Rockbox mail archiveSubject: RE: iAudio M5 / X5 ?
RE: iAudio M5 / X5 ?
From: RaeNye <raenye_at_netvision.net.il>
Date: Fri, 21 Apr 2006 15:55:52 +0200
> :-D What do you use to disasm it, IDA? Hmm, the free version of IDA
doesn't support the ColdFire chip, I'm afraid...
Yes. Load the binary from 0x1030 at address 0x10000; then follow the
subroutine at 0x10010 that copies segments (~20 of them) from flash to IRAM
Note that from address 0x170000 you have read-only data, mostly GUI related
(menus, images, strings).
I can send you my IDC to do that, but the Right Thing [TM] is to write a
loader plugin for it...
(Planned to do when I have some free time)
ColdFire is supported as a variant of M68k, so I think the free version can
Alas, no IDA version supports the ColdFire v2 chip (read: 5249 and 5250),
e.g., EMAC instructions (only one accumulator is supported).
The easy cases create bogus instructions (e.g., _FixAtan2); the harder cases
cannot be disassembled (so analysis stops) and the worst cases create bogus
instructions of incorrect length (so you loose phase in decoding...).
The Right Thing [TM] is again to write a processor definition plugin, but
there's so little to add over the original m68 code that it seems pointless
to recode it w/o the original source.
Is anyone else interested in X5 firmware disassembly? I saw a Wiki page on
this, but it hasn't been updated since January.
I aim to patch the firmware with the rockbox bootloader to enable dual-boot.
Received on 2006-04-21