Re: MPeye HTS-150
Tim Schmidt wrote: Updated the Wiki page again (http://narrow-band.net/wiki/index.php/Rockbox_on_the_MPeye_/_Touchstone_Technology_HTS-150_MP3_Player) with some findings... It looks like the firmware upgrade file isn't encrypted (as far as I can tell -- not that far really). Anyone care to take a look at it? The strings dump you show indeed looks like it isn't encrypted... Do you have a link to the firmware file? Or can you upload it somewhere? Tomas
Re: MPeye HTS-150
The strings dump you show indeed looks like it isn't encrypted... Do you have a link to the firmware file? Or can you upload it somewhere? The latest firmware is available from MPeye at: http://mpeye.co.kr/file3/05_HTS_100.zip --tim
Re: MPeye HTS-150
On Wed, 14 Dec 2005, Tim Schmidt wrote: The latest firmware is available from MPeye at: http://mpeye.co.kr/file3/05_HTS_100.zip That is truely revealing. I played a little with it and I would say that it is likely that the addresses spaces in use are at 0x1000 and 0x30c. Possibly one of them are the flash and the other the ram. (using 'm68k-elf-objdump -mm68k -D -b binary HTS_100.frg' of course to dissassemble it) The most used subroutines (by grepping for 'jsr'): 199 0x30c45424 172 0x12cc 82 0x30c71370 81 0x30c557ac 63 0x1340 61 0x30c4fa10 61 0x30c4f7bc 60 0x30c70efc Perhaps the start of the .frg file can be what should be at address 0x1000 since at index 340 (the fifth most commonly called jsr) there seems to be a tiny function that moves data from d0 to the stack and then it calls 0x30c4f7bc. It looks like some kind of function dispatcher that could be actual code. I'm not sure this is actually usable for anything, but here it is! ;-) -- Daniel Stenberg -- http://www.rockbox.org/ -- http://daniel.haxx.se/
Re: MPeye HTS-150
That is truely revealing. I played a little with it and I would say that it is likely that the addresses spaces in use are at 0x1000 and 0x30c. Possibly one of them are the flash and the other the ram. (using 'm68k-elf-objdump -mm68k -D -b binary HTS_100.frg' of course to dissassemble it) The most used subroutines (by grepping for 'jsr'): 199 0x30c45424 172 0x12cc 82 0x30c71370 81 0x30c557ac 63 0x1340 61 0x30c4fa10 61 0x30c4f7bc 60 0x30c70efc Perhaps the start of the .frg file can be what should be at address 0x1000 since at index 340 (the fifth most commonly called jsr) there seems to be a tiny function that moves data from d0 to the stack and then it calls 0x30c4f7bc. It looks like some kind of function dispatcher that could be actual code. I'm not sure this is actually usable for anything, but here it is! ;-) Based on the descriptions of the player's function that I've found on-line, while playing, it supposedly spins up the disk, copies several megabytes of data to it's ram as a buffer, and then spins down the disk. In other words, the ram is there as a buffer and not much else. Assuming the software executes in place on the flash (without needing to be copied to ram) that would make 0x1000 likely the beginning of ram and 0x30c the beginning of flash. Of course, I could be all wrong. --tim
Re: MPeye HTS-150
On Wed, 14 Dec 2005, Tim Schmidt wrote: Based on the descriptions of the player's function that I've found on-line, while playing, it supposedly spins up the disk, copies several megabytes of data to it's ram as a buffer, and then spins down the disk. In other words, the ram is there as a buffer and not much else. Well, that's a description that fits most (all?) disk-based music players. The question is only how much of the ram that is used for buffer and what else there is in there. I would say that the addresses used in the firmware indicates that there's code in at least parts of the ram. I would assume that executing in ram is faster than from flash. Of course the CF5249 also has 96KB internal ram. -- Daniel Stenberg -- http://www.rockbox.org/ -- http://daniel.haxx.se/
Re: MPeye HTS-150
Intersting data strings? I was looking at the HTS-150 Wiki and there are some interesting things there There's that whole message about using FP not enabled in this library. Use libcfp.a message, which seems interesting, and then there is this: A sibal jola jjajungna jakku ssang soriman nane!!! Does anyone have any idea what this could mean? Google search reveals little, but one page in a foreign language lists the string along with something related to the HTS player. Any ideas on what this is? -- Steve signature.asc Description: This is a digitally signed message part
Re: MPeye HTS-150
On Wed, 14 Dec 2005, Steve Moskovchenko wrote: A sibal jola jjajungna jakku ssang soriman nane!!! Does anyone have any idea what this could mean? According to Jungti1234 (Korean user on IRC), the phrase is roughly translated into motherfucker shit pair voice sounds constantly!!! What also might be interesting is that he also said that The company became dishonor. and MPeye was ruined. Whatever that means... (logged in today's dec-14-2004 IRC logs) -- Daniel Stenberg -- http://www.rockbox.org/ -- http://daniel.haxx.se/
