[E3-hacking] PBL & running arbitrary code

David Given e3-hacking@earth.li
Fri, 11 Mar 2005 00:53:44 +0000 

On Thu, 2005-03-10 at 22:28 +0000, Ralph Corderoy wrote:
[...]
> Where is the E2 GBP 20 now?  I think the E3's down to GBP 70 at Carphone
> Warehouse.  The E2's still worth playing with though, especially if you
> want to end up with more than one device.

Froogle reckons the cheapest is 27.99 from Ligo Electronics, but I've
seen them in my local ASDA and I'll need to compare the price. Now the
E3's out, they may be shifting the E2s cheap.

(I'm attracted to the E2 because they're reasonably capable devices and
they're so cheap that I can justify buying one on a whim. The E3 is a
lot nicer, but unfortunately, more expensive than I like to spend on a
toy.)

[...]
> Request 05 checks the destination addresses.  All the bytes overwritten
> must be in the range 0x40000..0x7fffff inclusive, 7936KiB.  I think the
> stack descends from 0x1ba00.

Meh. Not very useful. I take it the boot flash chip is mapped at 0 on
reset? Looking at the processor's datasheet, that would seem to be
logical.

[...]
> Although with JTAG it should be possible to put a little EXP-port
> downloader into RAM, run it, that pulls down a bootloader which in turn
> is happy to run the code in Smart Media card inserted in the side of the
> E2 which would avoid having to flash during development.

Unfortunately the E2 doesn't have a SMC card reader (as far as I know);
it has a Smart Card reader, but you don't get a lot of data onto one of
those. This limits your options; nice though it may be, I don't think
you're going to get a USB Mass Storage driver onto that boot ROM.

*However*, there are probably other ways to get data onto the thing. The
processor core has an SPI interface, and it's trivial to wire up an MMC
card to an SPI interface --- here's a circuit:

http://www.vegeneering.com/eZ80_CPM/mmc-to-ez80.png

I was also under the impression that the emailer had some sort of dock
for a handheld addressbook. This must use some simple interface,
probably I2C or SPI (or just wired up directly to the GPIO pins). It
might be possible to abuse that somehow.

Failing all else, you could download over the serial port.

Do you have a dump of the E2's PBL I could look at, by any chance?

-- 
+- David Given --McQ-+ "Under communism, man exploits man. Under
|  dg@cowlark.com    | capitalism, it's just the opposite." --- John
| (dg@tao-group.com) | Kenneth Galbrith
+- www.cowlark.com --+