Sorry for the dumb questions, half of what i post i end up figuring out eventually.
Does any one have any info on the slims pre-ipl?
What I'm trying to do is to get time machine to load my ipl so i can dump main.bin. To do that i need to reverse it etc, but time machine ipl calls some unfamiliar pre-ipl routines that iv yet to figure out and i need some info.
Or if any one has an ipl sdk for slim that would be awesome. The booster one only works on phat which i don't own.
Also if anyone has any info on writing a nand ipl that would be appreciated. If you need to know why i need all this junk, its because (don't laugh) im trying to write an open source cfw for slim and phat. If it comes to it ill just reverse m33's.
thanks.
note:
so far i think the dc8 ipl has no format to it. probably just loads the ipl to 0x040E0000 and executes, but that hasnt worked for me so far. Just getting the led's to flash is a daunting task. probably a syscon issue, thats next on my reverse list.
slim's pre ipl routines?
The slim's preipl is almost the same as the phat one.
However, if you really really want to take a look at the slim preipl, I think using booster's code is your best shot. I recall I read a thread here about 2 months ago (and I can't remember which one it was), that, booster's SDK code doesn't work under the slim is because of the newer version of the GCC compiler used in your toolchain. You have to use an older version of GCC in order to make it work. Yeah, I know that sucks.
As for the NAND ipl info you are asking, again, I think booster's SDK has pretty much all you want.
Cheers and happy reversing :)
However, if you really really want to take a look at the slim preipl, I think using booster's code is your best shot. I recall I read a thread here about 2 months ago (and I can't remember which one it was), that, booster's SDK code doesn't work under the slim is because of the newer version of the GCC compiler used in your toolchain. You have to use an older version of GCC in order to make it work. Yeah, I know that sucks.
As for the NAND ipl info you are asking, again, I think booster's SDK has pretty much all you want.
Cheers and happy reversing :)
-
- Posts: 23
- Joined: Fri Sep 18, 2009 3:33 pm
-
- Posts: 23
- Joined: Fri Sep 18, 2009 3:33 pm
Sorry i dont, the compiler issue comes and goes. However after a long time of experimenting i was able to dump the pre-ipl of my slim using timemachine
here are some notes i made:
THE BASIC IPL:
Size: 0x3008 bytes (12KB + 8 bytes) - haven't tried any larger
Load address: 0x040E0000
Format: bytes 0x0 to 0x3000 is your boot code. The code has no headers and is in a raw state ready to be loaded into vram. 0x3000 to 0x3004 is a jump instruction (usually [j 0x040E0000]). 0x3004 to 0x3008 is a nop instruction (0).
im sure timemachine can load larger ipls but its easier to just use the 12KB and write a loader of your own.
onto main.bin =P
here are some notes i made:
THE BASIC IPL:
Size: 0x3008 bytes (12KB + 8 bytes) - haven't tried any larger
Load address: 0x040E0000
Format: bytes 0x0 to 0x3000 is your boot code. The code has no headers and is in a raw state ready to be loaded into vram. 0x3000 to 0x3004 is a jump instruction (usually [j 0x040E0000]). 0x3004 to 0x3008 is a nop instruction (0).
im sure timemachine can load larger ipls but its easier to just use the 12KB and write a loader of your own.
onto main.bin =P