Vadim wrote: > I will keep an eye on the fc-loadtool repository and look forward to > hear any news from you. > > It's not like I need to be able to unlock and overwrite those locked > sectors, I am just curious to learn how this kind of protection works. > But well, I would also love to see it being defeated on practice ;)
I got flash sector lock/unlock manipulation implemented for PL-J style of flash, which includes Spansion S71PL-J and Samsung K5L29xx which is an equivalent of PL129J. If you execute 'flash ppb-erase-all' on a K2x0 phone with Samsung flash, the result should be all sectors unlocked. It works on the phone I tested here, and the same functionality also works on S71PL064J flash on FC Tango modules. I don't have any Spansion PL129J to test on. This mechanism won't work on SE K2x0 with Spansion flash yet - that Spansion flash is PL129N (not J), it does PPB program and erase operations differently, and I still need to implement this version. Please note that this 'flash ppb-erase-all' command does not erase any flash content - instead it erases the special non-volatile memory unit that holds all PPBs (persistent protection bits) for the whole flash chip. There is only one such non-volatile memory unit for all PPBs, and it can only be erased in its entirety - hence there is no separation between flash banks for this one special operation. And furthermore, on PL-J style of flash this operation requires diving into the internal details of how NOR flash works, with quirks like having to program all bits before commanding erasure, and pulse- counting retries. I will need to write some documentation articles explaining all of this stuff. M~ _______________________________________________ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community