| 00:05:57 | | Quit munch (Excess Flood) |
| 00:07:34 | | Join munch` [0] (pls@gateway/shell/elitebnc/x-lcmqwnvlshujxkct) |
| 00:13:12 | | Quit lebellium (Quit: ChatZilla 0.9.92 [Firefox 49.0.2/20161019084923]) |
| 00:59:23 | | Nick tombflint is now known as tomflint (~tomflint@unaffiliated/tomflint) |
| 01:00 |
| 01:40:56 | *** | Saving seen data "./dancer.seen" |
| 02:00 |
| 02:05:23 | | Quit robertd (Ping timeout: 260 seconds) |
| 02:15:20 | | Quit ender` (Quit: "I'm the head wizard now. I've only got to give an order and a thousand wizards will ... uh ... disobey, come to think of it, or say 'What?', or start to argue. But they have to take notice." — Archchancellor (Terry Pratchett: Lords and Ladies)�) |
| 02:43:43 | | Quit ZincAlloy (Quit: Leaving.) |
| 03:00 |
| 03:40:58 | *** | Saving seen data "./dancer.seen" |
| 03:44:46 | | Join Galois [0] (~djao@efnet.math.uwaterloo.ca) |
| 03:52:59 | | Nick ruhans is now known as dave_roberts (uid76353@gateway/web/irccloud.com/x-hbtvglayjfwzthfe) |
| 03:55:42 | | Nick dave_roberts is now known as aaron_rodgers (uid76353@gateway/web/irccloud.com/x-hbtvglayjfwzthfe) |
| 03:55:56 | | Nick aaron_rodgers is now known as ruhans (uid76353@gateway/web/irccloud.com/x-hbtvglayjfwzthfe) |
| 04:00 |
| 04:09:02 | | Join krabador [0] (~krabador@unaffiliated/krabador) |
| 04:19:35 | | Join shamus [0] (~shmaus@ip-206-192-195-210.marylandheights.ip.cablemo.net) |
| 05:00 |
| 05:41:01 | *** | No seen item changed, no save performed. |
| 06:00 |
| 06:00:45 | | Quit krabador (Remote host closed the connection) |
| 06:12:38 | duo8 | pamaury dumped m2 ipl: https://my.mixtape.moe/flvvfz.bin |
| 06:53:48 | | Quit TheSeven (Ping timeout: 245 seconds) |
| 06:54:09 | | Join TheSeven [0] (~quassel@rockbox/developer/TheSeven) |
| 07:00 |
| 07:41:04 | *** | Saving seen data "./dancer.seen" |
| 08:00 |
| 08:11:08 | | Join wodz [0] (~wodz@89-77-223-98.dynamic.chello.pl) |
| 09:00 |
| 09:22:21 | goethe | l |
| 09:28:40 | | Quit wodz (Ping timeout: 250 seconds) |
| 09:32:29 | | Join petur [0] (~petur@rockbox/developer/petur) |
| 09:41:08 | *** | Saving seen data "./dancer.seen" |
| 09:44:38 | | Quit Ivoah (Quit: Connection closed for inactivity) |
| 10:00 |
| 10:05:47 | | Quit sbach (Quit: ZNC 1.7.x-git-631-88a8675 - http://znc.in) |
| 10:06:01 | | Join sbach [0] (~sbach@107.189.42.74) |
| 10:07:17 | | Part sbach |
| 10:09:22 | | Join krikkit [0] (~krikkit@107.189.42.74) |
| 10:31:55 | | Join ender` [0] (krneki@foo.eternallybored.org) |
| 10:38:54 | | Join lebellium [0] (~chatzilla@89-93-177-91.hfc.dyn.abo.bbox.fr) |
| 11:00 |
| 11:31:48 | | Join pamaury [0] (~pamaury@rockbox/developer/pamaury) |
| 11:32:31 | pamaury | duo8: thanks, I'll have a look at it |
| 11:37:21 | | Join Rasi [0] (~carnager@archlinux/support/rasi) |
| 11:37:36 | Rasi | hi. has anyone tried lately to submit a .scrobbler.log file? |
| 11:37:45 | Rasi | qtscrob claims it worked. but no scrobbles appear |
| 11:41:10 | *** | Saving seen data "./dancer.seen" |
| 11:48:46 | duo8 | pamaury do all these players use the same chinachip fw? |
| 12:00 |
| 12:00:25 | pamaury | chinachip? |
| 12:01:05 | pamaury | I wouldn't know for sure until I have a look at the firmare. But a good guess is that if they use the "standard" ingenic fw file format, they are based on the same sdk |
| 12:01:13 | duo8 | i saw it on the wiki, about them being based on a fw by chinachip |
| 12:01:40 | duo8 | do you think these fw are well written/optimized? |
| 12:02:19 | duo8 | my m2 gets warm after 10-20m of playback, a 2200 mAh battery only gives 10h playback |
| 12:02:28 | duo8 | i wonder if they have freq scale |
| 12:06:59 | pamaury | ah yeah, probably they bought chinachip and reused their firmware. I have no idea if they are well optimized or not |
| 12:07:29 | pamaury | the soc supposedly has the capability to be efficient but maybe the DAC and amplifiers are draining most of the energy |
| 12:16:19 | pamaury | it always depends on the voltage, I am not sure the jz4760b soc can scale voltage, and if the pmu delivers a fixed voltage, it can be quite wasteful too |
| 12:34:08 | | Join ZincAlloy [0] (~Adium@2a02:8108:8b80:1700:fc84:cddd:f44b:e5e5) |
| 12:41:05 | duo8 | iirc the pmu is some axp pmu |
| 12:41:21 | duo8 | same thing used on those allwinner SBCs i think |
| 12:47:39 | duo8 | it's axp202 |
| 12:51:16 | duo8 | also a fidelix flash i think |
| 13:00 |
| 13:00:09 | | Quit cc___ (Quit: WeeChat 1.6) |
| 13:00:18 | | Join cc___ [0] (~ac@2001:910:113f:1:6a05:caff:fe1c:1627) |
| 13:00:39 | | Quit cc___ (Client Quit) |
| 13:01:29 | | Join cc___ [0] (~ac@2001:910:113f:1:6a05:caff:fe1c:1627) |
| 13:04:08 | | Join edhelas [0] (~edhelas@145.133.43.230) |
| 13:04:14 | | Quit idonob (Ping timeout: 256 seconds) |
| 13:04:39 | | Quit edhelas (Client Quit) |
| 13:04:47 | | Join edhelas [0] (~edhelas@145.133.43.230) |
| 13:06:28 | | Join idonob [0] (~Owner@S010610c37b922980.vs.shawcable.net) |
| 13:23:25 | | Quit idonob (Ping timeout: 244 seconds) |
| 13:29:12 | | Join foodev [0] (~debian@2607:fcc8:8d81:aff0:a00:27ff:feff:f4be) |
| 13:30:01 | | Join idonob [0] (~Owner@S010610c37b922980.vs.shawcable.net) |
| 13:41:14 | *** | Saving seen data "./dancer.seen" |
| 13:42:26 | pamaury | duo8: probably depends on the device. The PCB scan of the Fiio X1 first gen don't show any sign of a pmu |
| 14:00 |
| 14:09:27 | | Quit edhelas (Ping timeout: 250 seconds) |
| 14:10:28 | | Join edhelas [0] (~edhelas@145.133.43.230) |
| 14:17:24 | | Quit petur (Remote host closed the connection) |
| 14:35:12 | | Quit dfkt (Disconnected by services) |
| 14:35:22 | | Join dfkt_ [0] (~dfkt@unaffiliated/dfkt) |
| 15:00 |
| 15:05:47 | | Quit edhelas (Ping timeout: 250 seconds) |
| 15:07:40 | | Join edhelas [0] (~edhelas@145.133.43.230) |
| 15:41:17 | *** | Saving seen data "./dancer.seen" |
| 15:45:56 | | Join paulk-minnie [0] (~paulk@2a01:e35:8be2:c390:f3c6:add7:ded0:a978) |
| 16:00 |
| 16:08:30 | | Quit krnlyng (Ping timeout: 256 seconds) |
| 16:18:21 | | Join krnlyng [0] (~liar@178.112.181.185.wireless.dyn.drei.com) |
| 16:38:09 | | Quit krnlyng (Quit: krnlyng) |
| 16:42:41 | | Join krnlyng [0] (~liar@178.112.181.185.wireless.dyn.drei.com) |
| 16:44:59 | | Join robertd [0] (be4afde0@gateway/web/freenode/ip.190.74.253.224) |
| 16:54:02 | | Join cryham_ [0] (~cryham@ip-94-42-251-26.multimo.pl) |
| 16:57:11 | | Quit cryham (Ping timeout: 265 seconds) |
| 16:57:16 | | Nick cryham_ is now known as cryham (~cryham@ip-94-42-251-26.multimo.pl) |
| 16:58:40 | | Quit edhelas (Quit: Leaving.) |
| 17:00 |
| 17:00:09 | | Join edhelas [0] (~edhelas@145.133.43.230) |
| 17:06:48 | | Quit edhelas (Quit: Leaving.) |
| 17:38:57 | | Join wodz [0] (~wodz@89-77-223-98.dynamic.chello.pl) |
| 17:41:21 | *** | Saving seen data "./dancer.seen" |
| 17:46:16 | | Quit wodz (Ping timeout: 252 seconds) |
| 17:48:14 | | Quit munch` (Quit: Let's blast this shit and get naked) |
| 17:48:35 | | Join munch [0] (pls@gateway/shell/elitebnc/x-nviwfhcjkxzofrvf) |
| 18:00 |
| 18:21:29 | | Quit dfkt_ (Quit: SIC GORGIAMVS ALLOS SVBJECTATOS NVNC.) |
| 18:21:53 | | Join dfkt [0] (~dfkt@unaffiliated/dfkt) |
| 18:43:37 | pamaury | rogeliodh: I'm disassembling the IPL of the M2 to extract the parameters to dump the SPL. At first sight there are a few differences |
| 18:53:26 | pamaury | err sorry du8 |
| 18:53:34 | pamaury | I'll work on the fiiox1ii just after |
| 18:54:03 | pamaury | duo8: this is what I came up with: https://gist.github.com/pamaury/e322310d4b27496c7075d560770dd7ec |
| 18:56:54 | pamaury | I hope I got the parameters right |
| 18:59:12 | pamaury | rogeliodh: I had a quick look at the IPL of the Fiio X1 gen 2, and it is not the same as the standard ingenic SDK. It seems to be a U-Boot IPL. |
| 19:00 |
| 19:00:44 | pamaury | I guess the easiest option is to ask Fiio the code. Otherwise I can disassemble it to find the parameters. But I am not sure if it very important to do so or not. Since the SPL will be U-boot, it is probably not doing any major init, and thus analyzing the kernel / rootfs is probably much more interesting |
| 19:00:52 | pamaury | having the source of the kernel could be useful |
| 19:01:41 | | Quit maraz (Remote host closed the connection) |
| 19:08:41 | duo8 | what is the soc inside the x1II? still jz4760? |
| 19:10:54 | pamaury | yes apparently |
| 19:11:34 | duo8 | btw pamaury it's shanling not shangling, in case you or someone want to make a wiki page |
| 19:12:02 | pamaury | ah sorry about that ;) |
| 19:12:24 | pamaury | If you manage to dump the SPL, I am quite interested |
| 19:12:55 | duo8 | ok gonna try |
| 19:12:56 | pamaury | next week I will try to resume the work on the jz4760b/fiiox1 port |
| 19:14:15 | duo8 | was the xduoo x3 port independant? or was it based on your research? |
| 19:14:52 | | Join maraz [0] (maraz@kapsi.fi) |
| 19:16:40 | pamaury | it was independent, also it's a linux-based device, so my reverse engineering work doesn't apply (so in a way it's closer to the fiio x1ii). But I didn't want to merge it in our trunk rigth away because the guy doesn't want to maintain the port and I don't want to integrate code I don't like / want to support / is copy-pasted from random ingenic sources |
| 19:17:19 | duo8 | wow, spl is taking a while |
| 19:17:20 | pamaury | My plan was (still is) to redo the core jz4760b stuff but keep his xduoo x3 specific code |
| 19:17:38 | pamaury | duo8: yeah dumping via usb this way is not exactly quick ;) |
| 19:19:09 | duo8 | rockbox runs on hw on the x3 right? not as a linux program? |
| 19:19:22 | pamaury | yeah it runs on hardware |
| 19:19:25 | krikkit | pamaury: hey! count me in for helping, but with the fiiox3 port, next week! |
| 19:19:55 | krikkit | (2nd gen) |
| 19:19:55 | pamaury | krikkit: if you are free next week, we could start dumping the IPL and SPL on the fiiox3 too |
| 19:20:34 | krikkit | pamaury: next week looks perfect for me, still have quite some work to do before then |
| 19:20:42 | pamaury | hopefully the basic stuff is similar and as soon as we have basic stuff running like screen and buttons, more people can help with each device |
| 19:22:30 | duo8 | pamaury m2 spl: https://my.mixtape.moe/tebwqv.bin |
| 19:23:29 | duo8 | i find it funny that the LO jack cover is also a pin for pushing the reset button. It's like some sort of implication |
| 19:24:25 | pamaury | duo8: thanks, give me a minute to confirm the dump is ok |
| 19:25:52 | pamaury | duo8: it looks correct |
| 19:25:59 | | Quit paulk-minnie (Quit: Leaving) |
| 19:26:35 | duo8 | iirc you said spl does most hw init right? |
| 19:27:41 | pamaury | it does LCD init for sure. Technically the main firmware can leave this task to the SPL and never reinit, but I find it useful to have the sequence anyway. It's also a good place to determine if there are several hardware revision. |
| 19:28:18 | krikkit | pamaury: if you are interested in fiiox3 2nd gen pics, I just uploaded some more: http://imgur.com/a/PkzqR |
| 19:28:22 | pamaury | And on the Fiio X1, there is a hidden feature that is very useful: if you put a file named "factory.x1" at the root of the SD, and boot pressing the back button, it will load and run this file. This is very useful to do some tests |
| 19:28:40 | pamaury | krikkit: do you have wiki access? |
| 19:29:05 | pamaury | if not, can I upload them to our wiki? |
| 19:30:08 | krikkit | pamaury: nope, do not have access. Feel free to upload :) |
| 19:30:28 | krikkit | in the mean time I'll open an account |
| 19:31:30 | pamaury | duo8: At first sight, the M2 uses a slightly different code, it looks at the file call tf_upgrade.ini in the rootfs to see if it should upgrade or not. So I guess one has to trigger the upgrade using the system menu? |
| 19:33:31 | pamaury | krikkit: you imgur link does not seem to work |
| 19:34:36 | krikkit | pamaury: I reloaded the webpage, turned blank... |
| 19:34:48 | pamaury | same here |
| 19:35:07 | duo8 | pamaury yes, that file when i extracted it has "0" inside |
| 19:35:48 | pamaury | duo8: apparently, at a *very* first sight, the upgrade filename is indeed m2.fw and if you put a factory.m2 file at the root and press *some key*, it will run it |
| 19:36:01 | pamaury | so same as the fiio, good news |
| 19:36:14 | duo8 | my number one wish for this device is probably faster return from lock, why does it take like 2s? |
| 19:37:01 | pamaury | can't say for sure, but the boot process is slow on this device, the nand code is really suboptimal to say the least |
| 19:37:14 | duo8 | pamaury run it as in run the sys file inside? |
| 19:37:18 | duo8 | or just a binary? |
| 19:37:22 | pamaury | just a binary |
| 19:37:25 | pamaury | scrambled |
| 19:37:36 | pamaury | but we have the (un)scrambler |
| 19:38:04 | duo8 | pamaury i think it has to do with lcd, track skipping is instant when locked |
| 19:38:14 | pamaury | duo8: if you want, you can try to find that magic boot button. To do so, remove the sd card, hold a key and press the boot button. If it's a right one, it should display a message like "recovery" or "insert sd card". |
| 19:38:59 | duo8 | not sure if you'd know, but how does the fiio update screen looks like? |
| 19:39:24 | pamaury | err, I don't remember but I can check later, why? |
| 19:39:43 | pamaury | I think it's just a black screen with a text saying "upgrading..." |
| 19:40:10 | duo8 | if it has a progress bar then it's pretty much the same as this one |
| 19:40:50 | duo8 | pamaury press the boot button or hold? |
| 19:41:21 | pamaury | duo8: hold it for a few seconds |
| 19:41:22 | *** | Saving seen data "./dancer.seen" |
| 19:41:35 | pamaury | duo8: I'll check later, but my guess is that it is the same |
| 19:42:37 | duo8 | power + play gives "waiting sdcard" |
| 19:42:52 | pamaury | that's it! |
| 19:42:56 | krikkit | pamaury: uploading now: ftp://0g.re/fiiox3ii/ |
| 19:43:08 | pamaury | duo8: do you have wiki access? |
| 19:43:08 | duo8 | if i insert, "update file not found" then a reboot |
| 19:43:31 | duo8 | i don't even have an account, and i kinda don't want to use real name |
| 19:44:03 | pamaury | ok, so I'll create a page for the M2 |
| 19:44:07 | pamaury | with this information |
| 19:44:47 | duo8 | btw, the shanling fb page has pcb shots, though not complete |
| 19:44:55 | duo8 | i can't open mine for the time being |
| 19:46:47 | pamaury | duo8: which button is used to enter recovery mode on the M2? |
| 19:50:14 | duo8 | power + play |
| 19:54:49 | duo8 | has anyone ever figured out how sandisk managed to make a gui with just the atj? |
| 19:58:13 | pamaury | duo8: yeah, they use some kind of "bank switching" |
| 19:58:53 | duo8 | to draw to screen? |
| 19:58:55 | pamaury | basically the firmware is cut into many pieces and the compiler (I guess) generates code to switch to different pieces when jumping out the current unit |
| 19:59:10 | pamaury | which is slow and painful to write |
| 20:00 |
| 20:00:21 | * | pamaury goes for dinner |
| 20:00:39 | duo8 | pamaury why do you have so many devices? |
| 20:01:35 | lebellium | yeah why? |
| 20:01:39 | lebellium | that's useless! |
| 20:09:25 | krikkit | pamaury: got 10 mins to make something to dump the filetable of my fiiox3ii firmware. Got the location of sys.bin. Would you like it? |
| 20:39:14 | rogeliodh | pamaury: OK, I already emailed Fiio requesting the source code but they haven't answered anything.. maybe you could try too (I think you have some contact already) |
| 20:40:34 | pamaury | krikkit: are there publicly available firmware upgrades for te fiio x3ii ? |
| 20:41:05 | pamaury | duo8: I bought a lot of them second hand when they were cheap, to see if I could do a port |
| 20:41:24 | rogeliodh | btw, what do you use to disassemble the IPL? (a command line sample would help me a lot, I don't have much experience with MIPS and firmwares) |
| 20:41:53 | krikkit | pamaury: on the fiio forums, the company released the firmware(s) (current version 2.0), open access. |
| 20:42:26 | krikkit | pamaury: nice packtools btw, I was trying to do things the hard way but you app does all the job! |
| 20:44:01 | pamaury | rogeliodh: I use IDA |
| 20:44:05 | krikkit | pamaury: latest firmware I am running and that I just `unpack`'ed: http://fiio.me/forum.php?mod=viewthread&tid=41365 |
| 20:44:42 | pamaury | krikkit: I wrote an unpacker for fiio firmware |
| 20:44:48 | pamaury | it is in our trunk |
| 20:45:12 | krikkit | pamaury: 'just used it, perfect tool ;) |
| 20:48:33 | pamaury | great :) So I'll download the firmware upgrade from their forum directly |
| 20:50:04 | krikkit | pamaury: the sys.bin: ftp://trantor.0g.re/firmware/unpack/ |
| 20:55:27 | pamaury | krikkit: do you run linux? Could you help dumping the IPL and SPL for the Fiio X3ii ? |
| 20:56:30 | pamaury | duo8: just read again, I am confused: power+play gives hardware recovery mode or the "insert sd card" one ? |
| 20:56:39 | krikkit | yes. sure, got around 20m of free time |
| 20:59:15 | pamaury | krikkit: you need linux + git + some dev libs, nothing too fancy |
| 21:00 |
| 21:00:49 | krikkit | no worries, tell me what to do ;) |
| 21:01:06 | pamaury | clone our repository |
| 21:01:07 | goethe | hi guys |
| 21:01:27 | krikkit | pamaury: done |
| 21:01:53 | pamaury | checkout g#1368 |
| 21:01:55 | fs-bluebot | Gerrit review #1368 at http://gerrit.rockbox.org/r/1368 : hwstub: add various jz stuff and xburst tests by Amaury Pouly |
| 21:01:55 | pamaury | using: |
| 21:01:56 | pamaury | git fetch git://git.rockbox.org/rockbox refs/changes/68/1368/2 && git checkout FETCH_HEAD |
| 21:02:27 | krikkit | ok |
| 21:02:34 | pamaury | then go to utils/hwstub/tools and run: |
| 21:02:34 | pamaury | make -C ../lib |
| 21:02:34 | pamaury | make |
| 21:03:35 | * | pamaury feels it won't compile because of some error fixed in trunk but on in the gerrit patch |
| 21:05:39 | krikkit | getting the dependencies as it builds |
| 21:06:18 | krikkit | ok it's built |
| 21:06:25 | rogeliodh | doing a "git rebase master" after the git checkout FETCH_HEAD fixes the problem with lib |
| 21:06:42 | pamaury | I just rebased the gerrit task, now compile issue should be gone |
| 21:06:52 | pamaury | krikkit: ok good, wait a second |
| 21:08:53 | pamaury | krikkit: download this file: https://gist.github.com/pamaury/d0e836b8b13cc73ce53c0285cadce373 |
| 21:09:07 | pamaury | and put it at utils/hwstub/tools/lua/fiiox3ii.lua |
| 21:11:01 | krikkit | done |
| 21:11:07 | pamaury | then put your device in recovery mode and plug it to the computer (usually you do that by powering it off, holding the play button and insert the usb cable while keeping the button pressed) |
| 21:11:18 | pamaury | when done, run the following command as root/sudo from utils/hwstub/tools: |
| 21:11:18 | pamaury | ./hwstub_shell -f lua/fiiox3ii.lua -e "FIIOX3II.dump()" |
| 21:13:42 | rogeliodh | pamaury: did you see my change to jz_handle::probe() from yesterday? https://gist.github.com/rogeliodh/8e6d29fbc6776e2ebddb9b4b5f3e7c9c |
| 21:14:01 | pamaury | rogeliodh: not sorry, I must have missed it |
| 21:14:52 | pamaury | rogeliodh: ah nice catch, indeed it was returning garbage |
| 21:15:02 | rogeliodh | yes, maybe krikkit will hit that bug |
| 21:15:31 | krikkit | rogeliodh: will keep you updated if I do. |
| 21:15:45 | | Quit robertd (Quit: Page closed) |
| 21:16:01 | krikkit | pamaury: usb device not detected, I am going to look for the proper boot buttons to push |
| 21:16:06 | pamaury | rogeliodh: I think the actual error is that m_probe_status should be set to the result of probe_4670b() |
| 21:16:09 | krikkit | that is for recovery mode right? |
| 21:16:37 | pamaury | krikkit: yes you need recovery mode, the screen should stay black and the device be listed as ingenic device |
| 21:19:23 | rogeliodh | pamaury: I don't have the code in front of me right now, but yes something like that could work too. I just made the diff with the more direct way to fix it |
| 21:19:31 | pamaury | sure |
| 21:25:54 | krikkit | pamaury: got the black screen but no usb detected. I am looking for ahub/second desktop to test. |
| 21:26:21 | pamaury | krikkit: this is odd, nothing at all? |
| 21:26:51 | krikkit | pamaury: regular boot process is ok |
| 21:27:52 | krikkit | miam! xhci drivers! |
| 21:28:14 | pamaury | you think is a problem with your desktop usb? |
| 21:28:52 | krikkit | I switched my motherboard's hub to the ehci driver |
| 21:29:12 | krikkit | It is now detected and I am running the hwstub_shell tool ;) |
| 21:29:30 | krikkit | It is now stopped at: |
| 21:29:33 | krikkit | NAND: correcting 0 errors |
| 21:29:36 | krikkit | > |
| 21:29:53 | krikkit | after doing: |
| 21:29:55 | krikkit | Starting interactive lua session. Type 'help()' to get some help |
| 21:29:58 | krikkit | information |
| 21:29:59 | krikkit | hwstub |
| 21:30:02 | krikkit | version: 4.3 |
| 21:30:04 | krikkit | device |
| 21:30:06 | krikkit | version: 4.3.0 |
| 21:30:07 | krikkit | target |
| 21:30:10 | krikkit | id: 0x37345a4a (JZ47) |
| 21:30:11 | krikkit | name: JZ4760 USB Boot Device |
| 21:30:13 | krikkit | layout |
| 21:30:16 | krikkit | code: 0x2000 bytes @ 0xbfc00000 |
| 21:30:18 | krikkit | stack: 0 bytes @ 0 |
| 21:30:19 | krikkit | buffer: 0x4000 bytes @ 0x80000000 |
| 21:30:21 | krikkit | jz |
| 21:30:24 | krikkit | chipid: 4760 |
| 21:30:26 | krikkit | revision: B |
| 21:30:28 | krikkit | Running 'lua/fiiox3ii.lua'... |
| 21:30:29 | krikkit | Running 'FIIOX3II.dump()'... |
| 21:30:32 | krikkit | Dumping IPL to fiio_x3ii_ipl.bin ... |
| 21:30:33 | krikkit | [...] |
| 21:30:38 | pamaury | krikkit: that sounds good, it should have written the IPL to a file called fiio_x3ii_ipl.bin |
| 21:30:43 | krikkit | That's a small IPL :D |
| 21:30:54 | pamaury | yeah :) Can you upload it? |
| 21:31:08 | pamaury | I need to disassemble it to find find the parameters to dump the second stage of the loader ;) |
| 21:32:23 | pamaury | krikkit: just so you know, the boot process is: ROM > IPL > SPL > sys.bin |
| 21:33:13 | krikkit | pamaury: thanks for the info. uploading file to the ftp. |
| 21:33:56 | krikkit | why would they need IPL + SPL? usually when I deal with ARM, we get the SPL then the system or a regular-sized bootloder. |
| 21:34:52 | pamaury | krikkit: for some reason, they decide to make the ROM as simple as possible: it loads 4066 bytes and runs it, that's the IPL. The IPL job is thus to load more pages to do actual stuff |
| 21:35:06 | krikkit | ftp://0g.re/firmware/fiio_x3ii_ipl.bin |
| 21:36:20 | krikkit | pamaury: the boot logic (for which device to boot from) is in ROM or IPL then? |
| 21:37:05 | pamaury | the ROM can boot from several things (NAND, SD or USB) and this is selected by a set of pins. When you press play, it makes the ROM boot from USB. |
| 21:37:27 | pamaury | The IPL is specific to the device type (ie SD or NAND) and does not have any logic. |
| 21:37:41 | pamaury | The SPL is the one that does firmware upgrade and OF loading |
| 21:38:13 | * | krikkit thanks the hw engineers for connecting the buttons to boot-mode pins. |
| 21:41:24 | *** | Saving seen data "./dancer.seen" |
| 21:42:00 | krikkit | pamaury: so the IPL would do some initialization (NAND, SD, RAM) right? |
| 21:42:25 | pamaury | it inits RAM and loads more pages from NAND |
| 21:43:22 | pamaury | krikkit: can you download this updated version of fiiox3ii.lua: https://gist.github.com/pamaury/d0e836b8b13cc73ce53c0285cadce373 |
| 21:43:29 | pamaury | and run it again ? |
| 21:43:47 | pamaury | it will take a small while and create a new file called fiio_x3ii_spl.bin |
| 21:44:09 | krikkit | thanks. sure. |
| 21:44:52 | krikkit | nand is the same on x1? |
| 21:46:14 | pamaury | yeah apparently |
| 21:46:20 | pamaury | at least it uses the same parameters |
| 21:46:30 | krikkit | :) |
| 21:48:57 | | Quit n17ikh (Ping timeout: 268 seconds) |
| 21:50:32 | krikkit | pamaury: ftp://0g.re/firmware/ |
| 21:54:18 | pamaury | thanks :) |
| 21:54:40 | pamaury | so, a very quick analysis confirms it looks for a file called x3ii.fw to perform firmware upgrades |
| 21:55:19 | pamaury | and the factory boot file is called x3ii.bin |
| 21:56:45 | krikkit | :) would you have some time to explain the tools/steps for figuring that out? I'm interested. |
| 21:58:05 | pamaury | I use IDA Pro (unfortunately a proprietary tool) |
| 21:59:09 | krikkit | nice tool. how about radare2? |
| 21:59:43 | pamaury | I never tried it, but from what I saw of the pictures, it does not seem "interactive enough" to do the job |
| 21:59:48 | pamaury | I spent quite some time disassembling the IPL and SPL of the Fiio X1 |
| 22:00 |
| 22:00:19 | krikkit | I bet you did! |
| 22:00:24 | pamaury | since the other devices are very similar, I simply look for the few interestingly variables/places of the code, thus avoid most of the reverse engineering |
| 22:00:51 | | Join n17ikh [0] (~n17ikh@unaffiliated/n17ikh) |
| 22:00:58 | pamaury | krikkit: I updated http://www.rockbox.org/wiki/FiioX3Gen2 |
| 22:01:36 | pamaury | If you spot anything wrong, especially on the buttons to enter recovery mode and factory boot |
| 22:02:45 | krikkit | I confirm that recovery mode uses the middle button, aka. play/pause button. |
| 22:03:49 | krikkit | and for the filenames, the document is also the same as you dicovered: "copy X3II.fw to the root directory of an mSD card on the X3 formatted in FAT32." |
| 22:04:40 | krikkit | recovery aside, for the update process they use the following: "Hold the upper left button of the X keygroup while pressing the power button to begin the update process" |
| 22:06:45 | krikkit | pamaury: thank you for teaching me the ropes of extracting all this! |
| 22:07:37 | pamaury | no problem |
| 22:07:47 | pamaury | I hope we'll be able to port rockbox to all those devices! |
| 22:09:43 | krikkit | Considering I liked rockbox on the Sansa Clip and that I would like the USB OTG feature that Fiio removed from their latest firmware... |
| 22:09:59 | krikkit | Yes, I hope so! |
| 22:11:55 | pamaury | Oh some Fiio have an actually working OTG feature? |
| 22:12:24 | pamaury | Unfortunately rockbox does not support OTG at the moment, but maybe one day |
| 22:14:05 | krikkit | They had the USB OTG working nicely for some time on the Fiio X3 2nd Gen but they removed it due to some speed issues? if my memory serves right. |
| 22:28:36 | pamaury | goethe: hi, sorry just saw you said hi |
| 22:29:16 | * | pamaury would love to buy the Shangling M2 or Fiio X3II but those are freaking expensive |
| 22:31:53 | krikkit | Fiio X3 2nd gen is $100 less than the Shangling M2 |
| 22:53:34 | krikkit | pamaury: found code in the SPL that could make me think the display used would be: http://startcev.spb.ru/jz4725/LCM~GPM940B0−−40PIN_2k9.0305.pdf |
| 22:54:17 | krikkit | but I'm like 30% certain |
| 22:55:26 | krikkit | well, 920x240 isn't really the 320x240 on the fiiox3 :D they might have a 320xX version though... |
| 22:57:45 | krikkit | looks like Fiio took some LCD init code from here: https://github.com/IngenicSemiconductor/X-BOOT-WARRIOR/blob/master/boot/lcd/jz4750_lcd.c |
| 22:57:47 | pamaury | krikkit: what really matters for us are registers and timing. Fortunately, we can usually extract the relevant code easily from the OF and it turns out to be the easiest approach |
| 22:58:20 | krikkit | Oh! ok. |
| 22:58:29 | | Quit lebellium (Quit: ChatZilla 0.9.92 [Firefox 49.0.2/20161019084923]) |
| 23:00 |
| 23:00:55 | pamaury | krikkit: for you information, what is running on the device is X-Boot, but my findings show that what is on github might not be exactly what is running on the device, because the JZ4760B is slightly different, also it does not contain the firmware upgrade part, but it is still useful cod |
| 23:00:57 | pamaury | e |
| 23:01:06 | krikkit | could it be that they use the same source base on all the Fiio? |
| 23:01:33 | krikkit | ok |
| 23:02:14 | pamaury | basically the X-BOOT-WARRIOR seems to be the android version with "fastboot" |
| 23:02:14 | pamaury | I guess so |
| 23:02:41 | krikkit | indeed I see X-Boot strings and also X05D125VM0AAA and ILI9342 references like you noted on the Wiki for the X1 |
| 23:03:33 | pamaury | The Fiio X1 has two hardware revisions with different LCDs iirc |
| 23:06:57 | pamaury | If you are interested, I can always send you my IDA files of what I have for the Fiio X1 |
| 23:09:16 | krikkit | pamaury: I am interested. Can I open those files without IDA? Still new to the: start from binary, method though. I usually start with a schematic and try to find the datasheets :D |
| 23:10:58 | pamaury | krikkit: unfortunately no |
| 23:12:28 | pamaury | for LCDs it's almost hopeless, what works is to guess the controller used based on the registers used by the code. Appart from init, you usually only need to access a few registers to draw on the screen |
| 23:26:41 | krikkit | pamaury: So I guess that I will take on things slowly: get to know a bit of the rockbox sourcecode, the fiio'(s) firmware(s) and some tools so I can be of actual help for dev. |
| 23:27:00 | pamaury | sure |
| 23:27:16 | krikkit | I would gladly accept any pointers (i.e. documentation, interesting addresses/sections in the firmware, etc.) |
| 23:28:36 | * | krikkit thanks pamaury again, and wishes a good day/night to everyone |
| 23:35:17 | | Join krabador [0] (~krabador@unaffiliated/krabador) |
| 23:41:26 | *** | Saving seen data "./dancer.seen" |
| 23:44:08 | | Quit pamaury (Ping timeout: 260 seconds) |
| 23:49:10 | | Join girafe [0] (~girafe@LFbn-1-8015-136.w90-112.abo.wanadoo.fr) |
icon identifies that the person is a core developer (has commit access).