April 25, 2004
now i tried my JTAG interface with an GL-2422AP Wireless LAN AccessPoint
and had success in stepping and debugging the ARM7 core in it.
so i'm sure my interface works :)
here a picture of the JTAG connector in the left lower corner of the PCB
here the complete AP board:
 [more] Comments (2)
|
April 22, 2004
yep.. im trying to debug the DCT4 via its JTAG interface..
trying... no success yet.. the device - a 6310i - doesnt even response!
the old 6110 instead gave me at least the JTAG IDCODE for the ARM7 processor
[more] Comments (2)
|
April 14, 2004
yeah, GsmCyber added the "gallery" which contains some cool images and videos :)
the first thing i did, was setting the coolest video as startupanimation hehehe
looks amazing :)
now we just miss a cool charger animation!
i changed the charger routine to check the keypad all the time (1/sec) which will result in a reboot when u press it :)
but i think its better placed in the inthandler routine.. isnt it? [more] Comments (2)
|
April 11, 2004
u know the chargemode of n*kia phone? when the phone is powered off and connected to a charger it acts dead and shows a little progress bar..
i did something similar for MADos now..
thanks to MADos Studio by spaceimpact its an easy thing to make animations for chief359's cool animation thread :)
BTW: i updated the embed linker files to allow up to 200K PPM usage...
it should work now to make a fullembed file [more] Comments (0)
|
April 10, 2004
VeZzDeveloper finally made it :)
full sim lowlevel interface yeah! as soon it is working smoothly, i will commit it into CVS :) [more] Comments (1)
|
März 30, 2004
nok5rev and i currently try our best on the DCT4 flashfiles.. we discovered some things about the encryption, but its still not enough.
the flashfile is organized in halfword blocks (2 byte). every halfword is encoded with some cheap XOR-mask based on the bits set in the initial value and additionally encoded by a value based on the address.
if someone thinks he has an idea about the algo used, or even some tips or code, dont hesitate to contact me via email: geggo@g3gg0.dyndns.org [more] Comments (11)
|
März 8, 2004
now i added some info about the betapump, my control software for the PUMP hardware MP3 player.
some images will follow :) [more] Comments (2)
|
März 4, 2004
somehow i got stuck in CounterStrike when i switched tasks while joining a team.. i stayed outside the game and got killed one time. then i tasked back and could carry some more weapons with me :D these stayed even if i were dead lol
here a little demo :) [more] Comments (7)
|
März 4, 2004
hey you nerds!
sign my guestbook :D im happy about every entry there ;)
so dont be shy and sign it! [more] Comments (4)
|
Februar 28, 2004
together with Handycracker2k2 i found out the structure of the DCT4 flash file header. i didnt find a description of it in the net, so i started analyzing it.
its very easy, at least easier than i thought. but there are many sequences that i dont understand. but its a good start anyway :)
the file starts with 0xA0 0xA1 or 0xA1 depending on type (preloader, 2nd bootloader or flashfile).
then one dword that tells the number of bytes that will follow.
now one dword telling us the number of sequences to go.
a sequence consists of a command (e.g. 0xC3 for algorithm info) followed by a byte saying how many data bytes will follow for this command. after n bytes of payload the next command follows.
here a example:
---------
3510
---------
A2 // header start
00 00 00 C9 // number of bytes until data
00 00 00 0C // nr of sequences
C8 10 01 00 00 00 // erase addresses
01 00 FF FF
01 01 00 00
01 7E FF FF
C2 05 44 43 54 34 00 // flash info
C3 0F 44 43 54 34 20 41 4C 47 4F 52 49 54 48 4D 00 // algorithm
C9 01 08 // 8 sequences from here until data comes
CA 02 0D 0C
CB 20 E4 01 20 C2 00 01 00 1F 00 03 00 00 00 00 FF FF
00 00 00 00 23 5C 04 0F 00 00 03 40 C6 05 22 90
CD 08 00 01 86 A0 00 00 00 00
CE 08 00 63 2E A0 00 00 00 00
CF 08 00 63 2E A0 00 00 00 00
D1 08 00 00 C7 38 00 00 00 00
D4 06 01 21
01 20
11 20
D3 40 70 83 AD 92 7C 12 F7 52 C8 F7 1F 4E 7C C8 07 A5 // 512 bit signed hash?
07 0F F0 02 9A 2B FC 1C EB 37 C0 93 46 17 37 F9
CD FE 26 7C B1 B5 20 E4 93 E0 68 80 93 AB B9 3A
FC DB DD 3C FD AC EE 69 2C 03 D4 A0 C6 9D C2 E5
// data
14 01 00 00 00 1E 00 00 2C B4 AD 7E B6 1A 1B BE 0B E2 7D 58 6B....
[more] Comments (2)
|
Februar 20, 2004
i added 5110 support to the MADos sources...
its not really usable yet, but it will provide LCD and LED access right now.
CCONT seems not to be resettable yet... but we have to figure out that all
at least it works somehow and its a good start :)
BTW: 6110 is the same ;) [more] Comments (23)
|
Februar 16, 2004
yess.. VeZzDeveloper did it!
now you can read the SIM's ATR string via the test->sim menu.
i guess another 2 or 3 weeks and we get full SIM access :)
who does the SIM protocol stack? ;)
EDIT:
here some SIM infos :)
http://www.hackersrussia.ru/Cards/ASyncro/Someinfo_eng.php [more] Comments (3)
|
Februar 15, 2004
now using the real algorithm instead of emulating a rewritten PIC16F84 image ;)
its much faster now ;p [more] Comments (3)
|
Februar 7, 2004
so now im skiing until friday.. have a nice week :) [more] Comments (3)
|
Februar 6, 2004
Thanks to nok5rev, we have now a DCT-3 calc in MADos :)
for now you can only calculate Lock1..
but i was told, if you use the GID1 as Provider-ID, you get the Lock2 code.. i have to make a frontend for it and check that :)
but for now we have at least a DCT-3 calc [more] Comments (11)
|
Februar 5, 2004
ROFL! [more] Comments (4)
|
Februar 1, 2004
yep i aligned the header placement now at DWORD start..
ARM and PC should be working now... (the 3rd time *g)
BTW: append mode works also ;) [more] Comments (1)
|
Februar 1, 2004
hmmh i realized that the FFS works perfect on PC.. but in the phone it hangs sometimes. now i found out that this is because we can only read DWORDs from DWORD aligned addresses (4 byte aligned)
a shame i forgot this ;(
should i make the headers also 4-byte aligned od shall i write a "read-out" routine which also will fix the endianess problems? [more] Comments (0)
|
Januar 30, 2004
so for now FFS/FS supports the most basic functions and it works!
fs_fopen, fs_fread, fs_fwrite, fs_unlink
FILE *fs_fopen ( const char *name, const char *mode )
name: the filename
mode: "r" for read only, "w" for write only/overwrite, "a" for appending (not working yet)
the others work like you expect from the ANSI functions (i hope)
of course its just tested a little bit at home, so no guarantee it will work always and perfect... thats something you have to proof ;) [more] Comments (2)
|
Januar 29, 2004 yesterday i tried to do a ffs_fwrite :)
lets see if it somehow hits the one it should get...
but i didnt check it yet, so its still just <experimental> [more] Comments (0)
|
