Talk:Dual Firmware
Patches 3.41
Once this patches are tested and confirmed to be safe, they will be commited to the MFW project
Debug info patch tlc - patch_lv1debinfo
Warning try these patches only if you have nor/nand flasher to recover These patches allow the output of the debug printfs on startup, the main problem right now is that the buffer is only 0xFE0 bytes long so it gets overwritten. If anyone figures out how to solve this feel free to improve it
Please inform your success or failure using these scripts
Basic Hash checks patches - patch_lv1bscheck
Warning try these patches only if you have nor/nand flasher to recover
Please inform your success or failure using these scripts
Basic Hash checks patches for linux ENABLE/DISABLE/FORCE hash checks
http://pastie.org/2070649
These have already been tested
PreAlpha v3 smoketest - offsets
patch_lv1sccheck (Modifying CORE_OS file lv1.self - Patching LV1 Checks)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch core OS Hash check //product mode always on | 2958632 | 2958452 | 2958452 | 2958984 | 2958984 | 2959072 | 2891632 | 2891556 | 2891596 | 2891596 | 2891596 | 2891596 | 2891684 | 2891684 |
2 | Patch check_revoke_list_hash check //product mode always on | 2961708 | 2961528 | 2961528 | 2962060 | 2962060 | 2962148 | 2894708 | 2894632 | 2894672 | 2894672 | 2894672 | 2894672 | 2894836 | 2894836 |
3 | Patch get secure product mode on | 2954260 | 2954080 | 2954080 | 2954612 | 2954612 | 2954700 | 2887260 | 2887184 | 2887224 | 2887224 | 2887224 | 2887224 | 2887312 | 2887312 |
4 | Patch Valid acces for TOOL - manufacturing | 2970228 | 2970048 | 2970048 | 2970568 | 2970568 | 2970656 | 2903216 | 2903140 | 2903180 | 2903180 | 2903180 | 2903180 | no pattern | no pattern |
5 | Patch Same version (OK) (TOOL/DEX/ARCADE or manufacturing) | no pattern | no pattern | no pattern | no pattern | no pattern | 3029516 | 2962076 | 2961372 | 2961412 | 2961412 | 2961412 | 2961412 | - | - |
6 | Patch Older version CEX (OK) | - | - | - | - | - | 3029420 | 2961980 | 2961276 | 2961316 | 2961316 | 2961316 | 2961316 | - | - |
7 | Patch Chasis mismatched | - | - | - | - | - | 3030148 | 2962708 | 2962004 | 2962044 | 2962044 | 2962044 | 2962044 | - | - |
8 | Patch Not revoked | - | - | - | - | - | 3030080 | 2962640 | 2961936 | 2961976 | 2961976 | 2961976 | 2961976 | - | - |
9 | Patch Manufacturing Image in normal mode | - | - | - | - | - | 3030000 | 2962560 | 2961856 | 2961896 | 2961896 | 2961896 | 2961896 | - | - |
10 | Patch Unknown direction | - | - | - | - | - | 3029832 | 2962436 | 2961688 | 2961728 | 2961728 | 2961728 | 2961728 | - | - |
11 | Patch Inapropiate direction | - | - | - | - | - | 3029876 | 2962436 | 2961732 | 2961772 | 2961772 | 2961772 | 2961772 | - | - |
12 | Patch Skip package direction check | - | - | - | - | - | 3029692 | 2962252 | 2961548 | 2961588 | 2961588 | 2961588 | 2961588 | - | - |
13 | Patch Capability check product mode | - | - | - | - | - | no pattern | no pattern | 3104064 | 3104104 | 3104104 | 3104104 | 3104104 | - | - |
14 | Patch fix2pc Root hash match OK | - | - | - | - | - | - | - | 3050140 | 3050180 | 3050180 | 3050180 | 3050180 | - | - |
15 | Patch raw image overlap success | - | - | - | - | - | - | - | 2899420 | 2899460 | 2899460 | 2899460 | 2899460 | - | - |
16 | Patch In product mode erase standby bank skipped | 2977960 | 2977780 | 2977780 | 2978324 | 2978324 | 2978412 | 2910972 | 2910896 | 2910936 | 2910936 | 2910936 | 2910936 | no pattern | no pattern |
17 | Patch Flash version check Older version OK | - | - | - | - | - | - | - | 2963136 | 2963176 | 2963176 | 2963176 | 2963176 | - | - |
18 | Patch Flash version check Same version (OK) (TOOL/DEX/ARCADE or manufacturing) | - | - | - | - | - | - | - | 2963232 | 2963272 | 2963272 | 2963272 | 2963272 | - | - |
b | sys_mgr.self | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
19 | Patch Patch sys_mgr integrity lv1 and lv0 integrity check | - | - | - | - | - | - | - | no pattern | 2216084 | 2216084 | 2216084 | 2216084 | - | - |
c | lv1.self main | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
20 | Patch SC header not correct | - | - | - | - | - | - | - | - | 172784 | 172784 | 172784 | 172784 | - | - |
21 | Patch SC checksum error | - | - | - | - | - | - | - | - | 173112 | 173112 | 173112 | 173112 | - | - |
d | ss_server2.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
22 | Patch Capability check | - | - | - | - | - | - | - | - | 3524212 | 3524212 | 3524212 | 3524212 | - | - |
PreAlpha v4 smoketest - offsets
patch_lv1bscheck (Modifying CORE_OS file lv1.self - Disables basic hash checks in lv1)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch core OS Hash check //product mode always on | 2958632 | 2958452 | 2958452 | 2958984 | 2958984 | 2959072 | 2891632 | 2891556 | 2891596 | 2891596 | 2891596 | 2891596 | 2891684 | 2891684 |
2 | Patch check_revoke_list_hash check //product mode always on | 2961708 | 2961528 | 2961528 | 2962060 | 2962060 | 2962148 | 2894708 | 2894632 | 2894672 | 2894672 | 2894672 | 2894672 | 2894836 | 2894836 |
16 | Patch In product mode erase standby bank skipped | 2977960 | 2977780 | 2977780 | 2978324 | 2978324 | 2978412 | 2910972 | 2910896 | 2910936 | 2910936 | 2910936 | 2910936 | no pattern | no pattern |
PreAlpha v5 smoketest - offsets
patch_lv1debinfo (Modifying CORE_OS file lv1.self - Enables output of debug info)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch UM debug level return value #8000b04 | 2953044 | 2952864 | 2952864 | 2953396 | 2953396 | 2953484 | 2886044 | 2885968 | 2886008 | 2886008 | 2886008 | 2886008 | 2886096 | 2886096 |
2 | Patch COMMON debug level return value #80035b78 | No pattern | No pattern | No pattern | No pattern | No pattern | No pattern | No pattern | 3090884 | 3090924 | 3090924 | 3090924 | 3090924 | No pattern | No pattern |
3 | Patch SM debug level return value #8001f954 | - | - | - | - | - | - | - | 3000224 | 3000264 | 3000264 | 3000264 | 3000264 | - | - |
4 | Patch PRINTK enable return value #80035abc | - | - | - | - | - | - | - | 3090696 | 3090736 | 3090736 | 3090736 | 3090736 | - | - |
5 | Patch SB_MGR debug level return value #80030c2c | - | - | - | - | - | - | - | 3070584 | 3070624 | 3070624 | 3070624 | 3070624 | - | - |
6 | Patch DEBUG PRINTF function #80035cac | - | - | - | - | - | - | - | 3091192 | 3091232 | 3091232 | 3091232 | 3091232 | - | - |
7 | Patch PRINTF 1 function #80035bb3 | - | - | - | - | - | - | - | 3090944 | 3090984 | 3090984 | 3090984 | 3090984 | - | - |
8 | Patch COMMON PRINTF function #80035c2c | - | - | - | - | - | - | - | 3091064 | 3091104 | 3091104 | 3091104 | 3091104 | - | - |