annotate mysteryffs/README @ 111:0f94d17899b3

tiobjd: disassembly integrated, no relocs or hints yet
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Thu, 03 Apr 2014 05:14:15 +0000
parents d41c555d7f1d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
21
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 MysteryFFS is my (Michael Spacefalcon's) arbitrarily-chosen nickname for the
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 flash file system found in at least two Calypso/Riviera-based GSM phone or
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3 modem SW designs: Pirelli DP-L10 and Closedmoko GTA0x.
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 The FFS implementation which I have nicknamed MysteryFFS is identifiable by the
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6 following magic at the beginning of every flash erase unit used by this FFS:
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 00000000: 46 66 73 23 10 02 FF FF AB FF FF FF FF FF FF FF Ffs#............
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10 The byte at offset 8 into the erase unit (AB in the illustration above)
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 has been observed to be one of 3 possibilities:
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
12
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
13 AB: this erase unit appears to be the active index block
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
14 BD: regular data block
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
15 BF: last block of the flash "partition" used for the FFS
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
16
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
17 On the Pirelli this MysteryFFS takes up the first 4.5 MiB (18 erase units
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
18 of 256 KiB each) of the 2nd flash chip select (nCS3). On the Closedmoko
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
19 it lives in the second half of the last megabyte of the 4 MiB flash chip,
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
20 taking up 7 erase units of 64 KiB each, i.e., spanning absolute flash chip
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
21 offsets from 0x380000 through 0x3EFFFF.
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
22
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
23 (The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
24 division between the first 3 MiB and the last 1 MiB. The first 3 MiB are used
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
25 to hold the field-flashable closed firmware images distributed as *.m0 files;
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
26 the independent last megabyte holds the FFS, and thus the FW could be
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
27 implemented to do FFS writes while running from flash in the main bank.
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
28 Less than half of that last megabyte appears to be used for the FFS though;
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
29 the rest appears to be unused - blank flash observed.)
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
30
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
31 I have nicknamed this flash file system MysteryFFS because I haven't been able
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
32 to identify it as any known FFS design. The FFS implemented in the liberated
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
33 TSM30 code appears to be different, hence that source is not of much help.
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
34 Therefore, I am reverse-engineering this MysteryFFS in order to extract the
d41c555d7f1d beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
35 file system content from my Pirelli phones and from my GTA02.