I tried to investigate the THUMB code probability. What i could understood is that, first 40 or so instructions (i dont have an ARM emu, and i dont know how to use GBA emu's well) loads some registers, and makes branchs. I dont think they used a second protection to defend iPod, and our binary file should contain some machine instructions. Can it be valuable to use an emu to investigate thumb code?
Another interesting thing. Why they created two data segment (i mean that huge string of 0xFF between segment). And that reversed header at the end of file, like we have seen in firmware image. One more, where are the "Use iTunes to restore" text and other images. I think bootloader consists of two images. First one, the hardcore bootloader; Second one, system loader. Regards, Baha _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
