--- Log opened Sat Jan 01 00:00:18 2011
00:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
00:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
00:30 < fmibot> New commit by farthen (r404): embios.py/libembios: Correct documentation, create defaults for some arguments, fix an argument type.
00:30 < fmibot> r404 build result: All green!
03:55 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 260 seconds]
03:58 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod
04:04 -!- [Saint] [S_a_i_n_t@203.184.2.12] has quit [Ping timeout: 265 seconds]
04:04 -!- [Saint] [S_a_i_n_t@203.184.1.94] has joined #freemyipod
06:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
06:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
06:46 -!- [Saint] [S_a_i_n_t@203.184.1.94] has quit [Read error: Connection reset by peer]
06:47 -!- [Saint] [S_a_i_n_t@203.184.2.91] has joined #freemyipod
10:45 -!- [Saint] [S_a_i_n_t@203.184.2.91] has quit [Quit: I'm only going to Heaven if it feels like Hell, I'm only going to Heaven if it tastes like caramel...]
10:46 -!- [Saint] [S_a_i_n_t@203.184.2.91] has joined #freemyipod
10:46 -!- [Saint] [S_a_i_n_t@203.184.2.91] has quit [Remote host closed the connection]
11:02 -!- n1s [~n1s@rockbox/developer/n1s] has joined #freemyipod
11:03 -!- ParadisoShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has joined #freemyipod
11:04 -!- ParadisoShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has left #freemyipod
11:05 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has joined #freemyipod
12:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
12:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
12:47 < Dreamxtreme> am i getting the general idea that it would be wise to purchace a Classic 3rd gen instead of a 1st gen 160gb 
12:48 < Dreamxtreme> as long as it can increase the battery life over the 5.5G i have at the o
12:48 < Dreamxtreme> mo
12:49 < TheSeven> that certainly influences price, weight, size, and the 1st gen has that ce-ata drive that we don't support yet
12:49 < Dreamxtreme> money is no object only the best specs for me :D
12:51 < TheSeven> that's certainly the 3g then :)
13:13 -!- user890104 [Venci@venci-notebook-lan.ipv6.6bez10.info] has joined #freemyipod
13:44 < MrShlee> Hey, I promised to donate once you got classics working. Got a paypal?
13:46 < TheSeven> we don't really have a project leader who would manage that kind of things right now :)
13:46 < MrShlee> Well, I'll wait.
13:46 < TheSeven> so, depending on the amount you want to donate, there would be multiple possibilities:
13:46 < TheSeven> - donate a piece of hardware directly to a developer who needs it
13:47 < TheSeven> - pay for e.g. web hosting
13:47 < TheSeven> - donate to the rockbox fund instead
13:47 < TheSeven> - wait until there are more options :)
13:47 < Farthen> (TheSeven got his classic 3g paid from the rockbox fund IIRC)
13:48 < TheSeven> yep
13:48 < MrShlee> well, that's that.
13:48 < TheSeven> but the fund hasn't paid it yet, zagor seems to be on vacation or something :)
14:07 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has quit [Ping timeout: 240 seconds]
14:47 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has joined #freemyipod
15:05 -!- Jiss [Jiss@ip-11.net-82-216-242.rev.numericable.fr] has quit [Read error: Connection reset by peer]
15:06 -!- Jiss [Jiss@ip-11.net-82-216-242.rev.numericable.fr] has joined #freemyipod
15:19 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has quit [Ping timeout: 255 seconds]
17:25 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has joined #freemyipod
17:55 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has quit [Ping timeout: 240 seconds]
18:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
18:00 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod
18:07 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has joined #freemyipod
19:11 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Quit: Leaving]
20:05 -!- MrShlee [~ParadisoS@219-90-173-153.ip.adam.com.au] has quit [Ping timeout: 276 seconds]
22:10 -!- Keripo [~Keripo@CPE0022b0d4bdb7-CM001a6680d4fe.cpe.net.cable.rogers.com] has joined #freemyipod
22:10 -!- asmmonkey [503acd20@gateway/web/freenode/ip.80.58.205.32] has joined #freemyipod
22:12 -!- Jiss [Jiss@ip-11.net-82-216-242.rev.numericable.fr] has quit [Quit: Quit]
22:13 < asmmonkey> I am a bit confused, in the status page it says the emBios is not supported in the ipod nano 3g, but actually I can compile emBios for that ipod, has the status page been updated?
22:14 < TheSeven> no, the ipodnano3g code base in svn is actually ipod classic code that can probably be shared with the nano3g, but has never been tested on a nano yet (because nobody has written the hardware init code yet)
22:18 < asmmonkey> ok.
23:16 < asmmonkey> how I can run code in the nano 3g? notes?
23:17 < asmmonkey> I would like to help reverse engineering it
23:18 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Disconnected by services]
23:18 -!- [7] [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod
23:22 < [7]> asmmonkey: we can only run code using DFU so far
23:23 < asmmonkey> that is the Pwnage exploit, right?
23:23 < [7]> pwnage2.0 to be exact
23:29 < asmmonkey> is there an example payload for the nano 3g?
23:29 < [7]> there is that srambugger thing somewhere
23:30 < [7]> here's an empty pwnage exploit container: http://files.freemyipod.org/misc/s5l8702-container.dfu
23:31 < [7]> you can basically put any code into that
23:31 -!- Keripo [~Keripo@CPE0022b0d4bdb7-CM001a6680d4fe.cpe.net.cable.rogers.com] has quit [Quit: Leaving.]
23:36 < asmmonkey> so to run code I just need to put the code into that file (at >0x600)?
23:37 < [7]> you can use any zeroed space
23:37 < [7]> so basically from 0x50 to where the signature starts
23:38 < [7]> the file is loaded at 0x22000000 as is
23:38 < [7]> you need to overwrite the ADDR value at the end with the entrypoint address
23:38 < [7]> e.g. 50 00 00 22
23:40 < asmmonkey> the ADDR value is the last four bytes?
23:41 < [7]> hm, i think there's some zero padding after it
23:41 < [7]> it's the "ADDR" text that you need to overwrite with the address
23:41 < asmmonkey> Ok, I found it.
23:41 < asmmonkey> 0001fff0  00 00 00 00 00 00 52 44  44 41 00 00 00 00 00 00  |......RDDA......|
23:42 < [7]> yep
23:42 < [7]> so that would be 00 00 00 00 00 00 50 00 00 22 00 00 00 00 00 00 if your payload starts at 0x50 in the file
23:42 < [7]> (0x22000050 in address space)
23:42 < asmmonkey> and then how I upload it? I have seen an app called dfu-util from OpenMoko
23:42 < [7]> we have our own dfu tool in svn
23:42 < [7]> (ipoddfu.py)
23:43 < asmmonkey> Perfect.
23:45 < asmmonkey> also, the iBugger download link is broken. Where I can download the iBugger core?
23:45 < [7]> there is no ibugger core for the nano3g
23:45 < [7]> and there will probably never be one
23:45 < [7]> there isn't even a fully-featured loader yet
23:45 < [7]> only that sramloader thing
23:46 < asmmonkey> how that sramloader thing works?
23:46 < [7]> it's a stripped down ibugger loader that runs from SRAM and only supports uploading/downloading memory contents and jumping into code
23:49 < [7]> you can get it at http://files.freemyipod.org/misc/sramloader-8702.7z
23:49 < [7]> the .bin file is a compiled version of the .asm
23:50 < [7]> the code is completely position-independent, so you can just throw it into the exploit container whereever you want
23:50 < [7]> it uses the memory region from 0x22002000 to 0x22005fff as buffer space though, so you shouldn't put it there
23:51 < asmmonkey> you are helping me a lot. Just what I was searching.
23:53 < [7]> i usually use 0x22008000 to 0x2200ffff for programs to be executed and 0x22020000 to 0x2203ffff for data to be processed
23:53 < [7]> the code you execute can just jump back to 0x22006000 (that address is passed to it in LR) once it's finished
23:54 < [7]> that way you can download results via USB
23:54 < [7]> 0x22000000 to 0x2203ffff is the only memory range that's accessible at that point - the bigger SDRAM needs to initialized first, and we haven't completely figured that out yet for the nano3g
23:54 < [7]> 0x38000000 to 0x3fffffff is memory-mapped IO btw
23:56 < asmmonkey> so we are using the S5L8702 memory, right?
23:56 < [7]> yes
23:57 < [7]> the 256KB of internal SRAM
23:58 < asmmonkey> but, is there any datasheet? or a datasheet of an alike CPU?
23:58 < asmmonkey> I can't find one.
--- Log closed Sun Jan 02 00:00:20 2011