Rockbox Development > New Ports

SanDisk Sansa c200v2, m200v4, clipv1, clipv2, clip+, and fuzev2

<< < (34/386) > >>

funman:

--- Quote from: tobi-lu on August 02, 2008, 04:15:53 AM ---
--- Quote from: funman on August 01, 2008, 12:02:44 PM ---Also I took the conversion code to translate instructions in utils/disassembler/arm/disasm_arm.c

--- End quote ---
What's the purpose of disasm_arm.c? And what did you use it for?

--- End quote ---

Well it's an ARM disassembler, I used it to modify the instructions / offsets.
Ex: +       jump = 0xEB000000 /* BL */ | (((bl_offset - (firmware_size + bootloader_size - 4) - 8 ) >> 2) & 0x08ffffff);
0xE0000000 is the condition: no condition
0x0B000000 is the instruction: BL (== CALL in i386 asm)
The last 3 bytes are the relative offset we jump to.

NOTE: I just found a bug: the offset mask should be 0x00ffffff not 0x08ffffff : this is why disassembling the patched firmware before putting it on the Sansa is important !! I will change the patch.

Also I forgot to mention that my code assumes there is no offset at the beginning of test.S, it replaces the instructions directly with relative offset.


--- Quote from: tobi-lu on August 02, 2008, 04:15:53 AM ---
--- Quote from: funman on August 01, 2008, 12:02:44 PM ---As discussed with the hackers, it would be wise to execute our code after some stuff has been initialized.

--- End quote ---
Do you think you can access other parts of the firmware file then? Or access the buttons easier?
Hm, I'd like to understand it, could someone perhaps send me a chatlog?

--- End quote ---
I don't have the log, but according to atomik_punk the code before the first BL will setup the stack, and let us call various functions of the OF (to access buttons, exactly).
Of course it would be better to test that code on daniel's e200 since he has a recovery mode :)

tobi-lu:
So the next step would be to write some code that checks for a pressed button and goes to the delay loop if it isn't pressed.

But you (atomikpunk) haven't yet found the button handling code in the e200 firmware, right?


Anyway, this idea sounds rather promising to me :)

funman:
Hi all

I am still on the process on trying to unbrick my Sansa Clip, and I found the special mode mentioned by Daniel_at.

However just like atomik_punk and his m200, on the Clip you will see a 0MB partition.
Probably Sansa didn't allocate any space for this feature on some models.

Since I unsoldered the battery, the Clip is always off unless plugged on USB, so I assume it works only with device off:

1/ Bridge the PIN 17 & 18 of the NAND flash (ALE & WE# according to this standard: http://www.onfi.org/docs/ONFI_1_0_Gold.pdf

I also read http://s1mp3.org/en/docs_deadrec.php, mentioned in this thread, and bridging IO pins also work.

It looks like a generic way to enter recovery mode, not only for Sansa ;)

2/ Plug the Clip on USB
3/ Notice a new 0MB hard disk detected
4/ ???
5/ No profit since the Clip is still bricked ;)

daniel_at:
Hi all (but mostly Atomikpunk)

As you were searching for a function which loads data from the flash into ram, i had following Idea:
Because I found only one reference to the NAND_FASH-registers in the OF-Loader and further we know (USB ID and other stuff) that the AMS-SoC has a Sansa-specific PROM-Code and that the Loader in the PROM must already fetch data from the Flash, it is very likely that the Flash will be initialized by the PROM-Code.

Further it is possible to map the PROM into the Address Space, but according to the docu only starting from Addr. 0x00000000 - but maybe it is possible to "rewire" that, when Sansa build theire specific PROM-Mask.
Therefor, maybe we _cant_  find the function read_flash in the Flash-based fw-part, but it calls that function on some specific address which gets mapped into PROM.

Just a random thought.... If you happend to find some calls to addresses which look suspicous, it might be some kind of that...

Daniel

atomikpunk:
Nothing much today except from that I'm pretty sure the LCD controller in the E200v2 devices is an ILI9222. I updated the E200v2 wiki page to reflect this. Still looking at the GPIOs for hints on buttons...

Navigation

[0] Message Index

[#] Next page

[*] Previous page