Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Page 4 of 8 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 74
  1. #31
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    Quote Originally Posted by haute View Post
    Read region 53 - x%
    1:/5.bin
    What is that? Is that messages displayed on the screen?
    You can actually add the reboot command, so that the device would reboot after performing rrgn.
    Code:
    Please Login or Register to see the links
    Or you can just stop waiting. 99% is enough.
    Last edited by kunix; 11th September 2012 at 10:35 AM.

  2.    Advertissements


  3. #32
    haute
    Guest

    Default

    Update my previous post. you have the bootloader for download.

    my god, how many things I'm learning.

    Very Thx
    Last edited by haute; 11th September 2012 at 11:49 AM.

  4. #33
    haute
    Guest

    Default

    Regions.

    5 - Boot Block (Bootloader)
    12- Boot.bin
    14- Fw_all.bin

    There are others regions?
    The ram memory is a region? it can to bakup it?

  5. #34
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    This link points to the same boot2.80.bin... [Only registered and activated users can see links. ]

    I don't know what's 53 here...
    Also I don't know exactly how many regions are there. It depends on the particular device. I only know that region number is encoded by one byte integer.
    You can try dumping all the regions, but beware that some of them are huge (in particular, region number 48, containing the internal flash drive's filesystem).
    Also you can try disassembling region handling functions. I haven't had time for this. Usually there is some table with region numbers and sizes inside every peace of code (fw_all.bin, boot.bin, bootloader), but some of the regions don't have fixed sizes and some of them are virtual with their contents stored inside files.
    12 is a clearly virtual region, for example. When begin requested to flash region 12 (in pre-boot mode), the bootloader copies the received data into RAM and executes it.

    As far as I know RAM doesn't have a region assigned to it. But it can be dumped with 0x04 USB command. GPSDaemon can do it, for example.
    Last edited by kunix; 11th September 2012 at 12:30 PM.

  6. #35
    haute
    Guest

    Default

    I have not so much knowledge as to create a utility to read the ram via USB 0x04 command.

    There is a standard utility to do this?
    Daemon only read from GPS maps.

  7. #36
    Master
    Join Date
    Feb 2011
    Location
    Sofia
    Age
    38
    Posts
    736
    Rep Power
    222

    Default

    Start in cmd: gpsdaemon -full. But I am not sure about the new etrex as they use new usb interface for communication.

  8. #37
    haute
    Guest

    Default

    Yes it work fine. thx.. i can extract the memory but the region extract not found.
    Last edited by haute; 11th September 2012 at 10:37 PM.

  9. #38
    haute
    Guest

    Default

    Quote Originally Posted by kunix View Post
    Just wondering, what happens if we make MOVS R1,#1 or MOVS R1,#5, which also corespond to eTrex 30 (this fact can be seen at sub_801FAFAA).
    Code:
    Please Login or Register to see the links
    BTW, MOVS R0, R0 is not a good way to insert a NOP instruction, as it may affect flags in CPSR register.
    I can confirm.
    There are at least two models of PCBs, for etrex20/30.

    Model1: In Memory 0x12009000 (i think model of PCB) -> 0x00043f3d
    r0 = 2 for etrex20
    r0 = 3 for etrex30

    Model2: in Memory 0x12009000 (i think model of PCB) ---> Not looked yet.
    r0 = 4 for etrex20
    r0 = 5 for etrex30

    The function that maps the gps model according to the motherboard.

    Code:
    Please Login or Register to see the links
    Last edited by haute; 12th September 2012 at 11:57 AM.

  10. #39
    haute
    Guest

    Default

    Hello, I'm trying to read the regions 34, 41 and 43 using the commands rrgn (update.txt) and I get no result.
    Code:
    Please Login or Register to see the links
    I guess the table regions is within the ldr.bin. You could modify the table of regions to allow reading and writing of the regions 34, 41 and 43?. If someone has already modified some ldr.bin other gps model, I could apply to port it to this model. I hope it's not too complicated. I can not find any region table in ldr.bin.
    Or I read regions are not on the table, or is there some kind of flag that prevents read and write these regions.


    I've also tried using GPSDaemon through the packets, but the command reading regions, does not work in any case.
    Is there another command that allows reading and writing of different regions?.

    So far I could only read the following regions using the command "rrgn":

    5 (bootblock), 12 (Boot), 13 (?), 14 (Fw-all), 16 (Logo), 32 (all FF), 48 (Filesystem), 83 (filesystem that rgn = 48), 96 (?), 132 (all FF), 148 (¿x-loader?).

    If anyone needs the different regions I can send.

    Thanks ..

  11. #40
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    I've found something that looks like a region table, but it's very different from ones from other firmwares. It's not static, instead it's constructed dynamically.
    Unfortunately, I don't have the device and I don't have time for this currently. Maybe in a month I will be able to continue... If you want, I can share the IDA database with all my findings.

    Also I don't know anyone who has ever patched the region handling stuff for any device.

    I only know USB commands for dumping regions (0x60, only supported by old devices) and for flashing regions (0x4B, supported everywhere, is used by updater.exe and WebUpdater, flashing some regions is disabled by flags).


    UPD:
    Also while working on this [Only registered and activated users can see links. ] I've found the region table and the table which disables reading/writing for regions. Also 296C's ramloader supports 0x60 command. Also the region handling stuff there is different from one for eTrex 20/30, as I said.
    Last edited by kunix; 21st September 2012 at 10:03 AM.

 

 

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •