00:00.20 | lamikr | cr2: Good :-) The only change needed is to write small xip.nbf which contains just the new h6300 bootloader instead of containing wince stuff. That way you get bootloader that still requires the loading of kernel, etc. from the sd/mmc. |
00:00.32 | lamikr | but boots without going via wince. |
00:01.35 | lamikr | To get kernel & rootfs also loaded from flash requires a little bit more work. |
00:01.56 | cr2 | lamikr: there are multiple ways to do similar thing on the universal, but i need to finish the code hardware support like lcd shutdown and battery charging. |
00:02.47 | cr2 | yes, i've written a bit of flash description today. |
00:03.04 | lamikr | cr2: Yes. Do you know which wince driver/dll contains the backlight control in universal? That could help to to find out the answer to same problem in h6300. |
00:03.36 | cr2 | lkcl: have you found the gpios for joystick ? |
00:03.47 | cr2 | lamikr: backlight.dll |
00:03.50 | lkcl | gimme 1sec... |
00:04.14 | cr2 | but it wildly differes between wince versions, because it's the "OEM" stuff. |
00:04.19 | *** join/#htc-linux baud123 (n=baud@ver78-1-82-240-29-152.fbx.proxad.net) |
00:05.20 | lamikr | cr2: Hmm, we have does not backlight.dll but backlight.cpr... |
00:05.25 | lkcl | oh bollocks! i managed to use the joystick to select and run linux :) |
00:05.28 | lkcl | DOH! |
00:05.42 | lkcl | 94 to 98 :) |
00:05.47 | lkcl | gpio 94 to gpio 98 |
00:06.33 | lkcl | oh they're already marked on SableGPIO page |
00:09.34 | cr2 | lkcl: is it just a part of the keyboard ?? |
00:09.51 | cr2 | you don't have buttons like camera and record ? |
00:10.00 | cr2 | OMAP Video for Linux camera driver |
00:10.11 | cr2 | nothing omap-specific there. |
00:10.15 | lkcl | camera and volume up and down |
00:11.13 | lkcl | ooo that's a bit weird.... |
00:11.49 | lkcl | i'm _guessing_ it's gpio100 for volume up and gpio101 for volume down. |
00:12.05 | cr2 | guessing ? |
00:12.09 | lkcl | but gpio 22 also goes mad |
00:12.54 | cr2 | but it's also pxa27x keyboard pins. |
00:13.02 | lkcl | as did 40, 101, 103, 104, 105, 106, 107 _and_ 108 :) |
00:13.15 | cr2 | yes, so there are no "buttons" for you. |
00:13.20 | lkcl | hurrah! |
00:13.26 | lkcl | ok let's try camera, too |
00:13.38 | lkcl | gpio 91 |
00:14.23 | lkcl | yep - all 'keyboard' |
00:15.56 | cr2 | hehe. it's omap because it's written by TI. not only one #include "*omap*" there. |
00:20.20 | lkcl | uhh... cr2 - i make that gpio not asic3gpio for the gps... am i completely wrong? |
00:20.49 | lkcl | what am i doing looking at sub_1634b74? |
00:21.23 | cr2 | lkcl: there are both. |
00:21.29 | lkcl | oh god. |
00:22.18 | lkcl | yep. sub_1633fa0 |
00:22.26 | lkcl | ... _why_? :) |
00:22.35 | lkcl | never mind. there is no 'why'... |
00:22.49 | cr2 | i don't have such sub_ ? |
00:23.12 | cr2 | are you looking at the latest idb ? |
00:24.49 | cr2 | all the gpios are in wiki. there are 2 pxa gpios (57 and 116) and some asic3 gpios. |
00:27.04 | cr2 | lkcl: do you have a headset ? |
00:27.17 | lkcl | not in the uk. in holland. |
00:28.37 | cr2 | ok. |
00:28.49 | cr2 | what else can we test ? |
00:32.59 | lkcl | hmmm.... phone! |
00:33.24 | lkcl | phone, wireless, camera... |
00:33.43 | lkcl | actually i can't test the camera until i've disassembled the thing and put it back in properly! |
00:34.26 | lkcl | it's still sticking out at an angle because the camera is mounted on the case and it wasn't seated properly: it's pushed the camera-protective-cover-sticker off :) |
00:35.02 | lkcl | i'm just walking through this gps initialisation at the moment |
00:35.03 | cr2 | wireless... |
00:35.12 | cr2 | why can't we find it. |
00:35.15 | Kevin2 | cr2: Yes. It's cute - it uses LoadLibraryEx to pull the file into memory so that it can write it out to disk. |
00:35.37 | cr2 | for the phone we need a normal dump of rilgsm |
00:35.58 | cr2 | Kevin2: yes, but it always segfaults at the last page. |
00:36.33 | cr2 | maybe it is not mapped or remapped ? i have no idea. |
00:36.51 | cr2 | the code actually works, if you ignore the last page. |
00:38.02 | cr2 | i thought about VirtualCopy and then just fwrite() without copying each page at once. |
00:38.22 | lkcl | dang there's about _eight_ gpios involved, here, with this stuff. |
00:40.12 | cr2 | lkcl: where ? |
00:40.20 | lkcl | in the gps stuff. |
00:40.29 | cr2 | phone/audio/wifi. |
00:40.41 | lkcl | 0x1634cdc |
00:40.54 | cr2 | gps,lcd,bl is done |
00:41.11 | cr2 | gps ? yes. + BB_INT |
00:41.55 | lkcl | i'm just going through this disasm, turning it into pseudo-code. do you think this is a sensible use of my time? |
00:45.29 | cr2 | you should document the X in spi_rw_X and the reponses. |
00:45.51 | cr2 | i'm looking at the spi_init |
00:46.18 | cr2 | the spi stuff is generic, the spi_rw_X is actually written in C in blueangel_kp.c |
00:47.25 | lkcl | you mean the trace i took? do a better wi and then decode it? |
00:49.10 | cr2 | yes. so we know what is written into gps, and what comes out. |
00:49.23 | cr2 | the powerup/powerdown is more or less clear. |
00:49.47 | cr2 | i may be only the control data. |
00:58.16 | cr2 | hmm. i've learned something new :) |
01:00.22 | lamikr | cr2: Do you have linux ida? |
01:02.19 | cr2 | lamikr: no. i had an old version, but it's not good. |
01:02.45 | lamikr | so which version you use now? |
01:03.01 | cr2 | 5.0 remote. |
01:03.18 | lamikr | Is it much better than 4.8 ? |
01:03.45 | lamikr | and what is this "remote" in the name? |
01:04.33 | cr2 | off the machine of lkcl |
01:04.53 | cr2 | it's not mine. |
01:05.16 | lamikr | ok :-) So 5.0 is much better than 4.8 ? |
01:05.23 | lamikr | or 4.6 in Linux? |
01:06.10 | cr2 | 5.0 is better than linux 4.7 |
01:06.22 | cr2 | afaik there is no linux 5.0 version, only 4.9 |
01:06.49 | cr2 | 4.9 has some improvements for the annoying problems in the earlier versions. |
01:07.10 | lamikr | ok, just checked that 5.0 has support for the graphs. Is there something else that makes 5.0 much better than 4.x? |
01:07.12 | cr2 | like [R12] indirection. |
01:07.37 | lamikr | ok |
01:08.08 | lamikr | hmm, what this indection mean? |
01:08.16 | cr2 | you need to do it manually. |
01:08.22 | cr2 | hmm. |
01:08.39 | cr2 | i don't have an example at hand. |
01:08.52 | cr2 | function foo is in bar.dll |
01:09.00 | cr2 | coredll for example. |
01:09.09 | cr2 | then it decodes like |
01:09.42 | cr2 | sub_xxx : ldr r12,foo |
01:10.09 | cr2 | and so on. instead of replacing sub_xxx with 'foo'. |
01:10.20 | cr2 | 5.0 does it right. |
01:14.02 | lamikr | ok, thanks |
01:14.35 | cr2 | ida is better than objdump, but it is still a rather primitive tool. |
01:15.05 | lamikr | balrog-kun in hackndev is writing something that he claims will be much better than idapro. |
01:15.15 | cr2 | you can't just press 'run' and get a good result. |
01:15.23 | cr2 | for arm ? |
01:17.42 | lamikr | cr2: Yes for arm |
01:18.06 | cr2 | hmm. decoded the SPI_CS alt, now found one more undocumented asic3 clock bit ;) |
01:18.32 | cr2 | lamikr: the holy grail is to port wine to wince. |
01:18.38 | cr2 | them wince is toast. |
01:19.57 | lamikr | cr2: Yes, husam has took another approach. He has written omap emulator for wince... It can already show the original HP's logo when to bootloader starts, but the jump to wince kernel fails. |
01:20.19 | cr2 | and it should be relatively easy given the stupid 25bit architecture. |
01:20.21 | cr2 | qemu ? |
01:20.43 | lamikr | cr2: I loaded now the backlight.cpl now with ida. Unfortunately I could not find any easy method like setBacklight |
01:20.44 | cr2 | m$ knows that and pushes wince6, where it is not the case anymore. |
01:21.16 | cr2 | lamikr: you should really port haret to omap. |
01:21.25 | cr2 | will save you a lot of disassembling. |
01:21.27 | lamikr | cr2: Yes, they actually claimed to release quite a few sources from wince6. |
01:22.07 | cr2 | but they must be backward compatible, so it's not that easy for them. |
01:22.24 | lamikr | cr2: Are you able to watch registers from peripherals like tsc2101 with haret? |
01:22.57 | cr2 | yes, you can watch any virtual memory access, thanks to the code written by Kevin2 |
01:23.13 | cr2 | using the ARM debug registers. |
01:23.42 | cr2 | this is a real hardware debugger |
01:23.54 | cr2 | built in the cpu. |
01:29.25 | lamikr | nice, is that pxa specific? |
01:30.11 | cr2 | ask Kevin2, i'm not sure. |
01:30.30 | lamikr | cr2: About the phone. Does phone.dll contain anything usefull considering the phone init, etc. or do you have the code for enabling/disabling the phone in rilgsm.dll or ril.dll ? |
01:32.37 | cr2 | phone.dll is useless. ril.dll is also a "portable" part |
01:32.53 | cr2 | rilgsm.dll is device-specific. |
01:33.43 | lamikr | ok, I opened the rilgsm.dll. Ida want to open also theossvcs.dll which I also have. |
01:34.09 | Kevin2 | The memory watching is pxa specific. Who knows - omap might have similar functionality. |
01:34.16 | lamikr | Do you remember function names rilgsm.dll which are used for you to turn on the phone hardware. |
01:34.36 | cr2 | lamikr: it's not that easy. |
01:34.43 | cr2 | Kevin2: thanks. |
01:35.26 | cr2 | Kevin2: but cp14 and cp15 are ARM registers, not really pxa ? |
01:36.51 | cr2 | Kevin2: asic3 is better documented than your CPLD, but it has also some undocumented features that i've discovered. some of them are still unclear. |
01:42.52 | lamikr | cr2: So functions like RIL_PowerUp were not the key... Do you have a function with that name? |
01:43.56 | cr2 | yes, they are usually an empty stub. |
01:44.24 | cr2 | sharp has really obfuscated their asic3 header ;) |
01:44.40 | cr2 | but it's the only code i know where they deal with asic3 pwm. |
01:46.16 | Kevin2 | cr2: The coprocessors are implementation dependent. I doubt TI would implement them the same way. (But who knows - maybe they did.) |
01:46.33 | lamikr | cr2: RIL_PowerUp, RIL_PowerDown, RIL_IOControl and WMT_IOControl seems to have real code in them. WMT_PowerUp and WMT_PowerDown are simpy ret functions. |
01:49.19 | cr2 | lamikr: look at RIL_Initialize in ril.dll |
01:49.46 | cr2 | but don't be surprised if it calls RIL_DevSpecific |
01:59.30 | lamikr | cr2: Do you really mean from the ril.dll and not form rilgsm.dll? I opened RIL_Init() from rilgsm.dll and seems to be pretty long function in , could not detect call to RIL_DevSpecific. Can I somehow save/copy/paste the idapro assemply view to text-file? |
02:01.35 | cr2 | lamikr: select with the left button and use "copy" in menu. then paste it in some other program (i used kwrite) |
02:02.28 | cr2 | good night :) |
02:22.40 | Kevin2 | psokolovsky_: I've checked in my changes to haret. |
03:09.32 | lkcl | http://hands.com/~lkcl/hp6915/decoded.gps.from_spi.4thrun.txt |
03:09.37 | lkcl | there's a couple others |
03:11.15 | lkcl | anyway. am off to sleep. until tomorrow. it's a 19-byte payload, apparently. at least, there's a regular occurrence of the letter 2 (0x32) every 19 bytes when things go well. lots of data was lost: buffer overflow in the wi data. oh well |
06:43.54 | *** join/#htc-linux goxboxlive (n=goxboxli@9.80-202-160.nextgentel.com) |
08:36.02 | *** join/#htc-linux rob_w (n=bob@p85.212.129.249.tisdip.tiscali.de) |
10:08.57 | *** join/#htc-linux asylumed (n=insanity@196.211.116.2) |
10:23.03 | goxboxlive | cr2: I have managed to boot a initramfs, but it has very restricted functions |
10:41.14 | *** join/#htc-linux LunohoD (n=alex@e180065179.adsl.alicedsl.de) |
10:58.42 | *** join/#htc-linux rob_w (n=bob@p85.212.129.249.tisdip.tiscali.de) |
11:40.02 | *** join/#htc-linux WizMaui (n=WizMaui@62.112.90.179) |
11:57.58 | *** join/#htc-linux deltastar (n=bosty@BSN-61-36-104.dial-up.dsl.siol.net) |
11:58.18 | deltastar | hi room, |
11:58.59 | deltastar | is there any new kernel for ba board id 06 that works suspend/resume? |
12:00.04 | rob_w | goxboxlive managed a hack to regain suspend .. |
12:00.20 | rob_w | oh no i meant asylumed did the patch |
12:05.33 | deltastar | so, yes no or still soon ;) |
12:06.16 | deltastar | mean, can i download it somewhere? |
12:22.57 | *** join/#htc-linux WizMaui_ (n=WizMaui@62.112.90.179) |
12:24.05 | rob_w | deltastar, its been committed to the lasted source |
12:31.51 | *** join/#htc-linux WizMaui (n=WizMaui@62.112.90.179) |
12:47.06 | *** join/#htc-linux BabelOued (n=Fabrice@lun34-2-82-238-28-28.fbx.proxad.net) |
12:51.30 | *** join/#htc-linux rob_w (n=bob@p85.212.129.249.tisdip.tiscali.de) |
13:06.48 | *** join/#htc-linux florian_ (n=fuchs@87.193.40.87) |
13:41.32 | BabelOued | hi |
14:13.29 | lkcl | let's see what happens |
14:39.11 | *** join/#htc-linux goxboxlive (n=goxboxli@9.80-202-160.nextgentel.com) |
14:56.45 | psokolovsky_ | Hi! |
14:56.50 | psokolovsky_ | Kevin2, kudos! |
14:57.11 | psokolovsky_ | anyway, hope everyone's having good rest after yesterday's great work ;-) |
15:22.28 | lkcl | work? what's that? |
16:54.18 | *** join/#htc-linux FossiFoo (n=Fossi@e176118147.adsl.alicedsl.de) |
17:35.48 | *** join/#htc-linux centrino (n=centrino@linux.fjfi.cvut.cz) |
17:58.16 | *** join/#htc-linux pierrox (n=pierrot@ns1.1000wallpapers.com) |
17:58.18 | pierrox | hi |
18:01.01 | pierrox | cr2, lkcl told me that you could help me about the memory map, have you some time ? |
18:36.57 | *** join/#htc-linux dullard (n=jim@adsl-static-1-30.uklinux.net) |
18:56.51 | *** join/#htc-linux FossiFoo_ (n=Fossi@e176122206.adsl.alicedsl.de) |
19:15.01 | *** join/#htc-linux BabelOued_ (n=Fabrice@lun34-2-82-238-28-28.fbx.proxad.net) |
19:23.28 | *** join/#htc-linux florian_ (n=fuchs@87.193.43.154) |
19:26.26 | *** join/#htc-linux BabelOued_ (n=Fabrice@lun34-2-82-238-28-28.fbx.proxad.net) |
19:38.43 | *** join/#htc-linux goxboxlive (n=goxboxli@9.80-202-160.nextgentel.com) |
19:44.59 | lkcl | pierrox, allo - cr2 is usually around in the evenings / night. |
19:45.17 | lkcl | but i just remembered: haret has a dump command to get the mmu memory map |
19:45.55 | pierrox | ok |
19:46.07 | pierrox | in fact the mmu dump fails on my device |
19:46.16 | pierrox | so i must find another way to dump it |
19:49.16 | Kevin2 | pierrox: You need a later version of haret. Try gnu-haret. |
19:50.16 | pierrox | i wasn't aware of gnu-haret |
19:54.00 | pierrox | Kevin2, have you a link to this version of haret ? |
19:55.57 | Kevin2 | pierrox: See http://www.handhelds.org/moin/moin.cgi/HaRET |
19:56.10 | Kevin2 | The binaries are at: http://jornada820.sf.net/files/haret |
19:59.33 | pierrox | ok, there is some mess in the version number |
20:08.10 | *** join/#htc-linux WizMaui_ (n=WizMaui@62.112.90.179) |
20:29.03 | pierrox | bye |
20:39.20 | goxboxlive | aloha |
20:46.04 | *** join/#htc-linux JTRipper86 (n=jtripper@p54B1E510.dip.t-dialin.net) |
20:48.37 | *** join/#htc-linux asylumed (n=insanity@196.211.28.91) |
20:56.15 | lkcl | anyone know how to enable access to the onboard storage partition - the hidden one? |
21:09.52 | *** join/#htc-linux lamikr|lap (n=chatzill@aragorn.kortex.jyu.fi) |
21:11.37 | goxboxlive | lkcl: Do you mean from wince? |
21:13.58 | goxboxlive | lkcl: If it is from wince, u can use this app: http://buzzdev.net/index.php?option=com_content&task=view&id=63&Itemid=1 But this is for the Universal. I dont know if it will work with other devices |
21:36.27 | lkcl | well i can only try - yes wince |
22:22.35 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) |
22:33.47 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) [NETSPLIT VICTIM] |
22:33.47 | *** join/#htc-linux lamikr|lap (n=chatzill@aragorn.kortex.jyu.fi) |
22:33.48 | *** join/#htc-linux JTRipper (n=jtripper@p54B1E510.dip.t-dialin.net) |
22:33.48 | *** join/#htc-linux florian (n=fuchs@87.193.43.154) |
22:33.48 | *** join/#htc-linux dullard (n=jim@adsl-static-1-30.uklinux.net) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux LunohoD (n=alex@e180065179.adsl.alicedsl.de) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux baud123 (n=baud@ver78-1-82-240-29-152.fbx.proxad.net) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux ba2bb (n=bbaniste@w160186.wireless.fsr.net) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux psokolovsky_ (n=psokolov@239.usernat.ip.net.ua) |
22:33.48 | *** join/#htc-linux cr2 (n=konversa@crpl22.physik.uni-wuppertal.de) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux iggy (n=iggy@gentoo/developer/iggy) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux hlbot (n=adm@iclem.net) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux pof (n=pof@62.57.1.173) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux anYc (i=mario@hadince17.hadiko.uni-karlsruhe.de) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux toi (n=pleemans@d5152D3B4.access.telenet.be) |
22:33.48 | *** join/#htc-linux Funklord (n=cow@c-cbd572d5.014-46-73746f28.cust.bredbandsbolaget.se) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux eldu (n=damajor@nysa.e-geek.org) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux parmaster (i=par@dipole.idlepattern.com) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux DerekS (n=DerekS@unaffiliated/dereks) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux Kevin2 (n=Kevin@207-237-52-30.c3-0.avec-ubr12.nyr-avec.ny.cable.rcn.com) [NETSPLIT VICTIM] |
22:33.48 | *** join/#htc-linux Kmarc (i=kari@markos.biz) [NETSPLIT VICTIM] |
22:33.49 | *** join/#htc-linux TeringTuby (n=maarten@189-66-dsl.ipact.nl) [NETSPLIT VICTIM] |
22:33.49 | *** join/#htc-linux gw280 (i=authdeni@81.91.110.54) [NETSPLIT VICTIM] |
22:33.49 | *** join/#htc-linux lamikr (n=chatzill@aragorn.kortex.jyu.fi) [NETSPLIT VICTIM] |
22:33.49 | *** join/#htc-linux ljp (n=lpotter@203.94.178.46) [NETSPLIT VICTIM] |
22:33.49 | *** join/#htc-linux awelux (n=awelux@lvps87-230-8-217.dedicated.hosteurope.de) [NETSPLIT VICTIM] |
22:34.41 | lkcl | argh! trying to compile romunlock. oh well. enough for now. |
22:57.48 | *** join/#htc-linux JTRipper86 (n=jtripper@p54B1E510.dip.t-dialin.net) |
23:08.04 | *** join/#htc-linux lamikr_ (n=chatzill@aragorn.kortex.jyu.fi) |
23:28.21 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) |
23:49.17 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) |