Absolute call adresses in S8000UZCJC1 firmware

Bootloader development related

Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Wed Dec 29, 2010 10:12 am

00002328h+0x51400000-0x800 LCD_InitWin
0000243ch+0x51400000-0x800 OneNAND_Init
00002ba8h+0x51400000-0x800 LaunchNucleus
000031b0h+0x51400000-0x800 more_GPIO_setup
00003390h+0x51400000-0x800 SelectBootingMode
00015af8h+0x51400000-0x800 sub_514152F8
00018cd0h+0x51400000-0xDAC sub_51417f24
00018d4ch+0x51400000-0xDAC sub_51417fa0
00018df8h+0x51400000-0xDAC sub_5141804c
00019080h+0x51400000-0xDAC LCD_print
00019228h+0x51400000-0xDAC LCD_clear_screen
00019244h+0x51400000-0xDAC Samsung_boot_logo
000192d8h+0x51400000-0xDAC MSG_UPLOAD_data_to_pc (NOT USED)
000193f8h+0x51400000-0xDAC LCD_blue_screen (NOT USED)
0001ab10h+0x51400000-0xDAC PMIC_LUT1_write
0001ab4ch+0x51400000-0xDAC PMIC_LUT1_read
0001aa3ch+0x51400000-0xDAC PMIC_LUT2_write
0001aab8h+0x51400000-0xDAC PMIC_LUT2_read
0001bccch+0x51400000-0xDAC PMIC_set_reg_SRAMEN_MVTEN_LDOAEN
0001a5e8h+0x51400000-0xDAC Baseband_Init
00031d2ch+0x51400000-0xDAC sub_51430f80
00038e24h+0x51400000-0xDAC GPIO_LUT_sub_A
00038ea4h+0x51400000-0xDAC PIO_LUT_sub_B
00038f0ch+0x51400000-0xDAC GPIO_LUT_sub_C
00038f70h+0x51400000-0xDAC GPIO_LUT_sub_D

pre_start.S
Code: Select all
/*
* Long Distance Jumps
*/



adr_more_GPIO_setup:   .word   0x514029b0
jump_more_GPIO_setup:
   ldr   pc, adr_more_GPIO_setup   

adr_SelectBootingMode:   .word   0x51402B90
jump_SelectBootingMode:
   ldr   pc, adr_SelectBootingMode   

adr_sub_514152F8:   .word   0x514152F8
jump_sub_514152f8:
   ldr   pc, adr_sub_514152F8   

adr_sub_51417f24:   .word   0x51417f24+0x5AC
jump_sub_51417f24:
   ldr   pc, adr_sub_51417f24

adr_sub_51417fa0:   .word   0x51417fa0+0x5AC
jump_sub_51417fa0:
   ldr   pc, adr_sub_51417fa0

adr_sub_5141804c:   .word   0x5141804c+0x5AC
jump_sub_5141804c:
   ldr   pc, adr_sub_5141804c

adr_PMIC_LUT1_write:   .word   0x51419D64+0x5AC
jump_PMIC_LUT1_write:
   ldr   pc, adr_PMIC_LUT1_write

adr_PMIC_LUT1_read:   .word   0x51419DA0+0x5AC
jump_PMIC_LUT1_read:
   ldr   pc, adr_PMIC_LUT1_read   

adr_PMIC_LUT2_write:   .word   0x51419C90+0x5AC
jump_PMIC_LUT2_write:
   ldr   pc, adr_PMIC_LUT2_write

adr_PMIC_LUT2_read:   .word   0x51419d0c+0x5AC
jump_PMIC_LUT2_read:
   ldr   pc, adr_PMIC_LUT2_read

adr_PMIC_set_reg_SRAMEN_MVTEN_LDOAEN:   .word   0x5141AF20+0x5AC
jump_PMIC_set_reg_SRAMEN_MVTEN_LDOAEN:
   ldr   pc, adr_PMIC_set_reg_SRAMEN_MVTEN_LDOAEN   

adr_sub_51430f80:   .word   0x51430f80+0x5AC
jump_sub_51430f80:
   ldr   pc, adr_sub_51430f80

adr_GPIO_LUT_sub_A:   .word   0x51438078+0x5AC
jump_GPIO_LUT_sub_A:
   ldr   pc, adr_GPIO_LUT_sub_A

adr_GPIO_LUT_sub_B:   .word   0x514380F8+0x5AC
jump_GPIO_LUT_sub_B:
   ldr   pc, adr_GPIO_LUT_sub_B

adr_GPIO_LUT_sub_C:   .word   0x51438160+0x5AC
jump_GPIO_LUT_sub_C:
   ldr   pc, adr_GPIO_LUT_sub_C

adr_GPIO_LUT_sub_D:   .word   0x514381C4+0x5AC
jump_GPIO_LUT_sub_D:
   ldr   pc, adr_GPIO_LUT_sub_D

boot_loader_interface.c
Code: Select all
/*
* Long Distance Jumps
*/

void jump_OneNAND_Init (void)
{
asm volatile (
   "ldr   pc, adr_OneNAND_Init\n\t"
   "adr_OneNAND_Init:   .word   0x51401C3C\n\t"
);
}

void jump_LaunchNucleus (void)
{
asm volatile (
   "ldr   pc, adr_LaunchNucleus\n\t"
   "adr_LaunchNucleus:   .word   0x514023A8"
);
}   

void jump_Baseband_Init (void)
{
asm volatile (
   "stmfd   sp!, {r1-r4,lr}\n\t"
   "ldr   r0, adr_Baseband_Init\n\t"
   "blx   r0\n\t"
   "ldmfd   sp!, {r1-r4,pc}\n\t"
   "adr_Baseband_Init:   .word   0x5141983C+0x5AC"
);
}

void jump_LCD_InitWin (void)
{
asm volatile (
   "ldr   pc, adr_LCD_InitWin\n\t"
   "adr_LCD_InitWin:   .word   0x51401B28"
);
}

void jump_LCD_clear_screen (void)
{
asm volatile (
   "ldr   pc, adr_LCD_clear_screen\n\t"
   "adr_LCD_clear_screen:   .word   0x5141847C+0x5AC"
);
}

void jump_Samsung_boot_logo (void)
{
asm volatile (
   "ldr   pc, adr_Samsung_boot_logo\n\t"
   "adr_Samsung_boot_logo:   .word   0x51418498+0x5AC"
);
}

void jump_LCD_blue_screen (void)
{
asm volatile (
   "ldr   pc, adr_LCD_blue_screen\n\t"
   "adr_LCD_blue_screen:   .word   0x5141864C+0x5AC"
);
}

void jump_LCD_print (void)
{
asm volatile (
//   "ldr   pc, adr_LCD_print\n\t"
   "stmfd   sp!, {r0-r4,lr}\n\t"
   "ldr   r4, adr_LCD_print\n\t"
   "blx   r4\n\t"
   "ldmfd   sp!, {r0-r4,pc}\n\t"
   "adr_LCD_print:   .word   0x514182D4+0x5AC\n\t"
);
}   

void jump_MSG_UPLOAD_data_to_pc (void)
{
asm volatile (
   "ldr   pc, adr_MSG_UPLOAD_data_to_pc\n\t"
   "adr_MSG_UPLOAD_data_to_pc:   .word   0x5141852C+0x5AC"
);
}   


and form S8000UZCJC1 boot_loader.mbn (0x800 to end ) get boot_loader.little.S

then rebuild

but error
Code: Select all
../android/prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-ld: section .jetqi [00048000 -> 00048e9f] overlaps section .oldboot [00000800 -> 00049c8f]


it is mean boot_loader.little.S is big

so need to revision qi.lds
Code: Select all
__jetqi_location = 0x48000;

Code: Select all
__jetqi_location = 0x58000;


is ok? is there other codes need to revision ?
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am

Advertisement

       

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby Dopi » Sun Jan 02, 2011 11:20 pm

cx_star wrote:is ok? is there other codes need to revision ?

I don't think there is any need to change more files.

Did you exchange the boot_loader.little.S file with code from S8000UZCJC1 firmware? Before you try to flash this bootloader I can try to check the source.

Cheers,
Dopi
Ad banners support the JetDroid forum. Please consider clicking them once in a while.
User avatar
Dopi
Dev Team
Dev Team
 
Posts: 926
Joined: Sun Aug 22, 2010 9:47 pm

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Mon Jan 03, 2011 6:34 am

Dopi wrote:
cx_star wrote:is ok? is there other codes need to revision ?

I don't think there is any need to change more files.

Did you exchange the boot_loader.little.S file with code from S8000UZCJC1 firmware? Before you try to flash this bootloader I can try to check the source.

Cheers,
Dopi


yes,form S8000UZCJC1 boot_loader.mbn 0x800 to end get boot_loader.little.S

i have tried,and the phone dead, so i am finding the way to repair it.

how send the codes to you?
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Sat Jan 08, 2011 4:33 am

i have more carefully read the codes again, and found the mistake.
in the file "start.s", line 332:
Code: Select all
_old_new_base:
.word 0x5140000 + 0x4800 - 0x800


the 0x4800 shound be changed to 0x5800.

oh,my lady gaga.....my poor phone :cry:

but i think this mistake just impact the launch of jetdriod, why the old system also dead .
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby Dopi » Sat Jan 08, 2011 10:55 am

cx_star wrote:the 0x4800 shound be changed to 0x5800.

oh,my lady gaga.....my poor phone :cry:

but i think this mistake just impact the launch of jetdriod, why the old system also dead .

Yes, this is what I also don't understand. The decision to jump to JetDroid or to the Samsung system is made in the first 0x800 bytes of the bootloader. If there is now change between the old and the patched bootloader the old system should start okay. Your diff of this section was looking okay, thus I am a little confused :? I have to look into this first section again ...

Did you make any progress in connecting your phone via JTAG?

Cheers,
Dopi
Ad banners support the JetDroid forum. Please consider clicking them once in a while.
User avatar
Dopi
Dev Team
Dev Team
 
Posts: 926
Joined: Sun Aug 22, 2010 9:47 pm

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Sat Jan 08, 2011 2:09 pm

Dopi wrote:
cx_star wrote:the 0x4800 shound be changed to 0x5800.

oh,my lady gaga.....my poor phone :cry:

but i think this mistake just impact the launch of jetdriod, why the old system also dead .

Yes, this is what I also don't understand. The decision to jump to JetDroid or to the Samsung system is made in the first 0x800 bytes of the bootloader. If there is now change between the old and the patched bootloader the old system should start okay. Your diff of this section was looking okay, thus I am a little confused :? I have to look into this first section again ...

Did you make any progress in connecting your phone via JTAG?

Cheers,
Dopi


not any progress ,is just connected. i have no idea to do next....

if boot from SD is advisable , i want to transplant a u-boot ,and use it to rewrite onenand .
i need a serial to print debug message, there is some information in the JetQi ,but i don't kwon how is work.the debug message is just sended by usb?
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby Dopi » Sat Jan 08, 2011 6:26 pm

cx_star wrote:not any progress ,is just connected. i have no idea to do next....

What kind of JTAG tool do you have? I saw that there are memory dumps for ORT (Omnia Repair Tool) around. Maybe you can use this.

cx_star wrote:if boot from SD is advisable , i want to transplant a u-boot ,and use it to rewrite onenand .
i need a serial to print debug message, there is some information in the JetQi ,but i don't kwon how is work.the debug message is just sended by usb?

I am not sure about the serial or USB debugging. I never used any serial output.

Regarding the SD-card: I would try first to write the original bootloader image to SD-card. If you can boot that you should be able to get into the bootloader SD-download mode. What do you think?

Cheers,
Dopi
Ad banners support the JetDroid forum. Please consider clicking them once in a while.
User avatar
Dopi
Dev Team
Dev Team
 
Posts: 926
Joined: Sun Aug 22, 2010 9:47 pm

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Sat Jan 08, 2011 11:29 pm

Dopi wrote:What kind of JTAG tool do you have? I saw that there are memory dumps for ORT (Omnia Repair Tool) around. Maybe you can use this.



it's so expensive .....

i have a j-tag v7, somebody say it support arm11.

Dopi wrote:I am not sure about the serial or USB debugging. I never used any serial output.

Regarding the SD-card: I would try first to write the original bootloader image to SD-card. If you can boot that you should be able to get into the bootloader SD-download mode. What do you think?

Cheers,
Dopi

how you debug or test your program?do you have circuit diagram?
i am downloading the tools. but i have a care, somebody say sd card is supported well,but tf card not.
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby Dopi » Sun Jan 09, 2011 10:05 pm

cx_star wrote:how you debug or test your program?do you have circuit diagram?

I always debugged using on-screen messages and log-files. We have access to parts of the schematic.

cx_star wrote:i am downloading the tools. but i have a care, somebody say sd card is supported well,but tf card not.

tf-cards should be the same as sd-cards. We do have issues with some sd-cards in our bootloader. This does however not mean that these cards won't work with the embedded sd-card access of the S3C6410 processor.

In case you need any more information, please let me know.

Cheers,
Dopi
Ad banners support the JetDroid forum. Please consider clicking them once in a while.
User avatar
Dopi
Dev Team
Dev Team
 
Posts: 926
Joined: Sun Aug 22, 2010 9:47 pm

Re: Absolute call adresses in S8000UZCJC1 firmware

Postby cx_star » Mon Jan 10, 2011 9:45 am

could you send the schematic you know to my email "c00249981@126.com".
thank you !
cx_star
Junior member
Junior member
 
Posts: 42
Joined: Mon Dec 27, 2010 9:56 am


Return to JetQi

Who is online

Users browsing this forum: No registered users and 1 guest

  • Advertisement
cron