Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#250874 - 02/03/2005 21:52 Piezos and bootloaders and iPods, oh my.
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA

http://www.newscientist.com/article.ns?id=dn7085

The article is written in a layman's style, I'd love to learn more about what they did from a technical standpoint.

What I don't understand is...

A. Why there wasn't another, easier way to get the bootloader code?

B. How they got the bootloader code to "Play" out from the piezo buzzer?

C. Why the piezo buzzer hack is easier than just soldering an I2C interface (or whatever) onto the flash ram and reading it directly?

D. If they could only get the bootloader code out through the piezo buzzer, then how the heck did they get their modified bootloader back into the player?
_________________________
Tony Fabris

Top
#250875 - 02/03/2005 22:18 Re: Piezos and bootloaders and iPods, oh my. [Re: tfabris]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
If you can upload your own program which reads the bootloader and then clicks it out via the piezo then you can also do one which just displays it on the perfectly good LCD.

Failing that, the PortalPlayer chip inside must have JTAG capability so he could have opened it up and just read out the flash in a couple of minutes at most.

Sounds like something he did just because he could, not that it was practical. You can read more about it on the iPod Linux wiki.

Top
#250876 - 02/03/2005 22:29 Re: Piezos and bootloaders and iPods, oh my. [Re: tman]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA
Quote:
If you can upload your own program which reads the bootloader and then clicks it out via the piezo then you can also do one which just displays it on the perfectly good LCD.

Well, I can see how the piezo would be useful there. Would take a lot more work to optically sample the LCD than to use an audio sample to decode what's coming out of the buzzer. And it would be even more work to hand-transcribe from the LCD.

What I'm wondering is why, if they know how to get executable code onto the player already, why they couldn't just turn around and send the bootloader code back out through that same interface. What is it about the player design which allows you to upload code to the player, but not be able to control the interface that you uploaded the code with?
_________________________
Tony Fabris

Top
#250877 - 02/03/2005 22:37 Re: Piezos and bootloaders and iPods, oh my. [Re: tfabris]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Quote:
What I'm wondering is why, if they know how to get executable code onto the player already, why they couldn't just turn around and send the bootloader code back out through that same interface. What is it about the player design which allows you to upload code to the player, but not be able to control the interface that you uploaded the code with?

It seems you "upload" the code by actually writing it to a partition on the iPod. As to why you can't just write it to another file *shrug*

Get some donations and get a sacrificial iPod. Open it up, dump the flash and then work out what is wired to what. Did it with the NSLU2 and all of the hardware has been worked out now.

Top
#250878 - 03/03/2005 10:05 Re: Piezos and bootloaders and iPods, oh my. [Re: tman]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Seems like there is a limitation on apps gaining access to the bootloader, but the piezo driver has no such restrictions so it can be told to walk through the code.
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top
#250879 - 03/03/2005 15:34 Re: Piezos and bootloaders and iPods, oh my. [Re: frog51]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA
Quote:
Seems like there is a limitation on apps gaining access to the bootloader,

But if the piezo app can walk through those memory locations, then no such limitation exists.

The limitation must have been in knowing how to work the firewire interface for downloading and uploading files. Perhaps that's the thing they don't know how to do yet.

I just find it strange that they can load up an application that controls some of the player's hardware, yet not be able to get any data off the player without jumping through that strange hoop.
_________________________
Tony Fabris

Top
#250880 - 03/03/2005 16:15 Re: Piezos and bootloaders and iPods, oh my. [Re: tfabris]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
Quote:
But if the piezo app can walk through those memory locations, then no such limitation exists.


Not necessarily true. While I never expect the ipod to run a real OS, it's very possible it does run something real enough to have permission levels for hardware access. If, as Rory said, the clicker driver can access the bootloader memory but the rest of the "user" code can not, then it makes perfect sense. So perhaps he has the ability to say "click out the contents of this address" but not "read the contents of this address".

If you look at it from the software/hardware perspective, this guy was obviously a software guy. Software people don't like building hardware when they can solve the problem with software. The only hardware required was an insulated box and a microphone.

Matthew

Top
#250881 - 06/03/2005 11:17 Re: Piezos and bootloaders and iPods, oh my. [Re: tman]
altman
carpal tunnel

Registered: 19/05/1999
Posts: 3457
Loc: Palo Alto, CA
What was particularly silly about that is that there's a perfectly good serial port on the headphone connector of the iPod. Rather a lot easier, though less interesting to read about

Hugo

Top