are in use, their contents will be certainly erased. For this reason, it is recommended to set the Stack Pointer value to be greater than 20h or even greater at the beginning of the program.

SFRs are used for controlling the microcontroller operation. Each of them has its specific purpose and it should be observed. It means that they cannot be used as general purpose registers even in the event that some of their locations is not occupied.

Instruction set, recognized by the microcontroller, contains instructions which can be used for controlling individual bits of registers at program memory location 20h-7Fh. Besides, individual bits of some SFRs (not all of them) can also be directly accessed. Addresses of these registers are divisible by 8.

If memory is expanded by adding external RAM or ROM memory chip, ports P0 and P2 are not available for use regardless of how many pins are actually used for memory expansion.

The DPTR register is a 16-bit register comprised of registers DPH and DPL which are 8-bit wide each. The DPTR register should be considered like that practically. For example, when pushing it onto the Stack, DPL should be pushed first, then DPH.

When used, serial communication is under control of the SCON register. Besides, registers TCON and TMOD should be configured for this purpose as well since the timer T1 is mostly used for boud rate generation.

When some of the interrupts is enabled, you should be careful because there is a risk that program starts to perform unexpectedly. When an interrupt request arrives, the microcontroller will execute instruction in progress, push the address of the first following location onto the stack (in order to know from where to continue) and jump to the specified interrupt routine address. When the routine has been executed, the microcontroller will pop the address from the stack and continue from where it left off. However...

The microcontroller saves only the address to continue from after routine execution. What is usually neglected is the fact that the contents of many registers can be changed during routine execution. The program normally procedees with execution considering the changed registers correct if their original vaules haven't been saved, thus causing a total chaos. The worst thing is that this problem can be manifested anytime: at the moment or several days later (depending on the moment an interrupt occurs). Obviously, the only solution is to save the state of all important registers at the beginning of interrupt routine and to update these values before returning to the program. We are actually talking about the following registers:

  • PSW
  • DPTR (DPH, DPL)
  • ACC
  • B
  • Registers R0 - R7

Note: Contents of registers are usually saved by being pushed onto the Stack using the PUSH instruction. However, instructions such as “PUSH R0” cannot be used here because the microcontroller “doesn’t know” which register is concerned as there are 4 banks with registers haing the same names R0-R7. For this reason, it is necessary to save addresses of these registers instead of their names using the PUSH 00h instruction.

When some of the instructions for indirect addressing is used, you should be careful not to use them for accessing SFRs as the microcontroller ignores their addresses and accesses free RAM locations having the same addresses as SFRs.

When UART system for serial communication is used, setting bits RI and TI of the SCON register generated the same interrupt. If such an interrupt is generated, it is first necessary to detect interrupt source (byte is sent, received or both). It is important to remember that the microcontroller only sets these bits so that they must be cleared from within the program. Otherwise, the program gets stuck and executes the same interrupt routine over and over again.

A list of bit-addressable registers

Accumulator (Address: E0)

ACC
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -
Bit address E7 E6 E5 E4 E3 E2 E1 E0

B register (Address: F0)

B
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -
Bit address F7 F6 F5 F4 F3 F2 F1 F0

Interrupt Priority register (Address: B8)

IP
After reset X X 0 0 0 0 0 0
Bit name - - PT2 PS PT1 PX1 PT0 PX0
Bit address BF BE BD BC BB BA B9 B8

Interrupt Enable register (Address: A8)

IE
After reset 0 X 0 0 0 0 0 0
Bit name EA - ET2 ES ET1 EX1 ET0 EX0
Bit address AF AE AD AC AB AA A9 A8

Port 0 (Address: 80)

P0
After reset 1 1 1 1 1 1 1 1
Bit name - - - - - - - -
Bit address 87 86 85 84 83 82 81 80

Port 1 (Address: 90)

P1
After reset 1 1 1 1 1 1 1 1
Bit name - - - - - - - -
Bit address 97 96 95 94 93 92 91 90

Port 2 (Address: A0)

P2
After reset 1 1 1 1 1 1 1 1
Bit name - - - - - - - -
Bit address A7 A6 A5 A4 A3 A2 A1 A0

Port 3 (Address: B0)

P3
After reset 1 1 1 1 1 1 1 1
Bit name - - - - - - - -
Bit address B7 B6 B5 B4 B3 B2 B1 B0

Program Status Word (Address: D0)

PSW
After reset 0 0 0 0 0 0 0 0
Bit name CY AC F0 RS1 RS0 OV - P
Bit address D7 D6 D5 D4 D3 D2 D1 D0

Serial Port Control register (Address: 98)

SCON
After reset 0 0 0 0 0 0 0 0
Bit name SM0 SM1 SM2 REN TB8 RB8 TI RI
Bit address 9F 9E 9D 9C 9B 9A 99 98

Timer Control register (Address: 88)

TCON
After reset 0 0 0 0 0 0 0 0
Bit name TF1 TR1 TF0 TR0 IF1 IT1 IF0 IT0
Bit address 8F 8E 8D 8C 8B 8A 89 88

Timer/Counter 2 Control register (Address: C8)

T2CON
After reset 0 0 0 0 0 0 0 0
Bit name TF2 EXF2 RCLK TCLK EXEN2 TR2 C/T2 CP/RL2
Bit address CF CE CD CC CB CA C9 C8

A list of non bit-addressable registers

Auxiliary register (Address: 8E)

AUXR
After reset X X X X X X X 0
Bit name - - - - - - Intel_Pwd_Exit DISALE

Clock register (Address: 8F)

CLKREG
After reset X X X X X X X 0
Bit name - - - - - - - X2

Data Pointer 0 High (Address: 83)

DP0H
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Data Pointer 0 Low (Address: 82)

DP0L
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Data Pointer 1 High Byte (Address: 85)

DP1H
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Data Pointer 1 Low Byte (Address: 84)

DP1L
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

EEPROM Control (Address: 96)

EECON
After reset X X 0 0 0 0 1 1
Bit name - - EELD EEMWE EEMEN DPS RDY/BSY WRTINH

Interrupt Priority High Byte (Address: B7)

IPH
After reset X X 0 0 0 0 1 1
Bit name - - PT2H PSH PT1H PX1H PT0H PX0H

Power Control (Address: 87)

PCON
After reset 0 X X X 0 0 0 0
Bit name SMOD - - - GF1 GF0 PD IDL

Slave Address (Address: A9)

SADDR
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Slave Address Enable (Address: B9)

SADEN
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Serial buffer (Address: 99)

SBUF
After reset X X X X X X X X
Bit name - - - - - - - -

Stack Pointer (Address: 81)

SP
After reset 0 0 0 0 0 1 1 1
Bit name - - - - - - - -

SPI Control register (Address: D5)

SPCR
After reset 0 0 0 0 0 1 0 0
Bit name SPIE SPE DORD MSTR CPOL CPHA SPR1 SPR0

SPI Data register (Address: 86)

SPDR
After reset - - - - - - - -
Bit name - - - - - - - -

SPI Status register (Address: AA)

SPSR
After reset 0 0 0 - - - 0 0
Bit name SPIF WCOL LDEN - - - DISSO ENH

Timer 2 Reload Capture High (Address: CB)

RCAP2H
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 2 Reload Capture Low (Address: CA)

RCAP2L
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 0 Low (Address: 8A)

TL0
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 1 Low (Address: 8B)

TL1
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 2 Low (Address: CC)

TL2
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 0 High Byte (Address: 8C)

TH0
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 1 High Byte (Address: 8D)

TH1
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer 2 High Byte (Address: CD)

TH2
After reset 0 0 0 0 0 0 0 0
Bit name - - - - - - - -

Timer Mode (Address: 89)

TMOD
After reset 0 0 0 0 0 0 0 0
Bit name GATE1 C/T1 T1M1 T1M0 GATE0 C/T0 T0M1 T0M0

Timer 2 Mode Control (Address: C9)

T2MOD
After reset X X X X X X 0 0
Bit name - - - - - - T2OE DCEN

Watchdog Timer Control (Address: A7)

WDTCON
After reset 0 0 0 0 0 0 0 0
Bit name PS2 PS1 PS0 WDIDLE DISRTO HWDT WSWRST WDTEN

Watchdog Timer Reset (Address: A6)

WDTCON
After reset - - - - - - - -
Bit name - - - - - - - -

Voltage characteristics of the AT89S8253 microcontrollers

Symbol Parameter Condition Min. Max.
VIL Input Low-voltage All pins except EA -0.5 V 0.2Vcc - 0.1V
VIL1 Input Low-voltage on EA pin -0.5 V 0.2Vcc - 0.3V
VIH Input High-voltage All pins except XTAL1 and RST 0.2 Vcc + 0.9V Vcc + 0.5 V
VIH1 Input High-voltage on pins XTAL1 and RST 0.7 Vcc Vcc + 0.5 V
VOL Output High-voltage Iol = 10mA, Vcc = 4.0V, Ta = 85°C 0.4 V
VOH1 Output High-voltage when Pull-up resistors are enabled (Port P0 in External BUS mode, ports P1,2,3, pins ALE and PSEN) Ioh = -40mA, Ta = 85°C
Ioh = -25mA, Ta = 85°C
Ioh = -10mA, Ta = 85°C
2.4 V
0.75 Vcc
0.9 Vcc
IIL Logical 0 input current (ports P1,2,3) Vin = 0.45V, Vcc = 5.5V, Ta = -40°C - 50 μA
IILI Input leakage current (port P0, pin EA) 0.45V < Vin < Vcc ± 10 μA
RRST Reset pull-down resistor 50 KΩ 150 KΩ
CIO I/O pin Capacitance f = 1Mhz, Ta = 25°C 10 pF
ICC
Power-supply current Normal mode: f = 12Mhz, Vcc = 5.5V Ta = -40°C
Idlle mode f = 12Mhz, Vcc = 5.5V Ta = -40°C
25 mA
6.5 mA
Power-down mode Vcc = 5.5V Ta = -40°C
Vcc = 4V Ta = -40°C
100 μA
40 μA


  • Mikatech SyncMOS 8051 MCU reverse engineer list:
  • F29Cxx Series hack microcontroller protection: F29C31004T F29C31004B F29C31400TF29LC51002F29LC51001F29LC51000 F29C51004T F29C51002T F29C51001T F29C51000T F29C51000B F29C51004T F29C51004B F29C51002T F29C51002B F29C51001T F29C51001BF29C61400T ...

    S29Cxx Series hack controller firmware protection: S29C31001B S29C31001T S29C31002B S29C31002T S29C31004B S29C31004T S29C51001B S29C51001T S29C51002B S29C51002T S29C51004B S29C51004T ...

    MSUxx Series read out microcontroller protection: MSU1958 MSU2952 MSU2964 MSU2958 ...

    SM29xx Series hack controller lockbit protection: SM2951 SM2952 SM2954 SM2958 SM2964 SM2965 ...

    SM59xx Series read out microcontroller lockbit protection: SM59064 SM59128C SM59128L SM5912C SM5912L SM5916C SM59164 SM5916L SM59264 SM5964 SM5964A SM5964AC SM5964AL SM5964C SM5964D0 SM5964D0A SM5964D1A SM59D02G2C SM59D02G2L SM59D03G2C SM59D03G2L SM59D04G2C SM59D04G2L SM59R08A2 ...

    SM59xx Series hack microcontroller protection: SM7908 SM79108 SM79164 SM79164L SM79164V SM7932 SM7964 ...

    SM59xx Series hack controller lockbit protection: SM894051 SM8951 SM89516 SM89516A SM89516AL SM89516B SM89516BL SM89516L SM8951A SM8951AL SM8951B SM8951BL SM8951L SM8952 SM8952A SM8952AL SM8952B SM8952BL SM8952L SM8954 SM8954A SM8954AL SM8954B SM8954BL SM8954L SM8958 SM8958A SM8958AL SM8958B SM8958BL SM8958L SM89S16R1C SM89T04R1C SM89T04R1L SM89T08R1C SM89T08R1L SM89T16R1C SM89T16R1L ..

 

 
 
     
 
PCB Copying Service
PCB Projects Overview
PCB Clone
PCB Reverse Engineering
PCB Prototype
PCB Assembly Production
 
 
Mcu Hacking Service
Atmel Microcontroller Hack
Actel Mcu Attack
Altera Microcontroller Crack
Cygnal Mcu Unlock
Cypress IC Reverse Engineer
Elan Mcu Code Extract
Fujitsu Microprocessor Decryption
Freescale IC Code Extraction
Gould integrated circuit Hack
Hitachi Mcu Code Extract
Holtek Chip Reverse Engineer
Infineon Microcontroller Dump
Intel Mcu Read Code Protection
ICT Microcontroller Duplication
Lattice Microcontroller Clone
Microchip Source Code Recovery
Motorola Microcontroller Crack
Maxim Mcu Attack
MDT Controller Hack
Magawin Microcontroller Unlock
NEC Mcu Reverse Engineer
NTK Microcontroller Code Extract
Nuvoton Chip Decryption
NXP Semiconductor Code Extraction
Philips integrated circuit Crack
Renesas Microcontroller Dump
ST Processor Reverse Engineer
Silicon Labs Mcu Read Protection
Samsung Mcu Duplication
SST Mcu Clone
Sinowealth Source Code Recovery
SyncMOS Mcu Unlock
Sonix Mcu Read Source Code
STC Microprocessor Code Extract
Tenx Microcontroller Decryption
Texas Instuments MCU Hack
Winbond MCU Code Extraction
Xilinx integrated circuit Crack
Zilog MCU Reverse Engineer
 
     
 
 
More MCU brands we can reverse engineer below, please contact us if yours not listed here:
AMD Feeling LG / Hyundai Myson STK
ChipON Hynix Mitsubishi National Semi Temic
Coreriver ICSI Mosel Vitelic Portek Toshiba
Dallas ISSI MXIC SSSC Gal / Pal / Palce
Copyright © 2013 Mikatech. All rights reserved. Full dedicated reverse engineering company