With help from Johannes Berg, I've been working on reverse engineering 
the firmware to try and understand the instruction format. Assuming we 
can figure out all of the instructions, the end result is that we'll be 
able to produce an open source firmware.

So far I've built up a partial understanding of 4 instructions. I have 
produced a home-grown disassembler and a lex+yacc-based assembler. In 
the disassembled format, unrecognised code (i.e. instructions outside of 
the 4 I understand) is stored as blobs of data for now.

Right now this is only for developers interested in figuring out the 
instruction format. The utilities are hacked together and probably easy 
to crash, patches accepted! Also I would appreciate it if someone could 
convert it from byacc to bison. My knowledge of the instruction format 
is documented in notes.txt

The disassembler and assembler can complete a round-trip on the vendor 
firmware, meaning that experimentation to discover instruction meaning 
should be relatively easy (as jump offsets can be changed, but remember 
not to increase total firmware length).



Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Zd1211-devs mailing list - http://zd1211.ath.cx/
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/zd1211-devs

Reply via email to