Why is the utility flash crossed out there? Does 3G really not have it? Where do they store their bootflash stuff then?
Sebastian Schutte schrieb: > Page 18 has a diagram of the 3rd geneneration internals: > http://www.freescale.com/files/ftf_2008/presentations/China/PC112_SigmaTelMultimediaProductsiMXStrengtheningFreescalesiMXMultimediaEcosystem.pdf > > > Taylor Gordon wrote: >> Thanks! >> >> On Thu, Feb 19, 2009 at 12:20 PM, Raoul Guggenheim <[email protected]> wrote: >> >> >>> Found this on the docs of 3G: >>> http://insidetronics.blogspot.com/2007/09/teardown-ipod-nano-3g.html >>> So it's a S5L8702 but I haven't found any documentation. >>> >>> >>> Am 19.02.2009, 09:37 Uhr, schrieb The Seven <[email protected]>: >>> >>> >>>> Yes, it can well be possible that the stack address of the data buffer >>>> varies. I hoped it didn't, however, it seems like I was either wrong >>>> there, or it has indeed an execution protection on the stack. That makes >>>> it a lot harder. However, the notes files were generated for 2G, not 3G, >>>> so it could be, that 3G uses different addresses at all. To confirm this >>>> and to generate the files for 3G, I need detailed docs of the processor. >>>> >>>> Sebastian Schutte schrieb: >>>> >>>>> Hi, >>>>> >>>>> I checked another 20 tonight (35-55). No freezing, but there are timing >>>>> differences. I then retried 27 and 29 to confirm that they did not show >>>>> any effect. This time, they led to normal reboots! I swear that I didn't >>>>> mess up on that one. Yesterday, they did not lead to reboots. But maybe >>>>> the problem is that it seems very hard to reproduce the crash behaviour: >>>>> The timing of the first crash, for example, always varies. When I try to >>>>> enter the notes folder, it takes something between and eye blink and a >>>>> second before the screen turns dark. Then I had the two files that did >>>>> not work yesterday, but today. What does that mean? Can the overflow >>>>> occur in a non-deterministic memory environment, leading to such >>>>> different effects? I hope this is helpful to anybody. >>>>> >>>>> The Seven wrote: >>>>> >>>>>> If the 0x00s would have been a problem or the link qould not have been >>>>>> recognized, it would not have crashed. >>>>>> >>>>>> Taylor Gordon schrieb: >>>>>> >>>>>> >>>>>>> Hmmm... SO so far, it seems that none of the notes have made the ipod >>>>>>> freeze, right? I wonder why 27 and 29 didn't display anything at all >>>>>>> though. >>>>>>> >>>>>>> @TheSeven: Maybe different opcodes with a '0' messed the file up? Or >>>>>>> it >>>>>>> didn't think it was a valid link. >>>>>>> >>>>>>> On Wed, Feb 18, 2009 at 2:49 AM, Sebastian Schutte >>>>>>> <[email protected]>wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Both files (27&29) opened, but only showed a blank screen. I could >>>>>>>> open/close them repeatedly without reboot. I also noted timing >>>>>>>> differences for the reboot duration. But I think we'd have to check >>>>>>>> that >>>>>>>> later systematically if no freezing can be observed at all. >>>>>>>> >>>>>>>> >>>>>>>> The Seven wrote: >>>>>>>> >>>>>>>> >>>>>>>>> I'll double check that later today, but it sounds interesting... >>>>>>>>> However, I expect the behavior to be generation dependent, so please >>>>>>>>> make sure that all files are checked on 2G at least. >>>>>>>>> >>>>>>>>> Sebastian, were you able to view the content of the notes 27 and 29? >>>>>>>>> What did you see? >>>>>>>>> >>>>>>>>> Sebastian Schutte schrieb: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I tested some files (25-35) on an Ipod nano 3rd gen. Except 27 >>>>>>>>>> and >>>>>>>>>> 29, they only led to repeated reboots. No freezing so far. For 27 >>>>>>>>>> and >>>>>>>>>> 29 there was no effect at all. >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Sebastian >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Taylor Gordon wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Update: I've tried note_0 and note_89 and they DONT work - so try >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> other >>>>>>>> >>>>>>>> >>>>>>>>>>> 126 for now :) >>>>>>>>>>> >>>>>>>>>>> On Tue, Feb 17, 2009 at 4:07 PM, The Seven <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> The first test note files are ready! >>>>>>>>>>>> Get them at http://taylor.fileave.com/lockup.zip >>>>>>>>>>>> >>>>>>>>>>>> There are 128 files named note_XXX.txt >>>>>>>>>>>> One of them will hopefully make the iPod lock up or show some >>>>>>>>>>>> other >>>>>>>>>>>> unexpected behavior. If we find that one, we're a huge step >>>>>>>>>>>> closer. >>>>>>>>>>>> >>>>>>>>>>>> It could also be that it just takes longer (or even shorter?) to >>>>>>>>>>>> reboot... So if one of the files shows a DIFFERENT behavior than >>>>>>>>>>>> the >>>>>>>>>>>> others, please tell me. >>>>>>>>>>>> >>>>>>>>>>>> Placing multiple of them on the iPod at once will NOT work! >>>>>>>>>>>> >>>>>>>>>>>> 3mpty schrieb: >>>>>>>>>>>> > 2009/2/17 The Seven <[email protected]> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>> 3mpty schrieb: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Target address range is 0x22000000 to 0x2203fff (SRAM) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The second number is 0x22003FFF or 0x2203FFF0? A digit is >>>>>>>>>>>>>>> missing >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>> (am I >>>>>>>> >>>>>>>> >>>>>>>>>>>>>> wrong?) >>>>>>>>>>>>>> 0x2203FFFF, or rather a little below since our shellcode will >>>>>>>>>>>>>> have a >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>> nop >>>>>>>> >>>>>>>> >>>>>>>>>>>>>> zone of 2KB >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> I'm trying right now some text file. >>>>>>>>>>>>> >>>>>>>>>>>>> 0x22 at the addresses where we need it (odd ones) will not hurt >>>>>>>>>>>>> in >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> unicode. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Oh, I forgot the endianess, stupid error, you are right >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Paolo >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>> http://www.linux4nano.org >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Linux4nano-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>> http://www.linux4nano.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Linux4nano-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>> http://www.linux4nano.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Linux4nano-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>> http://www.linux4nano.org >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Linux4nano-dev mailing list >>>>>> [email protected] >>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>> http://www.linux4nano.org >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>> -- >>> Erstellt mit Opera: http://www.opera.com >>> >>> >>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >>> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> >> > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
