--- Log opened Mon Aug 16 00:58:24 2010 00:58 -!- fmibot [~fmibot@static.225.178.40.188.clients.your-server.de] has joined #freemyipod 00:58 < liar> TheSeven: yes, but its pretty much useless because the lcd is broken(iirc just partly) 00:59 < liar> i need to take a look at it tomorrow 01:00 < liar> if someone had a working nano3g for me, i would open my second nano2g :-P 01:00 -!- n00b81 [~taylor@c-24-91-82-205.hsd1.ma.comcast.net] has joined #freemyipod 01:00 < liar> i could also send it to you :-) 01:00 -!- n00b81 [~taylor@c-24-91-82-205.hsd1.ma.comcast.net] has quit [Changing host] 01:00 -!- n00b81 [~taylor@unaffiliated/n00b81] has joined #freemyipod 02:43 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 252 seconds] 02:47 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 03:29 -!- n00b81 [~taylor@unaffiliated/n00b81] has quit [Quit: Cyaz] 05:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection] 05:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod 06:36 -!- cmwslw [~cmwslw@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Quit: Ex-Chat] 08:33 -!- n1s [~n1s@rockbox/developer/n1s] has joined #freemyipod 08:38 -!- perror [~fleury@aldebaran.labri.fr] has joined #freemyipod 08:52 < TheSeven> liar: i'd just need to check a new recovery stub 08:52 < TheSeven> the lcd being broken shouldn't hurt too much 09:34 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has joined #freemyipod 10:05 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has quit [Remote host closed the connection] 10:18 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has joined #freemyipod 10:20 -!- watto [~watto@193.203.81.165] has joined #freemyipod 10:22 -!- watto [~watto@193.203.81.165] has left #freemyipod 10:23 -!- watto [~watto@193.203.81.165] has joined #freemyipod 11:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection] 11:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod 12:55 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has quit [Quit: ChatZilla 0.9.86 [Firefox 3.6.8/20100722155716]] 13:28 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod 14:24 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has joined #freemyipod 14:31 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has quit [Remote host closed the connection] 14:34 -!- angelwolf71885 [chatzilla@cpe-173-168-248-236.tampabay.res.rr.com] has joined #freemyipod 14:38 < user890104> does anyone know the uncap offset for nano 4g's firmware (no matter which f/w version) ? 15:20 < angelwolf71885> no but dose the EU give you a sepriate FW file then everyone else? 15:48 < TheSeven> no, they store it in the syscfg somewhere 15:54 -!- timccccc [~lisa@rab34-4-82-240-134-112.fbx.proxad.net] has quit [Quit: Leaving.] 15:54 -!- timccccc1 [~lisa@rab34-4-82-240-134-112.fbx.proxad.net] has joined #freemyipod 15:54 -!- timccccc1 [~lisa@rab34-4-82-240-134-112.fbx.proxad.net] has quit [Client Quit] 15:54 -!- timccccc [~lisa@rab34-4-82-240-134-112.fbx.proxad.net] has joined #freemyipod 16:15 < angelwolf71885> that just gives me a headache then because isnt the system partashion formated during a restore? 16:16 < angelwolf71885> i mean wouldent apple need a DB of SN's for the EU? 16:16 < TheSeven> i don't know if it's encoded in the SN (they could have just assigned some SN range to the EU) or of it's a dedicated flag 16:17 < TheSeven> and the firmware partition has *nothing* to do with SYSCFG 16:17 < TheSeven> the SYSCFG isn't even touched during a bootloader upgrade, let alone firmware updates or restores 16:18 < TheSeven> it's where the model number, serial number, board revision, fwid and similar things are stored 16:34 < angelwolf71885> oh ok lol..i though it was stored on the system partashion >.> that now makes me think its in the bios 16:36 < angelwolf71885> wouldent the memory show a change each time you change the volume? 16:36 < angelwolf71885> couldent you use embios to display the memory changes? 16:37 < angelwolf71885> the higher the volume the larger the memory range right? 16:49 < user890104> as i know, embios gets shut down when you execute some other firmware 16:52 < n1s> angelwolf71885: you'd need some kind of background debugger for that 16:54 < angelwolf71885> well int it possable to add in vol control int embios im trying to think outside of the box and do things the simple easy way boom done lol 17:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection] 17:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod 17:23 < TheSeven> benedikt93: want to start porting embios to the 3g? :P 17:25 < benedikt93> TheSeven, I don't think there's that much to port right now, except serpiliere discovered new stuff 17:25 < TheSeven> nope, but it will be good base for further work 17:26 < benedikt93> does only that target/ipodnanoX need to be changed? 17:26 < TheSeven> yep 17:26 < TheSeven> and TARGETS, of course ;) 17:26 < TheSeven> and probably SOURCES 17:29 -!- cmwslw [~cmwslw@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod 17:32 < user890104> i've just read on the mailing list that someone is also willing to help with the nano 3g port 17:40 < cmwslw> yep 17:41 < cmwslw> I think i've heard of him from ipodlinux and this disassembler project, but i might be wrong 17:42 < benedikt93> TheSeven, I could at least explain dumping norflash to him (using my tools, I don't know how serpilliere's exactly work) 17:43 < TheSeven> cmwslw: funman from rockbox/videolan 17:43 < angelwolf71885> someone wants to start work on the nano 3g 17:43 < TheSeven> did you manage to dump and decrypt the flash contents`? 17:43 < angelwolf71885> they sent a message via the email list 17:44 < TheSeven> angelwolf71885: we aren't blind 17:44 < benedikt93> only dump at the moment 17:44 < angelwolf71885> lol.. thats fine.. just didt know if you saw them yet 17:46 < TheSeven> [19:32] i've just read on the mailing list that someone is also willing to help with the nano 3g port 17:46 < TheSeven> like 5 lines above your message... 17:46 < angelwolf71885> okes 17:50 < benedikt93> TheSeven, "Aug 10 23:13:14 * benedikt93 finally dumped the whole norflash of his iN3G" 17:50 < TheSeven> yep, i just didn't know the details 17:51 < TheSeven> the next problem is that they're using an unknown efi module compression algorithm 17:51 < TheSeven> so we'll probably need to disassemble PEICORE to figure it out 17:51 < angelwolf71885> the NOR thats the seciond stadge BL correct? 17:51 < benedikt93> the second stage BL is located in nor 17:52 < benedikt93> along with some other stuff 17:52 < angelwolf71885> ah ok .. 17:52 < TheSeven> well, with that bootloader, we could call it a dozen stages 17:52 < benedikt93> TheSeven, compression for what? nor or fw? 17:52 < user890104> http://pastie.org/1095950.txt after doing this, the OF booted in ~15 secs, then the ipod rebooted, it this the expected behaviour? 17:52 < TheSeven> bootrom => seccore => peicore => dxecore => dozens of modules => firmware 17:52 < TheSeven> benedikt93: the code inside the decrypted norboot image 17:53 < angelwolf71885> every time i hear of the BL stadges for some resion i picture them seprate chips until flash.. i know its NOT like that 17:53 * TheSeven is getting annoyed 17:54 < TheSeven> user890104: no idea. this is a completely unexplored area 17:56 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Quit: Bye ;)] 18:10 -!- funman [~fun@rockbox/developer/funman] has joined #freemyipod 18:10 < funman> hi 18:10 < angelwolf71885> hi there funman 18:14 * TheSeven wonders how funman found that brand-new mailing list 18:16 < funman> linux4nano -> freemyipod -> contact, and yes i'm proud of the first (non-testing) post ;) 18:17 < TheSeven> if the ratio of new developers/reverse engineers to mailing list posts stays like this, i would be very happy :) 18:19 < funman> how do I enter DFU mode ? 18:19 < TheSeven> hold menu+select until it resets the second time (exactly 10 seconds) 18:20 < TheSeven> then run tools/ipoddfu.py x1223.ibugger 18:21 < funman> i have r145 of svn.freemyipod.org and no ipoddfu.py there 18:21 < TheSeven> it's in snapshot-201003100612-public.7z 18:22 < TheSeven> Farthen: once libembios is done, go ahead and port this thing to the new libusb, and commit it to /tools/ipoddfu in our svn 18:29 < funman> works fine 18:30 < TheSeven> now you can dump your rom: ibugger.py download 20000000 c800 bootrom_dumped.bin 18:34 < funman> how do you know the size? 18:34 < funman> it's 0xc574 bytes btw 18:35 < funman> end is 0-padded 18:36 < TheSeven> yep 18:36 < TheSeven> is it identical to nano3g-bootrom.bin? 18:36 < funman> yep 18:36 -!- perror [~fleury@aldebaran.labri.fr] has quit [Quit: Bye all !] 18:37 < funman> code is executing from 0x20000000 18:40 < user890104> how do i dump my nano 4g's bootrom? 18:48 < funman> are you sure about the CPU being arm926ej-s? i found some strange code at 0x20000440 18:50 < funman> mcr p15, 0, r0 (= #0), c7, c10, 2 => clean dcache single entry (set/way) only cleans the first dcache entry, not the full cache 18:52 < funman> seems to be some buggy leftover. how can we report bugs to apple? O:-) 18:59 < funman> i think the end of bootrom is written at 0x200004DC 19:01 < TheSeven> regarding bugs: i already considered complaining about the apple firmware having a bug that causes it to not recognize a superfloppy-partitioned flash 19:01 < TheSeven> apparently the guy who wrote their partition table reading code mixed up decimal and hex at some point 19:02 < TheSeven> but i guess it isn't officially supported, as those devices usually can't boot without having a firmware partition :P 19:05 < funman> btw i found a 'S5L8900 Secure Boot' just next to a 'S5L8702 Secure Boot' 19:19 -!- watto [~watto@193.203.81.165] has left #freemyipod 19:28 < funman> ibugger is in SRAM1 but it's altered 19:28 < TheSeven> altered in terms of what? 19:29 < funman> different from x1223.ibugger 19:29 < TheSeven> within the code, or just some of the garbage it's embedded in? 19:29 < funman> http://pastie.org/1096173 19:30 < funman> no idea 19:31 < fmibot> New commit by 3farthen (r146): Add ipoddfu and port it to the new libusb 19:31 < fmibot> r146 build result: All green! 19:31 < funman> NOR (0x24000000) is filled with 0, i guess it needs to be initialized first 19:31 < TheSeven> as far as i can tell, ibugger is at offsets 0x6000 through 0x66af in that file 19:32 < TheSeven> the nor is connected via spi on that thing 19:32 < TheSeven> no parallel interface any more 19:32 < funman> you know the ports? 19:33 < TheSeven> nope, but serpilliere and benedikt93 apparently do 19:33 < TheSeven> btw, the differences you spotted in the ibugger image are apparently its usb transfer buffers 19:34 < funman> ok 19:34 < funman> since the screen is off in DFU and the rom is quite small for logos, i guess LCD code is in NOR 19:35 < TheSeven> yep 19:35 < TheSeven> http://pastie.org/1096181 -- that's apparently what serpilliere used 19:50 < funman> i'm a bit reluctant to patch the OF ;) 20:11 < cmwslw> user890104: use ibugger to dump starting at 0x20000000 20:16 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod 20:18 < benedikt93> hi 20:19 < benedikt93> funman, interested in getting my IDA db? 20:21 < funman> benedikt93: sure 20:22 < funman> have you dumped the NOR yet? 20:22 < benedikt93> ah, no, I forgot, we shouldn't share that stuff 20:22 < funman> it's quite small anyway 20:27 -!- funman [~fun@rockbox/developer/funman] has quit [Quit: free(random());] 20:53 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Quit: Bye ;)] 23:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection] 23:00 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod 23:00 < powell14ski_> Any place I can find binaries for VLC compiled for the ARM platform? 23:00 < powell14ski_> Sorry wrong channel. 23:35 -!- Dreamxtreme [Dreamxtrem@92.30.61.79] has quit [Quit: Don't follow me] 23:56 -!- n1s [~n1s@rockbox/developer/n1s] has quit [Quit: Lämnar] --- Log closed Tue Aug 17 00:32:34 2010