User:Amyk

From S1MP3 Wiki

Jump to: navigation, search
  • Firmware and Hardware Researcher
  • Development of Tools for Firmware Manipulation

Contents

Current work

  • Understand firmware file structure
  • Decrypt new encrypted firmware format
  • Understand boot process and ACTOS
    • Detailed understanding of BRECxxx
      • NAND FTL
    • Display controller types and command sets
    • Display controller GPIO connectivity
  • s1emu --- versatile s1mp3 emulator platform
  • Begin work on new AK202x/ATJ211x devices

Random collection of ideas and todo

  • Run AP - load APs from U disk - run homebrew easily on s1
  • Firmware extraction for v9 devices, via flashdump
  • Completely document ADFU protocol
  • Automated detection of LCM controller type and connectivity
    • We know hourglass code is subroutine at 3000 in the BREC.
    • Autotrace and log upper memory and GPIO-related port reads/writes.
    • From memory writes, obtain controller init sequence and match with known sequences.
    • From GPIO-related port reads/writes, obtain connectivity information.

My device

  • ZX-6012M-TSLS v4.0 (ping guo er dai) manufactured by Shenzhen Popchip
    • ATJ2093H SoC
    • Samsung K9LAG08U0M 16Gbit NAND flash
    • CGS150B05 1.5" 128x128 CSTN with Leadis LDS183 controller (Philips PCF8833 compatible)

Connectivity

GPO A2 : backlight on/off
GPIO B4 : LCD controller reset (active low)
GPIO B5 : LCD controller command(low)/data(high)

FWDBINFO
DESC="ping guo er dai"
ID=ZX-6012M-TLS-V4.0
CPU=ATJ2093H
LCM=[
 ID=CGS150B05
 CONTROL=LDS183
 WIDTH=128
 HEIGHT=128
 CE=3
 RST=B4
 CD=B5
 BL=A2
]
KEY=[ -- from schematic, not verified
 MENU=VCC,B2
 LEFT=VCC,B0
 PLAY=B2,E4
 RIGHT=VCC,E4
 VOL=B2,E5
]
Retrieved from "http://wiki.s1mp3.org/User:Amyk"
about this site