FreeCalypso > hg > freecalypso-reveng
comparison mysteryffs/README @ 21:d41c555d7f1d
beginning to explore MysteryFFS
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Sat, 18 May 2013 08:22:15 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 20:a52e76c12e6b | 21:d41c555d7f1d |
|---|---|
| 1 MysteryFFS is my (Michael Spacefalcon's) arbitrarily-chosen nickname for the | |
| 2 flash file system found in at least two Calypso/Riviera-based GSM phone or | |
| 3 modem SW designs: Pirelli DP-L10 and Closedmoko GTA0x. | |
| 4 | |
| 5 The FFS implementation which I have nicknamed MysteryFFS is identifiable by the | |
| 6 following magic at the beginning of every flash erase unit used by this FFS: | |
| 7 | |
| 8 00000000: 46 66 73 23 10 02 FF FF AB FF FF FF FF FF FF FF Ffs#............ | |
| 9 | |
| 10 The byte at offset 8 into the erase unit (AB in the illustration above) | |
| 11 has been observed to be one of 3 possibilities: | |
| 12 | |
| 13 AB: this erase unit appears to be the active index block | |
| 14 BD: regular data block | |
| 15 BF: last block of the flash "partition" used for the FFS | |
| 16 | |
| 17 On the Pirelli this MysteryFFS takes up the first 4.5 MiB (18 erase units | |
| 18 of 256 KiB each) of the 2nd flash chip select (nCS3). On the Closedmoko | |
| 19 it lives in the second half of the last megabyte of the 4 MiB flash chip, | |
| 20 taking up 7 erase units of 64 KiB each, i.e., spanning absolute flash chip | |
| 21 offsets from 0x380000 through 0x3EFFFF. | |
| 22 | |
| 23 (The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank | |
| 24 division between the first 3 MiB and the last 1 MiB. The first 3 MiB are used | |
| 25 to hold the field-flashable closed firmware images distributed as *.m0 files; | |
| 26 the independent last megabyte holds the FFS, and thus the FW could be | |
| 27 implemented to do FFS writes while running from flash in the main bank. | |
| 28 Less than half of that last megabyte appears to be used for the FFS though; | |
| 29 the rest appears to be unused - blank flash observed.) | |
| 30 | |
| 31 I have nicknamed this flash file system MysteryFFS because I haven't been able | |
| 32 to identify it as any known FFS design. The FFS implemented in the liberated | |
| 33 TSM30 code appears to be different, hence that source is not of much help. | |
| 34 Therefore, I am reverse-engineering this MysteryFFS in order to extract the | |
| 35 file system content from my Pirelli phones and from my GTA02. |