Firmware devices on SoChip 8600/9800 | Creation and modification of firmware for devices on SoChip 8600/9800
SoChip 8600/9800 device firmware
The topic discusses the issues of creating and modifying firmware on SoChip 8600/9800 devices and their analogues
Now the market has a lot of devices built on the basis of SoChip 8600/9800 and their analogues (e-books, mobile and stationary portable players). Unfortunately, the manufacturer did not open the SDK and the firmware of these devices is a “black box”. It is proposed in this topic to jointly collect information and develop techniques that will improve the firmware.
!!! AvailableDiPal SDK !!!
Please note:
1. Before asking questionsread the topic content (especially with messages on the links in the header)
2. Here are discussedgeneral questions only create and modify firmware. For firmware specific devices, please contact the relevant forum topics.
3. Any useful information is welcome (will be filtered).
"Cleaners"
Post has been editedRedscorpio - 17.03.13, 17:54
The topic discusses the issues of creating and modifying firmware on SoChip 8600/9800 devices and their analogues
Now the market has a lot of devices built on the basis of SoChip 8600/9800 and their analogues (e-books, mobile and stationary portable players). Unfortunately, the manufacturer did not open the SDK and the firmware of these devices is a “black box”. It is proposed in this topic to jointly collect information and develop techniques that will improve the firmware.
!!! AvailableDiPal SDK !!!
I. Attention. Important information for "experimenters"
1. If the device does not show signs of life after flashing or is cyclically overloaded (does not want to flash), do not panic:
- Instruction 1
- Instruction 2
- Instruction 3
2. It is strongly not recommended for repacking disk images to use Winimage . This may lead to the inoperability of the firmware. Use for example UltraISO . But it is most preferable to use the program. dragon from the "utility manufacturer" kit (see "Tools")
3. If you have problems with the firmware of your device and you want to use the help of members of the forum, use the program Debugview
- Instruction 1
- Instruction 2
- Instruction 3
2. It is strongly not recommended for repacking disk images to use Winimage . This may lead to the inoperability of the firmware. Use for example UltraISO . But it is most preferable to use the program. dragon from the "utility manufacturer" kit (see "Tools")
3. If you have problems with the firmware of your device and you want to use the help of members of the forum, use the program Debugview
Losber @ 12/10/2011, 17:46
Download DebugView and run it, let it work. Flush LiveSuit with a problem repackaged firmware, you get an error. Then go to the program DebugView, save to the file what happened and attach it in the message on the forum.
Ii. Analogs
Iii. Information - links to posts in the topic
1. Specifications:
1.1 SoChip SC9800 Specification
1.2 F16 Specification
1.3 F20 Specification
2. Core guide ARM926EJ-S
3. Firmware file structure (further links)
4. The sequence of the start of the device
5. Work with language resources
6. "Student Computer" (H3 / H5)
7. Answers on questions :
- What is the core?
- What OS?
- Is it possible to install Android?
Once again about Android , again and still
8. Instructions for beginners
9. Assigning drivers and system files in firmware
10. BMP file format in resource file
11. Reassigning device buttons in the keyboard driver
12. Reassigning the remote control buttons in the keyboard driver
13. Replacing drivers in firmware (1) and (2)
14. Instructions for editing executable files to run on another firmware
15. Abandoned project for SC8600 with sources
16. DWARF
17. Device diagrams (1) , (2) and (3)
18. Samples of firmware demonstrating wits252 UI SDK
19. Identification of ARM chips
20. Sources of games for our devices (1) , (2) and (3)
21. How to change Cyrillic text in applications.
1.1 SoChip SC9800 Specification
1.2 F16 Specification
1.3 F20 Specification
2. Core guide ARM926EJ-S
3. Firmware file structure (further links)
4. The sequence of the start of the device
5. Work with language resources
6. "Student Computer" (H3 / H5)
7. Answers on questions :
- What is the core?
- What OS?
- Is it possible to install Android?
Once again about Android , again and still
8. Instructions for beginners
9. Assigning drivers and system files in firmware
10. BMP file format in resource file
11. Reassigning device buttons in the keyboard driver
12. Reassigning the remote control buttons in the keyboard driver
13. Replacing drivers in firmware (1) and (2)
14. Instructions for editing executable files to run on another firmware
15. Abandoned project for SC8600 with sources
16. DWARF
17. Device diagrams (1) , (2) and (3)
18. Samples of firmware demonstrating wits252 UI SDK
19. Identification of ARM chips
20. Sources of games for our devices (1) , (2) and (3)
21. How to change Cyrillic text in applications.
III +. Additional Information
Iv. Instruments - links to posts in the topic
1. A set of utilities from the manufacturer
- Instruction 1
- Instruction 2(creaturerootfs )
- Instruction 3(creatureramdisk.iso )
2. Sdkby dipal
3. imgRePacker - LiveSuit firmware unpacker / packager (* .img)
4. imgDecoder - decryptor / encryptor of LiveSuit firmware (* .img)
5. Program to facilitate editing touchtheme.bin
6. Building utilities for working with firmware
7. Original (Chinese) assembly of SoChip Modding Tools 8. unPacker from nullpix
9. GNU_readELF - tool for parsing ELF character information
10. AXF_beautification_tool - utility for working with graphic resources (in some * .axf and * .bin files)
11. PhoenixPro - A utility that allows you to simultaneously flash up to 127 devices (no more than 7 is recommended). As stated, when working simultaneously with 7 devices, firmware of about 100MB in size is loaded in 10s (the key is inside the archive). Again
12. Phoenixcard - utility to prepare microSD for automatic firmware. One more time withinstruction
13. LiveSuit in a convenient "package". Again
14. Drivers (32 and 64 bits) and again
15. ARMu - A tool to view and edit the ARM binaries
16. SCelfAutoPatcher - program for automatic correction of addresses of imported functions in executable files (* .axf)
17. SYMTAB_extractor - program for extracting symbolic information from executable files (ELF)
- Instruction 1
- Instruction 2(creaturerootfs )
- Instruction 3(creatureramdisk.iso )
2. Sdkby dipal
3. imgRePacker - LiveSuit firmware unpacker / packager (* .img)
4. imgDecoder - decryptor / encryptor of LiveSuit firmware (* .img)
5. Program to facilitate editing touchtheme.bin
6. Building utilities for working with firmware
7. Original (Chinese) assembly of SoChip Modding Tools
Additions
7.1 Alternative azxmagic_add.exe from Flasher-11
7.2 Alternative azxmagic_del.exe from Flasher-11
7.3 Alternative verify_corr.exe from Flasher-11
7.4 GUI from losber
7.2 Alternative azxmagic_del.exe from Flasher-11
7.3 Alternative verify_corr.exe from Flasher-11
7.4 GUI from losber
9. GNU_readELF - tool for parsing ELF character information
10. AXF_beautification_tool - utility for working with graphic resources (in some * .axf and * .bin files)
11. PhoenixPro - A utility that allows you to simultaneously flash up to 127 devices (no more than 7 is recommended). As stated, when working simultaneously with 7 devices, firmware of about 100MB in size is loaded in 10s (the key is inside the archive). Again
12. Phoenixcard - utility to prepare microSD for automatic firmware. One more time withinstruction
13. LiveSuit in a convenient "package". Again
14. Drivers (32 and 64 bits) and again
15. ARMu - A tool to view and edit the ARM binaries
16. SCelfAutoPatcher - program for automatic correction of addresses of imported functions in executable files (* .axf)
17. SYMTAB_extractor - program for extracting symbolic information from executable files (ELF)
V. Programs for devices on SC8600 / 9800 - links to messages in the topic
1. Game Console EmulatorSegafromDipal.
- Game collections(1) and (2)
2. Reg converter<->inifromlosber
- Game collections(1) and (2)
2. Reg converter<->inifromlosber
Vi. useful links
1. Products webpage SoChip (eng.)
2. Products webpage SoChip (whale.)
3. Products webpage ALLWINNER TECHNOLOGY (whale.)
4. Allwinner Page on ARM website
5. Related forum on pleer.ru
6. Just interesting links from losber
2. Products webpage SoChip (whale.)
3. Products webpage ALLWINNER TECHNOLOGY (whale.)
4. Allwinner Page on ARM website
5. Related forum on pleer.ru
6. Just interesting links from losber
VII. Profile Topics
1. Effire ColorBook TR401
2. Effire ColorBook TR701
3. iconBIT HDB700LED
4. iconBIT HMP705HDMI
5. Lexand LT-115
6. Lexand LT-117
7. Ritmix RBK-430
8. Ritmix RBK-450
9. Ritmix RBK-470
10. Ritmix RP-400HD
11. Ritmix RP-430HD
12. Ritmix RP-500HD
13. Nexx NRM-51 LED
14. Teclast TL-C700
15. teXet TB-431HD
16. teXet TB-710HD
17. teXet TB-740HD
18. Wexler Book T7005
2. Effire ColorBook TR701
3. iconBIT HDB700LED
4. iconBIT HMP705HDMI
5. Lexand LT-115
6. Lexand LT-117
7. Ritmix RBK-430
8. Ritmix RBK-450
9. Ritmix RBK-470
10. Ritmix RP-400HD
11. Ritmix RP-430HD
12. Ritmix RP-500HD
13. Nexx NRM-51 LED
14. Teclast TL-C700
15. teXet TB-431HD
16. teXet TB-710HD
17. teXet TB-740HD
18. Wexler Book T7005
Please note:
1. Before asking questionsread the topic content (especially with messages on the links in the header)
2. Here are discussedgeneral questions only create and modify firmware. For firmware specific devices, please contact the relevant forum topics.
3. Any useful information is welcome (will be filtered).
"Cleaners"
Post has been editedRedscorpio - 17.03.13, 17:54
Interested in:SC9800 specification .
True, very small. But all the supported formats are listed.
SC9800Pspecs.rar(493.02 KB)
Post has been editedRedscorpio - 29.07.12, 20:27
True, very small. But all the supported formats are listed.
 |
Attached files
SC9800Pspecs.rar(493.02 KB)Post has been editedRedscorpio - 29.07.12, 20:27
Reason for editing: Attached document
Zoldborg @ 09/21/2011, 16:10
On the same version I turned on debug, flashed, made sure that the flash drive stopped seeing
Useful information. We write:
Turning ondebug-modedisables the microSD reader.
Note. On different devices / firmware may be different manifestations. On my device it turns out as though two-stage inclusion.
On native firmware:
- after pressing the Power button - on the screen the start logo (if the device is connected to the PC via USB - only the microSD reader and the system disk are available)
- after repeated pressing the Power button - the transition to the normal mode (the system disk and microSD are not available).
On the adapted iconBIT HMP715 firmware:
- after pressing the Power button - after barely turning on the backlight, a black screen remains (if the device is connected to a PC via USB - only a microSD reader and a system disk are available)
- after pressing the Esc button - the transition to normal mode (system disk and microSD are not available).
RedScorpio @ 09/22/2011, 10:09
for myself I see no use in the inclusion of debug
Personally, I need this mode for research
Post has been editedRedscorpio - 17.05.12, 23:06
By the way, there is a video in the network where Android is installed on SoChip players. The topic was discussed onMP4 Nation . The video is recognized as fake.
Rummaged on the Internet found ARM Developer Suite, it was not possible to razdebazhit axf files, due to the lack of crack for it :)
Flasher-11 @ 10/13/2011, 02:44
found the ARM Developer Suite
ADS evaluation license for the Professional Edition on30 days
Will it help in the search algorithm in pseudo-code decompiling package libraries included with LiveSuite? ZipModule.dll catches the eye. Another noted that among the files unzipped firmware and there are a couple 12345678_1234567890cardtl PXTOOLS _xxxxxxxxxxxxxxxx, which are identified as PE for x86 and compiled in Visual C ++. First, as I understand it, to understand, flooding and configure the boot loader. The second of them operates with the firmware. If necessary - lay pseudocode. It is not clear why they had to push in the firmware itself ...
A bit to the side of the topic about packers.
Viewing debugger logs with the firmware of the reader's native firmware (F15 chip) and third-party (F10 chip) says just that it's not a chip, in the built-in flash memory (another NAND chip?). Zaparka occurs with a flash drive, the message PANIC: tools_scan_nand (): nand_connect_info is invalid is displayed module PXTOOLS _xxxxxxxxxxxxxxxxxx
Effire_ColorBook_TR701_V1.2_log_update.txt(30.37 KB)
500EB_FW1118a_log_update.txt(26.82 KB)
Post has been editedlosber - 27.11.11, 11:54
Viewing debugger logs with the firmware of the reader's native firmware (F15 chip) and third-party (F10 chip) says just that it's not a chip, in the built-in flash memory (another NAND chip?). Zaparka occurs with a flash drive, the message PANIC: tools_scan_nand (): nand_connect_info is invalid is displayed module PXTOOLS _xxxxxxxxxxxxxxxxxx
Effire_ColorBook_TR701_V1.2_log_update.txt(30.37 KB)500EB_FW1118a_log_update.txt(26.82 KB)Post has been editedlosber - 27.11.11, 11:54
KudryashovDA @ 11/27/2011, 11:35
I try the idea of ​​cheating the book. The idea is this: try to pack the firmware in a way for the sc8600 and pour it into the book. Just need to somehow inform the book or Livesuite, so that the fill (internal unpacking) also takes place for the device for the sc8600, i.e. without the azxmagic stage. In this case in the config there is a line with the choice of the chip.
Great idea.
For firmware F15 and F10, LiveSuit equally produces
\ par Debugged application message: ---------------- epos_para -------------
\ par Debugged application message: chip = 33554432
\ par Debugged application message: pid = 33751040
\ par Debugged application message: sid = 33751296
\ par Debugged application message: bid = 128
And for SC8600 firmware, the same version of LiveSuit issues
\ par Debugged application message: ---------------- epos_para -------------
\ par Debugged application message: chip = 16777216
\ par Debugged application message: pid = 16842752
\ par Debugged application message: sid = 16843008
\ par Debugged application message: bid = 16843012
In the configs of the F10 firmware and the explicit SC9800, unlike the F15, the encrypt parameter for partitions is completely missing. Something tells me, and comparing and viewing the code confirms that they contain different PXTOOLS _xxxxxxxxxxxxxxxx "config parsers".
For comparison, sys_config and pxtools from all three.pxtools_and_sys_conf.zip(136.01 KB)
Post has been editedlosber - 27.11.11, 14:40
For comparison, sys_config and pxtools from all three.
pxtools_and_sys_conf.zip(136.01 KB)Post has been editedlosber - 27.11.11, 14:40
Reason for editing: attach files
losber
I will try to replace pxtools
and also noticed that in the 8600 config the sizes of the disks are specified in MB, and in 9800 in kilobytes
Replacing pxtools does not roll (with a title and without) - Livesuite issues Panic on dram.ini processing when choosing firmware.
Post has been editedKudryashovDA - 27.11.11, 15:00
Losber @ 11/27/2011, 2:34 PM
that they have different "config parsers" PXTOOLS _xxxxxxxxxxxxxxxxxx
I will try to replace pxtools
and also noticed that in the 8600 config the sizes of the disks are specified in MB, and in 9800 in kilobytes
Replacing pxtools does not roll (with a title and without) - Livesuite issues Panic on dram.ini processing when choosing firmware.
Post has been editedKudryashovDA - 27.11.11, 15:00
Reason for editing: Added about panic
KudryashovDA @ 11/27/2011, 5:07 PM
I am learning to short legs
Good evening, the main thing in this study is to be able to count. Short only 29 and 30.
Our fellow here was a bit short and killed the device to death.
GOOD LUCK !!!
SOVA-538,
Thanks for the advice! Restored the book. It was these legs and had to be short. Although other sites wrote that there are options.
losber
Yes, he played and thoughtlessly sewed.
P.S. laid out onthe sitePhoto of the place where the memory legs closed.
Post has been editedKudryashovDA - 27.11.11, 19:55
SOVA-538 @ 11/27/2011, 16:21
Korot only 29 and 30.
Thanks for the advice! Restored the book. It was these legs and had to be short. Although other sites wrote that there are options.
losber
Losber @ 11/27/2011, 16:22
I wonder why replaced?
Yes, he played and thoughtlessly sewed.
P.S. laid out onthe sitePhoto of the place where the memory legs closed.
Post has been editedKudryashovDA - 27.11.11, 19:55
Reason for editing: design
losber
c: \ fw \ SoChip_Modding_Tools_Repack__RedScorpio_ \ effire.img 72,736,784 bytes
c: \ fw \ SoChip_Modding_Tools_Repack__RedScorpio_ \ Effire.img.bak 72,748,032 bytes - original
Firmware vary in size. But this does not affect the work. Everything loads and works.
Found that no one is interested in the file RFSFAT16_BOOTFS_000000000 - and in fact there are many interesting things inside. Opens the same Winimage.
For the Effire 701 inside is this:
Composition config:
Composition update:
Composition settings:
I'll try to play :)
Losber @ 11/27/2011, 9:40 PM
Did you get absolutely identical firmware? Byte to byte?
c: \ fw \ SoChip_Modding_Tools_Repack__RedScorpio_ \ effire.img 72,736,784 bytes
c: \ fw \ SoChip_Modding_Tools_Repack__RedScorpio_ \ Effire.img.bak 72,748,032 bytes - original
Firmware vary in size. But this does not affect the work. Everything loads and works.
Found that no one is interested in the file RFSFAT16_BOOTFS_000000000 - and in fact there are many interesting things inside. Opens the same Winimage.
For the Effire 701 inside is this:
config \
eGon2 \
magic.bin
eGon2 \
magic.bin
Composition config:
Update \
config.bin
setting.bin
config.bin
setting.bin
Composition update:
drv \
res \
settings \
usbd \
res \
settings \
usbd \
Composition settings:
adjust.ini
autooff.ini
autosleep.ini
charset.ini
disp.ini
explr.ini
fmsend.ini
gamma.ini
language.ini
lock.ini
module.ini
powsave.ini
sound.ini
voice_volume.ini
wallpaper.ini
autooff.ini
autosleep.ini
charset.ini
disp.ini
explr.ini
fmsend.ini
gamma.ini
language.ini
lock.ini
module.ini
powsave.ini
sound.ini
voice_volume.ini
wallpaper.ini
I'll try to play :)
I will nevertheless remain in my opinion about the need to get identical in direct-reverse operations. So obviously the search for errors at other stages is simplified.
We are all interested. Just do not reach the whole hand. I even tried to build Linux — the kernel was assembled, and how to put it into a book, configure it and debug it ...
I see an interesting object, apparently affecting the gamut of images on the screen.
[gamma]
value = 657930
default_value = 657930
sys_value = 6579300
Found that no one is interested in the file RFSFAT16_BOOTFS_000000000 - and in fact there are many interesting things inside. Opens the same Winimage.
We are all interested. Just do not reach the whole hand. I even tried to build Linux — the kernel was assembled, and how to put it into a book, configure it and debug it ...
I see an interesting object, apparently affecting the gamut of images on the screen.
[gamma]
value = 657930
default_value = 657930
sys_value = 6579300
losber
This is most likely the white balance adjustment - is in the settings of my Effire.
Losber @ 11/27/2011, 10:20 PM
[gamma]
This is most likely the white balance adjustment - is in the settings of my Effire.
Intermediate conclusions on the firmware:
The process of downloading the firmware to the book can be observed using the DbgView program. Here is an example listing
In the listing, everything that appears after "tag = AWUSBFEX" is formed by the PXTOOLS _xxxxxxxxxxxxxxxx file from the firmware itself.
The fill process for Effire 701 consists of two parts: the loader is first downloaded:
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000429 31.83853340 [1772] INFO: dram initialize successful
00000431 32.98230743 [1772] INFO: run fes2
Then ROOTFS_000000000 is loaded and after it BOOTFS_000000000 in the memory area defined earlier in the config file. You can download only one of the above files by editing the config, but the book does not turn on after that.
Editing ini-files in BOOTFS_000000000 is possible with successful subsequent firmware, but there are no visible changes in the book after that.
There was an attempt to change the value of debugenable by flashing the dummy, i.e. removing the [download] and [part num] sections in the config - did not work - livesuite at the end of the firmware gives an error and the book does not turn on.
Over the weekend, the book was 20-30 times flashed, half of them were not included. Always rescued 10 seconds by pressing the power button and then sticking it into the computer, where open LiveSuite was waiting. Only once, it did not help - I had to short the legs of the memory chip.
For now, I’m thinking that you can’t do without a full-scale packer for the sc9800.
The process of downloading the firmware to the book can be observed using the DbgView program. Here is an example listing
00000364 30.27381134 [1772] ---------- down_para ---------
00000365 30.27428818 [1772] down_num = 2
00000366 30.27444839 [1772]
00000367 30.27444839 [1772] [download_para0]
00000368 30.27466965 [1772] part_name = SYSDATAFS
00000369 30.27482796 [1772] pkt_name = ROOTFS_000000000
00000370 30.27519989 [1772] verify_file = VERIFY_000000000
00000371 30.27535820 [1772] encrypt = 1
00000372 30.27590179 [1772]
00000373 30.27608299 [1772]
00000374 30.27608299 [1772] [download_para1]
00000375 30.27624321 [1772] part_name = SYSBOOTFS
00000376 30.27639961 [1772] pkt_name = BOOTFS_000000000
00000377 30.27655602 [1772] verify_file =
00000378 30.27671051 [1772] encrypt = 0
00000379 30.27716637 [1772]
.............
00000416 30.28506851 [1772] ============================================
00000417 30.41690636 [1772] tag = AWUSBFEX
00000418 30.41727448 [1772] Platform_id_hw = 0x161800
00000419 30.41741371 [1772] Platform_id_fw = 0x1
00000420 30.41764832 [1772] mode = 0x1
00000421 30.41794395 [1772] Phoenix_data_flag = 0x44
00000422 30.41820526 [1772] Phoenix_data_len = 0x8
00000423 30.41843796 [1772] Phoenix_data_addr = 0x7e00
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000426 31.73511696 [1772] update dram size 64 to 64
00000427 31.83493996 [1772] fes-1: 64
00000428 31.83853340 [1772]
00000429 31.83853340 [1772] INFO: dram initialize successful
00000430 31.83853340 [1772]
00000431 32.98230743 [1772] INFO: run fes2
00000432 33.55829620 [1772] OUT 1
00000433 36.21395111 [1772] IN 1
00000434 36.41678619 [1772] SourceCodePage = 1251
00000435 38.49842453 [1772] not Erase device
00000436 38.49871826 [1772] GetCurrentMUI: acp = 1251
00000437 38.56447220 [1772] ID = 1, fes_thread (): --120--
00000438 38.56660461 [1772] enable_erase_nand = 0
00000444 65.03786469 [1772] ID = 1, fes_thread (): --162--
00000445 65.62593842 [1772] GetCurrentMUI: acp = 1251
00000446 65.80965424 [1772] ID = 1, fes_thread (): --163--
00000447 65.81031799 [1772] part_name = SYSDATAFS, packet_len = 0x43e0000, pkt_name = ROOTFS_000000000, verify_file = VERIFY_000000000, encrypt = 1
00000448 65.94046783 [1772] [fes]: download_packet ooc open
......
00000468 156.81524658 [1772] [fes]: download_packet ooc close
00000469 156.85617065 [1772] GetCurrentMUI: acp = 1251
00000470 162.80464172 [1772] INFO: ID = 1, pc_crc = 0x228efb29, fex_crc = 0x0, nand_crc = 0x228efb29
00000471 162.80508423 [1772]
00000472 162.80508423 [1772] down pkt_name (ROOTFS_000000000) to part (SYSDATAFS) successful
00000473 162.80508423 [1772]
00000474 162.80537415 [1772] part_name = SYSBOOTFS, packet_len = 0x5dc00, pkt_name = BOOTFS_000000000, verify_file =, encrypt = 0
00000475 162.83940125 [1772] [fes]: download_packet ooc open
.........
00000487 164.32176208 [1772] [fes]: download_packet ooc close
00000488 164.37115479 [1772] GetCurrentMUI: acp = 1251
00000489 164.43484497 [1772] WRN: pkt_name (BOOTFS_000000000) is not verify
00000490 164.43547058 [1772]
00000491 164.43547058 [1772] down pkt_name (BOOTFS_000000000) to part (SYSBOOTFS) successful
00000492 164.43547058 [1772]
00000493 164.43627930 [1772] GetCurrentMUI: acp = 1251
00000494 164.94393921 [1772] ID = 1, fes_thread (): --167--
00000495 165.11886597 [1772] INFO: ID = 1, pc_crc = 0x534641d2, fex_crc = 0x0, nand_crc = 0x534641d2
00000496 165.11912537 [1772] ID = 1, fes_thread (): --161--
00000497 167.24565125 [1772] GetCurrentMUI: acp = 1251
00000498 167.42707825 [1772] ID = 1, fes_thread (): --160--
00000499 168.82461548 [1772] GetCurrentMUI: acp = 1251
00000500 169.00119019 [1772] ID = 1, fes_thread (): --168--
00000501 169.08499146 [1772] ID = 1, fes_thread (): --190--
00000502 169.20715332 [1772] GetCurrentMUI: acp = 1251
00000503 169.53906250 [1772]
00000504 169.53906250 [1772] INFO: ID = 1, update successful
00000505 169.53906250 [1772]
00000506 169.53918457 [1772] GetCurrentMUI: acp = 1251
00000507 173.17234802 [1772] OUT 1
00000365 30.27428818 [1772] down_num = 2
00000366 30.27444839 [1772]
00000367 30.27444839 [1772] [download_para0]
00000368 30.27466965 [1772] part_name = SYSDATAFS
00000369 30.27482796 [1772] pkt_name = ROOTFS_000000000
00000370 30.27519989 [1772] verify_file = VERIFY_000000000
00000371 30.27535820 [1772] encrypt = 1
00000372 30.27590179 [1772]
00000373 30.27608299 [1772]
00000374 30.27608299 [1772] [download_para1]
00000375 30.27624321 [1772] part_name = SYSBOOTFS
00000376 30.27639961 [1772] pkt_name = BOOTFS_000000000
00000377 30.27655602 [1772] verify_file =
00000378 30.27671051 [1772] encrypt = 0
00000379 30.27716637 [1772]
.............
00000416 30.28506851 [1772] ============================================
00000417 30.41690636 [1772] tag = AWUSBFEX
00000418 30.41727448 [1772] Platform_id_hw = 0x161800
00000419 30.41741371 [1772] Platform_id_fw = 0x1
00000420 30.41764832 [1772] mode = 0x1
00000421 30.41794395 [1772] Phoenix_data_flag = 0x44
00000422 30.41820526 [1772] Phoenix_data_len = 0x8
00000423 30.41843796 [1772] Phoenix_data_addr = 0x7e00
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000426 31.73511696 [1772] update dram size 64 to 64
00000427 31.83493996 [1772] fes-1: 64
00000428 31.83853340 [1772]
00000429 31.83853340 [1772] INFO: dram initialize successful
00000430 31.83853340 [1772]
00000431 32.98230743 [1772] INFO: run fes2
00000432 33.55829620 [1772] OUT 1
00000433 36.21395111 [1772] IN 1
00000434 36.41678619 [1772] SourceCodePage = 1251
00000435 38.49842453 [1772] not Erase device
00000436 38.49871826 [1772] GetCurrentMUI: acp = 1251
00000437 38.56447220 [1772] ID = 1, fes_thread (): --120--
00000438 38.56660461 [1772] enable_erase_nand = 0
00000444 65.03786469 [1772] ID = 1, fes_thread (): --162--
00000445 65.62593842 [1772] GetCurrentMUI: acp = 1251
00000446 65.80965424 [1772] ID = 1, fes_thread (): --163--
00000447 65.81031799 [1772] part_name = SYSDATAFS, packet_len = 0x43e0000, pkt_name = ROOTFS_000000000, verify_file = VERIFY_000000000, encrypt = 1
00000448 65.94046783 [1772] [fes]: download_packet ooc open
......
00000468 156.81524658 [1772] [fes]: download_packet ooc close
00000469 156.85617065 [1772] GetCurrentMUI: acp = 1251
00000470 162.80464172 [1772] INFO: ID = 1, pc_crc = 0x228efb29, fex_crc = 0x0, nand_crc = 0x228efb29
00000471 162.80508423 [1772]
00000472 162.80508423 [1772] down pkt_name (ROOTFS_000000000) to part (SYSDATAFS) successful
00000473 162.80508423 [1772]
00000474 162.80537415 [1772] part_name = SYSBOOTFS, packet_len = 0x5dc00, pkt_name = BOOTFS_000000000, verify_file =, encrypt = 0
00000475 162.83940125 [1772] [fes]: download_packet ooc open
.........
00000487 164.32176208 [1772] [fes]: download_packet ooc close
00000488 164.37115479 [1772] GetCurrentMUI: acp = 1251
00000489 164.43484497 [1772] WRN: pkt_name (BOOTFS_000000000) is not verify
00000490 164.43547058 [1772]
00000491 164.43547058 [1772] down pkt_name (BOOTFS_000000000) to part (SYSBOOTFS) successful
00000492 164.43547058 [1772]
00000493 164.43627930 [1772] GetCurrentMUI: acp = 1251
00000494 164.94393921 [1772] ID = 1, fes_thread (): --167--
00000495 165.11886597 [1772] INFO: ID = 1, pc_crc = 0x534641d2, fex_crc = 0x0, nand_crc = 0x534641d2
00000496 165.11912537 [1772] ID = 1, fes_thread (): --161--
00000497 167.24565125 [1772] GetCurrentMUI: acp = 1251
00000498 167.42707825 [1772] ID = 1, fes_thread (): --160--
00000499 168.82461548 [1772] GetCurrentMUI: acp = 1251
00000500 169.00119019 [1772] ID = 1, fes_thread (): --168--
00000501 169.08499146 [1772] ID = 1, fes_thread (): --190--
00000502 169.20715332 [1772] GetCurrentMUI: acp = 1251
00000503 169.53906250 [1772]
00000504 169.53906250 [1772] INFO: ID = 1, update successful
00000505 169.53906250 [1772]
00000506 169.53918457 [1772] GetCurrentMUI: acp = 1251
00000507 173.17234802 [1772] OUT 1
In the listing, everything that appears after "tag = AWUSBFEX" is formed by the PXTOOLS _xxxxxxxxxxxxxxxx file from the firmware itself.
The fill process for Effire 701 consists of two parts: the loader is first downloaded:
00000424 30.47373581 [1772] down and run fes1-1
00000425 31.12006187 [1772] down and run fes1-2
00000429 31.83853340 [1772] INFO: dram initialize successful
00000431 32.98230743 [1772] INFO: run fes2
Then ROOTFS_000000000 is loaded and after it BOOTFS_000000000 in the memory area defined earlier in the config file. You can download only one of the above files by editing the config, but the book does not turn on after that.
Editing ini-files in BOOTFS_000000000 is possible with successful subsequent firmware, but there are no visible changes in the book after that.
There was an attempt to change the value of debugenable by flashing the dummy, i.e. removing the [download] and [part num] sections in the config - did not work - livesuite at the end of the firmware gives an error and the book does not turn on.
Over the weekend, the book was 20-30 times flashed, half of them were not included. Always rescued 10 seconds by pressing the power button and then sticking it into the computer, where open LiveSuite was waiting. Only once, it did not help - I had to short the legs of the memory chip.
For now, I’m thinking that you can’t do without a full-scale packer for the sc9800.
Is anyone here with friends? You can check - is it a so-called? Packed iso image of the firmware with a compressed lzma RAM disk - CRAMFS-LZMA.
Link:http://bitsum.com/firmware_mod_kit.htmThere is some toolkit for working with such a thing.
Link:http://bitsum.com/firmware_mod_kit.htmThere is some toolkit for working with such a thing.
losber
I will quote then the words Dipal:
Tomorrow I think everything will work out.
Post has been editedRedscorpio - 20.01.12, 22:44
Losber @ 11/28/2011, 10:47 PM
DiPal replied about the packing.
I will quote then the words Dipal:
My code: lzma.exe e -d14 Rootfs000000.img Rootfs000000.lza
Version lzma to flashlight. However, due to the size change, the headers need to be reworked:
/*
0 dw
4 dw
8 2dw = string_short
0x10 4dw = string long
0x20 dw
0x24 dw
0x28 dw = image_size
0x2c dw = image_offset
0x30 dw
0x34 string with file name
*/
Version lzma to flashlight. However, due to the size change, the headers need to be reworked:
/*
0 dw
4 dw
8 2dw = string_short
0x10 4dw = string long
0x20 dw
0x24 dw
0x28 dw = image_size
0x2c dw = image_offset
0x30 dw
0x34 string with file name
*/
Tomorrow I think everything will work out.
Post has been editedRedscorpio - 20.01.12, 22:44
A Th there is clear - 2 batch file in the archive to decompress and wrapping. Losses is the most important thing - to change the firmware code arm under him and the worst. And immediately the question - in my player and kakby chitalke texet t-929hd have a file bookengine.mod, which Deepa and writing, this is the elf file with the already designated functions, but there is a reference to the function of other parts of what proshivki.Sobstvenno this is part of the firmware (firmware), and at what address to ship it to go? (Or what address it with Slip bookengine).
And I have already improved something myself in the player: in the file movie.axf (which is responsible for the video) I reduced the time for displaying the video of the entire file information, player icons, rewind, etc. on the screen. This infa was removed from my machine somewhere after 4-5 seconds, I did 1 second.
©savagemessiahzine.com2005-2020 All rights reserved.
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement