FreeCalypso > hg > freecalypso-reveng
diff mysteryffs/README @ 21:d41c555d7f1d
beginning to explore MysteryFFS
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Sat, 18 May 2013 08:22:15 +0000 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mysteryffs/README Sat May 18 08:22:15 2013 +0000 @@ -0,0 +1,35 @@ +MysteryFFS is my (Michael Spacefalcon's) arbitrarily-chosen nickname for the +flash file system found in at least two Calypso/Riviera-based GSM phone or +modem SW designs: Pirelli DP-L10 and Closedmoko GTA0x. + +The FFS implementation which I have nicknamed MysteryFFS is identifiable by the +following magic at the beginning of every flash erase unit used by this FFS: + +00000000: 46 66 73 23 10 02 FF FF AB FF FF FF FF FF FF FF Ffs#............ + +The byte at offset 8 into the erase unit (AB in the illustration above) +has been observed to be one of 3 possibilities: + +AB: this erase unit appears to be the active index block +BD: regular data block +BF: last block of the flash "partition" used for the FFS + +On the Pirelli this MysteryFFS takes up the first 4.5 MiB (18 erase units +of 256 KiB each) of the 2nd flash chip select (nCS3). On the Closedmoko +it lives in the second half of the last megabyte of the 4 MiB flash chip, +taking up 7 erase units of 64 KiB each, i.e., spanning absolute flash chip +offsets from 0x380000 through 0x3EFFFF. + +(The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank + division between the first 3 MiB and the last 1 MiB. The first 3 MiB are used + to hold the field-flashable closed firmware images distributed as *.m0 files; + the independent last megabyte holds the FFS, and thus the FW could be + implemented to do FFS writes while running from flash in the main bank. + Less than half of that last megabyte appears to be used for the FFS though; + the rest appears to be unused - blank flash observed.) + +I have nicknamed this flash file system MysteryFFS because I haven't been able +to identify it as any known FFS design. The FFS implemented in the liberated +TSM30 code appears to be different, hence that source is not of much help. +Therefore, I am reverse-engineering this MysteryFFS in order to extract the +file system content from my Pirelli phones and from my GTA02.