--- Log opened Sun Oct 24 00:18:11 2010
00:18 -!- fmibot [~fmibot@static.225.178.40.188.clients.your-server.de] has joined #freemyipod
00:18 < fmibot> New commit by theseven (r222): FAT driver: Fix creation of "." and ".." directory entries
00:18 < fmibot> r222 build result: All green!
00:18 < fmibot> New commit by theseven (r223): iPod Nano 2G FTL: Fix nandfsck memory corruption bug and remove some dead code
00:19 < fmibot> r223 build result: All green!
00:19 < fmibot> New commit by theseven (r224): iPod Nano 2G NAND driver: Add debugging output if NAND_TRACE is defined
00:19 < fmibot> r224 build result: All green!
00:19 < fmibot> New commit by theseven (r225): SynopsysOTG: Fix line endings
00:19 < fmibot> r225 build result: All green!
00:42 * TheSeven strongly suggests upgrading to http://files.freemyipod.org/installer-nano2g-beta-r225.bin (http://files.freemyipod.org/installer-nano2g-beta-r225.ipodx for initial installation)
00:42 < TheSeven> S_a_i_n_t: dd8ne should probably also try that before messing with resetftl any further
00:43 < S_a_i_n_t> Ok, if I see him I'll repast the link.
00:43 < S_a_i_n_t> err...re-paste
00:43 < TheSeven> updating instructions: python embios.py uploadfile 08000000 installer-nano2g-beta-r225.bin && python embios.py execfirmware 08000000
02:56 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 240 seconds]
03:00 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod
04:42 -!- S_a_i_n_t [S_a_i_n_t@203.184.0.144] has quit [Disconnected by services]
04:42 -!- S_a_i_n_t [S_a_i_n_t@203.184.0.14] has joined #freemyipod
04:45 -!- S_a_i_n_t [S_a_i_n_t@203.184.0.14] has quit [Disconnected by services]
04:45 -!- S_a_i_n_t [S_a_i_n_t@203.184.3.208] has joined #freemyipod
05:01 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection]
05:02 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod
07:11 -!- n1s [~n1s@rockbox/developer/n1s] has joined #freemyipod
07:30 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod
07:43 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Ping timeout: 252 seconds]
08:17 -!- Ex1lium [~Ex1lium@81.38.228.65] has joined #freemyipod
08:30 -!- Ex1lium [~Ex1lium@81.38.228.65] has quit []
09:22 -!- S_a_i_n_t [S_a_i_n_t@203.184.3.208] has quit [Ping timeout: 264 seconds]
09:23 -!- S_a_i_n_t [S_a_i_n_t@203.184.3.208] has joined #freemyipod
09:59 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod
11:01 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection]
11:02 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod
12:44 -!- MrShlee [~Default@114-30-105-242.ip.adam.com.au] has joined #freemyipod
13:18 < benedikt93> fwiw, somebody suggested an iPod Touch exploit to try on Nano 5G -> http://www.freemyipod.org/wiki/Talk:Nano_5G
13:28 < Farthen> benedikt93: interesting, we could try it on nano 5g
13:34 < TheSeven> oh, another USB vuln?
13:35 < TheSeven> hm, the other one was in iBoot, which makes it useless for us
13:36 < TheSeven> well, we could at least try if that one still exists in the 8730 bootrom
13:36 < benedikt93> is iBoot so much different from the nanos' efi implementation?
13:37 < TheSeven> i don't think they have something in common
13:37 < TheSeven> iboot is a feature-rich, but not modular bootloader
13:37 < TheSeven> so it's like an enhanced nano2g bootloader, and has nothing to do with the 3g/4g/classic efi bootloaders
13:37 < TheSeven> actually nobody has ever seen traces of efi on iphones/itouches so far
15:32 -!- perror [~fleury@aldebaran.labri.fr] has joined #freemyipod
15:34 -!- MrShlee [~Default@114-30-105-242.ip.adam.com.au] has quit [Quit: Leaving]
16:39 -!- benedikt93 is now known as benedikt93|AFK
17:01 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection]
17:02 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod
17:39 -!- benedikt93|AFK is now known as benedikt93
17:50 -!- perror [~fleury@aldebaran.labri.fr] has quit [Quit: Bye all !]
19:02 < benedikt93> ah, finally
19:03 < benedikt93> 0xdeadbeef at 0x08000000 on Nano 3G
19:03 < TheSeven> benedikt93: what is that supposed to tell me?
19:04 < benedikt93> that I could init SDRAM with the preefi functions
19:04 < TheSeven> \o/
19:05 < TheSeven> are you calling into PEICORE or have you separated and copied the neccessary code?
19:07 < benedikt93> I wrote a small python script to reallocate peicore t0 0x22010000 and call the functions there
19:08 < benedikt93> I began copying all functions over, but was too lazy to finish as it were two many..
19:08 < TheSeven> can you try to figure out the code path it's following?
19:09 < TheSeven> you can probably throw away most of it
19:09 < benedikt93> I'm maybe going to rewrite that in C
19:09 < benedikt93> to make it more understandable
19:09 < benedikt93> the I2C code is quite long
19:10 < TheSeven> you can probably throw that away, too
19:10 < TheSeven> as the 2g and 4g are using the same i2c core, i doubt the 3g will use a different one
19:11 < TheSeven> what's the base address of it? 3c600000 or 3c900000?
19:12 < benedikt93> 3c600000
19:12 < TheSeven> ok
19:12 < TheSeven> that matches the 2g, and the first i2c code on the 4g
19:12 < benedikt93> what I might need to figure out is, which GPIOs and which clock gates actually belong to sdram as peicore inits quite a lot at once
19:13 < TheSeven> that won't hurt for now
19:13 < TheSeven> just enable them all :)
19:13 < TheSeven> and the GPIOs are usually initialized near the code sending commands to the sdram
19:15 < benedikt93> one GPIO has 4bit to configure it, right? then it would init more than one hundred at once
19:25 < TheSeven> benedikt93: what function(s) in peicore are you calling?
19:26 < benedikt93> the first 5 immediately at its entrypoint
19:27 < benedikt93> the first enables the clock gates
19:27 < TheSeven> what's the address of the entry point relative to the module start?
19:27 < benedikt93> second one a timer for a delay function
19:27 < benedikt93> +0x2270 
19:27 < benedikt93> third enables the GPIOs
19:28 < benedikt93> fourth I2C (and powermanager)
19:28 < benedikt93> and for the fifth, you suggested some time ago a memory controller
19:28 < TheSeven> +0x374 apparently sets up the syscon (clock gates and probably PLLs)
19:29 < TheSeven> +0x880 is the timer one
19:30 < benedikt93> +0x3Ec has a table with the data at +0x2468
19:30 < benedikt93> at +0x89A is the delay
19:35 < benedikt93> btw, would 0x68696265 be possible to be some indicator for a warm start when already being at [sdramstart] after it's initialization?
19:35 < TheSeven> "hibe"?
19:35 < TheSeven> yes, definitely?
19:35 < TheSeven> that's a signature used to detect resuming from standby
19:35 < benedikt93> ah ok
19:36 < benedikt93> it's checked for at +0x22F0
19:36 < TheSeven> can you try to figure out what the addresses and data written to the PMU are?
19:41 < benedikt93> yep, but nothing for now anymore
19:41 < benedikt93> and school starts again tomorrow, so less time the next weeks :(
19:42 < TheSeven> benedikt93: congratulations for that one :)
19:42 < TheSeven> that's a major breakthrough!
19:45 < benedikt93> thx ;)
19:45 < TheSeven> what next? the lcd? :)
19:46 < TheSeven> that would mean catching up with the 4g :)
20:01 < benedikt93> dunno, won't it be necesarry to figure out how dxecore works first due to the jumptables (and for this also finish analyzing peicore as IIRC it also generates some jumptable before running dxecore or whatever follows after it)
20:18 < benedikt93> TheSeven, ^
20:18 < TheSeven> to dissect the efi mess, yes
20:19 < TheSeven> but the lcd and backlight should hopefully be doable without that
20:19 < TheSeven> another hint: most of the tables can be grabbed from coldboot memory dumps :)
20:20 < benedikt93> coldboot?
20:21 < benedikt93> nvm, http://en.wikipedia.org/wiki/Cold_boot_attack
20:24 < benedikt93> TheSeven, btw, anything new about limera1n?
20:25 < TheSeven> nope
20:26 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Quit: Bye ;)]
23:01 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has quit [Remote host closed the connection]
23:02 -!- clustur [~logger@c-76-127-58-39.hsd1.ga.comcast.net] has joined #freemyipod
23:26 -!- n1s [~n1s@rockbox/developer/n1s] has quit [Quit: Lämnar]
--- Log closed Mon Oct 25 01:39:38 2010