tof schrieb: > mat h a écrit : > >> well put. >> >> Personaly here are my ideas on the matter: >> - I proposed a JTAG finder circut earlier I dont hhave the technical >> knowlege to build this. Would it work? >> - Flash reader for the ipod? >> - If the firmware updates the flash surely there must be a way to >> find the messages going in and out. (Im working on this.) >> >> > For a jtag : we first need some basic info on what the device has for > instruction code, if we can find. instruction code length is absolutely > needed. > Reading out the firmware ROM on the nano 2 could be a good option (if > ever connected), because probably more available infos. But hooking to > the SOC is also possible, but probably much harder without info. > Let's hope the bootloader resides in an external FlashROM, everything else will make it almost impossible to get it out of the nano, I bet they used some kind of code protection if it's inside the ARM. > then we need to find the jtag test points (if not removed) > a method i just saw for this is to examine the pcb after a somewhat > brutal unsoldering : > http://www.blackhat.com/presentations/bh-europe-04/bh-eu-04-dehaas/bh-eu-04-dehaas.pdf > > slide 17 > this supposes that the pinout of the SOC is known, including jtag > connection. If not, we can try to guess, eg 5 testpoints in a raw, but > this is unlikely > As far as I read and remember, they know what kind of ARM it is, so the pinout should also be known. But that desoldering is really quite brutal ;) > then we need to hook a jtag interface. Quite standard and compatible > with most tools is the xilinx paralell cable IV : > http://www.xilinx.com/support/programr/jtag_cable.pdf (attention to note > 2 !!). I have some readily available. > > finally we have to hope there is no fuse or similar system that blocks > acess to the readout. > also seen on some systems : removing testpoints, or grounding testpoints > under the IC. > If the loader is in an external chip (and what should that flash chip else be good for?), they may not have done this, as the ARM needs to be able to read it out. I think the hardest part will be getting that flash chip off the board without breaking it.
Concerning a forum/wiki: What about a password protected wiki? I also think that this may help in organizing and collecting information. Always searching through the mailing list archive is quite time consuming. A forum could help seperate different discussion topics, but as we usually don't have dozens of discussions in parallel, so currently I don't see any need for it either. If one would use one, it should have a possibility to send out "daily digest" mails, or the following will definitely happen: > and what i see is that this list is sleeping since almost 10 months now. > and from my experience, a sleeping forum loses 90% of its population, > while a ML not ;) Concerning that: > Reverse engineering projects require to keep up some confidential zones > (nothing 'top secret' but area where you have to register). I'm afraid > that a Wiki won't make it. Is the mailing list archive currently protected in any way? I can't remember having seen any protection. And currently, really everything is discussed on the ML. My opinion: As long as mailing list traffic doesn't increase heavily, the ML should stay our main discussion platform. A (maybe protected) wiki in parallel would make sense to keep information organized. _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
