Closed redawl closed 2 weeks ago
jclehner
commented
3 months ago Any ideas on how to move forward would be great! I have identified SpiFlashRead and SpiFlashWrite, but am unable to use them so far.
What flash chip does this modem use? Can you post the full boot log from the serial console?
redawl
commented
3 months ago Interesting that deviwiki says 3384, while the bootlog shows 3843. Maybe a typo in the firmware? I will fix :)
flashchip is 25Q64FVAIG
redawl
commented
3 months ago I have tried dumping the flash chip with bus pirate, but the modem boots when I power VCC, and interferes with read operations. I do not have a soldering kit to try lifting the VCC pin, but when I get one I will try that.
redawl
commented
1 month ago Any updates on getting this merged?
In the meantime I have been able to dump the flash chip with my bus pirate, it turned out the bp firmware I had was bad, so an older firmware version allowed dumping the flash.
jclehner
commented
1 month ago Sorry, forgot about that. At the minimum, please add a "flash" section under spaces, including a blocksize of 64k.
A partition map, and the .blsig would be nice, but we can add that later. Can you send me a dump of the bootloader? Or upload it to https://github.com/jclehner/bcm2-dumps?
redawl
commented
1 month ago Interesting that deviwiki says 3384, while the bootlog shows 3843. Maybe a typo in the firmware? I will fix :)
flashchip is 25Q64FVAIG
I attatched bootloader and boot logs to this message here.
Partition map doesn't work because the bootloader menu does not have a 'p' command to print the partition table. I believe I had the same issue with flash space, but I can retest.
redawl
commented
1 month ago looks like github nuked the original file, I will upload to bcm2-dumps
redawl
commented
1 month ago PR with flash dump and bootloader dump from cm500: https://github.com/jclehner/bcm2-dumps/pull/4
jclehner
commented
1 month ago Please add a .blsig of 0x3384, and the partition layout I've posted in your PR in bcm2-dumps.
Then it's ready to be merged.
redawl
commented
2 weeks ago Added flash partition map and .blsig, sorry for the delay.
Dumping via flash does not work however, since there is no 'p' command as discussed above in my first comment.
Let me know what else is needed for this to get merged
jclehner
commented
2 weeks ago Merged, thanks.
Dumping via flash does not work however, since there is no 'p' command as discussed above in my first comment.
That command is only required to get an idea of the partition layout, but we've figured that out already.
Dumping flash from the bootloader identification of the bootloader's printf function, plus a function that reads from flash into a specified buffer. See this example.
A tutorial can be found here.
Hi, I have tested this on my CM500 modem, and am able to dump ram in with patched dump.
I think this is ready to be merged, but I will continue hacking on this profile.
My main hurdle right now is the bootloader on the CM500 is missing the 'p' command, so bcm2-utils cannot read the memory map.
Any ideas on how to move forward would be great! I have identified SpiFlashRead and SpiFlashWrite, but am unable to use them so far.