A older commit removed this ability but it tends to be a problem since the HID
driver can prevent probing of transfer size which then needs to be entered
by hand on the command line.
Change-Id: Ie5a556ffdcc2adec0e1c984810983e19136b6473
This script is handy hacking tool to patch RKW file with
arbitrary binary and put jump into implanted code.
It also shows how to use hwstub crc routine.
Change-Id: I89b5086dc1ddaca3dbc03df26a85472d8a20d51e
This tool is a scriptable (lua) tool to patch binaries, it supports:
- raw binary
- ELF
- SB(v1/v2)
It also contains some basic routines to parse and generate useful arm/thumb code
like jump or register load/store. This is very useful to take a firmware and
patch an interrupt vector or some code to jump to an extra payload added to
the binary. Examples are provided for several STMP based target which the payload
is expected to be hwstub, and also for the Sansa View. A typical patcher usually
requires three elements:
- the lua patcher itself
- the payload (hwstub for example)
- (optional) a small stub either to jump properly to the payload or determine
under which circumstance to do the jump (hold a key for example)
Change-Id: I6d36020a3bc9e636615ac8221b7591ade5f251e3
Qeditor has been improved in many ways:
- it can now dump all registers, just like the lua DUMPER.dump_all() command
- several crash were fixed
- when connected to a hwstub command, one can correctly edit individual fields
- the code was simplified in several places
Change-Id: I092b99ce3a12ff6417552de61d62c65f706bcff0
The graphical editor can now display and editor description files.
The library has been improved to provide more useful function.
The XML format has been slightly changed: only one soc is allowed per file
(this is was already de facto the case since <soc> was the root tag).
Also introduce a DTD to validate the files.
Change-Id: If70ba35b6dc0242bdb87411cf4baee9597798aac
- drop support for PP500x: it's very different from other PP and although
it would be possible to support them, I don't have one to test the code
- make sure only the CPU is started
- add PP descriptor to report chip ID and revision
- add code in shell and lua to support pp (no register description yet)
- compile for ARMv4 because PP502x is an ARM7TDMI
Change-Id: I36c4e465dfc2cfdfe7433b2f65cc8f6f0720fe62
It is very similar to how e200tool from MrH works but uses the framework
of hwstub which is makes it completely trivial since we already have the
USB driver written.
Change-Id: I61cdc245d3f828c2682bcd6ecfed5a1cc0094139
This is actually the trivial part of e200tool from MrH: it simply writes the
code on the bulk endpoint. Code was mostly copied from imxtools/sbloader.
Change-Id: I6c208840d23553aaf3bd8b9374e6b0337e54f3b0
On some OSes like Windows or if running in a virtual machine, the one second
timeout might be too short.
Change-Id: I717f7a2aaed1cb3d40e8fbe6f9b1081b43ceea95
The UI now has a "read-only" check box to prevent accidently changes: once
unchecked, the UI can do write to register (only full register writes are
supported for now). If the register supports it, the UI provides SCT writes
as well. The display register panel was moved to its own class to cleanup
things a bit.
Change-Id: I0fc6aab3b351f9080076102ee6fad0037ab5353b
The code was a mess with respect to soc handling: some code just plain copied
the SoC descriptor which are big objects, some was using indexes. The new soc
factor out everything in a few classes which hide these ugly details so that
descriptors are never copied.
Change-Id: I17af8b47f997a528b58221621389d42d24fded93
A SoC descriptor is not a small object: it can be as large as ~100KiB so
it's better to avoid copying things over.
Change-Id: I1ef862e1260299cdaa0c4d2822ac45968713498a
This commit add the very handy feature of being able to read registers
directly from a device using hwstub. This is mostly trivial using the hwstub
library and the biggest change here is actually:
- being able to read registers by name and/or addresses
- being able to enumerate devives
The UI code currently doesn't handle hotplug but the backend does so it should
be trivial to add in the future. It also opens up the possibility the write
registers from hwstub or save the register values to a file.
Since it relies on both hwstub and libusb, a switch has been introduced in
qmake to disable it (use -config nohwstub).
Change-Id: I5d7d7a2a7c97ecd7407227357c8553c2773ea6cc
In might be useful to load hwstub in an environment with the MMU active,
in which case care must be taken on the order in which things are done.
Mostly, one should not disable the MMU before moving stuff around. The code
assumes the linking address (0 currently) is identity mapped.
Change-Id: I8d54ce9e8cadcde2e08990353ca7a46803731ca7
The protocol has evolved a lot during the 2.x.y lifetime, bringing more
features which later got unused. This commit removes all the unused stuff
and simplifies everything:
- drop the feature mask: everything is mandatory or stalled on error
- remove the info request and put all static information in standard USB
descriptors which are part of the configuration descriptor (and can be
retrieved using the standard GetDescriptor request).
- remove the USB interface, we had only one anyway
- remove all endpoint descriptors
- remove the exit/atexit stuff, it never worked as intended anyway
- update the hwstub library and make it able to handle any device
- update the tools (mostly renaming and removing of code)
Change-Id: I1872bba7f4177fc3891180e8f944aab88f5bde31
This test software setups timer T0 periodic interrupt.
In ISR it changes backlight level. The interrupt handler
does not support nesting and the whole ISR is run in interrupt
context. Exceptions are not handled yet.
Change-Id: Idc5d622991c7257b4577448d8be08ddd1c24c745
This is the basic port to the new target Samsung
YP-R1, which runs on a similar platform as YP-R0.
Port is usable, although there are still
some optimizations that have to be done.
Change-Id: If83a8e386369e413581753780c159026d9e41f04
The getty service mointors /dev/ttyGS0 (also created by the patched firmware).
When the g_serial.ko module is loaded this automatically enables shell access
via usb. It exposes a cdc-acm device to the host which is compatible to linux
(usb_serial.ko) and windows.
The g_serial.ko is not included module can be build from the YP-R0 open source
package provided by samsung. It can be loaded via rc.user on the internal memory.
Change-Id: I4903a635fd2e2f0ce6f5e91589a31d72bba2776b
This simple program shows how to setup timer for periodic
operation. Interrupts are not used yet and simply pending
irq bit is polled and cleared when set. This program
supports my understanding of disassm of ADEC_N63.BIN that
P_CLK is configured for 7.5MHz and timer clock source is P_CLK
directly.
Change-Id: Idd6461bf847c763b78b8c324012ec2515f65dd41
This test program. I add it mainly to document somehow my work:
1) atj213x.h lists registers addresses
2) crt0.S exploits self relocation of the binary
3) test_bl.c documents how to control backlight on e150
Change-Id: I055e0fe065d926a5c3805b73cea3f537cb64bf52
Some targets like Sony NWZ use a watchdog, so we must disable it to prevent
spurious reboot when we take over
Change-Id: I138a8d7f9a1b089acb2d08d7f6c4a58e8b088b3a
Conditional no longer needed since ctr0.S is private to target, also setup
stack just before jumping to C code only
Change-Id: I74116239be9e87bbe53e8fa814c45f04f242f1c1
The old code would set CPU to 64MHz and HCLK to 9MHz but that's too low for
many things like usb and gpmi. So change HCLK to ~32MHZ.
Change-Id: I6459f25900e42603333cebccb7b0ed26c59640ad
Some older versions of the ROM (TA3 for example), use a 64 byte report size
instead of 1024, so hardcoding 1024 is just a bad idea.
Change-Id: I720c4465cfe2f519bffa307175614bba58766dce