Intermediate conclusions on the firmware:
The process of downloading the firmware to the book can be observed using the DbgView program. Here is an example listing
00000364 30.27381134 [1772] ---------- down_para ---------
00000365 30.27428818 [1772] down_num = 2
00000366 30.27444839 [1772]
00000367 30.27444839 [1772] [download_para0]
00000368 30.27466965 [1772] part_name = SYSDATAFS
00000369 30.27482796 [1772] pkt_name = ROOTFS_000000000
00000370 30.27519989 [1772] verify_file = VERIFY_000000000
00000371 30.27535820 [1772] encrypt = 1
00000372 30.27590179 [1772]
00000373 30.27608299 [1772]
00000374 30.27608299 [1772] [download_para1]
00000375 30.27624321 [1772] part_name = SYSBOOTFS
00000376 30.27639961 [1772] pkt_name = BOOTFS_000000000
00000377 30.27655602 [1772] verify_file =
00000378 30.27671051 [1772] encrypt = 0
00000379 30.27716637 [1772]
.............
00000416 30.28506851 [1772] ============================================
00000417 30.41690636 [1772] tag = AWUSBFEX
00000418 30.41727448 [1772] Platform_id_hw = 0x161800
00000419 30.41741371 [1772] Platform_id_fw = 0x1
00000420 30.41764832 [1772] mode = 0x1
00000421 30.41794395 [1772] Phoenix_data_flag = 0x44
00000422 30.41820526 [1772] Phoenix_data_len = 0x8
00000423 30.41843796 [1772] Phoenix_data_addr = 0x7e00
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000426 31.73511696 [1772] update dram size 64 to 64
00000427 31.83493996 [1772] fes-1: 64
00000428 31.83853340 [1772]
00000429 31.83853340 [1772] INFO: dram initialize successful
00000430 31.83853340 [1772]
00000431 32.98230743 [1772] INFO: run fes2
00000432 33.55829620 [1772] OUT 1
00000433 36.21395111 [1772] IN 1
00000434 36.41678619 [1772] SourceCodePage = 1251
00000435 38.49842453 [1772] not Erase device
00000436 38.49871826 [1772] GetCurrentMUI: acp = 1251
00000437 38.56447220 [1772] ID = 1, fes_thread (): --120--
00000438 38.56660461 [1772] enable_erase_nand = 0
00000444 65.03786469 [1772] ID = 1, fes_thread (): --162--
00000445 65.62593842 [1772] GetCurrentMUI: acp = 1251
00000446 65.80965424 [1772] ID = 1, fes_thread (): --163--
00000447 65.81031799 [1772] part_name = SYSDATAFS, packet_len = 0x43e0000, pkt_name = ROOTFS_000000000, verify_file = VERIFY_000000000, encrypt = 1
00000448 65.94046783 [1772] [fes]: download_packet ooc open
......
00000468 156.81524658 [1772] [fes]: download_packet ooc close
00000469 156.85617065 [1772] GetCurrentMUI: acp = 1251
00000470 162.80464172 [1772] INFO: ID = 1, pc_crc = 0x228efb29, fex_crc = 0x0, nand_crc = 0x228efb29
00000471 162.80508423 [1772]
00000472 162.80508423 [1772] down pkt_name (ROOTFS_000000000) to part (SYSDATAFS) successful
00000473 162.80508423 [1772]
00000474 162.80537415 [1772] part_name = SYSBOOTFS, packet_len = 0x5dc00, pkt_name = BOOTFS_000000000, verify_file =, encrypt = 0
00000475 162.83940125 [1772] [fes]: download_packet ooc open
.........
00000487 164.32176208 [1772] [fes]: download_packet ooc close
00000488 164.37115479 [1772] GetCurrentMUI: acp = 1251
00000489 164.43484497 [1772] WRN: pkt_name (BOOTFS_000000000) is not verify
00000490 164.43547058 [1772]
00000491 164.43547058 [1772] down pkt_name (BOOTFS_000000000) to part (SYSBOOTFS) successful
00000492 164.43547058 [1772]
00000493 164.43627930 [1772] GetCurrentMUI: acp = 1251
00000494 164.94393921 [1772] ID = 1, fes_thread (): --167--
00000495 165.11886597 [1772] INFO: ID = 1, pc_crc = 0x534641d2, fex_crc = 0x0, nand_crc = 0x534641d2
00000496 165.11912537 [1772] ID = 1, fes_thread (): --161--
00000497 167.24565125 [1772] GetCurrentMUI: acp = 1251
00000498 167.42707825 [1772] ID = 1, fes_thread (): --160--
00000499 168.82461548 [1772] GetCurrentMUI: acp = 1251
00000500 169.00119019 [1772] ID = 1, fes_thread (): --168--
00000501 169.08499146 [1772] ID = 1, fes_thread (): --190--
00000502 169.20715332 [1772] GetCurrentMUI: acp = 1251
00000503 169.53906250 [1772]
00000504 169.53906250 [1772] INFO: ID = 1, update successful
00000505 169.53906250 [1772]
00000506 169.53918457 [1772] GetCurrentMUI: acp = 1251
00000507 173.17234802 [1772] OUT 1
In the listing, everything that appears after "tag = AWUSBFEX" is formed by the PXTOOLS _xxxxxxxxxxxxxxxx file from the firmware itself.
The fill process for Effire 701 consists of two parts: the loader is first downloaded:
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000429 31.83853340 [1772] INFO: dram initialize successful
00000431 32.98230743 [1772] INFO: run fes2
Then ROOTFS_000000000 is loaded and after it BOOTFS_000000000 in the memory area defined earlier in the config file. You can download only one of the above files by editing the config, but the book does not turn on after that.
Editing ini-files in BOOTFS_000000000 is possible with successful subsequent firmware, but there are no visible changes in the book after that.
There was an attempt to change the value of debugenable by flashing the dummy, i.e. removing the [download] and [part num] sections in the config - did not work - livesuite at the end of the firmware gives an error and the book does not turn on.
Over the weekend, the book was 20-30 times flashed, half of them were not included. Always rescued 10 seconds by pressing the power button and then sticking it into the computer, where open LiveSuite was waiting. Only once, it did not help - I had to short the legs of the memory chip.
For now, I’m thinking that you can’t do without a full-scale packer for the sc9800.