--- Log opened Tue Feb 08 00:01:19 2011 00:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection] 00:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod 00:29 < user890104> [Saint]: there's a nano2g installer build on the builds page, if you need it 00:45 -!- Keripo [~Keripo@eng232.wireless-resnet.upenn.edu] has joined #freemyipod 00:50 -!- Jiss [Jiss@ip-11.net-82-216-242.rev.numericable.fr] has quit [Quit: Quit] 01:59 -!- beast [62f9e57d@gateway/web/freenode/ip.98.249.229.125] has joined #freemyipod 01:59 < beast> sup, when will video be avaible for the iPod Classic? 02:01 < beast> on facebook so sorry if i misspeell stufff, lol 02:13 -!- nieuwbie [~user@ip4daa4a6f.direct-adsl.nl] has joined #freemyipod 02:57 -!- Keripo [~Keripo@eng232.wireless-resnet.upenn.edu] has quit [Quit: Leaving.] 03:02 -!- Keripo [~Keripo@eng232.wireless-resnet.upenn.edu] has joined #freemyipod 03:10 -!- [7] [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 240 seconds] 03:15 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 03:23 -!- [Saint] [S_a_i_n_t@203.184.2.178] has quit [Disconnected by services] 03:23 -!- S_a_i_n_t [S_a_i_n_t@203.184.3.216] has joined #freemyipod 03:25 -!- Keripo [~Keripo@eng232.wireless-resnet.upenn.edu] has quit [Quit: Leaving.] 03:40 -!- beast [62f9e57d@gateway/web/freenode/ip.98.249.229.125] has quit [Ping timeout: 245 seconds] 03:45 -!- Keripo [~Keripo@eng054.wireless-resnet.upenn.edu] has joined #freemyipod 03:58 -!- S_a_i_n_t [S_a_i_n_t@203.184.3.216] has quit [Ping timeout: 240 seconds] 04:00 -!- Dreamxtreme [~Dre@92.30.71.188] has quit [Ping timeout: 246 seconds] 04:02 -!- [Saint] [S_a_i_n_t@203.184.3.216] has joined #freemyipod 04:24 -!- nieuwbie [~user@ip4daa4a6f.direct-adsl.nl] has quit [Quit: ERC Version 5.3 (IRC client for Emacs)] 04:36 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Ping timeout: 255 seconds] 04:40 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod 05:09 -!- Dreamxtreme [~Dre@92.30.107.230] has joined #freemyipod 05:58 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Ping timeout: 255 seconds] 06:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection] 06:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod 06:25 < TheSeven> [00:34] http://pastie.org/1538944 / [00:38] he probably forgot to commit that file << the makefile should copy that 07:20 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 265 seconds] 07:28 -!- Keripo [~Keripo@eng054.wireless-resnet.upenn.edu] has quit [Quit: Leaving.] 08:01 -!- perror [~fleury@aldebaran.labri.fr] has joined #freemyipod 08:17 -!- Jiss [Jiss_rizon@ip-11.net-82-216-242.rev.numericable.fr] has joined #freemyipod 08:36 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 08:57 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 276 seconds] 09:19 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 10:07 -!- user890104 [~Venci@6bez10.info] has quit [] 11:32 -!- timccc [~timccc@112.166.15.141] has quit [Ping timeout: 276 seconds] 12:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection] 12:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod 12:06 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 240 seconds] 12:09 -!- timccc [~timccc@112.166.15.141] has joined #freemyipod 12:10 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 12:17 -!- timccc [~timccc@112.166.15.141] has quit [Ping timeout: 265 seconds] 12:32 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod 13:25 -!- timccc [~timccc@112.166.15.141] has joined #freemyipod 14:08 -!- paulo_ [~paulo@124.106.100.52] has joined #freemyipod 14:09 < paulo_> TheSeven: have you dumped the nano 2g bootrom? 14:09 < paulo_> i think i found a code that does 14:32 * Farthen has like 10 nano 2g bootrom dumps on his harddrive. why would we need another one? 15:10 < paulo_> oh, sorry 15:11 < Farthen> that is where most of the reverse engineering work for the nano 2g was done 15:13 < paulo_> Farthen: can i have a copy? 15:13 < Farthen> sure 15:13 * paulo_ grabs IDA 15:14 < paulo_> email? 15:15 < Farthen> http://files.freemyipod.org/tmp/bootrom.bin 15:15 < paulo_> done :) 15:15 < Farthen> ah, btw is was wrong. it was not the bootrom, but the bootloader in the nor that got so much love :) 15:16 < paulo_> what is the boot process? 15:16 < paulo_> bootrom->bootloader->firmware? 15:17 < Farthen> cpu bootrom (the one i gave you) -> norboot in the NOR flash -> firmware on the NAND 15:17 < Farthen> norboot basically prepares the SDRAM and the NAND flash 15:17 < paulo_> how did you dump it? 15:18 < Farthen> the bootrom was dumped using UART IIRC 15:18 < Farthen> then someone found out how usb worked 15:18 < Farthen> all later dumps were done through USB 15:19 < paulo_> did the dumping needed exploits to work? 15:19 < Farthen> sure, you can't execute software without an exploit ;) 15:20 < Farthen> some people tried using the JTAG on the dock connector but it is protected somehow 15:22 < Farthen> it was dumped using the notes exploit http://www.freemyipod.org/wiki/Notes_vulnerability 15:26 < paulo_> what ARM processor should i choose on IDA? 15:27 < Farthen> arm processors: arm 15:27 < Farthen> the one at the very top 15:27 < paulo_> rom start address is? 15:28 < paulo_> it shouldn't really matter, right? 15:29 < Farthen> 0x20000000 15:29 < Farthen> but it shouldn't really matter, yeah 15:41 < paulo_> is the OS monolithic? 15:44 < Farthen> there would be no real use for a microkernel on an embedded device 15:44 < Farthen> the os is compiled for the ipod with all drivers included 15:45 < paulo_> does that mean an exploit can access the bootrom at 0x20000000? 15:46 < paulo_> just dump the memory directly? 15:46 < Farthen> as soon as you have code running on the device you can do anything you want 15:47 < Farthen> so yeah, it was just dumped from the address directly 15:47 < paulo_> i'm working with the nano 6g 15:47 < Farthen> ah i see 15:47 < paulo_> so far, i found a timestamp parsing bug 15:47 < paulo_> and an integer overflow 15:48 < paulo_> also, my USB fuzzer crashes it in disk mode, randomly 15:48 < paulo_> no real overflows yet 15:48 < Farthen> still at least something 15:49 < Farthen> if you have found anything big please tell us in private chat/private email 15:49 < Farthen> well, you know about it anyways ;) 15:51 < paulo_> last question before i go 15:51 < paulo_> how do you find out the memory map? 16:14 < TheSeven> [16:18] the bootrom was dumped using UART IIRC << wrong, the initial dump was done through jtag dcache dumps 16:14 < TheSeven> [16:29] but it shouldn't really matter, yeah << the base address *does* matter, and it does matter a lot! 16:14 < Farthen> for the bootrom? 16:15 -!- AriX [~Ari@207.245.119.4] has joined #freemyipod 16:15 < Farthen> there is nothing that is really jumping in it and it is so small that most of the addresses should be dynamic anyways? 16:15 < TheSeven> what the hell? certainly it's jumping around a lot! 16:16 < TheSeven> and there are lots of absolute addressing 16:16 < TheSeven> to basically everything that's in .data 16:16 < TheSeven> so dfu descriptors and the like 16:16 < TheSeven> paulo_: it's identical to the one described in the s5l8700 datasheet 16:18 < paulo_> can anyone point out where the bootrom jumps to the NOR? 16:22 < TheSeven> it does not directly jump there 16:22 < TheSeven> it loads an image from it, decrypts it, verifies its signature and then jumps to the decrypted copy in SRAM 16:24 < paulo_> can you point which address exactly the jump is? 16:29 < Farthen> probably 0x8000000. but i may be wrong here again -.- 16:29 < Farthen> argh 16:30 < Farthen> yeah, of course i am wrong here 16:30 < Farthen> more likely 0x22000000 16:32 < paulo_> but the bootrom ends at 0x2000C7FF 16:32 < TheSeven> paulo_: 20000368 16:33 < Farthen> ah, now i understood your question 16:35 < TheSeven> to be exact 20000368 < 20002258 < 20001F20/20001F78 < 20002148 < 20002218 < 200002D8 < 20000000 16:35 -!- AriX [~Ari@207.245.119.4] has quit [Quit: Leaving...] 17:59 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 246 seconds] 18:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has quit [Remote host closed the connection] 18:01 -!- clustur [~logger@c-98-249-104-118.hsd1.tn.comcast.net] has joined #freemyipod 18:16 -!- nieuwbie [~user@ip4daa4a6f.direct-adsl.nl] has joined #freemyipod 18:21 < nieuwbie> haha! 18:22 < nieuwbie> It's running, hello world is finelly running. I've got an error message :/ 18:22 < nieuwbie> *PANIC* 18:22 < nieuwbie> Unhandled SWI FEBEAF 18:22 < nieuwbie> *PANIC* 18:23 < nieuwbie> Stack overflow! <08000C6C> 18:25 -!- Keripo [~Keripo@SEAS334.wlan.seas.upenn.edu] has joined #freemyipod 18:30 < paulo_> what hello world? 18:41 < nieuwbie> paulo_: Revision 488. 18:42 < paulo_> what is revision 448? 18:42 < nieuwbie> yyy svn revision? 18:43 < nieuwbie> paulo_: ealier version of hello world avaiable on http://svn.freemyipod.org/apps/helloworld? 18:45 -!- rock[] [5e845dc8@gateway/web/freenode/ip.94.132.93.200] has joined #freemyipod 18:50 < nieuwbie> paulo_: Nothing's ringing? 18:51 < paulo_> oh yeah, sorry i'm busy 18:52 < Farthen> nieuwbie: that probably means that you have a problem with your compiler, more precisely a problem with elf2emcoreapp 18:53 < nieuwbie> Farthen: yyy, damn. 18:53 < Farthen> can you do "svn up; make clean; ./configure .... ; make; make install" again? 18:54 < Farthen> so in elf2emcoreapp 18:54 < Farthen> fixed it for me at least 18:57 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Read error: No route to host] 18:57 < nieuwbie> Farthen: Should I svn up elf2emcoreapp? 18:58 < Farthen> if it is not already on the newest revision, yes 18:58 < nieuwbie> Damn. 19:00 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod 19:01 < nieuwbie> Farthen: I'll have to recompile the toolchain once again. 19:02 < Farthen> TheSeven fixed something on the 5th which has made mine work (had the same error) 19:12 < nieuwbie> Farthen: That libiberty.a should be from my system or from binutils_build? 19:13 < Farthen> from binutils_build 19:14 < Farthen> you need to use the same binutils version to build gcc with which you will be building your apps 19:14 < nieuwbie> Farthen: So there is a mistake in elf2emcoreapp's README. 19:14 < Farthen> is it? 19:14 < Farthen> "You need an appropriate libbfd.a and libiberty.a for your target" 19:14 < nieuwbie> ./configure --target=arm-elf-eabi \ 19:14 < nieuwbie> --with-binutils-build-dir=/tmp/rbdev-build/build-binutils \ 19:14 < nieuwbie> --with-libiberty=/usr/lib/libiberty.a 19:14 < nieuwbie> 19:15 < Farthen> nope, that one is right 19:16 < Farthen> you need to interrupt the building of the rockbox toolchain right before it starts to delete build-binutils 19:16 < nieuwbie> Farthen: I commented the line contained rm -rf. 19:17 < nieuwbie> in rockboxdev.sh 19:17 < nieuwbie> Doesn't it have the same result? 19:17 < Farthen> the readme is completely right and approprite then 19:17 < Farthen> yeah it has of course 19:17 < Farthen> i thought you meant with "from my system" another libiberty.a from your local x86 toolchain 19:18 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 19:18 < nieuwbie> So still --with-libiberty=/usr/lib/libiberty.a compiler will look for libiberty.a on my system not in /tmp/rbdev-build 19:19 < nieuwbie> *by my system I mean my local x86 machine, right? 19:21 < nieuwbie> Or there is something that I didn't get. 19:22 -!- rock[] [5e845dc8@gateway/web/freenode/ip.94.132.93.200] has quit [Quit: Page closed] 19:22 < nieuwbie> hmm, I get another *PANIC* but diffrent one "@-"... 19:22 < nieuwbie> Nothing more. 19:24 < Farthen> can you try http://files.freemyipod.org/tmp/helloworld.emcoreapp ? 19:25 < Farthen> if your toolchain is broken this one should work. if it is another problem that one shouldn't work, too 19:25 < nieuwbie> Give me a minute please. 19:25 < Farthen> i would also give you two 19:26 < nieuwbie> That's too generous. 19:27 < nieuwbie> Farthen: Yes. It doesn't work. 19:27 < Farthen> the same "@-" thing? 19:27 < nieuwbie> *PANIC Unhandeled SWI FEBEAF - whatever it means. 19:28 < Farthen> hmm, should not happen 19:28 < Farthen> that means that something is overwriting your stack 19:30 < nieuwbie> Farthen: How can I give you more information about it? 19:30 < Farthen> hmm, i can't really help out that much either 19:31 < Farthen> i did not write a single line of the emcore core to be honest. it is 100% the work of TheSeven 19:32 < nieuwbie> allright, I'll wait for him - anyway I'm glad that we going farther. :) 19:36 < Farthen> (hint: he came online 20 minutes ago) 19:37 < nieuwbie> (where?) 19:37 < nieuwbie> ^^ 19:37 < TheSeven> nieuwbie: which device? 19:38 < nieuwbie> TheSeven: iPod Classic 1 gen 80GiB. 19:38 < TheSeven> Farthen: that's the same broken binary that you sent me yesterday 19:39 * Farthen could swear that he fixed it and uploaded it to the same place 19:39 < TheSeven> nieuwbie: can you send me your broken binary? 19:39 < nieuwbie> yyy 19:40 < TheSeven> if we're lucky, i might be able to see what went wrong while building it... 19:40 < nieuwbie> TheSeven: you mean the helloworld.emcoreapp? 19:40 < TheSeven> yes 19:40 < nieuwbie> TheSeven: Of course. 19:40 < nieuwbie> TheSeven: Could you give me the address? 19:41 < TheSeven> what kind of address? email? 19:41 < TheSeven> my nick name at freemyipod.org :) 19:44 < nieuwbie> ok ^^ 19:47 < nieuwbie> Sent. 19:50 -!- Keripo [~Keripo@SEAS334.wlan.seas.upenn.edu] has quit [Quit: Leaving.] 19:56 < nieuwbie> TheSeven: Did you get it? 19:56 -!- perror [~fleury@aldebaran.labri.fr] has quit [Quit: Bye all !] 19:56 < TheSeven> yes 20:00 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has joined #freemyipod 20:06 < paulo_> where is the toolchain? 20:06 < TheSeven> nieuwbie: i don't see anything obvious in a hexedit, let's look at it with ida... 20:08 < TheSeven> seems like your linker didn't resolve any symbols... 20:17 < TheSeven> hm, or rather resolve them with a wrong base 20:19 -!- paulo_ [~paulo@124.106.100.52] has quit [Ping timeout: 255 seconds] 20:21 < TheSeven> relocs from .text to .data/.bss are apparently resolved relative to the start of .data/.bss instead of .text 20:22 < TheSeven> so whatever is going on there, it seems like the problem is at the linking step, not at elf2emcoreapp 20:22 < nieuwbie> TheSeven: Bug in binutils? 20:22 < TheSeven> or maybe some inportability in the linker script 20:22 < TheSeven> is that the rockbox toolchain or something else? 20:25 < nieuwbie> TheSeven: The rockbox toolchain. 20:30 < TheSeven> that's weird, as i'm using that one as well 20:33 < nieuwbie> What I did second time I commented the line which was removind binutils and I waited till end of installation. 20:33 < nieuwbie> I don't think that's related to my problem - but I'm not an expert. 21:04 < nieuwbie> TheSeven: I've updated rockboxdev.sh and I'll try to recompile it once again. 21:06 -!- Keripo [~Keripo@eng442.wireless-resnet.upenn.edu] has joined #freemyipod 21:17 < nieuwbie> TheSeven: No changes. 21:17 -!- Keripo [~Keripo@eng442.wireless-resnet.upenn.edu] has quit [Quit: Leaving.] 21:26 -!- benedikt93 [~benedikt9@unaffiliated/benedikt93] has quit [Quit: Bye ;)] 21:27 -!- Keripo [~Keripo@SEAS003.wlan.seas.upenn.edu] has joined #freemyipod 21:39 -!- Keripo [~Keripo@SEAS003.wlan.seas.upenn.edu] has quit [Quit: Leaving.] 21:40 -!- Keripo [~Keripo@SEAS003.wlan.seas.upenn.edu] has joined #freemyipod 21:47 -!- stephen__ [~stephen@86.42.26.228] has joined #freemyipod 21:51 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has quit [Ping timeout: 245 seconds] 21:51 -!- Dreamxtreme [~Dre@92.30.107.230] has quit [Read error: Connection reset by peer] 21:53 -!- Dreamxtreme [~Dre@92.30.107.230] has joined #freemyipod 22:03 -!- nieuwbie [~user@ip4daa4a6f.direct-adsl.nl] has quit [Quit: ERC Version 5.3 (IRC client for Emacs)] 22:12 -!- TheSeven [~TheSeven@rockbox/developer/TheSeven] has joined #freemyipod 22:21 -!- stephen__ [~stephen@86.42.26.228] has quit [Quit: Leaving] 22:31 -!- Keripo [~Keripo@SEAS003.wlan.seas.upenn.edu] has quit [Quit: Leaving.] 22:48 -!- Keripo [~Keripo@SEAS265.wlan.seas.upenn.edu] has joined #freemyipod 22:51 -!- Keripo [~Keripo@SEAS265.wlan.seas.upenn.edu] has quit [Quit: Leaving.] 23:08 -!- Stephen__ [~S@86.42.26.228] has joined #freemyipod 23:23 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has quit [Read error: No route to host] 23:25 -!- liar [~liar@clnet-p09-185.ikbnet.co.at] has joined #freemyipod 23:34 -!- Keripo [~Keripo@eng442.wireless-resnet.upenn.edu] has joined #freemyipod --- Log closed Wed Feb 09 00:01:20 2011