Support and General Use > Hardware
Gigabeat F firmware hacking information
shoora:
I have done some homework on Gigabeat F firmware.
So far:
1. Created program to decode/encode firmware images.
2. Created program to change bitmaps in flash image and modified my Splash screen.
3. Successfully flushed my Gigabeat with modified images.
4. Made patch power button for shorter wait before system starts bootup.
5. Made patch to start up Gigabeat immediately after external power plugged. Great for "Car adapter mode"! With this patch you can not shutdown player while external power connected - it will startup again :-)
I believe it's not impossible to write custom bootloader to load Rockbox image directly. I just don't care that much. Resume (see below) is lot more important!
Firmware utilities, flash listing (IDA 5.10), LCD init code. Will be continued...
http://rapidshare.com/users/VUBQPF
Updated Apr. 19 2007
- GigabeatBmpView: better recognition of bitmap files
- GigabeatBmpView: work only with RGB 24 bit files.
- You may want to change splash screen in "hd-graphic+crc.bin". Then use GigabeatBmpView.exe to vies and change bitmaps (F1 - help).
- You may be interested in changing f-hd-loader+crc.bin (loader and startup code). You can find couple of patches in directory /patches. If you want
BE EXTREMELY CAREFUL making you own patch! You can use provided IDA listing to find place to patch in firmware.
The GigabeatBmpView tool now can process encrypted files.
ote:
Please, use TAB key to switch between bitmaps in graphics file. In this way window sizes will be changed automatically with pixel precision.
WE DO NOT HAVE ANY PROCEDURE TO UNBRICK THE PLAYER.
I can confirm that couple patches from patches directory work and graphics safely be edited.
1. Use fwupDecrypt.exe to decrypt firmware files (hd-zboot-flprog-2440+CRC.bin, f-hd-loader+crc.bin,
hd-secure+crc.bin, hd-panic+crc.bin, hd-graphic+crc.bin) from directory \update (in archive \firmware_upgrade\update).
2. Do something manipulations with this binaries.
3. Reencode them using fwupDecrypt.exe with parameter -e.
4. Use package from /firmware_upgrade to update flash.
Mad Cow:
Wow, good work! What's the possibility of bricking the gigabeat with bootloader hacking? Is there any lower form of bootloader that handles USB? Maybe you can release some of this, because I would find the shorter power button holding very, very useful.
markun:
nice work shoora!
We still want to flash our own bootloader some day, but I was waiting for more info about the LCD driver IC so we can write our own LCD init code and actually know what we are doing (instead of just taking it from the OF)
Could you visit us in #rockbox to talk about it some more?
kkurbjun:
shoora,
I am really interested in this information. How are you doing your patches? Are you dumping the flash and running objdump or something similar? Currently I am really interested in getting a dump/disassembly of the flash - I just started looking at it tonight and Llorean pointed me to your post. I am interested in working toward a fully replaced bootloader, or at the least patching some of the checks in startup (I think the OF bootloader is interfering with the alarm wakeup, but I am not sure without a dump/disassembly).
shoora:
--- Quote from: Mad Cow on April 12, 2007, 12:09:59 AM ---Wow, good work! What's the possibility of bricking the gigabeat with bootloader hacking? Is there any lower form of bootloader that handles USB? Maybe you can release some of this, because I would find the shorter power button holding very, very useful.
--- End quote ---
I am pretty sure we can brick the device flashing buggy firmware.
I am not familiar with common practice of recovery from bad flash. But considering number of protection you have to pass before binary will be flashed, we are in danger zone.
I need some time to reorder my stuff for your convenience, and put at least some notes behalf my findings.
Navigation
[0] Message Index
[#] Next page
Go to full version