Rockbox mail archive
Subject: Collecting information about Iriver iFP playersCollecting information about Iriver iFP players
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Tomasz Malesinski <tmal_at_mimuw.edu.pl>
Date: Thu, 22 Sep 2005 21:11:20 +0200
I have been recently analyzing the Iriver iFP-795 firmware with hope
that collected information will allow to port Rockbox to the player in
the future.
I am creating two tools to help in reverse engineering. The first one
is an emulator. Currently it is able to emulate CPU, data flash
memory, LCD and keys fairly well. It can also run as a remote target
for GDB. After disabling some routines in the firmware that talk to a
not yet emulated hardware, it is even possible to browse the menu. I
have not yet tried to put any songs to the flash memory.
The second tool is a code analyzer that makes reading the code
easier. It will look for situations where an instruction uses a value
in a register, but in fact the register at that point always contains
a constant value or a value of some expression (for example, the word
read from the memory three instructions earlier multiplied by 7). The
analyzer is currently able to make simple analysis, but cannot yet
display the results in a readable way. However, it can print the
results in form of Lisp s-expressions, at least which Lisp hackers
will probably consider as readable.
I will put the tools on the wiki soon, after I tidy them up a little.
I guess that there are no legal problems with reverse engineering the
firmware and putting the collected information on the web, even if the
official documentation of the chip on which the player is based
(PNX0101) is not public. Can anyone confirm this? I am also going to
post location of some routines in the firmware.
It will also be useful to run some code on the player. I am going to
create a hook in a similar way as it is done by the author of the
Gmini port:
http://www.donat.org/archos/wiki/doku.php?id=hook_setup&DokuWiki=a7e864080d1e90ffb4dc38e1c2bebccf
I will put information on it when I do it. There is one problem,
though. I do not know if we can put a firmware encrypter on the web,
as it has to contain some tables (3 times 256 bytes) from the original
firmware. The decrypter, published once by me and now gone due to a
crack (I will put it back soon), did not use them. Could publishing
those tables violate some copyrights? Anyway, we can always make a
program that patches the firmware to include a hook without decrypting
and reencrypting.
See you soon. Hope some of you are interested in work on iFP port.
Date: Thu, 22 Sep 2005 21:11:20 +0200
I have been recently analyzing the Iriver iFP-795 firmware with hope
that collected information will allow to port Rockbox to the player in
the future.
I am creating two tools to help in reverse engineering. The first one
is an emulator. Currently it is able to emulate CPU, data flash
memory, LCD and keys fairly well. It can also run as a remote target
for GDB. After disabling some routines in the firmware that talk to a
not yet emulated hardware, it is even possible to browse the menu. I
have not yet tried to put any songs to the flash memory.
The second tool is a code analyzer that makes reading the code
easier. It will look for situations where an instruction uses a value
in a register, but in fact the register at that point always contains
a constant value or a value of some expression (for example, the word
read from the memory three instructions earlier multiplied by 7). The
analyzer is currently able to make simple analysis, but cannot yet
display the results in a readable way. However, it can print the
results in form of Lisp s-expressions, at least which Lisp hackers
will probably consider as readable.
I will put the tools on the wiki soon, after I tidy them up a little.
I guess that there are no legal problems with reverse engineering the
firmware and putting the collected information on the web, even if the
official documentation of the chip on which the player is based
(PNX0101) is not public. Can anyone confirm this? I am also going to
post location of some routines in the firmware.
It will also be useful to run some code on the player. I am going to
create a hook in a similar way as it is done by the author of the
Gmini port:
http://www.donat.org/archos/wiki/doku.php?id=hook_setup&DokuWiki=a7e864080d1e90ffb4dc38e1c2bebccf
I will put information on it when I do it. There is one problem,
though. I do not know if we can put a firmware encrypter on the web,
as it has to contain some tables (3 times 256 bytes) from the original
firmware. The decrypter, published once by me and now gone due to a
crack (I will put it back soon), did not use them. Could publishing
those tables violate some copyrights? Anyway, we can always make a
program that patches the firmware to include a hook without decrypting
and reencrypting.
See you soon. Hope some of you are interested in work on iFP port.
-- Tomek MalesinskiReceived on 2005-09-22
Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy