[linux-dvb] 8051 firmware disassembly

Nick Andrew nick-linuxtv at nick-andrew.net
Thu Mar 15 16:49:38 CET 2007


G'day Pierre,

On Thu, Mar 15, 2007 at 01:19:46PM +0100, Pierre Willenbrock wrote:
> you are right, thats the boot-vector as described in the 8051 manual. it
> is freely available from intel. the other entry point used is the
> ie1-vector at 0x0013.
> 
> I already did dissect the firmware. results are here:
> http://pirsoft-dsl-dropzone.de/m9206/index.html

That's just awesome, thanks. Because as you know our firmwares are
almost identical.

In your source code you point out some possible bugs in the firmware.
Have you tried fixing them and does it make any difference?

I'm trying to get the remote control working so I am especially
interested in your C source around line 473 where you think it
might be something to do with the remote control. In your
text file you note that if the argument is 0x01 then 4 bytes
are returned but the C source code does not back this up:

                        mem21[0] = readext(0xff57);
                        mem21[1] = readext(0xff56);
                        mem21[2] = readext(0xff53);
                        mem21[3] = readext(0xff52);

Yes these values are read from memory, but lower down it does only:

            writeext(0xff0b,0x00);
            writeext(0x8080, mem21[3]);
            writeext(0xff0b, 0x02);

So I assume it sends back only mem21[3] and the other values are
ignored.

Testing on the device backs up this theory:

ef4e8740 1301850286 S Ci:031:00 s c0 24 0000 0001 0001 1 <
ef4e8740 1301850530 C Ci:031:00 0 1 = 00

Only one byte is returned and it's from 0xff52. Which is always
zero, even when I press the key on the remote.

Nick.



More information about the linux-dvb mailing list