FreeCalypso > hg > freecalypso-tools
annotate rvinterf/doc/tfc139.usage @ 407:19e5a3e2f9c0
fcup-settime: moved time() retrieval a little closer to the output
A fundamental problem with all simple time transfer tools is that there is
always some delay between the time retrieval on the source system and that
transmitted time being set on the destination, and the resulting time
on the destination system is off by that delay amount. This delay cannot
be fully eliminated when working in a simple environment like ours,
but we should make our best effort to minimize it. In the present case,
moving the atinterf_init() call before the time() retrieval should make
a teensy-tiny improvement.
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sat, 11 Aug 2018 21:52:17 +0000 |
| parents | e7502631a0f9 |
| children |
| rev | line source |
|---|---|
|
0
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 The tfc139 hack-utility (see ../../doc/Compal-unlock) is based on the |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 rvinterf/rvtdump skeleton, and it needs to be invoked as follows: |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 tfc139 [options] /dev/ttyXXX |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 In the well-tested use case of breaking into TFC139 phones with fw version |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 8.8.17, no options are normally needed, but the following options are supported: |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 -a address |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 This option changes the RAM address into which the "shellcode" is to be |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 written; the argument is always interpreted as hex. The default is |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 0x800000, as used by the mot931c.exe closed source tool on whose |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 reverse-engineering our hack-utility is based. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 -B baud |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 This option changes the serial baud rate just like in rvinterf and |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 rvtdump, but the default is 57600 as needed for breaking into TFC139 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 firmware. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 -l logfile |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 Log activity in a file, just like rvinterf and rvtdump. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 -s address |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 Just like mot931c.exe has been observed to do, we start our stack |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 smashing attempts at a certain address, and keep incrementing by 4 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 until we either succeed or crash the fw in some other way that does not |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 help us. This option changes the starting address for these stack |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 smashing attempts; the argument is always interpreted as hex. The |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 default is 0x837C54, as observed from the reverse engineering of |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 mot931c. |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 -w number_in_seconds |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 |
|
e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 See rvinterf.usage; the option is the same for tfc139 as for rvinterf. |