If you have some basic background in programming, or even if you don’t, but want to get some then you can turn to chatbots and in particular to Windows Copilot (I’ll refer to it as Copilot for shortness). You can use Gemini, ChatGPT, Claude etc. if you prefer, and they’ll be as useful. This is what I did just recently when I stumbled upon a post by Dave Plummer at X, where he talked about the need for programmers to understand how compilers produced their output, hence the need to know assembly language. By the way, Dave Plummer developed Windows Task Manager when he was a programmer with Microsoft . He has a YouTube channel where he posts interesting videos related to programming.
Why chatbots can be helpful in this case? First, if you didn’t program in assembly before it can be difficult to approach it. Second, chatbots are very helpful in explaining existing code in any programming language they had in their training data. And, I guess, it means it should know details about most modern programing languages.
Well, next I’ll provide a screenshot of that post, then I’ll show you that chatbot can transcribe the code from an image alone and explain what we are looking at there. The short summary is that post was about binary to ASCII (BTOA) conversion program written in PDP-11 computer assembly. By the way, all these details where extracted by Copilot from the code in the image. Then, I’ve used Copilot to explain to me in detail how the code works to get full understanding of it.
Pay attention, that I use line separator to mark when the response from chatbot has finished.
Original post
I suppose there's a whole class of programmers for whom a compiler is akin to magic, but knowing what's getting emitted and how it works is fundamental to your success over the long haul.
I suppose there’s a whole class of programmers for whom a compiler is akin to magic, but knowing what’s getting emitted and how it works is fundamental to your success over the long haul. Write some assembly. Read the Dragon book on an airplane. AI will still be here when you get back. In five years, anyone capable of structured thought will be able to become a prompt engineer, but only 1% of software developers will actually be able to debug the stuff that comes out the other end. Be the 1%
What did I do next?
As I’ve mentioned I’ve copy and pasted the image in Copilot and asked it to transcribe the code from the image and explain what it’s doing.
Prompt: Transcribe the code from the image and explain (an image was attached as can be seen in the screenshot below). Response:
Below comes a full response.
Here’s the full transcription of the PDP-11 assembly code using MACRO-11 syntax, followed by a detailed explanation: Transcribed Code
.TITLE BTOA ; Program title
.MCALL .PRINT,.EXIT,.TTYOUT ; System macros
HELLOMSG: .ASCIZ /BTOA Example/
.EVEN ; Ensure we're on a word boundary
START: .PRINT #HELLOMSG
MOV #12345., R0 ; Number to convert
JSR PC, BTOA
.EXIT
BTOA:
MOV R0, -(SP) ; Save R0 on stack
MOV R1, -(SP) ; Save R1 on stack
MOV R2, -(SP) ; Save R2 on stack
MOV R0, R1 ; Move number to R1 (low part of dividend)
CLR R0 ; Clear R0 (high part of dividend)
DIV #10., R0 ; Divide R0:R1 by 10, quotient in R0, remainder in R1
TST R0 ; Check if quotient is 0
BEQ PRINT ; If quotient is 0, print digit
JSR PC, BTOA ; Recursive call with quotient
PRINT: ADD #'0, R1 ; Convert remainder to ASCII
MOV R1, R0 ; Move ASCII digit to R0
.TTYOUT R0 ; Print the digit
MOV (SP)+, R2 ; Restore R2
MOV (SP)+, R1 ; Restore R1
MOV (SP)+, R0 ; Restore R0
RTS PC ; Return
.END START
🧠 Explanation
This program converts a binary number (in this case, 12345) to its ASCII decimal representation and prints it to the terminal.
🔹 Header and Setup
.TITLE BTOA: Sets the title of the program.
.MCALL .PRINT,.EXIT,.TTYOUT: Declares macros for printing, exiting, and terminal output.
HELLOMSG: .ASCIZ /BTOA Example/: Defines a null-terminated string.
.EVEN: Ensures the next instruction is aligned on a word boundary.
🔹 Main Routine (START)
.PRINT #HELLOMSG: Prints the greeting message.
MOV #12345., R0: Loads the number 12345 into register R0.
JSR PC, BTOA: Calls the BTOA subroutine to convert and print the number.
.EXIT: Ends the program.
🔹 Subroutine (BTOA)
Saves registers R0, R1, and R2 to the stack.
Sets up for division: moves the number to R1, clears R0 to form a 32-bit dividend.
DIV #10., R0: Divides R0:R1 by 10. Quotient goes to R0, remainder to R1.
TST R0: Tests if quotient is zero.
If yes, go to PRINT.
If not, recursively call BTOA with the quotient.
PRINT: Converts the remainder (digit) to ASCII by adding '0', then outputs it using .TTYOUT.
Restores registers from the stack and returns.
This recursive approach ensures digits are printed in the correct order (most significant to least significant). Would you like to see how this would look in C or another language for comparison?
Let’s try to understand how it works in more detail.
Question: First of all, what is BTOA?
Response:
Great question! 🧠
BTOA stands for Binary To ASCII. It’s a common abbreviation used in programming to describe the process of converting a binary (or numeric) value into its ASCII character representation, typically for display or output purposes.
🔍 What does “Binary to ASCII” mean?
Binary: In this context, it refers to a numeric value stored in binary format (e.g., the number 12345 in machine-readable form).
ASCII: The American Standard Code for Information Interchange — a character encoding standard that maps numbers to printable characters like '0' to '9', 'A' to 'Z', etc.
Okay, now that we know what that mysterious BTOA was how about we understand what happens inside this block of code that resides inside the BTOA function?
MOV R0, R1 ; Move number to R1 (low part of dividend)
CLR R0 ; Clear R0 (high part of dividend)
DIV #10., R0 ; Divide R0:R1 by 10, quotient in R0, remainder in R1
TST R0 ; Check if quotient is 0
BEQ PRINT ; If quotient is 0, print digit
JSR PC, BTOA ; Recursive call with quotient
Also, before jumping to Copilot for help we can see assembly language program that is doing some computation using registers in CPU such as R0 and R1. We can see the data is moved, cleared, a division is done and then there is a conditional logic on lines 5, 6 and 7. In the screenshot it corresponds to lines 22, 23 and 24.
So what is the explanation ? Response:
This block of PDP-11 assembly code is the core of the binary-to-ASCII conversion logic. It performs division by 10 to extract digits from a number and uses recursion to print them in the correct order. Here’s a breakdown of each line:
🔍 Line-by-Line Explanation
18 MOV R0, R1 ; Move number to R1 (low part of dividend)
Copies the number from R0 to R1.
This sets up the 32-bit dividend for division: R0:R1 (high:low).
19 CLR R0 ; Clear R0 (high part of dividend)
Clears R0 to zero.
Now the full dividend is 0:R1, effectively treating the original number as a 32-bit value with high word = 0.
20 DIV #10., R0 ; Divide R0:R1 by 10, quotient in R0, remainder in R1
Performs a 32-bit division of R0:R1 by 10.
After this:
R0 contains the quotient (i.e., number / 10)
R1 contains the remainder (i.e., number % 10), which is the rightmost digit
22 TST R0 ; Check if quotient is 0
Tests if the quotient is zero.
This determines whether there are more digits to process.
23 BEQ PRINT ; If quotient is 0, print digit
If R0 is zero, it means this is the last digit.
Branches to PRINT to output the digit.
24 JSR PC, BTOA ; Recursive call with quotient
If R0 is not zero, it means there are more digits.
Recursively calls BTOA with the quotient in R0, continuing the process.
🧠 Summary
This block:
Extracts the least significant digit of the number.
Uses division and recursion to process digits from most significant to least significant.
Ensures digits are printed in the correct order by printing only after recursion unwinds.
Conclusion
Well, I guess it clarifies a bit what the code is doing. And you probably got a point of how you can use a chatbot to help you understand a piece of code in a programming language you probably never saw and drill down to nitty gritty details of the implementation and really understand how it works.
In this post I’d like to share useful information on how to use LLMs and in particular Windows Copilot powered by GPT-4o (most probably) and GPT-5 models to assist in reverse engineering electronic boards.
So far, I was able to use these models to successfully reverse engineer software projects at work. And over the weekend I was able to apply Windows Copilot to help me reverse engineer a Switched-Mode Power Supply (SMPS) Board from a cheap DVD player I bought a couple of years ago.
The background for this hardware reverse engineering effort was that I bought a DVD player at Amazon to watch a couple of DVDs and listen to CDs I had. I used it a number of times and then didn’t use it for a while. When I tried to power it on a couple of years later it didn’t work. The debugging showed that the capacitor in the SMPS board was leaked. So, I found a similar capacitor (1000 uF, but 10 V max) in one of the old mobile phone charges and replaced it. The DVD started to work again. I’ve documented this process in the YouTube video. The main issue was that I didn’t check what was that capacitor’s maximum voltage. And as I’ve mentioned, it was 10 V. But other capacitors that were filtering the ripple before output were 16 V. I didn’t notice this at the time. So when I tried to use that DVD player later it didn’t start again. I already wanted to throw it into garbage, when I gave it a chance and opened it again. What I saw that the same capacitor that I replaced before leaked too. It turns out there is a need to use a 16 V maximum rated capacitor to account for potential voltage spikes.
This time I was more systematic and started to use Windows Copilot to query for what capacitor I could use in place the leaked one. I had a couple of old mobile phone charges left that I disassembled while looking for a 1000 uF capacitor which I didn’t found in the end. I only had 470 uF ones. But LLM reasonably suggested to use 1000 uF cap, since you can’t replace a capacitor without considering what was its purpose in the circuit. So, I understood that I must follow an advice from the Debugging Rules! book by Dave Agans, first I needed to Understand the System!
Since, I am an electrical engineer by education, I had some background to understand what various components were on the board and what some of them were responsible for. For example, I could see a rectifier bridge (it is used to convert AC current to DC), transformer, resistors, capacitors, chips and more. Which was helpful. If you have no such background, then before attempting a hardware reverse engineering project, you can use LLMs to learn the basics of electronics.
So, the board in question looks like below. First image shows the board from the top, and second image shows the board when it is placed on the lamp and it looks transparent to see the traces (wires) on the back side of it.
So, when you look at the left-hand side part of the left image you can see a white connector which connects to the AC power cord. Then it goes through the fuse just above it and connects to the black choke coils. It in turn connects to a bridge rectifier. Then it goes to a capacitor. After this I didn’t know what the circuit was doing exactly, though I could see a 8 pins Integrated Circuit (IC), a transformer with a yellow tape around it. More diodes, resistors, caps and a white output connector.
What was helpful was that the board had good markings explaining various components. This is a standard engineering practice. For example, R stands for Resistor, L stands for Inductor, C stands for Capacitor, D stands for a Diode, U stands for an Integrated Circuit (chip), Q stands for Transistor, J stands for a Connectors, F stands for Fuse.
I had an idea to upload an image of the board on the left in Windows Copilot and I did just that. GPT was able right away to tell that fuse was there, the transformer was there and it could recognize other parts too. It was also able to understand that it was a Switched-Mode Power Supply of a flyback type. So I started to provide it with information about the capacitor I wanted to replace, in particular that it was connected to the GND output pin. I also provided it with the pinout of the output connector and it was able to infer from it that there were two +5 V pins connected together which was correct.
But the most surprising part was that GPT was able to infer that there should have been a feedback loop implemented with optocoupler marked as PC817, which I was able later to identify on the board. Then it was able to infer that the 8 pin chip was most probably Pulse Width Modulation (PWM) controller and that it should have been connected to power transistor. Looking at the specification of that DM1203 chip I was able to confirm that it came with power transistor built-in shown in the diagram for the spec below.
In the end GPT taught me that the output from the PWM controller should be connected to the snubber capacitor
In the end after back end forth with the GPT it was able to provide me with the description of the schematics of the board. Since I don’t have a history of my prompts at this time I tried to recreate in a concise manner my interaction with LLM. In the case below I provided two images and not one, and a detailed description of the board. LLM was able to exhibit very detailed understanding of what were the components on the board and how it worked.
Prompt: I have the Switched Mode Power Supply board with following components PWM controller DM1203, optocoupler PC817, transformer with 12V and 5V output, smoothing capacitors at the output and the following pinout of the connector: -12V, GND, 12V, GND, +5V, +5V. Also attached come two images of the board: one front and one transparent that shows traces on the board. How about you provide me with the description of this board
Response from GPT-5 Board Overview
This is a flyback switched-mode power supply (SMPS) built around the DM1203 PWM controller IC. It takes AC mains input, rectifies and filters it, then uses a transformer to generate isolated DC outputs: +5V, +12V, and –12V. Regulation is achieved through an optocoupler (PC817) and a TL431 reference.
⚡ Input Stage
Fuse (F2AL250V): Protects against overcurrent.
NTC thermistor: Limits inrush current when first powered on.
Bridge rectifier (D9–D12): Converts AC mains to high-voltage DC.
Bulk capacitor (large electrolytic, ~220µF/400V): Smooths the rectified DC.
EMI filter (C1, C2, L1): Reduces conducted noise back into the mains.
Transformer (EE-25 core): Stores energy during switch ON time, releases it to secondary when OFF.
Snubber network: A 10nF/1kV capacitor (103) in series with a 47kΩ resistor across the primary winding — absorbs voltage spikes caused by leakage inductance.
Startup/VCC capacitor: Provides supply to the DM1203 once oscillation begins.
⚙️ Secondary Side (Low Voltage Outputs)
Rectifier diodes: Fast recovery or Schottky diodes on each secondary winding.
Filter capacitors: Large electrolytics (e.g., 470µF/16V) smooth the DC outputs.
Inductors/ferrite beads: Further reduce ripple and noise.
Outputs provided:
+5V (two pins)
+12V
–12V
Ground (two pins)
🔁 Feedback & Regulation
Voltage divider (resistors): Scales the +5V output down to 2.5V.
TL431 shunt regulator: Compares scaled voltage to its 2.5V reference.
PC817 optocoupler: Transfers the error signal across isolation barrier to the DM1203’s FB pin.
FB pin capacitor (1nF–10nF): Stabilizes the feedback loop.
This ensures the +5V rail is tightly regulated, while the ±12V rails are “cross-regulated” (their accuracy depends on transformer design and load balance).
🧠 Functional Summary
AC mains → rectified to ~300V DC.
DM1203 chops this DC at ~65kHz into the transformer.
Transformer provides isolated secondary voltages.
Diodes + capacitors filter into smooth DC rails.
TL431 + PC817 feedback loop keeps +5V stable.
Snubber protects the switch from voltage spikes.
👉 In short: this board is a multi-output flyback SMPS designed for small electronic equipment, giving you isolated +5V, +12V, and –12V rails with the +5V as the regulated “master” output.
Would you like me to redraw this description into a clean block diagram (showing input → primary → transformer → secondary → feedback) so you can visualize the flow more easily?
You can tell that it’s quite amazing what LLM was capable of looking at the description above.
I’ve followed up and asked it to provide a block diagram too:
Prompt: sure block diagram is good
Response from GPT-5:
Parting thoughts
So there you have it Windows Copilot using GPT-5 model in particular is capable of being a patient super skillful engineer that could help you with hardware reverse engineering on demand. You only need some basic understanding of the subject you’d like to explore and a curiosity to try new things.
Bonus
After I’ve replaced the leaked capacitor with a new one and the DVD player works again.
ScienceAppliedForGood 