00:08.14 | *** join/#htc-linux Hawk|- (n=Hawk@p5B179530.dip0.t-ipconnect.de) |
01:09.14 | *** join/#htc-linux ImCoKeMaN (n=imcokema@pool-71-251-148-185.hrbgpa.fios.verizon.net) |
01:28.36 | ImCoKeMaN | anyone here feel like schooling someone to learn more advanced features in haret for the HTC -TITAN? (aka-mogul) |
01:38.27 | Kevin2 | ImCoKeMaN: What are you looking to do? |
01:39.26 | ImCoKeMaN | well in all honesty i want to develop a method of a soft bootloader for the device |
01:39.43 | ImCoKeMaN | i don't need to have linux on it, but i'm willing to learn that in the process |
01:40.12 | ImCoKeMaN | I also have an htc-apache that i could use for learning, but right now i can't even dump the GPIOs from teh mogul |
01:41.06 | Kevin2 | What kind of cpu does the TITAN have? |
01:41.17 | ImCoKeMaN | msm7500 qualcomm |
01:41.33 | Kevin2 | Oohh. That's new. What happens when you run haret on it? |
01:41.37 | ImCoKeMaN | haven't seen much support for it, but i'll try whatever is helpful |
01:41.48 | ImCoKeMaN | i am able to telnet in with my PC and run commands |
01:42.08 | ImCoKeMaN | i was also able to create a startup.txt to dump the bootloader from a WM5 device |
01:42.56 | Kevin2 | Great! You're the first success report. Can you create a file "earlyharetlog.txt" in the same directory as haret.exe and post the resulting "haretlog.txt" file? (Preferably mail it to haret@handhelds.org) |
01:43.29 | Kevin2 | Oh, and make sure you're using the latest haret.. |
01:43.35 | ImCoKeMaN | 0.4.8? |
01:43.40 | ImCoKeMaN | or a nightly build? |
01:43.45 | ImCoKeMaN | i have both heh |
01:43.50 | Kevin2 | http://handhelds.org/~koconnor/haret/haret-20070730.exe |
01:44.04 | ImCoKeMaN | ok, damnit not that new lol |
01:44.09 | Kevin2 | Nightly build is also good. |
01:45.17 | ImCoKeMaN | ok lemme load that sucker up |
01:46.25 | Kevin2 | Do you know of any docs for that cpu? Finding the irq and gpio registers is key. |
01:48.33 | ImCoKeMaN | i have seen a little documentation, but not the gpio registers....i did a ram dump though and if you can hit it from there with hex editor it might help |
01:48.42 | ImCoKeMaN | so what do you want in that txt file? |
01:49.11 | ImCoKeMaN | i haven't run it with a zimage |
01:51.18 | Kevin2 | Just create an empty file "earlyharetlog.txt" -- its presence triggers early logging in haret. |
01:51.54 | ImCoKeMaN | ok, well all it sent me was: ===== HaRET pre-0.4.9-20070730_201515 ===== |
01:53.34 | Kevin2 | haret didn't launch? |
01:54.52 | ImCoKeMaN | ok nevermind grabbed the file too early |
01:55.41 | Kevin2 | BTW, what do you mean by "soft bootloader"? |
01:57.03 | ImCoKeMaN | i want to make it possible to load custom WM6 rom's on the phone |
01:57.09 | ImCoKeMaN | they have done this with the hermes |
01:58.06 | ImCoKeMaN | after being able to load it to ram i'd need to use a modified SPL (bootloader) to flash the new rom to bypass CID and certificate checking |
01:58.55 | ImCoKeMaN | if all i get is a lot of device info though i will still consider it a successful endeavor, i'm always up for learning new stuff |
01:59.58 | Kevin2 | Okay. I think 'pof' did a lot of work with the bootloaders on other phones. |
02:00.45 | Kevin2 | Can you telnet into the phone and run "wi 1"? |
02:01.48 | ImCoKeMaN | should i delete that txt file before doing much else or does it matter? |
02:02.25 | Kevin2 | It doesn't really matter, but yeah, you can delete the earlyharetlog.txt file. |
02:03.13 | ImCoKeMaN | looks to be stopped at: Restoring windows exception handlers... |
02:03.59 | ImCoKeMaN | i sent the log to you |
02:04.54 | ImCoKeMaN | here's what i got from wi 1 |
02:04.57 | ImCoKeMaN | HaRET(1)# wi 1 |
02:04.57 | ImCoKeMaN | irq:8001af38@A02943F8=809a90c4 abort:8000104c@A02943F0=809a90e8 prefetch:8001aaa |
02:04.57 | ImCoKeMaN | 8@A02943EC=809a9114 data=80978000 sizes=c:000010a8,t:000350a8 |
02:04.57 | ImCoKeMaN | Beginning memory tracing. |
02:04.57 | ImCoKeMaN | Replacing windows exception handlers... |
02:04.57 | ImCoKeMaN | Finished installing exception handlers. |
02:05.01 | ImCoKeMaN | Restoring windows exception handlers... |
02:05.25 | Kevin2 | Did the phone lock up? |
02:05.28 | ImCoKeMaN | yup |
02:05.44 | ImCoKeMaN | it's reset now though |
02:06.38 | Kevin2 | Okay - probably because we don't have a cpuflushcache for your arm cpu type - that can be fixed. |
02:07.49 | ImCoKeMaN | Yay, i've been reading and reading and wasn't able to get very far on this one myself since i'm doing the trailblazing and haven't even used it before |
02:08.34 | Kevin2 | Can you run "dump cp(15)"? |
02:09.36 | ImCoKeMaN | EXCEPTION on access to coprocessor 15 register 8 |
02:09.36 | ImCoKeMaN | c00: 4107b364 | c08: ffffffff |
02:09.36 | ImCoKeMaN | c01: 0085387f | c09: fffffff0 |
02:09.36 | ImCoKeMaN | c02: 10290000 | c10: 00000000 |
02:09.36 | ImCoKeMaN | c03: 00000001 | c11: 00000003 |
02:09.43 | ImCoKeMaN | EXCEPTION on access to coprocessor 15 register 4 |
02:09.43 | ImCoKeMaN | EXCEPTION on access to coprocessor 15 register 12 |
02:09.43 | ImCoKeMaN | c04: ffffffff | c12: ffffffff |
02:09.43 | ImCoKeMaN | c05: 00000005 | c13: 18000000 |
02:09.50 | ImCoKeMaN | EXCEPTION on access to coprocessor 15 register 14 |
02:09.50 | ImCoKeMaN | c06: 083bb73c | c14: ffffffff |
02:09.50 | ImCoKeMaN | EXCEPTION on access to coprocessor 15 register 7 |
02:09.57 | ImCoKeMaN | c07: ffffffff | c15: 00000000 |
02:12.31 | Kevin2 | That's really interesting - you're getting exceptions on cp15 accesses. |
02:13.47 | Kevin2 | Can you run "addlist gpios cpsr" and then "watch gpios" |
02:14.47 | ImCoKeMaN | did you get that? i kinda scrolled some...i also have a page from work this might be ~15 mins to dial in and check it |
02:15.18 | ImCoKeMaN | Beginning memory tracing. |
02:15.18 | ImCoKeMaN | Watching GPIOS(00): Insn e10f0000 |
02:15.18 | ImCoKeMaN | 000000: insn e10f0000=2000011f (00000000) |
02:16.18 | Kevin2 | I got the cp15 registers if that is what you are asking. |
02:21.43 | ImCoKeMaN | ok i'll just do some multi-tasking here since the page from work isn't descriptive and i have to wait for user to email back |
02:22.51 | Kevin2 | So, haret can do quite a bit to explore the device. It can read/write to memory. It can also "watch" what reads and writes wm makes to memory - it can also "watch" interrupts that the hardware generates. |
02:23.11 | Kevin2 | Without chipset docs, however, it will be an uphill battle. The only think I can think of is to start disassembling things. |
02:24.25 | Kevin2 | The omap850 processor is in a similar state. It doesn't have chipset docs (though it is supposed to be similar to an earlier omap processor). The phones using that chipset have been idle on the dev front for a couple years now. |
02:26.13 | ImCoKeMaN | hmm ok |
02:27.12 | ImCoKeMaN | i was wondering how to set it to start execution of code at a specific ram address |
02:28.57 | Kevin2 | How to make haret jump to a code address? |
02:30.45 | ImCoKeMaN | yes |
02:31.19 | ImCoKeMaN | probably something quite simple for people that were using it, and i thought i saw it once, but haven't been able to find it after i got what i wanted to test |
02:31.37 | Kevin2 | Hrmm. That isn't implemented. You could modify haret to jump to an address pretty easily. |
02:31.55 | ImCoKeMaN | Also i'm not sure what exact info i need to be able to do the recompiling...(same track i see) |
02:32.21 | ImCoKeMaN | i dled a lot from the CVS, but my VS2005 was puking whenever i tried to compile |
02:32.31 | Kevin2 | If you want to run the bootloader again, you probably need to disable the MMU. In that case, you want to look at what the linux bootloader does - see src/linboot.cpp |
02:32.48 | Kevin2 | We now compile with cegcc - see the directions in the INSTALL file. |
02:33.23 | Kevin2 | Do you have linux? (Everyone else compiles haret via linux.) If not, it should work from a cygwin environment, but no one has tried it. |
02:35.04 | ImCoKeMaN | alright i guess i'll do the haret work through that |
02:35.36 | ImCoKeMaN | i'd probly start up with knoppix or load it on one of my other boxes though |
02:36.10 | Kevin2 | Yeah, you are better off trying to get it to run under linux. The compile steps are pretty straight forward. |
02:37.54 | ImCoKeMaN | might as well not complicate the trailblazing too much |
02:38.34 | ImCoKeMaN | by the way thank you for your help so far, i have a feeling i'll be needing quite a bit =) |
02:38.51 | Kevin2 | No problem. |
02:40.24 | ImCoKeMaN | are there any other things i can run that will get a little more beggining info that might be needed? |
02:41.04 | Kevin2 | try "help" and "help dump". there are a bunch of process oriented commands you can play with (eg, "ps" and "lsmod"). |
02:42.40 | ImCoKeMaN | yeah ps doesn't work |
02:43.03 | ImCoKeMaN | Unable to create tool help snapshot |
02:43.17 | Kevin2 | Okay, that is odd. |
02:48.19 | ImCoKeMaN | the lsmod works fine though |
02:52.49 | Kevin2 | Can you try: http://handhelds.org/~koconnor/haret/haret-20070801.exe -- It should detect an "arm v6" cpu now. |
03:01.05 | Kevin2 | ImCoKeMaN: Actually, can you try http://handhelds.org/~koconnor/haret/haret-20070801b.exe -- I think this may fix "ps" but I'm not sure. |
03:04.12 | ImCoKeMaN | the "b" version worked with ps! |
03:04.29 | ImCoKeMaN | both versions detect it as generic ARM v6 |
03:05.31 | Kevin2 | Cool. Can you see if "wi 1" works now? (Very good chance it will still lockup the phone..) |
03:05.44 | ImCoKeMaN | HaRET(2)# wi 1 |
03:05.54 | ImCoKeMaN | irq:8001af38@A02943F8=809a70c4 abort:8000104c@A02943F0=809a70e8 prefetch:8001aaa |
03:05.54 | ImCoKeMaN | 8@A02943EC=809a7114 data=80976000 sizes=c:000010a8,t:000350a8 |
03:05.54 | ImCoKeMaN | Beginning memory tracing. |
03:05.54 | ImCoKeMaN | Replacing windows exception handlers... |
03:05.54 | ImCoKeMaN | Finished installing exception handlers. |
03:05.54 | ImCoKeMaN | Restoring windows exception handlers... |
03:05.54 | ImCoKeMaN | Finished restoring windows exception handlers. |
03:05.54 | ImCoKeMaN | Handled 1002 irq, 376 abort, 71 prefetch, 0 lost, 0 errors |
03:05.54 | ImCoKeMaN | HaRET(3)# |
03:06.35 | Kevin2 | Excellent! |
03:07.29 | Kevin2 | So, you now have the ability to watch irqs and trace reads and writes that wm makes. Of course, you still need to know which addresses have meaning. |
03:08.17 | ImCoKeMaN | i tried the watching GPIOs again and got a diff error: |
03:08.17 | ImCoKeMaN | HaRET(4)# addlist gpios cpsr |
03:08.17 | ImCoKeMaN | HaRET(5)# watch gpios 10 |
03:08.17 | ImCoKeMaN | Beginning memory tracing. |
03:08.17 | ImCoKeMaN | Watching GPIOS(00): Insn e10f0000 |
03:08.17 | ImCoKeMaN | 000000: insn e10f0000=2000011f (00000000) |
03:08.17 | ImCoKeMaN | 000000: insn e10f0000=2000001f (00000100) |
03:08.17 | ImCoKeMaN | Terminating haret due to unhandled exception (pc=1828fb2c) |
03:08.29 | Kevin2 | Oh, another good command to run is "dump mmu". This will show the mmu table. There is a lot of output there. You might want to post "dump mmu 1" - it has less info. |
03:12.24 | Kevin2 | Hrmm. That is strange - the pc looks like it is in a library routine. Not sure why it would do that. |
03:13.12 | Kevin2 | Note though, the cpsr is just the processor status register - I was using the watch gpios thing just as a round about way to query that register. It doesn't make much sense to "watch" it. You'll need to find the gpio addresses to really make use of the "watch gpios" stuff. |
03:15.07 | ImCoKeMaN | yeah i'm thinking if i can find the GPIO info for a few of the button presses it would help me see where to start in the phone SPL also |
03:24.14 | Kevin2 | Well, you can look through the output of "dump mmu 1" and then try to guess where the important registers are by watching interesting looking address ranges. |
03:26.06 | Kevin2 | You'll likely get a lot of traffic though - gpios, irqs, ssp, etc. are all pretty high volume. Not sure how one could tell them apart. |
03:27.17 | Kevin2 | Disasembling the first part of the bootloader may help too - the boot loader usually fiddles with the gpios early in the boot. |
03:32.58 | ImCoKeMaN | yep, i'll need to do a lot of learning and testing. So what's the best method for posting the info? is there a section to post for the Titan? |
03:34.57 | Kevin2 | Two wiki sites - handhelds.org or xda-developers.com - both are pretty good, but I prefer handhelds.org because it seems to have better ping times for me. |
03:35.23 | Kevin2 | You can peruse through the other phones that are there. People generally post all the info they find as they find it. |
03:35.29 | ImCoKeMaN | I'll try the handhelts org one. i'm generally hanging around the PPCGeeks forum (started with teh Apache) and i'll probably add info there, but there aren't too many there that will be looking at Haret, i do go to XDA also, but they are generally for the GSM devices |
03:36.15 | Kevin2 | Yeah. I have a 6700 also (and I ported linux to it). I found the handhelds.org site better for cdma. |
03:40.42 | ImCoKeMaN | good work on the port the phone part has been given up on huh? |
03:42.10 | Shadowmite | kevin was a regular of my channel back then in his early porting days |
03:42.22 | Shadowmite | heh, back when we still had rayban, phazen and luke around |
03:42.23 | Shadowmite | :( |
03:42.36 | Shadowmite | it's been so hard to get myself motivated lately |
03:42.43 | Kevin2 | Too time intensive. I'm not really into disassembly. |
03:42.49 | Kevin2 | Hi Shadowmite. |
03:43.13 | Shadowmite | heya man... I'm still getting to the trinity port... give me time |
03:43.15 | Shadowmite | lol |
03:43.24 | Shadowmite | learning arm native programming now |
03:47.44 | ImCoKeMaN | sounds like a useful thing to learn |
03:48.55 | Shadowmite | it's been holding me back for quite a while not knowing a lot about it |
03:50.25 | ImCoKeMaN | i'm gonna need to learn a lot more about IDA and assembly, i only did a little bit in comp sci |
04:06.35 | *** join/#htc-linux ltxdaMBL (n=ltxdaMBL@mea0cfa48.tmodns.net) |
04:13.36 | Kevin2 | Good night. |
04:20.56 | ImCoKeMaN | night kevin, thanks again! |
05:36.01 | *** join/#htc-linux sadeness_ (n=LamersIn@nat1.rlan.ru) |
05:40.24 | *** part/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz) |
07:14.00 | *** join/#htc-linux rob_w (n=bob@Mb936.m.pppool.de) |
08:31.51 | *** join/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt) |
08:42.19 | *** join/#htc-linux dion (n=dion@inhex.net) |
10:33.37 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
11:56.53 | *** part/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt) |
12:26.31 | *** join/#htc-linux drummer10630 (n=rubic@202.69.162.139) |
12:36.21 | *** part/#htc-linux drummer10630 (n=rubic@202.69.162.139) |
13:48.45 | SniZ | http://i109.photobucket.com/albums/n62/WG2006_2006/cut/a4c7a017a7f1876b1b97c0562ffa3974.jpg |
14:46.16 | *** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org) |
15:18.54 | *** join/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt) |
15:30.07 | *** join/#htc-linux robotician (n=dale@usr016.bb275-03.udp.im.wakwak.ne.jp) |
15:30.52 | *** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org) |
15:53.21 | *** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org) |
16:24.21 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
16:24.58 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
16:28.40 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
16:47.27 | *** join/#htc-linux RoEn (n=roen@p54A67E56.dip.t-dialin.net) |
17:02.18 | *** join/#htc-linux scorpio16v (n=scorpio1@f048207254.adsl.alicedsl.de) |
17:06.28 | *** join/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz) |
17:07.18 | *** part/#htc-linux scorpio16v (n=scorpio1@f048207254.adsl.alicedsl.de) |
17:19.08 | *** join/#htc-linux pH5 (n=ph5@e178204236.adsl.alicedsl.de) |
17:20.00 | *** join/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz) |
17:24.41 | *** part/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt) |
17:35.25 | *** join/#htc-linux robotician (n=dale@usr016.bb275-03.udp.im.wakwak.ne.jp) |
18:20.56 | *** join/#htc-linux dion (n=dion@inhex.net) |
19:24.53 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
19:28.23 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
19:36.38 | *** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com) |
20:18.11 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) [NETSPLIT VICTIM] |
20:18.11 | *** join/#htc-linux TBBle (n=tbble@2001:388:f000:0:0:0:0:2d) [NETSPLIT VICTIM] |
20:18.11 | *** join/#htc-linux the_sys0p (n=the_sys0@cpe-66-75-196-173.bak.res.rr.com) [NETSPLIT VICTIM] |
20:23.53 | *** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) [NETSPLIT VICTIM] |
20:23.53 | *** join/#htc-linux TBBle (n=tbble@2001:388:f000:0:0:0:0:2d) [NETSPLIT VICTIM] |
20:23.53 | *** join/#htc-linux the_sys0p (n=the_sys0@cpe-66-75-196-173.bak.res.rr.com) [NETSPLIT VICTIM] |
21:17.16 | *** join/#htc-linux ImCoKeMaN (n=imcokema@pool-71-251-148-185.hrbgpa.fios.verizon.net) |
21:30.04 | *** join/#htc-linux AdamPal (n=adam@adam.loc2.apnicsolutions.com) |
21:30.25 | AdamPal | Hello there, please help! I think I have bricked my poor HERMES |
21:30.44 | AdamPal | Boot up goes straight to RGB screen |
21:30.50 | AdamPal | HERM300, IPL-1.01, SPL-1.40.Olipro |
21:31.06 | *** join/#htc-linux wireddd (n=wired@97-81-78-105.dhcp.athn.ga.charter.com) |
21:37.08 | AdamPal | Anyone here? |
22:08.33 | *** join/#htc-linux bd2 (n=cbou@89.113.85.104) |
22:09.10 | AdamPal | Please? Someone? |
22:35.28 | *** join/#htc-linux BabelO (n=Fabrice@lun34-2-82-238-28-28.fbx.proxad.net) |
22:36.49 | BabelO | hi |
22:38.25 | BabelO | ljp around ? |
22:39.05 | ImCoKeMaN | there is a program on the xda wiki called uni exit bootloader that should fix it |
22:39.47 | Shadowmite | or just set 14 0 |
22:39.49 | Shadowmite | :) |
22:40.03 | BabelO | hi ImCoKeMaN |
22:40.07 | BabelO | hi Shadowmite |
22:40.12 | ImCoKeMaN | hey |
22:40.22 | BabelO | ImCoKeMaN: that's you with qualcom ? |
22:40.48 | BabelO | yes ;) |
22:41.09 | ImCoKeMaN | the msm7500? |
22:41.10 | ImCoKeMaN | yeah |
22:42.15 | BabelO | ah it is only cdma :( |
22:42.35 | ImCoKeMaN | well, to me its not "only" cdma... |
22:42.52 | BabelO | yes, i know, sorry ;) |
22:43.18 | ImCoKeMaN | but i know why many feel that way =) |
22:43.19 | BabelO | i just say that because i read that kevin2 say it is like omap850 |
22:44.49 | ImCoKeMaN | i thouhgt i saw something in documentation about GSM, but i'm not really sure...not too much out there yet |
22:45.14 | BabelO | there is some people that have some success with omap850 gsm |
22:47.35 | ImCoKeMaN | well i'm just starting to learn the haret stuff, but i also have an apache that i can use to practice on |
22:51.27 | ImCoKeMaN | it's crazy how fast kevin modded the haret for the msm7500 |
22:52.08 | BabelO | yes, i see that , very very fast ;) |
22:54.11 | BabelO | i have an omap850 based phone now... |
22:55.15 | ImCoKeMaN | wizard? |
22:55.49 | BabelO | no, at start it was a htc touch, and it finsh with a artemis :) |
22:56.53 | ImCoKeMaN | cool |
22:59.53 | ljp | Babel0: pong |
22:59.56 | BabelO | yes, now need some linux kernel compile |
22:59.59 | BabelO | hi ljp |
23:01.09 | BabelO | ljp: i have a problem with dialer.xml file today... i don't understand the use of keypad="xxx" |
23:08.55 | ljp | that means if you are in keypad mode, the dialer wont show |
23:09.15 | ljp | if ="no" |
23:10.09 | BabelO | ljp: ok, i ve done something wrong with that :( when i resuse the xml, load always fails because of that |
23:13.17 | ljp | hmm |
23:17.14 | BabelO | ljp: i also write some lines for the trolltech greenphone about a small software i want to do ;) |
23:17.57 | BabelO | but need to finish this app i have some time soon to do that |
23:28.13 | BabelO | good night |