Main » Forums home » Research and development

All times are UTC - 5 hours [ DST ]

Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  Page 11 of 11
  [ 202 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11
  Previous topic | Next topic 
Author Message
Hsiboy
 Post subject: Re: Sniffing control flow between legacy devices over PATA/A
PostPosted: May 10th, 2023, 13:28 
Offline

Joined: January 7th, 2022, 6:43
Posts: 9
Location: United Kingdom
Just a quick update.

There is something off with the firmware that was unpacked from the midi files earlier in this thread.

Decompilation was very scrappy and needed lots of manual intervention when it should not have required it.

As a test, I ran the firmware from a Nissan ECU (it uses the same CPU) through the decompilation and boom, a screen full of sub routines and jumps to them.

I don't get that with either the SP808 firmware or the A6 firmware.

Next, I'm seeing patterns in the firmware I wouldn't expect.
I'm seeing

Code:
7F 00 00 00 00
repeated every 14 bytes. And other anomalies that repeat through the code, suggesting it's an artifact of the midi extraction.

The other thing that makes no sense, the A6 firmware is bigger than the SP808 firmware??

I'd expect the SP808 firmware to be bigger because it has all of the effects and Synthesis that the A6 doesn't.

Very odd.

Current plan is to dump firmware to disk and examine that. However, I have just ordered a chip programmer that can handle the 56 pin flash chip, and that will be my next port.

Finally, I'm going to see if the UART on CN7 yields anything useful, as there are some strings in the firmware that are never shown on screen or stored on disk.

HSIBOY
Top
 Profile  
 
Hsiboy
 Post subject: Re: Sniffing control flow between legacy devices over PATA/A
PostPosted: May 11th, 2023, 4:31 
Offline

Joined: January 7th, 2022, 6:43
Posts: 9
Location: United Kingdom
Small correction to the above, it's
Code:
7A 00 00 00
,
And here's the odd thing. If I diff the Sp808 firmware and the A6 firmware, these patterns occur in the same place in both files. In fact, there are so many null bytes
Code:
00
that occurs in exactly the same place in the two files, it has to be an artifact from the midi update.
Question is, has it been extracted incorrectly, or, is it a further later of transport packing, because the firmware was being streamed in over a uart.

Also, there are strings that appear on the screen of both devices, that are not present in the firmware.
So, either the firmware does not update everything, or there is further compression.

The entropy of the two files is below 1, so I don't think it is compressed, but either way, the firmware that was extracted earlier in this thread, is currently a dead end, because it can't currently be compiled.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 11 of 11
  [ 202 posts ]  Go to page Previous  1 ... 7, 8, 9, 10, 11

Main » Forums home » Research and development

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 9 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Switch to mobile style
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group