Support and General Use > Hardware

STMP3770 low level flash access

<< < (2/2)

I downloaded multiple firmware versions also from different Playaways with different flash chips. The same firmware versions did not differ in their sha256 value so each firmware version seems to be identical. I updated my repo accordingly.

I dared to try to update a Playaway from version 01:04 to 01:08 and...failed. The Playaway did not start anymore. I can still of course access the ROM recovery but do not have a fitting .sb to reenable the mass storage mode to rewrite the older version.
As we can see from the log output of scsitools above there are multiple partitions in the flash. After looking at the scsitool I saw that only the boot partition is taken into account if firmware is read or written to the device. But there are other partitions. I have modified scsitools to also download the other same size partitions and they have the exact same content. I guess I would have needed to update them as well. The other two partitions mainly contain FF (empty/default for a NAND flash).

Maybe someone with more inside knowledge can shed light on the situation on how to maybe rescue my brick or be able to update others without bricking them.

I didn't follow the stmp devices closely but maybe you could look at the firmware recovery process for the other devices and adapt them for your needs.

I kinda went down the rabbit hole. Not fully though.
I understood all the sbload processes and the ROM Recovery which the datasheet calls USB Boot driver with RHID interface and uses the BTLC protocol.

Using this I could create and compile an own program that runs from SRAM and lets the backlight of the LCD of the Playaway blink. So now I need to decide if I want to go all the way through that rabbit hole because this would mean writing code for some kind of communication channel, preferable USB, to then be able to access the nand flash, that also needs a driver. I might be able to use some existing code but I am not yet experienced with this controller.
Another option would be to somehow utilize the original firmware extract. But this might also need adjustments as it was written to run from flash and I do not know what this means for all the addresses.

Maybe someone does have code already. None of the recovery files of existing players can be used as they other recovery modes than the one with the BLTC protocol.


[0] Message Index

[*] Previous page

Go to full version