00:11
buzzmarshall has joined #linux-amlogic
00:16
jacobk has quit [Ping timeout: 260 seconds]
00:17
chewitt has joined #linux-amlogic
00:21
chewitt has quit [Ping timeout: 246 seconds]
00:22
montjoie has quit [Ping timeout: 246 seconds]
00:24
montjoie has joined #linux-amlogic
01:03
jacobk has joined #linux-amlogic
01:05
Consolatis has joined #linux-amlogic
01:09
jacobk has quit [Ping timeout: 246 seconds]
01:11
jacobk has joined #linux-amlogic
01:20
chewitt has joined #linux-amlogic
01:22
jacobk has quit [Read error: Connection reset by peer]
01:25
chewitt has quit [Ping timeout: 260 seconds]
01:26
jacobk has joined #linux-amlogic
01:36
jacobk has quit [Ping timeout: 264 seconds]
01:46
jacobk has joined #linux-amlogic
02:00
camus has joined #linux-amlogic
02:19
jacobk has quit [Ping timeout: 264 seconds]
03:14
luka177 has quit [Ping timeout: 245 seconds]
03:22
chewitt has joined #linux-amlogic
03:27
chewitt has quit [Ping timeout: 246 seconds]
03:56
hexdump0815 has quit [Ping timeout: 246 seconds]
03:58
hexdump0815 has joined #linux-amlogic
04:00
chewitt has joined #linux-amlogic
04:06
chewitt has quit [Ping timeout: 260 seconds]
04:19
buzzmarshall has quit [Quit: Konversation terminated!]
04:44
JohnnyonFlame has quit [Read error: Connection reset by peer]
05:42
luka177 has joined #linux-amlogic
06:10
ck_98 has joined #linux-amlogic
06:23
chewitt has joined #linux-amlogic
06:29
chewitt has quit [Ping timeout: 246 seconds]
06:33
f11f12 has joined #linux-amlogic
06:37
chewitt has joined #linux-amlogic
06:58
luka177 has quit [Ping timeout: 260 seconds]
06:59
camus1 has joined #linux-amlogic
07:00
camus has quit [Ping timeout: 260 seconds]
07:00
camus1 is now known as camus
07:03
luka177 has joined #linux-amlogic
07:03
chewitt has quit [Quit: Zzz..]
07:05
chewitt has joined #linux-amlogic
07:06
chewitt has quit [Client Quit]
07:07
luka177 has quit [Ping timeout: 246 seconds]
07:17
luka177 has joined #linux-amlogic
07:21
luka177 has quit [Ping timeout: 245 seconds]
07:32
luka177 has joined #linux-amlogic
07:36
luka177 has quit [Ping timeout: 246 seconds]
07:48
luka177 has joined #linux-amlogic
07:52
luka177 has quit [Ping timeout: 250 seconds]
08:01
luka177 has joined #linux-amlogic
08:06
luka177 has quit [Ping timeout: 250 seconds]
08:08
zkrx has quit [Ping timeout: 245 seconds]
08:17
luka177 has joined #linux-amlogic
08:21
luka177 has quit [Ping timeout: 246 seconds]
08:33
luka177 has joined #linux-amlogic
08:37
luka177 has quit [Ping timeout: 245 seconds]
08:47
luka177 has joined #linux-amlogic
08:49
ck_98 has quit [Ping timeout: 240 seconds]
08:51
luka177 has quit [Ping timeout: 245 seconds]
09:01
ck_98 has joined #linux-amlogic
09:02
luka177 has joined #linux-amlogic
09:06
zkrx has joined #linux-amlogic
09:06
luka177 has quit [Ping timeout: 246 seconds]
09:17
luka177 has joined #linux-amlogic
09:21
luka177 has quit [Ping timeout: 245 seconds]
09:26
zkrx has quit [Ping timeout: 246 seconds]
09:32
luka177 has joined #linux-amlogic
09:36
zkrx has joined #linux-amlogic
09:36
luka177 has quit [Ping timeout: 246 seconds]
09:37
luka177 has joined #linux-amlogic
09:42
luka177 has quit [Ping timeout: 260 seconds]
09:54
luka177 has joined #linux-amlogic
09:56
ck_98 has quit [Ping timeout: 246 seconds]
09:58
luka177 has quit [Ping timeout: 246 seconds]
10:07
luka177 has joined #linux-amlogic
10:12
luka177 has quit [Ping timeout: 260 seconds]
10:23
luka177 has joined #linux-amlogic
10:23
ck_98 has joined #linux-amlogic
10:29
luka177 has quit [Ping timeout: 246 seconds]
10:39
luka177 has joined #linux-amlogic
10:43
luka177 has quit [Ping timeout: 246 seconds]
10:53
luka177 has joined #linux-amlogic
10:55
chewitt has joined #linux-amlogic
10:57
luka177 has quit [Ping timeout: 246 seconds]
11:08
luka177 has joined #linux-amlogic
11:13
luka177 has quit [Ping timeout: 260 seconds]
11:22
luka177 has joined #linux-amlogic
11:27
luka177 has quit [Ping timeout: 245 seconds]
11:29
alexeymrvz has joined #linux-amlogic
11:38
luka177 has joined #linux-amlogic
11:40
alexeymrvz has quit [Ping timeout: 246 seconds]
11:42
luka177 has quit [Ping timeout: 245 seconds]
11:49
chewitt has quit [Quit: Zzz..]
11:54
luka177 has joined #linux-amlogic
11:54
f_ has joined #linux-amlogic
11:54
<
f_ >
hit some interesting stuff while trying to feed lepotato's bl2.bin into Ghidra
11:55
<
f_ >
It can't find any function...great start!
11:55
alexeymrvz has joined #linux-amlogic
11:55
<
f_ >
(except for UndefinedFunction_d9001000 which turns out to be bl2_entrypoint and was originally written in assembly)
11:55
<
f_ >
lvrp16: ¯\_(ツ)_/¯
11:56
<
lvrp16 >
This is probably why they ended S905.
11:57
<
f_ >
If it's because of obfuscation (doubt) then why didn't they do the same for BL1?
11:57
chewitt has joined #linux-amlogic
11:57
<
f_ >
(someone dumped a BL1 from some ZTE set-top box (which was censoring UART logs) and did find valid code)
11:58
<
f_ >
(they used Frédéric's amlogic-usbdl. that was yesterday)
11:58
<
f_ >
(that ZTE box was using an S905X, so gxl)
11:58
<
f_ >
I also doubt bl2.bin is encrypted
11:59
<
f_ >
(ghidra did find code for bl2_entrypoint)
11:59
<
f_ >
(and there are some strings found too)
11:59
<
f_ >
So ¯\_(ツ)_/¯ no idea what's happening
12:01
<
f_ >
I should probably dump lepotato's BL1 as well as my KII Pro's BL1
12:01
<
f_ >
I'm way too curious.
12:02
<
f_ >
>b LAB_d9001800
12:02
<
lvrp16 >
We get blx in binary format. Have you tried on bl2.bin?
12:03
<
lvrp16 >
Instead of bl2_new.bin
12:03
<
f_ >
That's bl2.bin
12:03
luka177 has quit [Ping timeout: 264 seconds]
12:03
<
f_ >
but now that I think about it I should really feed bl2_acs.bin instead.
12:04
<
f_ >
I made the mistake of decompiling bl2.bin instead of bl2_acs.bin.
12:04
<
f_ >
Mostly fine, but bl2.bin has a stub acs inside
12:05
<
f_ >
Meanwhile, on gxbb bl2.bin:
12:05
<
f_ >
>b bl2_entrypoint ; at 0xD9001008
12:06
<
f_ >
^ that's what gets run at 0xD9001000
12:07
luka177 has joined #linux-amlogic
12:12
luka177 has quit [Ping timeout: 260 seconds]
12:12
<
f_ >
So let's compare bl2_entrypoint in gxl bl2.bin to the same function in gxbb bl2.bin
12:12
<
f_ >
I know enough assembly to be able to compare
12:14
<
f_ >
and they're completly different :P
12:14
<
f_ >
So either Amlogic obfuscated it all or I screwed up something
12:15
<
f_ >
I must have screwed up something though. I don't think Amlogic even made an attempt at obfuscating
12:22
luka177 has joined #linux-amlogic
12:26
luka177 has quit [Ping timeout: 246 seconds]
12:27
f11f12 has quit [Quit: Leaving]
12:35
naoki has quit [Quit: naoki]
12:36
<
f_ >
00000080: 0000 0014 1f20 03d5 1f20 03d5 1f20 03d5 ..... ... ... ..
12:36
<
f_ >
00000090: 1f20 03d5 1f20 03d5 1f20 03d5 1f20 03d5 . ... ... ... ..
12:37
<
f_ >
^ I see this multiple times
12:38
<
f_ >
before actual "meaningful" stuff, at offset 0x600 maybe
12:39
luka177 has joined #linux-amlogic
12:43
luka177 has quit [Ping timeout: 245 seconds]
12:44
<
f_ >
so....what in the world is this :P
12:45
<
f_ >
Despite this Ghidra should still be able to find some valid code which it can't :P
12:53
luka177 has joined #linux-amlogic
12:55
alexeymrvz has quit [Ping timeout: 246 seconds]
12:57
luka177 has quit [Ping timeout: 245 seconds]
13:03
<
f_ >
if I set the arch to 32-bit arm it finds code and functions
13:08
<
f_ >
I guess it's invalid code though
13:09
luka177 has joined #linux-amlogic
13:13
luka177 has quit [Ping timeout: 260 seconds]
13:15
<
f_ >
pretty weird if you ask me
13:23
luka177 has joined #linux-amlogic
13:24
buzzmarshall has joined #linux-amlogic
13:27
luka177 has quit [Ping timeout: 240 seconds]
13:36
<
f_ >
the p212 bl2.bin disassembly is different from the lepotato bl2.bin disassembly..?
13:36
<
f_ >
They're different somehow?
13:37
<
lvrp16 >
It is probably for the m0 core?
13:37
<
lvrp16 >
Or they running in aarch32?
13:37
luka177 has joined #linux-amlogic
13:38
<
f_ >
But now with the p212 binary it does find actual code
13:39
<
f_ >
but no idea what's wrong with the lepotato/lafrite binaries ¯\_(ツ)_/¯
13:39
<
f_ >
maybe they're actually wrong and broken?
13:40
<
f_ >
Or someone tampered with them?
13:40
<
f_ >
Just to be sure I'll clone the libretech-amlogic-boot repo
13:41
<
f_ >
because maybe the binaries in LibreELEC/amlogic-boot-fip are wrong?
13:43
ck_98 has quit [Remote host closed the connection]
13:44
ck_98 has joined #linux-amlogic
13:45
<
lvrp16 >
Those are pretty old.
13:45
<
f_ >
The LibreELEC ones?
13:46
luka177 has quit [Ping timeout: 244 seconds]
13:47
<
f_ >
In libretech-amlogic-boot I see bl2.bin and bl2.v3.bin
13:47
<
f_ >
git branch: master, thelinuxmacbook:gxl » cmp *
13:47
<
f_ >
bl2.bin bl2.v3.bin differ: byte 5, line 1
13:47
<
f_ >
And they differ, of course
13:47
<
f_ >
but running objdump:
13:48
<
f_ >
4: d900ab00 .inst 0xd900ab00 ; undefined
13:48
<
f_ >
0: 14000200 b 0x800
13:48
<
f_ >
0000000000000000 <.data>:
13:48
<
f_ >
8: 14000000 b 0x8
13:48
<
f_ >
c: d503201f nop
13:48
<
f_ >
Same for bl2.bin
13:48
<
f_ >
but what about p212/bl2.bin
13:49
<
f_ >
0000000000000000 <.data>:
13:49
<
f_ >
0: 14000002 b 0x8
13:49
<
f_ >
4: d900a310 stlur x16, [x24, #10]
13:49
<
f_ >
c: aa0103f5 mov x21, x1
13:49
<
f_ >
8: aa0003f4 mov x20, x0
13:49
<
f_ >
Completly different
13:50
<
f_ >
So no idea what's wrong with these
13:52
<
f_ >
I recently set up a MoinMoin instance, which will be where I'll be documenting my discoveries going forward.
13:53
luka177 has joined #linux-amlogic
14:02
luka177 has quit [Ping timeout: 245 seconds]
14:08
luka177 has joined #linux-amlogic
14:13
luka177 has quit [Ping timeout: 260 seconds]
14:18
<
f_ >
So I asked that person with the weird ZTE device which mangled UART logs to resend me their BL1 dump, fed it into ghidra, and I see the same thing they saw
14:23
luka177 has joined #linux-amlogic
14:29
luka177 has quit [Ping timeout: 246 seconds]
14:39
luka177 has joined #linux-amlogic
14:43
luka177 has quit [Ping timeout: 246 seconds]
14:53
luka177 has joined #linux-amlogic
14:57
luka177 has quit [Ping timeout: 245 seconds]
15:01
ck_98 has quit [Ping timeout: 244 seconds]
15:08
luka177 has joined #linux-amlogic
15:12
luka177 has quit [Ping timeout: 246 seconds]
15:23
luka177 has joined #linux-amlogic
15:27
luka177 has quit [Ping timeout: 244 seconds]
15:39
luka177 has joined #linux-amlogic
15:43
luka177 has quit [Ping timeout: 260 seconds]
15:53
luka177 has joined #linux-amlogic
15:57
luka177 has quit [Ping timeout: 245 seconds]
16:00
luka177 has joined #linux-amlogic
16:04
luka177 has quit [Ping timeout: 246 seconds]
16:19
luka177 has joined #linux-amlogic
17:28
luka177 has quit [Ping timeout: 246 seconds]
17:28
luka177 has joined #linux-amlogic
18:07
f_ has quit [Quit: Disconnecting.]
18:08
f_ has joined #linux-amlogic
18:55
<
f_ >
I'm looking at that BL1 dump in ghidra
18:56
<
f_ >
now that's real reverse-engineering!
18:58
<
f_ >
>gcc version 4.8
18:58
<
f_ >
>pepsi.amlogic.c
18:58
<
f_ >
Pepsi reference?
20:14
<
minute >
big sadness, a311d can't link (pcie) with wd blue 2TB nvme ssd
20:15
<
minute >
(phy link never came up)
20:23
<
lvrp16 >
minute: you probed the physical layer?
20:36
luka177 has quit [Ping timeout: 260 seconds]
20:37
luka177 has joined #linux-amlogic
20:40
<
minute >
lvrp16: yes, indeed it was just a hw problem... reset not connected
20:41
<
lvrp16 >
reset gpio?
20:41
<
lvrp16 >
they shoved it on the wrong pin?
20:41
<
minute >
no, i didn't connect it on my adapter :3
20:41
<
minute >
(my fault)
20:45
<
minute >
finally 2TB in this laptop
20:46
<
lvrp16 >
I've been running through all the tests, it's pretty efficient.
20:51
<
lvrp16 >
Our board is running at 1.27W idle without any tuning.
20:51
<
lvrp16 >
With a laptop sized battery, that's pretty much forever lol
20:51
<
minute >
lvrp16: which processor?
20:52
<
f_ >
You're talking about cottonwood?
20:52
<
lvrp16 >
f_: yeah, we have 30 or so samples, 5 of them are running 24/7 benchmarking right now
20:53
<
lvrp16 >
make sure there's no issues, we had a bunch of problems we had to address
20:53
<
f_ >
Excited to see them get released
20:53
<
lvrp16 >
mainly inflow current with USB devices
20:53
<
lvrp16 >
the board would just shutdown if you plugged in the newer SSD USB flash drives.
20:53
<
lvrp16 >
The board itself maxes out at 7W.
20:54
<
lvrp16 >
So you throw A311D into a laptop like minute is doing and it'll last pretty much 3-4 days.
20:54
<
f_ >
If only I could say the same of my current laptop :^)
20:55
<
f_ >
(lasts ~1-2 hours)
20:55
<
lvrp16 >
yeah, I'm tempted to build a laptop with S928X
20:56
<
lvrp16 >
Single A76 core
20:56
<
lvrp16 >
probably power efficient as anything
20:56
<
lvrp16 >
but then I'd be short a couple hundred K on upstream haha
20:56
<
lvrp16 >
nerds can dream
20:57
hexdump0815 has quit [Quit: WeeChat 1.9.1]
20:57
hexdump0815 has joined #linux-amlogic
21:27
jacobk has joined #linux-amlogic
21:50
f_ has quit [Ping timeout: 246 seconds]
22:08
luka177 has quit [Ping timeout: 246 seconds]
22:09
luka177 has joined #linux-amlogic