Two pages later, on the ipod touch, the 39WF800A chip is also crossed out, but it's built in. So ipod nano 3g should have this flash chip.
Am 20.02.2009, 00:49 Uhr, schrieb The Seven <[email protected]>: > Why is the utility flash crossed out there? Does 3G really not have it? > Where do they store their bootflash stuff then? > > Sebastian Schutte schrieb: >> Page 18 has a diagram of the 3rd geneneration internals: >> http://www.freescale.com/files/ftf_2008/presentations/China/PC112_SigmaTelMultimediaProductsiMXStrengtheningFreescalesiMXMultimediaEcosystem.pdf >> >> >> Taylor Gordon wrote: >>> Thanks! >>> >>> On Thu, Feb 19, 2009 at 12:20 PM, Raoul Guggenheim <[email protected]> >>> wrote: >>> >>> >>>> Found this on the docs of 3G: >>>> http://insidetronics.blogspot.com/2007/09/teardown-ipod-nano-3g.html >>>> So it's a S5L8702 but I haven't found any documentation. >>>> >>>> >>>> Am 19.02.2009, 09:37 Uhr, schrieb The Seven <[email protected]>: >>>> >>>> >>>>> Yes, it can well be possible that the stack address of the data >>>>> buffer >>>>> varies. I hoped it didn't, however, it seems like I was either wrong >>>>> there, or it has indeed an execution protection on the stack. That >>>>> makes >>>>> it a lot harder. However, the notes files were generated for 2G, not >>>>> 3G, >>>>> so it could be, that 3G uses different addresses at all. To confirm >>>>> this >>>>> and to generate the files for 3G, I need detailed docs of the >>>>> processor. >>>>> >>>>> Sebastian Schutte schrieb: >>>>> >>>>>> Hi, >>>>>> >>>>>> I checked another 20 tonight (35-55). No freezing, but there are >>>>>> timing >>>>>> differences. I then retried 27 and 29 to confirm that they did not >>>>>> show >>>>>> any effect. This time, they led to normal reboots! I swear that I >>>>>> didn't >>>>>> mess up on that one. Yesterday, they did not lead to reboots. But >>>>>> maybe >>>>>> the problem is that it seems very hard to reproduce the crash >>>>>> behaviour: >>>>>> The timing of the first crash, for example, always varies. When I >>>>>> try to >>>>>> enter the notes folder, it takes something between and eye blink >>>>>> and a >>>>>> second before the screen turns dark. Then I had the two files that >>>>>> did >>>>>> not work yesterday, but today. What does that mean? Can the overflow >>>>>> occur in a non-deterministic memory environment, leading to such >>>>>> different effects? I hope this is helpful to anybody. >>>>>> >>>>>> The Seven wrote: >>>>>> >>>>>>> If the 0x00s would have been a problem or the link qould not have >>>>>>> been >>>>>>> recognized, it would not have crashed. >>>>>>> >>>>>>> Taylor Gordon schrieb: >>>>>>> >>>>>>> >>>>>>>> Hmmm... SO so far, it seems that none of the notes have made the >>>>>>>> ipod >>>>>>>> freeze, right? I wonder why 27 and 29 didn't display anything at >>>>>>>> all >>>>>>>> though. >>>>>>>> >>>>>>>> @TheSeven: Maybe different opcodes with a '0' messed the file up? >>>>>>>> Or >>>>>>>> it >>>>>>>> didn't think it was a valid link. >>>>>>>> >>>>>>>> On Wed, Feb 18, 2009 at 2:49 AM, Sebastian Schutte >>>>>>>> <[email protected]>wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Both files (27&29) opened, but only showed a blank screen. I >>>>>>>>> could >>>>>>>>> open/close them repeatedly without reboot. I also noted timing >>>>>>>>> differences for the reboot duration. But I think we'd have to >>>>>>>>> check >>>>>>>>> that >>>>>>>>> later systematically if no freezing can be observed at all. >>>>>>>>> >>>>>>>>> >>>>>>>>> The Seven wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>> I'll double check that later today, but it sounds interesting... >>>>>>>>>> However, I expect the behavior to be generation dependent, so >>>>>>>>>> please >>>>>>>>>> make sure that all files are checked on 2G at least. >>>>>>>>>> >>>>>>>>>> Sebastian, were you able to view the content of the notes 27 >>>>>>>>>> and 29? >>>>>>>>>> What did you see? >>>>>>>>>> >>>>>>>>>> Sebastian Schutte schrieb: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> I tested some files (25-35) on an Ipod nano 3rd gen. Except >>>>>>>>>>> 27 >>>>>>>>>>> and >>>>>>>>>>> 29, they only led to repeated reboots. No freezing so far. >>>>>>>>>>> For 27 >>>>>>>>>>> and >>>>>>>>>>> 29 there was no effect at all. >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> Sebastian >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Taylor Gordon wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Update: I've tried note_0 and note_89 and they DONT work - so >>>>>>>>>>>> try >>>>>>>>>>>> the >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>> other >>>>>>>>> >>>>>>>>> >>>>>>>>>>>> 126 for now :) >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Feb 17, 2009 at 4:07 PM, The Seven <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> The first test note files are ready! >>>>>>>>>>>>> Get them at http://taylor.fileave.com/lockup.zip >>>>>>>>>>>>> >>>>>>>>>>>>> There are 128 files named note_XXX.txt >>>>>>>>>>>>> One of them will hopefully make the iPod lock up or show some >>>>>>>>>>>>> other >>>>>>>>>>>>> unexpected behavior. If we find that one, we're a huge step >>>>>>>>>>>>> closer. >>>>>>>>>>>>> >>>>>>>>>>>>> It could also be that it just takes longer (or even >>>>>>>>>>>>> shorter?) to >>>>>>>>>>>>> reboot... So if one of the files shows a DIFFERENT behavior >>>>>>>>>>>>> than >>>>>>>>>>>>> the >>>>>>>>>>>>> others, please tell me. >>>>>>>>>>>>> >>>>>>>>>>>>> Placing multiple of them on the iPod at once will NOT work! >>>>>>>>>>>>> >>>>>>>>>>>>> 3mpty schrieb: >>>>>>>>>>>>> > 2009/2/17 The Seven <[email protected]> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> 3mpty schrieb: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Target address range is 0x22000000 to 0x2203fff (SRAM) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The second number is 0x22003FFF or 0x2203FFF0? A digit is >>>>>>>>>>>>>>>> missing >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>> (am I >>>>>>>>> >>>>>>>>> >>>>>>>>>>>>>>> wrong?) >>>>>>>>>>>>>>> 0x2203FFFF, or rather a little below since our shellcode >>>>>>>>>>>>>>> will >>>>>>>>>>>>>>> have a >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>> nop >>>>>>>>> >>>>>>>>> >>>>>>>>>>>>>>> zone of 2KB >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm trying right now some text file. >>>>>>>>>>>>>> >>>>>>>>>>>>>> 0x22 at the addresses where we need it (odd ones) will not >>>>>>>>>>>>>> hurt >>>>>>>>>>>>>> in >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> unicode. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Oh, I forgot the endianess, stupid error, you are right >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Paolo >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>>> http://www.linux4nano.org >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Linux4nano-dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>>> http://www.linux4nano.org >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Linux4nano-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>>> http://www.linux4nano.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Linux4nano-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>>> http://www.linux4nano.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Linux4nano-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>>> http://www.linux4nano.org >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Linux4nano-dev mailing list >>>>>> [email protected] >>>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>>> http://www.linux4nano.org >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Linux4nano-dev mailing list >>>>> [email protected] >>>>> https://mail.gna.org/listinfo/linux4nano-dev >>>>> http://www.linux4nano.org >>>>> >>>> -- >>>> Erstellt mit Opera: http://www.opera.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> Linux4nano-dev mailing list >>>> [email protected] >>>> https://mail.gna.org/listinfo/linux4nano-dev >>>> http://www.linux4nano.org >>>> >>>> >>> _______________________________________________ >>> Linux4nano-dev mailing list >>> [email protected] >>> https://mail.gna.org/listinfo/linux4nano-dev >>> http://www.linux4nano.org >>> >>> >> >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > > _______________________________________________ > Linux4nano-dev mailing list > [email protected] > https://mail.gna.org/listinfo/linux4nano-dev > http://www.linux4nano.org -- Erstellt mit Opera: http://www.opera.com _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
