Difference between revisions of "Boot Chain"
(offset informations) |
|||
| Line 20: | Line 20: | ||
</table> | </table> | ||
| + | hexdump -C webosdoctorp100ewwsprint-1.0.3/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| | ||
| + | hexdump -C webosdoctorp100ewwbellmo-1.1.0/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| | ||
| + | hexdump -C webosdoctorp100eww-wr-1.1.3/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| | ||
| + | hexdump -C webosdoctorp100ewwsprint-1.2.1/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| | ||
| + | hexdump -C webosdoctorp100ewwbellmo-1.2.1/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| | ||
| + | hexdump -C webosdoctorp100ewwsprint-1.3.1/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.| | ||
| + | hexdump -C webosdoctorp100ueu-wr-1.3.1/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.| | ||
| + | hexdump -C webosdoctorp100ewwbellmo-1.3.1/webOS/boot-castle.bin | grep '1f 8b' | ||
| + | 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.| | ||
== "real" bootloader ([[bootie]])== | == "real" bootloader ([[bootie]])== | ||
Revision as of 08:37, 14 December 2009
boot/boot.bin
Load Address: 0x40200000
This does some minimal hardware initialization, then loads the "real" bootloader and executes it. The "real" bootloader is tacked onto the end of boot.bin as a gzip. The offset of the "real" bootloader is different for every version. Table below will give you the right offset (If your version is not listed, then search with "hexdump -C boot-castle.bin | less" for the byte sequence "1f 8b" (the gzip format identifier)).
| Version | Offset |
| unknown | 0x19D0 (thanks roxfan) |
| 1.3.1 (O2) | 0x19f0 |
hexdump -C webosdoctorp100ewwsprint-1.0.3/webOS/boot-castle.bin | grep '1f 8b' 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| hexdump -C webosdoctorp100ewwbellmo-1.1.0/webOS/boot-castle.bin | grep '1f 8b' 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| hexdump -C webosdoctorp100eww-wr-1.1.3/webOS/boot-castle.bin | grep '1f 8b' 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| hexdump -C webosdoctorp100ewwsprint-1.2.1/webOS/boot-castle.bin | grep '1f 8b' 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| hexdump -C webosdoctorp100ewwbellmo-1.2.1/webOS/boot-castle.bin | grep '1f 8b' 000019d0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 7c 54 d5 |.............|T.| hexdump -C webosdoctorp100ewwsprint-1.3.1/webOS/boot-castle.bin | grep '1f 8b' 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.| hexdump -C webosdoctorp100ueu-wr-1.3.1/webOS/boot-castle.bin | grep '1f 8b' 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.| hexdump -C webosdoctorp100ewwbellmo-1.3.1/webOS/boot-castle.bin | grep '1f 8b' 000019f0 1f 8b 08 00 00 00 00 00 02 03 c4 fd 0b 78 54 d5 |.............xT.|
"real" bootloader (bootie)
Load Address: 0x82000000
This looks a _lot_ like iBoot from the iPhoneOS devices, but others say that this is based off u-boot, so I will assume that is true and that iBoot is also based off of it. It even seems to have some of the u-boot commands, such as "printenv", "run", "setenv", "getenv", etc. I am currently looking into how to communicate with it as you can with iBoot.