FreeCalypso > hg > freecalypso-reveng
annotate mysteryffs/README @ 200:492a6360e64d
leo-obj/frame_na7_db_ir: disassemble frame.obj in order to bring to light
the compiled form of that infamous TraceMask[0] = 0; line
author | Space Falcon <falcon@ivan.Harhan.ORG> |
---|---|
date | Sat, 06 Jun 2015 18:32:49 +0000 |
parents | d41c555d7f1d |
children |
rev | line source |
---|---|
21
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 MysteryFFS is my (Michael Spacefalcon's) arbitrarily-chosen nickname for the |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 flash file system found in at least two Calypso/Riviera-based GSM phone or |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 modem SW designs: Pirelli DP-L10 and Closedmoko GTA0x. |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 The FFS implementation which I have nicknamed MysteryFFS is identifiable by the |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 following magic at the beginning of every flash erase unit used by this FFS: |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 00000000: 46 66 73 23 10 02 FF FF AB FF FF FF FF FF FF FF Ffs#............ |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 The byte at offset 8 into the erase unit (AB in the illustration above) |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 has been observed to be one of 3 possibilities: |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 AB: this erase unit appears to be the active index block |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 BD: regular data block |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 BF: last block of the flash "partition" used for the FFS |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 On the Pirelli this MysteryFFS takes up the first 4.5 MiB (18 erase units |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 of 256 KiB each) of the 2nd flash chip select (nCS3). On the Closedmoko |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 it lives in the second half of the last megabyte of the 4 MiB flash chip, |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 taking up 7 erase units of 64 KiB each, i.e., spanning absolute flash chip |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 offsets from 0x380000 through 0x3EFFFF. |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 (The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 division between the first 3 MiB and the last 1 MiB. The first 3 MiB are used |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 to hold the field-flashable closed firmware images distributed as *.m0 files; |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 the independent last megabyte holds the FFS, and thus the FW could be |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 implemented to do FFS writes while running from flash in the main bank. |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 Less than half of that last megabyte appears to be used for the FFS though; |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 the rest appears to be unused - blank flash observed.) |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
30 |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 I have nicknamed this flash file system MysteryFFS because I haven't been able |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 to identify it as any known FFS design. The FFS implemented in the liberated |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
33 TSM30 code appears to be different, hence that source is not of much help. |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
34 Therefore, I am reverse-engineering this MysteryFFS in order to extract the |
d41c555d7f1d
beginning to explore MysteryFFS
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
35 file system content from my Pirelli phones and from my GTA02. |