Update my previous post. you have the bootloader for download.
my god, how many things I'm learning.
Very Thx
What is that? Is that messages displayed on the screen?
You can actually add the reboot command, so that the device would reboot after performing rrgn.
Or you can just stop waiting. 99% is enough.Code:Please Login or Register to see the links
Last edited by kunix; 11th September 2012 at 10:35 AM.
Update my previous post. you have the bootloader for download.
my god, how many things I'm learning.
Very Thx
Last edited by haute; 11th September 2012 at 11:49 AM.
Regions.
5 - Boot Block (Bootloader)
12- Boot.bin
14- Fw_all.bin
There are others regions?
The ram memory is a region? it can to bakup it?
This link points to the same boot2.80.bin... [Only registered and activated users can see links. ]
I don't know what's 53 here...
Also I don't know exactly how many regions are there. It depends on the particular device. I only know that region number is encoded by one byte integer.
You can try dumping all the regions, but beware that some of them are huge (in particular, region number 48, containing the internal flash drive's filesystem).
Also you can try disassembling region handling functions. I haven't had time for this. Usually there is some table with region numbers and sizes inside every peace of code (fw_all.bin, boot.bin, bootloader), but some of the regions don't have fixed sizes and some of them are virtual with their contents stored inside files.
12 is a clearly virtual region, for example. When begin requested to flash region 12 (in pre-boot mode), the bootloader copies the received data into RAM and executes it.
As far as I know RAM doesn't have a region assigned to it. But it can be dumped with 0x04 USB command. GPSDaemon can do it, for example.
Last edited by kunix; 11th September 2012 at 12:30 PM.
I have not so much knowledge as to create a utility to read the ram via USB 0x04 command.
There is a standard utility to do this?
Daemon only read from GPS maps.
Start in cmd: gpsdaemon -full. But I am not sure about the new etrex as they use new usb interface for communication.
Yes it work fine. thx.. i can extract the memory but the region extract not found.
Last edited by haute; 11th September 2012 at 10:37 PM.
I can confirm.
There are at least two models of PCBs, for etrex20/30.
Model1: In Memory 0x12009000 (i think model of PCB) -> 0x00043f3d
r0 = 2 for etrex20
r0 = 3 for etrex30
Model2: in Memory 0x12009000 (i think model of PCB) ---> Not looked yet.
r0 = 4 for etrex20
r0 = 5 for etrex30
The function that maps the gps model according to the motherboard.
Code:Please Login or Register to see the links
Last edited by haute; 12th September 2012 at 11:57 AM.
Hello, I'm trying to read the regions 34, 41 and 43 using the commands rrgn (update.txt) and I get no result.
I guess the table regions is within the ldr.bin. You could modify the table of regions to allow reading and writing of the regions 34, 41 and 43?. If someone has already modified some ldr.bin other gps model, I could apply to port it to this model. I hope it's not too complicated. I can not find any region table in ldr.bin.Code:Please Login or Register to see the links
Or I read regions are not on the table, or is there some kind of flag that prevents read and write these regions.
I've also tried using GPSDaemon through the packets, but the command reading regions, does not work in any case.
Is there another command that allows reading and writing of different regions?.
So far I could only read the following regions using the command "rrgn":
5 (bootblock), 12 (Boot), 13 (?), 14 (Fw-all), 16 (Logo), 32 (all FF), 48 (Filesystem), 83 (filesystem that rgn = 48), 96 (?), 132 (all FF), 148 (¿x-loader?).
If anyone needs the different regions I can send.
Thanks ..
I've found something that looks like a region table, but it's very different from ones from other firmwares. It's not static, instead it's constructed dynamically.
Unfortunately, I don't have the device and I don't have time for this currently. Maybe in a month I will be able to continue... If you want, I can share the IDA database with all my findings.
Also I don't know anyone who has ever patched the region handling stuff for any device.
I only know USB commands for dumping regions (0x60, only supported by old devices) and for flashing regions (0x4B, supported everywhere, is used by updater.exe and WebUpdater, flashing some regions is disabled by flags).
UPD:
Also while working on this [Only registered and activated users can see links. ] I've found the region table and the table which disables reading/writing for regions. Also 296C's ramloader supports 0x60 command. Also the region handling stuff there is different from one for eTrex 20/30, as I said.
Last edited by kunix; 21st September 2012 at 10:03 AM.
Bookmarks