I pried the chip out of the socket and fired up my prom burner. Reading it (using my ancient EMUP unit) is easy enough and indicated a checksum of D239. Getting the "klinger.bin" file off of the old FreeDOS machine that hosts the burner was a challenge. I ended up removing the hard drive, placing it in a USB enclosure, and connecting this to my linux system. This worked with perhaps 20 minutes of time invested, but finding a better way will be yet another project. I only do this sort of thing maybe once a year, so this is not a terrible inconvenience.
Incredibly, only the first 256 bytes of the ROM are used! This yields approximagely 300 lines of disassembled code. It is not going to be an insurmountable challenge to analyze this firmware!
dis6502 -r 0xf800 klinger.bin > klinger.disThe only trick is calculating the start address so the rom ends at 0xffff so that the reset vector is at the right place.
This page lists a number of disassemblers.
The one I used has files marked with "dis6502 by Robert Bond, Udi Finkelstein, and Eric Smith". When I downloaded it (back in 2010 or so), it was version 0.12 and had not had much attention since 2003 or so. As I look at it now, I see that Peter H. Froehlich has been working on it in 2015 and perhaps as recently as 2018. I made a lot of changes to the copy I now use, so there are now two forks so to speak, which is fine.Now that I have a basic disassembly, I will take time to heavily annotate the disassembly as I study it. Here is a link to the current effort:
Tom's Computer Info / tom@mmto.org