<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Björn</p>
<p>Sure.. the magic question is: how did you access this thing :)</p>
<p>This is brilliant! Free code execution on the Pen. Thanks a lot!<br>
</p>
<p>You access this via UART? Pin GPIO12 (RX) and GPIO13 (TX)? <br>
</p>
<p>If you find time to write down the steps needed to access the
BIOS/Boot-ROM I would be very thankful.</p>
<p>This just made my day, as we had longer discussions at the
congress how to inject some kind of loader code to dump and load
memory.<br>
And it's already there. Perfect. <br>
</p>
<p>Cheers Sven<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Am 31.12.17 um 01:02 schrieb Bjoern:<br>
</div>
<blockquote type="cite"
cite="mid:bebec03d-3b4b-6d7b-3234-0029b159b4c2@online.de">Hi Sven,
<br>
<br>
The Boot ROM is called by Anyka in some cases "BIOS" (see the
screen shot I attached to my last email).
<br>
<br>
Cheers
<br>
Björn
<br>
<br>
<br>
<br>
Am 31.12.2017 um 00:03 schrieb Sven A. Huerlimann:
<br>
<blockquote type="cite">
<br>
Hi Björn
<br>
<br>
What do you mean by: "enter the BIOS"? That could be very
helpful for me.
<br>
<br>
About the memory map:
<br>
<br>
section 1 is the Boot-ROM (afik)
<br>
<br>
section 2 is the 192k L2 Memory (The larger memory)
<br>
<br>
section 3: there should be some 64k of on chip ram somewhere
(but this could also be banked in on section 1 memory range
after the boot rom finished)
<br>
<br>
Cheers
<br>
<br>
sven
<br>
<br>
<br>
Am 30.12.17 um 22:19 schrieb Bjoern:
<br>
<blockquote type="cite">Hi Matthias,
<br>
<br>
When I read out the NAND directly by a Raspberry Pi, the data
was not really reliable because some bits always toggled.
<br>
Is your reading method giving accurate, reproducable results
or are toggled bits an inherent effect of reading raw data
from NANDs (hence using ECC is mandatory) or ?
<br>
<br>
I have meanwhile managed to enter the BIOS of the TT. This
BIOS offers the following commands:
<br>
- download
<br>
- setvalue
<br>
- go
<br>
- dump
<br>
<br>
From what I could see so far, only two memory sections contain
data:
<br>
section 1: 0x0000'0000 - 0x0000'FFFF
<br>
section 2: 0x0800'0000 - 0x0802'FFFF
<br>
<br>
Section 1 is almost sure the BIOS itself, about the meaning of
section 2 I have no idea (RAM?).
<br>
If you think it might support you with your efforts, I can
describe the steps for entering the BIOS mode more in detail.
<br>
<br>
Cheers
<br>
Björn
<br>
<br>
<br>
<br>
Am 30.12.2017 um 18:22 schrieb Matthias Weber:
<br>
<blockquote type="cite">Hi Werner and list,
<br>
<br>
up to my current knowledge, nobody is able to perform a
firmware update
<br>
of the pen. If I'm wrong, I'd be happy to read how it is
done.
<br>
<br>
So far we've taken a dump of a tiptoi pen's flash memory and
are trying
<br>
to find out how the firmware update is done or how we can
get a
<br>
workaround to flash new firmware.
<br>
<br>
It will be helpful to understand the memory mapping of the
peripherals
<br>
connected to/ used by the ARM core (UART, flash interfaces).
That's what
<br>
Sven has started to work on. We'd be happy to get any
support here.
<br>
<br>
Cheers,
<br>
Matthias
<br>
<br>
<br>
Werner Beroux wrote:
<br>
<blockquote type="cite">I updated the
<br>
bug
<a class="moz-txt-link-freetext" href="https://github.com/entropia/tip-toi-reveng/issues/171">https://github.com/entropia/tip-toi-reveng/issues/171</a> as I
kind of
<br>
bricked my Tiptoi. Wondering if you had some known way to
unbrick the
<br>
device, flash it, or change language on a working device?
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<br>
</blockquote>
<br>
<br>
<br>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>