SamyGO

BTW, TDM enable code is definitely 20089999.

juuso wrote:no problem.

1. Awesome! I'll write a Wiki entry about this (if ok?). But the exeDSP is a ridiculously huge 125 MB (out of which 26 MB are strings) which I cannot IDA-lized, and which would not be very smart to do anyway.

BTW, TDM enable code is definitely 20089999.

2. I don't know what is wrong. I just cannot access it using that code. Do I need to enable/disable something else? (For example, I read somewhere that for some sets, you need to be in "hotel" mode?) At the moment I have turned off "Automatic FW updates" and the Watchdog, and set rs232 to "debug". Apart from that I have not changed anything...

I'm starting to think it is not receiving my Tx signals, which would be even more strange. I'm measuring a continuous ~3V on the (corresponding Rx "pin" when not connected to PC, but only plugged in to TV. Is that normal? [The only possible explanation, apart a faulty TV serial port, would be that they have moved from a 3 signal plug to a 4 signal one, like those used for the mobile phone headsets. That way you'd get a shorted Rx when connecting a 3-pin plug into a 4-pin jack, if I got that right. But this still need to be tested.]

UPDATE & EDIT:

Success accessing TDM! See this thread.


3. Hmm, so where is this string found? Someone told me its in the n_tty.c source (?), but in any case, after it has been compiled, it need to end up somewhere? Where? In exeDSP or perhaps in uImage?

4. I've searched quite a bit and cannot find it. Perhaps its written in big-endian or as 32bit?

E3V3A wrote: 3. Hmm, so where is this string found? Someone told me its in the n_tty.c source (?), but in any case, after it has been compiled, it need to end up somewhere? Where? In exeDSP or perhaps in uImage?

The TDM access code is compiled in exeDSP.
The debug console unlock code is not compiled in the kernel : it's the bootloader that passes it to the kernel as a parameter (and n_tty.c uses it).

Does someone know Where or How to look for the TDM code in the exeDSP ??
I have tried looking for it using both strings and some of the machine code from other threads, but no luck...

I guess they have changed the assembly code to not access the TDM string as a whole, but in pieces. This would make it harder to find, but with a smart way of searching assembly, it should be possible. Why do I want to do this?

We have root on ES models and would like to hack the n_tty.c to give a full character shell access to TDM. This can be done by devmem to write a few bits of the exeDSP. But we don't know where...

E3V3A wrote:Does someone know Where or How to look for the TDM code in the exeDSP ??

The code is no longer stored in clear in exeDSP See PM.

E3V3A wrote:This can be done by devmem to write a few bits of the exeDSP

Not in exeDSP, in the kernel

oga83 wrote:The code is no longer stored in clear in exeDSP

So I found it, but I have problems finding the assembly cross-reference for that. I tried looking for similar code (for other models) but it just doesn't work...
A searchable hex-string would be useful... (I get too many false positives, for what I have and I have no good way of telling what is right.)