FreeCalypso > hg > freecalypso-reveng
annotate compal/audio/omr-guide @ 385:79e512a21e02
pirelli/audio-tones: busy tone captured
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Wed, 10 Nov 2021 02:35:20 +0000 |
parents | a760a5eeed65 |
children |
rev | line source |
---|---|
379
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 When a C139 phone is booted up with a headset jack serial cable already |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 inserted, it behaves in an interesting manner: if you *don't* perform the |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 **16379# step, rvinterf running on the host won't see any output from the phone |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 beyond a little bit on boot, but if you send an omr command through fc-tmsh, |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 you get a response! The same behaviour occurs if you first boot the phone |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 normally with nothing in the headset jack, then insert the serial cable. It |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 looks like the electrical switch inside the phone is still set to connect the |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 headset jack to the UART, but the firmware suppresses its continuous trace |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 output beyond TM responses. |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 Using this omr method, I was able to read the same DSP API words which we have |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 previously read via tfc139 break-in method; the bytes read via omr out of DSP |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 API memory locations corresponding to FIR coefficients and AEC config match what |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 we got via tfc139 break-in followed by fc-loadtool peeking. |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 Now comes the next ambitious part: we know that oabbr is broken in Compal's fw |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 and thus can't be used to read ABB registers, but at least in TI's reference fw |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 the writes to Iota VBC registers are done via the DSP, rather than via the MCU |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 to ABB interface. Does Compal's fw do likewise? Can we read out DSP API words |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 through which these VBC registers are written? Let's give it a try! We need |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 to begin by calculating the absolute addresses which we will need to read via |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 omr: |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 DSP NDB start address is 0xFFD001A8 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 d_vbctrl1 addr: 0xFFD001A8 + 0x44 = 0xFFD001EC |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 d_vbctrl2 addr: 0xFFD001A8 + 0x2E = 0xFFD001D6 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 d_vbuctrl addr: 0xFFD001A8 + 0x34 = 0xFFD001DC |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 d_vbdctrl addr: 0xFFD001A8 + 0x36 = 0xFFD001DE |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 Result: the bytes read out via omr do match what we got earlier by breaking in |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 with tfc139 and reading the ABB registers via abbr in fc-loadtool! This |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 observation gives us hope: if we do build the special hardware hack for |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 connecting to UART signal contact pads without going through the headset jack, |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 then there is a good chance that we will be able to use omr to read out the |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 firmware's audio settings for the handheld mode. Furthermore, if we don't |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 trigger the switch into headset mode and if we don't kill the fw with tfc139, |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 then we may be able to do omr readouts while the fw is running with a SIM, |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 connected to a GSM network, and making a call - a confidence boost for the |
a760a5eeed65
compal/audio/omr-guide: another avenue of investigation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 audio settings, plus we may be able to figure out how volume control works. |