.include "instr.inc"
.text

# Failed techniques:
# - reading with stack pointer
# - using a function stored in bios (memcpy, readstr+text_ram_byte)
# - using undocumented copr commands
# - inspecting the stack and calling different code in the bios

# Approach used:
# - Load REPORT03.PRG into bios area
# - Call some of its code to exfiltrate data

.global _start
_start:
    jp simple

    # Full approach relying on REPORT03.PRG
    ld_r0 0x8
    ld_r1 0xf00
    copr_readblk

    ld_r2 0
    ld_r3 0x1000
loop:
    # Read the byte
    push_r3
    call get_byte
    pop_r3

    # Store the byte
    push_r2
    ld_r2_r3
    str_r0_r2
    pop_r2

    # Increment the pointer
    inc_r3
    inc_r3
    cp_r3 0x2000
    jp_ne loop

    # Hexdump the retrieved data
    pop_r3
    ld_r2 0x1000
    ld_r3 (32 * 0x10)
    jp 0xf12d  # cmd_read_loop

get_byte:
    # Load byte from r2 into r0, trash all regs
    ld_r0 0
    ld_r3 0
    jp 0xf66
.fill 0x63 - (. - _start), 1, 0
    # Code at 0xf66 jumps here after completion
    ret

# Simpler approach learned after dumping the bios
simple:
    ld_r1 0x1000
    ld_r2 0x1000
    ld_r3 0
simple_loop:
    call 0x1e8
    cp_r1 0
    jp_ne simple_loop

    pop_r3
    ld_r2 0x1000
    ld_r3 (32 * 0x10)
    jp 0xf12d  # cmd_read_loop
    #jp 0xf48a  # GRLTS02 monitor