[E3-hacking] 2. Re: W00t; it runs. (Matt Evans)

Otaku e3-hacking@earth.li
Sun, 24 Apr 2005 11:56:54 +0100 

>Message: 2
>From: Matt Evans <matt@axio.ms>
>Subject: Re: [E3-hacking] W00t; it runs.
>Date: Sat, 23 Apr 2005 13:24:49 +0100
>To: e3-hacking@earth.li
>Reply-To: e3-hacking@earth.li
>
>Dear Jonathan,
>
>Well done for your code download via the modem!  Sounds interesting.  
>Have you documented your procedure anywhere?  Protocol/format of the 
>data is probably* pretty similar to that over EXP, maybe?  :)  I don't 
>have the means here to talk modem-modem to the device.
>
>I was interested to read in your GPL-vio email that the PBL/kernel 
>images were obtained by de-soldering the flash chips on an E3.  I'm 
>keen to have a look at the E3's version of PBL (and thanks for sharing 
>the symbols you'd deduced so far), but I'd prefer a non-invasive way of 
>getting it out.  (So, JTAG or some EXP hacks - chicken and egg scenario 
>w.r.t. reverse-engineering PBL's (v4) protocol though ;)  What is the 
>state of the E3 whose flash chips were removed?  Were they read and 
>then soldered back in place, or was it a sacrificial broken 
>  
>
The flashes were desoldered, then the tsop48 was dumped.. I couldn't get 
my hands on an adapter for the vsop :(
They were both resoldered ( I changed the boot param block on the flash 
and fixed the crc ) and was rewarded with a working console.
 From this I was able tar the filesystem (just to make sure - I'd 
already reconstructed it from the flash dump), and dump the pbl.. ( 
Thanks to Noodles for pointing out the mmap neccessity :D ).

I sacrificed a different one so I could trace the jtag traces though.. 
:) They do go somewhere : theres a resistor block that needs fitted on 
the top of the board, iirc..
I've just acquired a TI debug pod for the omap, so I'll doubtless be 
continuing along this route, once I've completed disassembly of the pbl.
Cheers
    Jake

>(before/after) E3?  IFF it was the latter I wonder if it might be 
>possible to remove the OMAP5910 and beep out the JTAG pins to see if 
>they go anywhere and if so, where?
>
>Best regards,
>
>
>Matt
>  
>