view leo-obj/README @ 161:237bb836521d

starting to examine Tracfone's locked C139 bootloader
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Thu, 15 May 2014 20:10:25 +0000
parents 21fda9752bd9
children 006d6de4ec6b
line wrap: on
line source

TI's TCS211 aka Leonardo firmware is a mixture of C sources and linkable object
modules (packaged into archive libraries) in the COFF format used by TI's TMS470
compiler toolchain.  One of the goals of the FreeCalypso project is to transform
this firmware into full C source by analyzing the COFF object blobs with a tool
that groks the symbolic information present therein, then replacing each blob
either with a matching source piece from another TI firmware leak (e.g., the one
in ftp.ifctf.org:/pub/GSM/LoCosto) or with newly written C code that exports
the same functions and global variables etc, with logic inside matching the
disassembly of the original.

The present directory tree holds the just-described project - running 'make'
here will first build the tiobjd tool, then run this tool on a bunch of TI's
objects, applying some hand-added disassembly hints in many cases.

It is noteworthy that there are two kinds of COFF object blobs present in the
TCS211 semi-src, with respect to the amount of symbolic information present
therein.  The objects contained in the binary libraries under
g23m/__out__/gsm_<blah>/lib have just the minimal amount of symbolic info
needed in order for these objects to be relocatable and linkable, whereas the
objects in the GPF libraries under gpf/LIB exhibit much richer "-g"-style
symbolic information.  Our current tiobjd tool does not really take advantage
of the richer symbolic info yet, but more work is planned in that area.