Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 74
  1. #21
    haute
    Guest

    Default

    The boot go to 0x04180000.

    I followed the advice of Alex to find out.

  2.    Advertissements


  3. #22
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    This is the right loading address of boot.bin. Also you can use garmin-ida-loader loader module for IDA. It knows lots of Garmin firmware formats.

  4. #23
    haute
    Guest

    Default

    This really is magic. Here you could have started a few days ago jejejej.
    I did not know the existence of this loader you have created ...

  5. #24
    haute
    Guest

    Default

    Hello, we have done some testing with three possible values to write in 0x40014D4, ​​1, 3 and 5. These values ​​can also be 2 and 4.
    I think 1, 3 and 5 are for etrex30. and the values ​​for models 2 and 4 etrex20
    I believe that these values ​​may correspond to different versions of the same model PCB etrex20.
    In my gps etrex20:
    1 - white screen. But it seems to work the gps.
    2 - Gps eTREX20 mode operating normally
    3 - normal operation mode Gps eTREX30 (not sensors: barometer, compass, ant+, add some menus)
    4 - Not tested
    5 - white screen. But it seems to work the gps.

    In another gps eTREX20 of other forum:
    1 - white screen. But it seems to work the gps.
    2 - white screen. But it seems to work the gps.
    3 - white screen. But it seems to work the gps.
    4 - Gps eTREX20 mode operating normally
    5 - normal operation mode Gps eTREX30 (not sensors: barometer, compass, ant+, add some menus)


    In the absence of further evidence, is what we can conclude.

    GRMFW:80203732 sub_80203732 ; CODE XREF: sub_802037B8+1Cp
    GRMFW:80203732 LDR R0, =0x12009000
    GRMFW:80203734 PUSH {R4,LR}
    GRMFW:80203736 LDR R3, =0x40014D4
    GRMFW:80203738 LDR R2, [R0,#0x20]
    GRMFW:8020373A MOVS R1, 0x1E0000
    GRMFW:8020373E ORRS R2, R1
    GRMFW:80203740 STR R2, [R0,#0x20]
    GRMFW:80203742 LDR R2, [R0,#0x24]
    GRMFW:80203744 BICS R2, R1
    GRMFW:80203746 STR R2, [R0,#0x24]
    GRMFW:80203748 LDR R0, [R0]
    GRMFW:8020374A LSLS R0, R0, #0xB ;r0*0x800 ?
    GRMFW:8020374C LSRS R0, R0, #0x1C ;r0/0x1000000 ?
    GRMFW:8020374E STRB R0, [R3]
    GRMFW:80203750 LDRB R0, [R3]
    GRMFW:80203752 STRB R0, [R3,#1]
    GRMFW:80203754 BL sub_80200AD0
    GRMFW:80203758 POP {R4,PC}

    You could somehow find the bytes that are written to the address 0x12009000, I think that is where you define the motherboard model.?

    Leave a link with versions 1, 3 and 5 in case anyone wants to try it. All versions 2.80 with jnx patched eTREX20to30.
    Using usb-boot method, by updater.exe.
    It's the cleanest way to do the update.
    [Only registered and activated users can see links. ]
    Last edited by haute; 11th September 2012 at 10:30 PM.

  6. #25
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    I think, values at 0x12009000 are filled by the bootloader. Unfortunately, I've found no bootloader in the boot.bin. Can you dump the bootloader (region 5) as suggested below?
    [Only registered and activated users can see links. ]

  7. #26
    haute
    Guest

    Default

    Hello, in the boot there is the same function as in the firmware to identify the pattern of PCB. I think memory is a memory 0x12009000 own the pcb that identifies it.
    When you access USB-boot mode, this routine displays the gps as eTREX20, since it is not patched. In normal power mode is shown as eTREX30, (Windows Explorer, Basecam, etc ...).
    I pass the link of boot 2.80.[Only registered and activated users can see links. ]
    Very interesting TXT file commands, will try to prove if I understand.

    Boot: 0418491C sub_4598491C; CODE XREF: +16 sub_459849A2? P
    Boot: 0418491C LDR R0, = 0x12009000
    Boot: 0418491E PUSH {R4, LR}
    Boot: 04184920 LDR R3, = 0x428003C
    Boot: 04184922 LDR R2, [R0, # 0x20]
    Boot: 04184924 MOVS R1, 0x1E0000
    Boot: 04184928 Orrs R2, R1
    Boot: 0418492A STR R2, [R0, # 0x20]
    Boot: 0418492C LDR R2, [R0, # 0x24]
    Boot: 0418492E BICS R2, R1
    Boot: 04184930 STR R2, [R0, # 0x24]
    Boot: 04184932 LDR R0, [R0]
    Boot: 04184934 LSLS R0, R0, # 0xB
    Boot: 04184936 LSRs R0, R0, # 0x1C
    Boot: 04184938 STRB R0, [R3]
    Boot: 0418493A LDRB R0, [R3]
    Boot: 0418493C STRB R0, [R3, # 1]
    Boot: 0418493E BL sub_4599380A
    Boot: 04184942 POP {R4, PC}
    Boot: 04184942; End of function sub_4598491C

  8. #27
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    0x12009000 is just RAM, as it's writable.

    I've extracted the boot.bin and found that function at 0x0418491C. But I'm not talking about boot.bin. I'm talking about the bootloader, which is not boot.bin. Bootloader is stored inside flash region number 5. Put rrgn,5,1:/5.bin into update.txt to dump it.
    Those names boot.bin and fw_all.bin are quite bad, they don't reflect the real things.

  9. #28
    haute
    Guest

    Default

    hi, i test update.txt in /garmin/update.txt, /garmin/Updater/update.txt, sd:/garmin/update.txt, sd:/garmin/Updater/update.txt and it not write "5.bin".

    How many regions have the GPS, when it is updating it show erase and writing in region 14.

  10. #29
    Navigation software Moderator kunix's Avatar
    Join Date
    Sep 2011
    Location
    Belarus
    Posts
    908
    Rep Power
    438

    Default

    You should create the following files:
    sd:/Garmin/Updater/1305/update.txt (make sure it has one byte per character (ANSI encoding, not UNICODE))
    sd:/Garmin/Updater/1305/ldr.bin (it's just renamed boot.bin)

    The following files should be created after update.txt execution in case of success:
    sd:/Garmin/Updater/1305/update.log
    sd:/Garmin/Updater/1305/last_id.bin
    sd:/5.bin

  11. #30
    haute
    Guest

    Default

    Read region 53 - x%
    1:/5.bin

    stop at 99%

    i am waiting. it is succes.
    Last_id.bin it is the id in hex.
    Because region 5 is 53? how many regions have the gps


    The link of bootloader
    [Only registered and activated users can see links. ]
    Attached Files Attached Files
    Last edited by haute; 11th September 2012 at 10:35 PM.

 

 

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •