Talk:SC EEPROM: Difference between revisions
Jump to navigation
Jump to search
Line 58: | Line 58: | ||
* ReReads EID1 and CMAC | * ReReads EID1 and CMAC | ||
* Does same process with 0x460 and 0x470 | * Does same process with 0x460 and 0x470 | ||
* Reads 0x2710 and 0x2730 (0x20,0x10) ??? | |||
* Reads 0x2700 (0x10) | * Reads 0x2700 (0x10) | ||
* fini! |
Revision as of 19:12, 2 June 2019
There is a flag at EEPROM which enables a special diagnostic mode at startup.
Note: This flag is enabled on Proto/DECR. It allows memtest diagnose
Pseudo-code:
def check_bootrom_diag_mode(mode, param) diag_mode = get_eeprom_bootrom_diag() if diag_mode & 0x1: if diag_mode & 0x100: return 0 mode = (diag_mode >> 3) & 0x1 param = (diag_mode >> 3) & 0x1 else: mode = (diag_mode >> 1) & 0x1 param = -1 return 1
EEPROM Dumps
EEPROM Strings (CP memory dump, DECR)
http://pastie.org/private/usd2zi8mw3igycsh1a395q
Bus Pirate stuff
http://i.imgur.com/48rbR51.png
(needs more wikifying)
On standby
- Note: during this time the plaintext eprom is never read even once!
- Additionally, the areas 0x26B0, 0x26D0 are not read
- Checks status
- Unlocks Write Command
- Reads PATCH top half region
- Reads PATCH bottom half region
- Reads 0x2790?(0x20)
- Reads 0x27B0?(0x10)
- Reads 0x26D0 (0x10)
- Reads some configs? (around >0x31XX area)
- Reads 0x0 (0x10)
- Reads some configs?
- Reads 0x10(0x280) (EID1)?
- Reads 0x3A00 (0x1)
- Reads 0x290 (0x10) (EID1 CMAC?)
- Reads 0x2A0 (0x20)
- Reads 0x2C0 (0x20)
- Reads 0x2E0 (0x20)
- Writes some stuff to 0x2C0/0x2E0/0x2A0 (mostly ff's)
- ReReads EID1 and CMAC
- Reads 0x360
- Reads 0x370
- Writes (again) mostly ff's to 0x360 and 0x370
- ReReads EID1 and CMAC
- Does same process with 0x460 and 0x470
- Reads 0x2710 and 0x2730 (0x20,0x10) ???
- Reads 0x2700 (0x10)
- fini!