|
garyopa
|
 |
« Reply #20 on: June 18, 2006, 11:03:23 PM » |
|
Jump back is same as a forward jump.
Opcode is >DC for both.
For example to go forward >DC (JMP plus # of bytes to new location)
to go back it is still >DC (JMP minus # of bytes to new location)
In Hex it would look like this:
3008 = >DC 7D 27 03 00 (forward jump, translates to JMP PC+>0003277D which is >90035785)
1C85C = >DC A4 68 FE FF (back jump, translates to JMP PC->FFFE68A4 which is >90031000)
Having a HEX calculator makes it easy.
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #21 on: June 20, 2006, 07:03:38 PM » |
|
A Work in Progress File
-----------------------
garyopa_v1.3_0606.20.59
v46 - Code Changed, Flashed, Tested, Playing....
v47 - Many thanks to C4E and many others here...
v59 - Completed, just testing to be completed...
Biggest change is the >6xx->8FF chunks, they all
need to be moved by value of >4... UGH! for v59!
ROM:90003000 = CUSTOM CODE - v46 - Completed working code
========================== - v59 - Testing is underway...
xADDR v46 v47 v59 Based on c4e v1.1 for v47
----- --- --- ---
:3009 67 7D EE - c4e JMP >90035785
:300A 27 27 29
:3020 33 49 BA - c4e JMP >90035768
:3021 27 27 29
:306C 04 1A 8B - c4e JMP >90035785
:306D 27 27 29
:3116 4D 4D BE - c4e JMP >9001C862
:3117 97 97 99
:313C BC BC 2D - c4e JMP >9001C8F7
:313D 97 97 9A
:320D D2 D2 D6 - c4e movbu (>8D2),D0
:3212 0E 1D 8E - c4e JMP >9002722E
:3213 40 40 42
:3217 D2 D2 D6 - c4e movbu (>8D2),D0
:324C D3 D3 D7 - c4e movbu (>8D3),D0
:325F D3 D3 D7 - c4e movbu (>8D3),D0
:3262 01 01 05 - c4e movbu D0,(>701)
:3265 F9 F9 FD - c4e movbu (>6F9),D0
:3268 02 02 06 - c4e movbu D0,(>702)
:326B FA FA FE - c4e movbu (>6FA),D0
:326E 03 03 07 - c4e movbu D0,(>703)
:3271 FB FB FF - c4e movbu (>6FB),D0
:3274 04 04 08 - c4e movbu D0,(>704)
:3277 FC FC 00 - c4e movbu (>6FC),D0
:3278 06 06 07
:327A 05 05 09 - c4e movbu D0,(>705)
:3280 06 06 0A - c4e movbu D0,(>706)
:3286 07 07 0B - c4e movbu D0,(>707)
:328C 08 08 0C - c4e movbu D0,(>708)
:3292 09 09 0D - c4e movbu D0,(>709)
:32AB D3 D3 D7 - c4e movbu (>8D3),D0
:32BE D3 D3 D7 - c4e movbu (>8D3),D0
:32C1 01 01 05 - c4e movbu D0,(>701)
:32C4 F9 F9 FD - c4e movbu (>6F9),D0
:32C7 02 02 06 - c4e movbu D0,(>702)
:32CA FA FA FE - c4e movbu (>6FA),D0
:32CD 03 03 07 - c4e movbu D0,(>703)
:32D0 FB FB FF - c4e movbu (>6FB),D0
:32D3 04 04 08 - c4e movbu D0,(>704)
:32D6 FC FC 00 - c4e movbu (>6FC),D0
:32D7 06 06 07
:32D9 05 05 09 - c4e movbu D0,(>705)
:32DF 06 06 0A - c4e movbu D0,(>706)
:32E5 07 07 0B - c4e movbu D0,(>707)
:32EB 08 08 0C - c4e movbu D0,(>708)
:32F1 09 09 0D - c4e movbu D0,(>709)
:3302 BF BF C2 - c4e btst ' ',(>ABF)
:3309 98 98 9C - c4e btst ' ',(>598)
:3311 3C 3C AD - c4e CALL >9001CD4C
:3312 9A 9A 9C
:331F 2E 2E 9F - c4e CALL >9001CD4C
:3320 9A 9A 9C
:332D 3F 3F B0 - c4e CALL >9001CD6B
:332E 9A 9A 9C
:333B 98 98 09 - c4e CALL >9001CDD2
:333C 9A 9A 9D
:3346 cB cB 3C - c4e CALL >9001CD10
:3347 99 99 9C
:3350 C1 c1 32 - c4e CALL >9001CD10
:3351 99 99 9C
:3357 F8 F8 FC - c4e movbu (>6F8),D0
:335A D2 D2 D6 - c4e movbu (>8D2),D1
:335D 0F 1E 8F - c4e CALL >9002817A
:335E 4E 4E 50
:3364 96 A5 16 - c4e CALL >90028108
:3365 4D 4D 05
:336D D9 D9 E5 - c4e movbu D0,(>6D9)
ROM:9001C000 = DRT DECRYPT - v46 & v47 = Same ADDR in both
========================== - v59 moved DOWN by >271 bytes!
46ADDR 47ADDR 59ADDR gdr v46 v47 v59
------ ------ ------ --- --- --- ---
:1C85C :1C85C :1CACD FC DC DC DC - c4e JMP >3100
:1C85D :1C85D :1CACE DC A4 A4 32 -
:1C85E :1C85F :1CACF 1C 68 68 66 -
:1C85F :1C860 :1CAD0 64 FE FE FE -
:1C860 :1C860 :1CAD1 03 FF FF FF -
:1C861 :1C861 :1CAD2 80 CB CB CB - c4e NOP
ROM:90027000 = CHALLENGE - v46 is moved UP by >0F bytes
======================== - v59 is moved DOWN by >271 bytes
46ADDR 47ADDR 59ADDR gdr v46 v47 v59
------ ------ ------ --- --- --- ---
:27109 :27118 :27389 C9 CA CA CA - c4e BNE > BRA
:2721A :27229 :2749A 34 DC DC DC - c4e JMP >3200
:2721B :2722A :2749B D2 E6 D7 66
:2721C :2722B :2749C 08 BF BF BD
:2721D :2722C :2749D A0 FD FD FD
:2721E :2722D :2749E 00 FF FF FF
:272D3 :272E2 :27553 C8 CA CA CA - c4e BEQ > BRA
:272DF :272EE :2755F C8 CA CA CA - c4e BEQ > BRA
:272EB :272FA :2756B C8 CA CA CA - c4e BEQ > BRA
:272F7 :27306 :27577 C8 CA CA CA - c4e BEQ > BRA
ROM:90035000 = SS READ - v46 is moved UP by >16 bytes
====================== - v59 is moved DOWN by >271 bytes
46ADDR 47ADDR 59ADDR gdr v46 v47 v59
------ ------ ------ --- --- --- ---
:35696 :356AC :3591D 06 05 05 05 - c4e FFFD06F0 > 605F0 -- SS XBOX
:35697 :356AD :3591E FD 06 06 06
:35698 :356AE :3591F FF 00 00 00
:3569D :356B3 :35924 70 10 10 10 - c4e FFFD0970 > FFFD0210 -- ORIG
:3569E :356B4 :35925 09 02 02 02
:356A6 :356BC :3592D 02 FB FB FB - c4e FFFD0210 > 4FB10 -- SS X360
:356A7 :356BD :3592E FD 04 04 04
:356A8 :356BE :3592F FF 00 00 00
:356F8 :3570E :3597F C9 CA CA CA - c4e BNE > BRA
:35714 :3572A :3599B C8 CA CA CA - c4e BEQ > BRA
:35750 :35766 :359D7 C8 CA CA CA - c4e BEQ > BRA
:35765 :3577B :359EC FC DC DC DC - c4e JMP >3000
:35766 :3577C :359ED C8 9B 85 14
:35767 :3577D :359EE 00 D8 D8 D6
:35768 :3577E :359EF 10 FC FC FC
:35769 :3577F :359F0 31 FF FF FF
:3576A :35780 :359F1 0F C8 C8 C8 - c4e nop
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #22 on: June 21, 2006, 06:43:19 PM » |
|
Hmm. Small mistake in my last post which stop the v59 firmware from
working correctly:
Addr: v46 v47 v59
3365 4D 4D 50 <<< I had 05 instead of 50 (Damm, typing into HEX editor!)
Oh'well, all well that end's well.
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #23 on: June 22, 2006, 10:17:54 AM » |
|
Two more bytes where wrong in the v59 firmware.
At addr: >3302 it should be >C3 and at addr: >336D it should be >DD
Am doing a lot of reading today to be able to make tests on improving the detection
of discs and to speed up the process.
Seems at first look a problem with the "servo" cold-start area, where is doing the
init setup on first-start, after that it knows what you are doing and spends less
time setting up RAM values and media types.
Reason some people get games to boot without any tricks is one systems with
lots of junk on their dashboard and HDD, it takes longer for the system to start
up.
|
|
|
|
|
Logged
|
|
|
|
Rockaholica
Newbie
Posts: 4
|
|
« Reply #24 on: June 23, 2006, 03:05:35 AM » |
|
so Gary now that all the c4e F/Ws are out do you still plan on releasing yours? and does the work you've done improve the reading of backups? and if so have you done any testing with NEC burners? im still scratching my head as to why they dont seem to work...Thanks in advance BTW: i have a 46 and an NEC burner so if you wanna slide me some love, i can do some testing...  |
|
|
|
« Last Edit: June 23, 2006, 03:08:21 AM by Rockaholica »
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #25 on: June 23, 2006, 10:04:28 AM » |
|
There seems to be two early models in pre-launch machines.
One is v36 (around July/August) months
Another is v32 (around May/June) months
Hmm. Makes me wonder how long MS really had the 360 running before releasing it to marketplace.
Anyway, I am willing to make compatible versions for these, all tho I don't know if the "Flashsec"
program will work (maybe the earlier v46 will).
The original dumps of these ROM's are not in the "wiki" so if anyone OWNS one of these early
drives, either a v32 or v36 (maybe others?), just PM or EMAIL a "memdump" ("backup") of it.
Thanks.
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #26 on: June 23, 2006, 11:54:44 AM » |
|
WARNING: FLASHSEC47 or FLASHSEC46 does not work on v59.
Please wait for new version of FLASHSEC, MEMDUMP does work.
Here is the problem:
In v47 firmware a extra part was added bit check of >5A5
"Flashsec" is hard-coded to set the right bit.
But, in v59 firmware all RAM is shifted by 4 bytes so >5A5 is not
checked, but the BIT at >5A9 is CHECKed. --< See just moved
up by only 4 bytes. Small change but stops the "Flashsec" prog.
Easy for the change to be made by the author of "Flashsec".
New Version I am sure will be available later today or tonight.
For "hacking" reference only:
v47 FIRMWARE
---------------------
ROM:90026FC7 loc_90026FC7:
ROM:90026FC7 movm [D2,D3,A2,A3], (SP)
ROM:90026FC9 add 0xF0, SP ! '='
ROM:90026FCC btst 0x10, (0x5A5)
ROM:90026FD1 bne 0x90026FDB
ROM:90026FD3 mov 0xB, D0
ROM:90026FD5 movbu D0, (0x5D8)
ROM:90026FD8 jmp 0x90027093
v59 FIRMWARE
---------------------
ROM:90027238 loc_90027238:
ROM:90027238 movm [D2,D3,A2,A3], (SP)
ROM:9002723A add 0xF0, SP ! '='
ROM:9002723D btst 0x10, (0x5A9)
ROM:90027242 bne 0x9002724C
ROM:90027244 mov 0xB, D0
ROM:90027246 movbu D0, (0x5DC)
ROM:90027249 jmp 0x90027304
From "Kev" Site
---------------------
/*
5 bset 0x10,(5A5) // FE 80 A5 05 10
2 rets // F0 FC
*/
unsigned char clr_code[] =
{
0xFE,0x80,0xA5,0x05,0x10,0xF0,0xFC
};
|
|
|
|
|
Logged
|
|
|
|
|
SeventhSon
|
|
« Reply #27 on: June 23, 2006, 12:48:06 PM » |
|
WARNING: FLASHSEC47 or FLASHSEC46 does not work on v59.
Please wait for new version of FLASHSEC, MEMDUMP does work.
Here is the problem:
In v47 firmware a extra part was added bit check of >5A5
"Flashsec" is hard-coded to set the right bit.
But, in v59 firmware all RAM is shifted by 4 bytes so >5A5 is not
checked, but the BIT at >5A9 is CHECKed. --< See just moved
up by only 4 bytes. Small change but stops the "Flashsec" prog.
Easy for the change to be made by the author of "Flashsec".
New Version I am sure will be available later today or tonight.
For "hacking" reference only:
v47 FIRMWARE
---------------------
ROM:90026FC7 loc_90026FC7:
ROM:90026FC7 movm [D2,D3,A2,A3], (SP)
ROM:90026FC9 add 0xF0, SP ! '='
ROM:90026FCC btst 0x10, (0x5A5)
ROM:90026FD1 bne 0x90026FDB
ROM:90026FD3 mov 0xB, D0
ROM:90026FD5 movbu D0, (0x5D8)
ROM:90026FD8 jmp 0x90027093
v59 FIRMWARE
---------------------
ROM:90027238 loc_90027238:
ROM:90027238 movm [D2,D3,A2,A3], (SP)
ROM:9002723A add 0xF0, SP ! '='
ROM:9002723D btst 0x10, (0x5A9)
ROM:90027242 bne 0x9002724C
ROM:90027244 mov 0xB, D0
ROM:90027246 movbu D0, (0x5DC)
ROM:90027249 jmp 0x90027304
From "Kev" Site
---------------------
/*
5 bset 0x10,(5A5) // FE 80 A5 05 10
2 rets // F0 FC
*/
unsigned char clr_code[] =
{
0xFE,0x80,0xA5,0x05,0x10,0xF0,0xFC
};
Well spotted. I'm not going to create a flashsec59. My tools were intended for hackers. I have no interest in helping people implement a distributed hacked FW. Anybody who is actually interested in hacking will be able to make the required change in a hexeditor or recompile the source. |
|
|
|
« Last Edit: June 23, 2006, 12:50:24 PM by SeventhSon »
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #28 on: June 23, 2006, 04:26:09 PM » |
|
I didn't think you would be making the change anyway.
I was just pointing it out so others ("c4e") could make the change.
|
|
|
|
|
Logged
|
|
|
|
|
atari4eva
|
|
« Reply #29 on: June 23, 2006, 04:28:31 PM » |
|
Well spotted.
I'm not going to create a flashsec59. My tools were intended for hackers. I have no interest in helping people implement a distributed hacked FW. Anybody who is actually interested in hacking will be able to make the required change in a hexeditor or recompile the source.
Thank you 7son. |
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #30 on: June 23, 2006, 07:39:08 PM » |
|
v36 code has been finished.
Will update my thread, with info later tonight.
In short for v36 firmware:
RAM USAGE is moved up by 8
DRT DECRYPT is moved up by >507
CHALLENGE is moved up by >53D
SS READ is moved up by >53C
FLASH :26000 instead of :27000
Also only one byte needs to be changed in FLASHSEC47 to make it work with v59
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #31 on: June 24, 2006, 11:22:25 AM » |
|
V36 firmware has been completed.
New package with the v36 firmware should be floating
around the 'net shortly.
This updates is only for users with under versions of drives,
all firmware releases are v1.1 by "commodore4eve", just
the v59 needs some updates to correct mistakes plus fix
the flashsec program.
v36 is found in "pre-launch" gifts to contest windows, plus
in many replacement drives ordered from "ebay" and the
"etech4sale" site.
v32 is the only version which needs still to be released.
If you already have a v46 or v47 flashed to v1.1 you don't
need these updates, the firmwares are the same, these
packages just bring in the older v36 and the newer v59.
|
|
|
|
|
Logged
|
|
|
|
|
garyopa
|
|
« Reply #32 on: June 24, 2006, 11:23:33 AM » |
|
FW:garyopa_v1.4_r0606.23.c4e
GDR-3120L: v36 / v46 / v47 / v59
FLASHSEC47_WIN - Only for FW v59
==============
- V59 RAM is moved DOWN by 4
xADDR v47 v59 - v47 used as BASE REF
----- --- --- -----------------------
:88B6 A5 A9 - kev SET BIT >5A5
:8AF7 34 35 - kev Usage: Flashsec47
:8AF8 37 39
ROM:90003000 = CUSTOM CODE
==========================
- v36 RAM is moved UP by 8
- v46 RAM is not moved!
- v47 c4e v47d_1.1 code
- v59 RAM is moved DOWN by 4
xADDR v36 v46 v47 v59 - v47 used as BASE REF
----- --- --- --- --- -----------------------
:3009 41 67 7D EE - c4e JMP >90035785
:300A 22 27 27 29
:3020 0D 33 49 BA - c4e JMP >90035768
:3021 22 27 27 29
:306C DE 04 1A 8B - c4e JMP >90035785
:306D 21 27 27 29
:3116 46 4D 4D BE - c4e JMP >9001C862
:3117 92 97 97 99
:313C B5 BC BC 2D - c4e JMP >9001C8F7
:313D 92 97 97 9A
:320D CA D2 D2 D6 - c4e movbu (>8D2),D0
:3212 E0 0E 1D 8E - c4e JMP >9002722E
:3213 3A 40 40 42
:3217 CA D2 D2 D6 - c4e movbu (>8D2),D0
:324C CB D3 D3 D7 - c4e movbu (>8D3),D0
:325F CB D3 D3 D7 - c4e movbu (>8D3),D0
:3262 F9 01 01 05 - c4e movbu D0,(>701)
:3263 06 07 07 07
:3265 F1 F9 F9 FD - c4e movbu (>6F9),D0
:3268 FA 02 02 06 - c4e movbu D0,(>702)
:3269 06 07 07 07
:326B F2 FA FA FE - c4e movbu (>6FA),D0
:326E FB 03 03 07 - c4e movbu D0,(>703)
:326F 06 07 07 07
:3271 F3 FB FB FF - c4e movbu (>6FB),D0
:3274 FC 04 04 08 - c4e movbu D0,(>704)
:3275 06 07 07 07
:3277 F4 FC FC 00 - c4e movbu (>6FC),D0
:3278 06 06 06 07
:327A FD 05 05 09 - c4e movbu D0,(>705)
:327B 06 07 07 07
:3280 FE 06 06 0A - c4e movbu D0,(>706)
:3281 06 07 07 07
:3286 FF 07 07 0B - c4e movbu D0,(>707)
:3287 06 07 07 07
:328C 00 08 08 0C - c4e movbu D0,(>708)
:3292 01 09 09 0D - c4e movbu D0,(>709)
:32AB CB D3 D3 D7 - c4e movbu (>8D3),D0
:32BE CB D3 D3 D7 - c4e movbu (>8D3),D0
:32C1 F9 01 01 05 - c4e movbu D0,(>701)
:32C2 06 07 07 07
:32C4 F1 F9 F9 FD - c4e movbu (>6F9),D0
:32C7 FA 02 02 06 - c4e movbu D0,(>702)
:32C8 06 07 07 07
:32CA F2 FA FA FE - c4e movbu (>6FA),D0
:32CD FB 03 03 07 - c4e movbu D0,(>703)
:32CE 06 07 07 07
:32D0 F3 FB FB FF - c4e movbu (>6FB),D0
:32D3 FC 04 04 08 - c4e movbu D0,(>704)
:32D4 06 07 07 07
:32D6 F4 FC FC 00 - c4e movbu (>6FC),D0
:32D7 06 06 06 07
:32D9 FD 05 05 09 - c4e movbu D0,(>705)
:32DA 06 07 07 07
:32DF FE 06 06 0A - c4e movbu D0,(>706)
:32E0 06 07 07 07
:32E5 FF 07 07 0B - c4e movbu D0,(>707)
:32E6 06 07 07 07
:32EB 00 08 08 0C - c4e movbu D0,(>708)
:32F1 01 09 09 0D - c4e movbu D0,(>709)
:3302 B7 BF BF C3 - c4e btst ' ',(>ABF)
:3309 90 98 98 9C - c4e btst ' ',(>598)
:3311 35 3C 3C AD - c4e CALL >9001CD4C
:3312 95 9A 9A 9C
:331F 27 2E 2E 9F - c4e CALL >9001CD4C
:3320 95 9A 9A 9C
:332D 38 3F 3F B0 - c4e CALL >9001CD6B
:332E 95 9A 9A 9C
:333B 91 98 98 09 - c4e CALL >9001CDD2
:333C 95 9A 9A 9D
:3346 C4 cB cB 3C - c4e CALL >9001CD10
:3347 94 99 99 9C
:3350 BA C1 c1 32 - c4e CALL >9001CD10
:3351 94 99 99 9C
:3357 F0 F8 F8 FC - c4e movbu (>6F8),D0
:335A CA D2 D2 D6 - c4e movbu (>8D2),D1
:335D F0 0F 1E 8F - c4e CALL >9002817A
:335E 48 4E 4E 50
:3364 77 96 A5 16 - c4e CALL >90028108
:3365 48 4D 4D 50
:336D D1 D9 D9 DD - c4e movbu D0,(>6D9)
ROM:9001C000 = DRT DECRYPT
==========================
- v36 moved UP by >507 bytes!
- v46 same ADDR as v47 chunk!
- v59 moved DOWN by >271 bytes!
36ADDR 46ADDR 47ADDR 59ADDR gdr v36 v46 v47 v59 - v47 used as BASE REF
------ ------ ------ ------ --- --- --- --- --- -----------------------
:1C355 :1C85C :1C85C :1CACD FC DC DC DC DC - c4e JMP >3100
:1C356 :1C85D :1C85D :1CACE DC AB A4 A4 33 -
:1C357 :1C85E :1C85F :1CACF 1C 6D 68 68 66 -
:1C358 :1C85F :1C860 :1CAD0 64 FE FE FE FE -
:1C359 :1C860 :1C860 :1CAD1 03 FF FF FF FF -
:1C35A :1C861 :1C861 :1CAD2 80 CB CB CB CB - c4e NOP
ROM:90026000 = CHALLENGE - v36 only! flash block
ROM:90027000 = CHALLENGE - V46/47/59 flash block
========================
- v36 moved UP by >53D and later by >52E bytes!
- v46 moved UP by >00F bytes!
- v59 moved DOWN by >271 bytes!
36ADDR 46ADDR 47ADDR 59ADDR gdr v36 v46 v47 v59 - v47 used as BASE REF
------ ------ ------ ------ --- --- --- --- --- -----------------------
:26BDB :27109 :27118 :27389 C9 CA CA CA CA - c4e BNE > BRA
:26CEC :2721A :27229 :2749A 34 DC DC DC DC - c4e JMP >3200
:26CED :2721B :2722A :2749B D2 14 E6 D7 66
:26CEE :2721C :2722B :2749C 08 C5 BF BF BD
:26CEF :2721D :2722C :2749D A0 FD FD FD FD
:26CF0 :2721E :2722D :2749E 00 FF FF FF FF
:26DA5 :272D3 :272E2 :27553 C8 CA CA CA CA - c4e BEQ > BRA
:26DB1 :272DF :272EE :2755F C8 CA CA CA CA - c4e BEQ > BRA
:26DBD :272EB :272FA :2756B C8 CA CA CA CA - c4e BEQ > BRA
:26DC9 :272F7 :27306 :27577 C8 CA CA CA CA - c4e BEQ > BRA
ROM:90035000 = SS READ
======================
- v36 moved UP by >53C bytes!
- v46 moved UP by >016 bytes!
- v59 moved DOWN by >271 bytes!
36ADDR 46ADDR 47ADDR 59ADDR gdr v36 v46 v47 v59 - v47 used as BASE REF
------ ------ ------ ------ --- --- --- --- --- -----------------------
:35170 :35696 :356AC :3591D 06 05 05 05 05 - c4e FFFD06F0 > 605F0
:35171 :35697 :356AD :3591E FD 06 06 06 06 (SS XBOX)
:35172 :35698 :356AE :3591F FF 00 00 00 00
:35177 :3569D :356B3 :35924 70 10 10 10 10 - c4e FFFD0970 > FFFD0210
:35178 :3569E :356B4 :35925 09 02 02 02 02 (SS ORIG)
:35180 :356A6 :356BC :3592D 02 FB FB FB FB - c4e FFFD0210 > 4FB10
:35181 :356A7 :356BD :3592E FD 04 04 04 04 (SS X360)
:35182 :356A8 :356BE :3592F FF 00 00 00 00
:351D2 :356F8 :3570E :3597F C9 CA CA CA CA - c4e BNE > BRA
:351EE :35714 :3572A :3599B C8 CA CA CA CA - c4e BEQ > BRA
:3522A :35750 :35766 :359D7 C8 CA CA CA CA - c4e BEQ > BRA
:3523F :35765 :3577B :359EC FC DC DC DC DC - c4e JMP >3000
:35240 :35766 :3577C :359ED C8 C1 9B 85 14
:35241 :35767 :3577D :359EE 00 DD D8 D8 D6
:35242 :35768 :3577E :359EF 10 FC FC FC FC
:35243 :35769 :3577F :359F0 31 FF FF FF FF
:35244 :3576A :35780 :359F1 0F CB CB CB CB - c4e nop
|
|
|
|
|
Logged
|
|
|
|
|
|
|
garyopa
|
|
« Reply #34 on: July 03, 2006, 06:35:20 PM » |
|
Here is my latest "LOG" file.
I have finished the v32 and v36 firmwares, all tho, not much good
as they don't seem to work at least on a v46 or v47 drive.
Maybe the hardware is different on the early drives, but looking thru
the code it looks like the v32 and v36 are BETA firmwares and may
not work on a RETAIL x360 drive.
Tough-luck for those ordering "ebay" replacement drives, as currently
without an external programmer it looks like those v32/v36 drives
are dead for "original usage" in a x360 system.
Looking at way to upgrade the firmware to a valid working version
like v46 or v47, or maybe even v59.
Finishing porting the F900 code to the other working versions of drives,
and now working on merging it with the "c4e" code.
Been busy doing other things over the double-long weekend with
Canada Day and USA Day (July 4), but I am now back on track to
getting things completed.
-------------------------------------------------------------------------------------------------
FW:garyopa_v1.5_r0606.30
========================
ALL KNOWN HITACHI FIRMWARES
===========================
GDR-3120L v32 - Apr/04/05 - Original not in x360
GDR-3120L v36 - Jun/20/05 - Original not in x360
GDR-3120L v46 - Jul/27/05 - The "Launch" of x360
GDR-3120L v47 - Jul/27/05 - XMAS version of x360
GDR-3120L v59 - Jan/24/06 - After Feb'06 of x360
FLASHSEC47_WIN - Only needed for FW v59 flasher!
==============
- v59 RAM is moved DOWN by 4
xADDR v47 v59 - v47 used as BASE REF
----- --- --- -----------------------
:88B6 A5 A9 - SET BIT >5A5
:8AF7 34 35 - Usage: Flashsec47
:8AF8 37 39
ROM:90003000 = CUSTOM CODE
==========================
- v32 RAM is moved UP by 4
- v36 RAM is moved UP by 8
- v46 RAM is not moved!
- v59 RAM is moved DOWN by 4
xADDR v32 v36 v46 v47 v59 - v47 used as BASE REF
----- --- --- --- --- --- --------------------
:3009 BD 41 67 7D EE - JMP >90035785
:300A 22 22 27 27 29
:3020 89 0D 33 49 BA - JMP >90035768
:3021 22 22 27 27 29
:306C 5A DE 04 1A 8B - JMP >90035785
:306D 22 21 27 27 29
:3116 5E 46 4D 4D BE - JMP >9001C862
:3117 94 92 97 97 99
:313C CD B5 BC BC 2D - JMP >9001C8F7
:313D 94 92 97 97 9A
:320D CE CA D2 D2 D6 - movbu (>8D2),D0
:3212 63 E0 0E 1D 8E - JMP >9002722E
:3213 3C 3A 40 40 42
:3217 CE CA D2 D2 D6 - movbu (>8D2),D0
:324C CF CB D3 D3 D7 - movbu (>8D3),D0
:325F CF CB D3 D3 D7 - movbu (>8D3),D0
:3262 FD F9 01 01 05 - movbu D0,(>701)
:3263 06 06 07 07 07
:3265 F5 F1 F9 F9 FD - movbu (>6F9),D0
:3268 FE FA 02 02 06 - movbu D0,(>702)
:3269 06 06 07 07 07
:326B F6 F2 FA FA FE - movbu (>6FA),D0
:326E FF FB 03 03 07 - movbu D0,(>703)
:326F 06 06 07 07 07
:3271 F7 F3 FB FB FF - movbu (>6FB),D0
:3274 00 FC 04 04 08 - movbu D0,(>704)
:3275 07 06 07 07 07
:3277 F8 F4 FC FC 00 - movbu (>6FC),D0
:3278 06 06 06 06 07
:327A 01 FD 05 05 09 - movbu D0,(>705)
:327B 07 06 07 07 07
:3280 02 FE 06 06 0A - movbu D0,(>706)
:3281 07 06 07 07 07
:3286 03 FF 07 07 0B - movbu D0,(>707)
:3287 07 06 07 07 07
:328C 04 00 08 08 0C - movbu D0,(>708)
:3292 05 01 09 09 0D - movbu D0,(>709)
:32AB CF CB D3 D3 D7 - movbu (>8D3),D0
:32BE CF CB D3 D3 D7 - movbu (>8D3),D0
:32C1 FD F9 01 01 05 - movbu D0,(>701)
:32C2 06 06 07 07 07
:32C4 F5 F1 F9 F9 FD - movbu (>6F9),D0
:32C7 FE FA 02 02 06 - movbu D0,(>702)
:32C8 06 06 07 07 07
:32CA F6 F2 FA FA FE - movbu (>6FA),D0
:32CD FF FB 03 03 07 - movbu D0,(>703)
:32CE 06 06 07 07 07
:32D0 F7 F3 FB FB FF - movbu (>6FB),D0
:32D3 00 FC 04 04 08 - movbu D0,(>704)
:32D4 07 06 07 07 07
:32D6 F8 F4 FC FC 00 - movbu (>6FC),D0
:32D7 06 06 06 06 07
:32D9 01 FD 05 05 09 - movbu D0,(>705)
:32DA 07 06 07 07 07
:32DF 02 FE 06 06 0A - movbu D0,(>706)
:32E0 07 06 07 07 07
:32E5 03 FF 07 07 0B - movbu D0,(>707)
:32E6 07 06 07 07 07
:32EB 04 00 08 08 0C - movbu D0,(>708)
:32F1 05 01 09 09 0D - movbu D0,(>709)
:3302 BB B7 BF BF C3 - btst ' ',(>ABF)
:3309 94 90 98 98 9C - btst ' ',(>598)
:3311 48 35 3C 3C AD - CALL >9001CD4C
:3312 97 95 9A 9A 9C
:331F 3A 27 2E 2E 9F - CALL >9001CD4C
:3320 97 95 9A 9A 9C
:332D 4B 38 3F 3F B0 - CALL >9001CD6B
:332E 97 95 9A 9A 9C
:333B A4 91 98 98 09 - CALL >9001CDD2
:333C 97 95 9A 9A 9D
:3346 D7 C4 CB CB 3C - CALL >9001CD10
:3347 96 94 99 99 9C
:3350 CD BA C1 C1 32 - CALL >9001CD10
:3351 96 94 99 99 9C
:3357 F4 F0 F8 F8 FC - movbu (>6F8),D0
:335A CE CA D2 D2 D6 - movbu (>8D2),D1
:335D 9C F0 0F 1E 8F - CALL >9002817A
:335E 4A 48 4E 4E 50
:3364 23 77 96 A5 16 - CALL >90028108
:3365 4A 48 4D 4D 50
:336D D5 D1 D9 D9 DD - movbu D0,(>6D9)
ROM:9001C000 = DRT DECRYPT
==========================
- v32 moved UP by >2EF / >2F4 bytes!
- v36 moved UP by >507 bytes!
- v46 same ADDR as v47 chunk!
- v59 moved DOWN by >271 bytes!
32ADDR 36ADDR v46/47 59ADDR gdr 32 36 46/7 59 - v47 used as BASE REF
------ ------ ------ ------ --- -- -- ---- -- --------------------
:1C56D :1C355 :1C85C :1CACD FC DC DC DC DC - JMP >90003100
:1C56E :1C356 :1C85D :1CACE DC 93 AB A4 33
:1C56F :1C357 :1C85E :1CACF 1C 6B 6D 68 66
:1C570 :1C358 :1C85F :1CAD0 64 FE FE FE FE
:1C571 :1C359 :1C860 :1CAD1 03 FF FF FF FF
:1C572 :1C35A :1C861 :1CAD2 80 CB CB CB CB - NOP
ROM:90024000 = MODE B/A - v46 & v47 flash block
ROM:90025000 = MODE B/A - v59 only! flash block
======================= - s4e F900.BIN usage! / Switch back to Mode A!!
- v32
- v36
- v46 same ADDR as v47 chunk!
- v59 moved DOWN by >271 bytes!
v46/47 59ADDR gdr s4e - v47 BASE REF / s4e F900.BIN
------ ------ --- --- ----------------------------
:24F76 :251E7 C8 CA - BEQ >90024F80 / BRA (same)
ROM:90026000 = CHALLENGE - v32 & v36 flash block
ROM:90027000 = CHALLENGE - V46/47/59 flash block
========================
- v32 moved UP by >381 / >3BA / >382 bytes!
- v36 moved UP by >53D / >52E bytes!
- v46 moved UP by >00F bytes!
- v59 moved DOWN by >271 bytes!
32ADDR 36ADDR 46ADDR 47ADDR 59ADDR gdr 32 36 46 47 59 - v47 used as BASE REF
------ ------ ------ ------ ------ --- -- -- -- -- -- --------------------
:26D97 :26BDB :27109 :27118 :27389 C9 CA CA CA CA CA - BNE > BRA
:26E6F :26CEC :2721A :27229 :2749A 34 DC DC DC DC DC - JMP >90003200
:26E70 :26CED :2721B :2722A :2749B D2 91 14 E6 D7 66
:26E71 :26CEE :2721C :2722B :2749C 08 C3 C5 BF BF BD
:26E72 :26CEF :2721D :2722C :2749D A0 FD FD FD FD FD
:26E73 :26CF0 :2721E :2722D :2749E 00 FF FF FF FF FF
:26F28 :26DA5 :272D3 :272E2 :27553 C8 CA CA CA CA CA - BEQ > BRA
:26F34 :26DB1 :272DF :272EE :2755F C8 CA CA CA CA CA - BEQ > BRA
:26F40 :26DBD :272EB :272FA :2756B C8 CA CA CA CA CA - BEQ > BRA
:26F4C :26DC9 :272F7 :27306 :27577 C8 CA CA CA CA CA - BEQ > BRA
46ADDR 47ADDR 59ADDR gdr s4e - v47 BASE REF / s4e F900.BIN
------ ------ ------ --- --- -------------------------------
:27096 :270A5 :27316 C9 CA - BNE >900270B0 / BRA >900270D3
:27097 :270A6 :27317 0B 2E
:270E3 :270F2 :27363 C2 CA - BGE >900270F7 / BRA >9002716A
:270E4 :270F3 :27364 05 78
:274FC :2750B :2777C C9 CA - BNE >9002751E / BRA >90027585
:274FD :2750C :2777D 13 7A
:275F4 :27603 :27874 C9 CA - BNE >9002762A / BRA (same)
:27621 :27630 :278A1 34 F8 - movbu >6F9,D0 / movbu (A0),D0
:27622 :27631 :278A2 F9 40
:27623 :27632 :278A3 06 00
:27627 :27636 :278A7 34 F8 - movbu >6FA,D0 / movbu (1,A0),D0
:27628 :27637 :278A8 FA 40
:27629 :27638 :278A9 06 01
:2762D :2763C :278AD 34 F8 - movbu >6FB,D0 / movbu (2,A0),D0
:2762E :2763D :278AE FB 40
:2762F :2763E :278AF 06 02
:27633 :27642 :278B3 34 F8 - movbu >6FC,D0 / movbu (3,A0),D0
:27634 :27643 :278B4 FC 40
:27635 :27644 :278B5 06 03
:277D3 :277E2 :27A53 C9 CA - BNE >900277F5 / BRA >9002785C
:277D4 :277E3 :27A54 13 7A
:278E4 :278F3 :27B64 C8 CA - BEQ >900278F7 / BRA >90027912
:278E5 :278F4 :27B65 04 1F
:27909 :27918 :27B89 34 F8 - movbu >6F9,D0 / movbu (A0),D0
:2790A :27919 :27B8A F9 40
:2790B :2791A :27B8B 06 00
:2790F :2791E :27B8F 34 F8 - movbu >6FA,D0 / movbu (1,A0),D0
:27910 :2791F :27B90 FA 40
:27911 :27920 :27B91 06 01
:27915 :27924 :27B95 34 F8 - movbu >6FB,D0 / movbu (2,A0),D0
:27916 :27925 :27B96 FB 40
:27917 :27926 :27B97 06 02
:2791B :2792A :27B9B 34 F8 - movbu >6FC,D0 / movbu (3,A0),D0
:2791C :2792B :27B9C FC 40
:2791D :2792C :27B9D 06 03
ROM:90035000 = SS READ
======================
- v32 moved UP by >4C0 bytes!
- v36 moved UP by >53C bytes!
- v46 moved UP by >016 bytes!
- v59 moved DOWN by >271 bytes!
32ADDR 36ADDR 46ADDR 47ADDR 59ADDR gdr 32 36 46 47 59 - v47 used as BASE REF
------ ------ ------ ------ ------ --- -- -- -- -- -- --------------------
:351EC :35170 :35696 :356AC :3591D 06 05 05 05 05 05 - FFFD06F0 > 605F0
:351ED :35171 :35697 :356AD :3591E FD 06 06 06 06 06 (SS XBOX)
:351EE :35172 :35698 :356AE :3591F FF 00 00 00 00 00
:351F3 :35177 :3569D :356B3 :35924 70 10 10 10 10 10 - FFFD0970 > FFFD0210
:351F4 :35178 :3569E :356B4 :35925 09 02 02 02 02 02 (SS ORIG)
:351FC :35180 :356A6 :356BC :3592D 02 FB FB FB FB FB - FFFD0210 > 4FB10
:351FD :35181 :356A7 :356BD :3592E FD 04 04 04 04 04 (SS X360)
:351FE :35182 :356A8 :356BE :3592F FF 00 00 00 00 00
:3524E :351D2 :356F8 :3570E :3597F C9 CA CA CA CA CA - BNE > BRA
:3526A :351EE :35714 :3572A :3599B C8 CA CA CA CA CA - BEQ > BRA
:352A6 :3522A :35750 :35766 :359D7 C8 CA CA CA CA CA - BEQ > BRA
:352BB :3523F :35765 :3577B :359EC FC DC DC DC DC DC - JMP >90003000
:352BC :35240 :35766 :3577C :359ED C8 45 C1 9B 85 14
:352BD :35241 :35767 :3577D :359EE 00 DD DD D8 D8 D6
:352BE :35242 :35768 :3577E :359EF 10 FC FC FC FC FC
:352BF :35243 :35769 :3577F :359F0 31 FF FF FF FF FF
:352C0 :35244 :3576A :35780 :359F1 0F CB CB CB CB CB - NOP
ROM:9003E000 = CHECKSUM - FOUR bytes starting at :3E7FC are all SET to 00/ZERO!
======================= - The same TRICK for all Hitachi's to DISABLE checksum!
|
|
|
|
|
Logged
|
|
|
|
|
Dilber MC Theme by HarzeM