view mysteryffs/README @ 109:e40592990516

C156 boot code cracked
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Mon, 31 Mar 2014 19:06:33 +0000
parents d41c555d7f1d
children
line wrap: on
line source

MysteryFFS is my (Michael Spacefalcon's) arbitrarily-chosen nickname for the
flash file system found in at least two Calypso/Riviera-based GSM phone or
modem SW designs: Pirelli DP-L10 and Closedmoko GTA0x.

The FFS implementation which I have nicknamed MysteryFFS is identifiable by the
following magic at the beginning of every flash erase unit used by this FFS:

00000000:  46 66 73 23 10 02 FF FF  AB FF FF FF FF FF FF FF  Ffs#............

The byte at offset 8 into the erase unit (AB in the illustration above)
has been observed to be one of 3 possibilities:

AB:	this erase unit appears to be the active index block
BD:	regular data block
BF:	last block of the flash "partition" used for the FFS

On the Pirelli this MysteryFFS takes up the first 4.5 MiB (18 erase units
of 256 KiB each) of the 2nd flash chip select (nCS3).  On the Closedmoko
it lives in the second half of the last megabyte of the 4 MiB flash chip,
taking up 7 erase units of 64 KiB each, i.e., spanning absolute flash chip
offsets from 0x380000 through 0x3EFFFF.

(The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank
 division between the first 3 MiB and the last 1 MiB.  The first 3 MiB are used
 to hold the field-flashable closed firmware images distributed as *.m0 files;
 the independent last megabyte holds the FFS, and thus the FW could be
 implemented to do FFS writes while running from flash in the main bank.
 Less than half of that last megabyte appears to be used for the FFS though;
 the rest appears to be unused - blank flash observed.)

I have nicknamed this flash file system MysteryFFS because I haven't been able
to identify it as any known FFS design.  The FFS implemented in the liberated
TSM30 code appears to be different, hence that source is not of much help.
Therefore, I am reverse-engineering this MysteryFFS in order to extract the
file system content from my Pirelli phones and from my GTA02.