From S1MP3 Wiki
Jump to: navigation, search

About Loadram

Loadram is a program written by Sprite_tm which allows to load and execute Z80 compiled binary code on your s1mp3 device over the USB-bus. It's meant to allow testing of an .AP without creating a completely new firmware image and re-flashing the player with it. It works under Linux as well as Windows.

Download loadram from the following location(s):


How to setup your system

The program is based on libusb, a portable open-source usb library.

On Windows:

  • Uninstall the ADFU driver from Actions (if installed)
  • Install the Swan ADFU driver supplied with the loadram package (/bin/driver/ folder)

On Linux and other *nixes:

  • Install libusb on your system

How to use

The program can be used to upload small subroutines as well as large programs.

  • Set your s1mp3 the the firmware upgrade mode on the SYS menu
  • Subroutine upload: Run loadram program.bin - this will send the program.bin binary to the s1mp3 and execute it. The program should be linked to run from address 0x3400; that's where it's going to be put in ram. The upload will fail at least for programs >3072 (=0xc00) bytes; the secondary loader will be needed to exceed that limit.
  • Application upload: Run loadram 2ndstage.bin program.bin - this will send the program.bin binary to the s1mp3 and execute it. The program should be linked to run from address 0x600; it's put in RAM starting at address 0, though, so a header of 0x600 bytes might be needed. This upload method supports binaries of up to 14K (14336 bytes, to be exact)

You will need z88dk or any z80 compiler or assembler to make the z80 binaries executable by the s1mp3. The S1SDK can be used to generate .ap-files that can be loaded by the 2nd-stage loader.

How does it work

When a player contains the wrong firmware in the flash chip, the ADFU driver uploads a few programs to the Z80 RAM and executes them in order to find out the flash type and re-load the proper firmware. Studying a plain USB dump of that process was possible to recreate this functionality. Loadram executes the following 2 steps:

  1. overwrite memory starting from address 0x3400 with the contents of the binary
  2. send an execute command to ATJ20xx to execute the uploaded binary

Version 0.2 supports the upload of larger programs through a second-stage loader implanted at 0x3800, which then proceeds to overwrite the memory under it with data read from the USB-port; finally the execution point is set to address 0x600 through a simple jump instruction. AP files generated by the s1sdk can be tested this way.


The package comes with two examples.

Related pages