Thread: PRS-500 Analysis of USB trace for flashing Reader
View Single Post
Old 02-14-2007, 08:44 AM   #9
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Here is the code from the USB_UpdateCreatePartitionWithImage routine:

Code:
.text:00009B04                 MOV     R0, R4
.text:00009B08                 LDR     R1, =signature_5
.text:00009B0C                 BL      check_signature ; ############# HERE ##########
.text:00009B10                 CMP     R0, #0
.text:00009B14                 BEQ     checksum_ok
.text:00009B18
.text:00009B18 checksum_bad                            ; CODE XREF: USB_UpdateCreatePartitionWithImage+330j
.text:00009B18                 LDR     R5, =USB_FskErr_2
.text:00009B1C                 MVN     R3, #4
.text:00009B20
.text:00009B20 loc_9B20                                ; CODE XREF: USB_UpdateCreatePartitionWithImage+360j
.text:00009B20                 STR     R3, [R5]
.text:00009B24
.text:00009B24 loc_9B24                                ; CODE XREF: USB_UpdateCreatePartitionWithImage+348j
.text:00009B24                 LDR     R0, =aTmpImage  ; remove temp file of image to flash
.text:00009B28                 BL      _unlink
.text:00009B2C                 MOV     R2, #0x1000     ; size_t
.text:00009B30                 MOV     R1, #0          ; int
.text:00009B34                 MOV     R0, R7          ; void *
.text:00009B38                 BL      _memset
.text:00009B3C                 LDR     R1, [R5]
.text:00009B40                 MOV     R2, #0
.text:00009B44                 MOV     R3, #0xC
.text:00009B48                 STR     R3, [R7,#0xC]
.text:00009B4C                 STR     R1, [R7,#0x14]
.text:00009B50                 STR     R2, [R7,#8]
.text:00009B54                 STR     R2, [R7,#0x18]
.text:00009B58                 B       loc_99F8        ; jump to error routine
.text:00009B5C ; ---------------------------------------------------------------------------
.text:00009B5C
.text:00009B5C checksum_ok                             ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D8j
The actual flashing is done through the external nblsdm tool (attached). Igor wrote some more about the use of nblsdm in this thread.
Attached Files
File Type: gz flashtools.tar.gz (24.2 KB, 477 views)
doctorow is offline   Reply With Quote