Rockbox Development > New Ports
Sandisk Sansa View
crackmonkey421:
I have been doing a little each night, but I'm still researching. I need to figure out where GPIO is for everything. I'm still not completely sure how to go about getting this information, but I'll let you know when I figure it out.
42bs:
Hi
some more info on the partition layout (at least on OF 01.02.09)
Firmware header at 0x80000: "CPUI", 0x06000000
MI4 header starts with: "PPOS", 0x0010301
BTW: Is there already a tool to extract the FW from the dump ?
Bagder:
Sure, I'm quite sure cutit works on the View as well, mentioned and linked to on this page:
http://daniel.haxx.se/sansa/e200.html
Then you can decrypt it fine using mi4code.
cout:
linuxstb, how did you disassemble the firmware? I decoded the 01.02.09a firmware with -s to strip the header, then ran:
--- Code: --- arm-elf-objdump.exe --target=binary --disassemble-all --architecture=arm firmware.mi4.no_header > firmware.objdump
--- End code ---
but in the resulting output file I see many lines like:
--- Code: --- 334: f000f000 undefined instruction 0xf000f000
--- End code ---
and objdump segfaults when it gets to location 257a7c.
The firmware itself appears to contain C++ code, as evidenced by some of the strings found in the file:
--- Code: --- long MediaManager::getMetadataID(MediaManager::STType, const unsigned short *, i
nt, bool)
MediaManager::mount(): storage activated - volume = %d, storageID = %08x
10LinkedListIN9WorkQueue5EntryEE
--- End code ---
(not sure how that's useful, except that knowing the underlying code is OO might make it easier to isolate which parts of the code are doing I/O... too bad we don't have access to the source)
Anyway, it occurred to me that to find the code that outputs to the LCD, one might start by finding a string that gets displayed on the LCD.
crackmonkey421:
I haven't worked on this thing much at all, but I was able to get flashing successfully. I have no experience disassembling firmware, but here's the steps I've taken to get a successful flash:
Download/build latest mi4code from http://daniel.haxx.se/sansa/view.html
Decrypt using mi4code with view key (mi4code decrypt firmware.mi4 firmware.bin view)
Edit firmware.bin in unicode using a hex editor
Sign using mi4code with dummy key exploit (mi4code sign firmware.bin firmwaresigned.bin)
Encrypt using mi4code with view key (mi4code encrypt firmwaresigned.bin firmwaresigned.mi4)
Rename your firmwaresigned.mi4 to firmware.mi4 and put it in your Sansa's root folder.
Make sure the original firmware.mi4 file you use is the same version as the firmware on your View or it might not work. I used 01.01.06. All I did so far is change "Now Playing" to "Hello World", but I thought someone with more knowledge and/or time might benefit from this information.
I'll be trying to learn more with every flash, but who knows if I'll actually get anywhere.
Ohh.. and I just ran this this:
arm-elf-objdump -D --target binary -marm firmware010106.bin > firmware010106.objdump
And I got this:
http://rapidshare.com/files/123747988/firmware010106.objdump.html
It seemed to work fine for me. However, I'm going to have to do a lot more reading before that means anything to me. Of course I'll post if/when I actually figure anything out.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version