Sony added extensions to the frambuffer interface. It is important to take them
into account since the OF uses them and might leave the framebuffer in an
unusual state which would make the dualboot not display anything. Also rework
the dualboot code so that it can boot rockbox (not doing anything at the moment),
display all tools or boot the OF.
Change-Id: Ia0f589c9ec8558f375270841503c0964aff07f0b
At the moment, the script install_duaboot does the following:
- rename SpiderApp to SpiderApp.of (unless it already exists)
- install payload as SpiderApp
- fixes permissions
Since SpiderApp is the main app, it will execute instead of the OF.
The current dualboot code (dualboot.c) is still a preliminary but the current
version displays an "all tools" menu to choose for. When exitting the menu
using BACK, it will run the OF.
With the modifications made by the install script, it should not be possible
to break the device. In the worst case scenario, the dualboot code crashes
and it restarted by the sysmgrd, or hangs. A safe way to recover is to plug
the USB cable and reset the device: the system manager will then start the
USB app and one can reflash the device if necessary.
Change-Id: Id9edab0347538ad2a8651a28aea7fd083feaa626
Unify series names: e46x -> e460 to be consistent with Sony' name. Add keys
for various players that were cracked using upgtools. The real KAS would need
to be extracted from a target but at least we can open/create firmware upgrades.
Change-Id: Id23a10e10170d7f6330c6699bf205c4df5ddebfe
This new tool (all_tools) embeds all the other tools and provides a menu to
choose which one to run.
Change-Id: I0e07864dd46559a7079b0f942c25155e6fa07112
Since the nwz_lib does not have any nvp code yet, it's quite of ugly hack
with hardcoded nvp node (11) for shipment information (shp). Thus I whitelisted
two series (NWZ-E460 and NWZ-A860) which I know for sure use this node ID.
Change-Id: I94c9b0db1f9d7ad764d2aa50576a911e710f25e1
This list can map from model id to device name. It was automatically extracted
from Sony's tools. In the future, we will probably generate it from a clean
database containing more useful information.
Change-Id: Ibe580edf25b60bf0bf4aef4a06f40dddd19c5404
This is useful because there is no easy way to get it except from Sony's tool,
unless one knows the npv node, but that requires to know the model already...
Change-Id: I202f7cdb2f7cf924cc5bdb53c17e34600d4bf153
The new search has two new features:
- it takes advantage of the fact that DES keys are only 56-bit long (and not 64)
- it is now multithreaded
As a proof of concept, I ran it on the A10 series firmware upgrade and was able
to find the key in a few seconds using 4 threads. The search is still limited
to ascii hex passwords (seems to work on all devices I have tried thus far).
Change-Id: Ied080286d2bbdc493a6ceaecaaadba802b429666
This is code is intended to development into a library of code for the NWZ that
will be useful to write the "bootloader" on those device. At the same time, it
comes with test programs that are easy to run in firmware upgrade mode and also
provide a great test bench for the library. At the moment, two test programs are
available:
- test_display: simply prints two messages using /usr/bin/lcdmsg
- test_keys: displays input key event
Change-Id: I9d214894ffc9127b528fcdd3eb5d6b61f4e657a7
The exec_file allows to embed a script/executable and run it on target. It takes
of unpacking, remounting contents rw and redirect output to exec.txt at the root
of the drive. More generally, rework how the makefile works.
Change-Id: Iec719227be96e80701ad8f5398d2d34389f4da9e
There was a lot of copy and paste, and the code was just crap. This commit tries
to clarify the code and also document the encryption procedure. Hopefully I didn't
break anything.
Change-Id: I257793010e7cf94f2b090b30bb8608359d3886e3
This new header generator works differently from the previous one:
- it uses the new format
- the generated macro follow a different style (see below)
- the generated macro are highly documented!
- it supports SCT-style platform or RMW-style ones
Compared to the old style, the new one generate a big set of macros per
register/field/enum (loosely related to iohw.h from Embedded C spec). The user
then calls generic (names are customizable) macros to perform operations:
reg_read(REG_A)
reg_read(REG_B(3))
reg_read_field(REG_A, FIELD_X)
reg_read_field(REG_B(3), COOL_FIELD)
reg_write(REG_A, 0x42)
reg_write_field(REG_A, FIELD_X(1), FIELD_Y(3), IRQ_V(FIQ))
reg_write_fielc(REG_B(3), COOL_FIELD_V(I_AM_COOL), BLA(42))
the following use RMW or SET/CLR variants, depending on target:
reg_set_field(REG_A, FLAG_U, FLAG_V)
reg_clr_field(REG_A, FIELD_X, FIELD_Y, IRQ)
reg_clr_field(REG_B(3), COOL_FIELD, BLA)
the following does clear followed by set, on SET/CLR targets:
reg_cs(REG_A, 0xff, 0x42)
reg_cs(REG_B(3), 0xaa, 0x55)
reg_cs_field(REG_A, FIELD_X(1), FIELD_Y(3), IRQ_V(FIQ))
reg_cs_field(REG_B(3), COOL_FIELD_V(I_AM_COOL))
The generator code is pretty long but has lots of documentation and lots of
macro names can be customized.
Change-Id: I5d6c5ec2406e58b5da11a5240c3a409a5bb5239a
Although the jz4740 contains a similar tool to usbboot, its command-line
interface is not very useful, also it does not compile by default because it
relies on some external code, and it contains code specific to some JZ4740
devices.
Change-Id: I22688238d147e21fb0fd524466b333b6003d4ff1
This commit adds support for the version of the hwstub library, which requires
a lot of changes. It also adds some editing features, such as register access
and much better editing of fields using the mouse (double click on a field
to be able to resize and move it).
Change-Id: I3c4e4cc855cb44911c72bc8127bad841b68efe52
Registers (and variants) can now specify the type of access supported:
- unspecified: for variant means same as register, for register defaults R/W
- read/write
- read only
- write only
Backward compatibility is preserved by setting access to unspecified by default.
Change-Id: I3e84ae18f962a45db62f996a542d08405d05b895
Also use this opportunity to cleanup support for multiple devices: the shell
now supports dynamic changes in the device and will call init() everytime
a new device is selected, to prepare a new environment. The shell now
honors register width on register read/write. The shell also provides access
to variants as follows by creating a subtable under the register using the
variant type in UPPER case and having the same layout as a register.
For example if register HW.GPIO.DIR has variants "set" and "clr", those can
be used like this:
HW.GPIO.DIR.SET.write(0xff)
HW.GPIO.DIR.CLR.write(0xff00)
Change-Id: I943947fa98bce875de0cba4338e8b7196a4c1165
Rewrite the hwstub library in C++, with a clean and modular design.
The library was designed from the ground up to be aware of multithreading
issues and to handle memory allocation nicely with shared pointers.
Compared to the original library, it brings the following major features:
- support for JZ boot devices, it is very easy to add support for others
- support for network transparent operations (through sockets): both tcp
and unix domains are support
Change-Id: I75899cb9c7aa938c17ede2bb3f468e7a55d625b4
After being caught by several bugs of the type "let's forgot to initialize
a field to default value", I'm finally fixing this.
Change-Id: I01c33e0611d4f697f767db66465e4fb30858cdab
The parser would simply ignore unknown elements or attributes, which is bad
on many levels. Now any unknown tag will trigger a fatal error.
Change-Id: I32eead8e96c1567241cf2a565d9e20e62877c14d
This big commit port qeditor from v1 to v2 register file format. Although
the display code was much simplified, the edit code had to be rewritten.
The new code also brings many improvement to the register display widget.
The new code also compiles with both Qt4 and Qt5, although it is recommended
to use Qt5 to get some improvements, especially in the layout of editor.
Change-Id: I24633ac37a144f25d9e705b565654269ec9cfbd3
A v2 register description file can now include register variants and instances
addresses can now be a list (previously it could only be a stride or a formula).
Update the library to deal with that. The convert option of swiss_knife was
updated and one incompatible change was introduce: if a v1 device has several
addresses, those are converted to a single v2 instance with list (instead of
several single instances). This should have been the behaviour from the start.
Swiss_knife can now also convert regdumps, in which case it needs to be given
both the dump and register description file. Also introduce two register
descriptions files (vsoc1000 and vsoc2000) which give more complicated examples
of v2 register description files.
Change-Id: Id9415b8363269ffaf9216abfc6dd1bd1adbfcf8d
With this you can upload and run code on DSP core in atj213x.
The files can be produced using as2181. You can download
this assembler from https://github.com/wodz/as2181
You should use extended mode (-x switch) since DSP core
in atj is non standard and uses 24bit operands.
PX register has different meaning as well and is used as MSB
when loading other registers with immediates (immediate field
is 16bit in instruction so to set register to 24bit value
you need to store MSB in PX prior to this).
MAC MR is 56bit accordingly.
HIP interface seems to be mapped at standard addresses
(except that regular 218x doesn't have HIP).
Have a fun!
Change-Id: I9a80ca0dd3718ba8435ae8579bfffa66e067e022
