Re: [zd1211-devs] ZD1211 open firmware project
Remco wrote: > Have you thought about trying some well known instruction sets like Intel > 8052 / Atmel AVR ? Even the chip makers that have their own instruction sets > seem to make 8052 based chips as well. I think the Intel 8052 instruction set > would be your best bet, since 8052 based micro controllers just seem the most > widely used. We're fairly sure that it is a custom CPU for zydas. They haven't confirmed this, but have indicated so. If you'd like to compare the instruction set to other CPU's that would be much appreciated, you can see notes.txt for the bit patterns. And yes, I'm aware of the hint in the vendor driver about the jump. This is slightly confusing though, this *must* be a conditional jump otherwise the code flow would make no sense. I originally thought I had identified a 2nd jump instruction but I now realise that this is a movw. Thanks, Daniel - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Zd1211-devs mailing list - http://zd1211.ath.cx/ Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs
Re: [zd1211-devs] ZD1211 open firmware project
> .. Intel 8052 ..
I meant MCR 8051.
I suppose you're aware of the clue in the vendor driver, using that as a
starting point ?
u8 WS11Ur2[(0xEE00 - 0xEC00) * 2] = { 0x0F, 0x9F, 0x00, 0xEE }; // JMP 0xEE00
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
Zd1211-devs mailing list - http://zd1211.ath.cx/
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs
Re: [zd1211-devs] ZD1211 open firmware project
> Hi, > > With help from Johannes Berg, I've been working on reverse engineering > the firmware to try and understand the instruction format. Assuming we > can figure out all of the instructions, the end result is that we'll be > able to produce an open source firmware. > > So far I've built up a partial understanding of 4 instructions. I have > produced a home-grown disassembler and a lex+yacc-based assembler. In > the disassembled format, unrecognised code (i.e. instructions outside of > the 4 I understand) is stored as blobs of data for now. > Have you thought about trying some well known instruction sets like Intel 8052 / Atmel AVR ? Even the chip makers that have their own instruction sets seem to make 8052 based chips as well. I think the Intel 8052 instruction set would be your best bet, since 8052 based micro controllers just seem the most widely used. Or did someone at Zydas actually tell you that their chips use some custom micro controller ? - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Zd1211-devs mailing list - http://zd1211.ath.cx/ Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs
[zd1211-devs] ZD1211 open firmware project
Hi, With help from Johannes Berg, I've been working on reverse engineering the firmware to try and understand the instruction format. Assuming we can figure out all of the instructions, the end result is that we'll be able to produce an open source firmware. So far I've built up a partial understanding of 4 instructions. I have produced a home-grown disassembler and a lex+yacc-based assembler. In the disassembled format, unrecognised code (i.e. instructions outside of the 4 I understand) is stored as blobs of data for now. Right now this is only for developers interested in figuring out the instruction format. The utilities are hacked together and probably easy to crash, patches accepted! Also I would appreciate it if someone could convert it from byacc to bison. My knowledge of the instruction format is documented in notes.txt The disassembler and assembler can complete a round-trip on the vendor firmware, meaning that experimentation to discover instruction meaning should be relatively easy (as jump offsets can be changed, but remember not to increase total firmware length). http://dsd.object4.net/git/zdofw.git/ http://dsd.object4.net/git/?p=zdofw.git;a=summary Daniel - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ Zd1211-devs mailing list - http://zd1211.ath.cx/ Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs
